ISACA. The recognized global leader in IT governance, control, security and assurance
|
|
- Calvin Curtis
- 6 years ago
- Views:
Transcription
1 ISACA The recognized global leader in IT governance, control, security and assurance
2 High-level session overview 1. CRISC background information 2. Part I The Big Picture
3 CRISC Background information
4 About the CRISC Exam The content of the 2011 CRISC Review Manual is based on the CRISC job practice found at There are 5 domains in the CRISC job practice The CRISC exam is a practice-based exam. Simply reading the material in this manual will not properly prepare candidates for the exam. No representations or warranties are made by ISACA in regard to this or other ISACA publications assuring candidates passage of the CRISC exam. This publication was produced independently of the CRISC Certification Committee, which has no responsibility for the content of this manual.
5 About the CRISC Exam The CRISC certification is designed to meet the growing demand for professionals who can integrate enterprise risk management (ERM) with discrete IS control skills. The technical skills and practices the CRISC certification promotes and evaluates are the building blocks of success in this growing field, and the CRISC designation demonstrates proficiency in this role.
6 Exam Relevance Ensure that the CRISC candidate Has the practical knowledge required to perform the tasks described in the task and knowledge statements. The percentages listed with the domains indicate the emphasis or percentage of questions that will appear on the exam from each domain. For a description of each domain s task and knowledge statements, visit Note: The concepts introduced in In this manual are considered a fundamental part of the CRISC job practice. % of Total Exam Questions Domain 5; 18% Domain 1; 31% Domain 4; 17% Domain 3; 17% Domain 2; 17%
7 About the CRISC Exam The exam in 200 multiple choice questions. CRISC exam questions are developed with the intent of measuring and testing practical knowledge and the application of general concepts and standards. All questions are designed with one best answer. The candidate is asked to choose the correct or best answer from the options. Good preparation for the CRISC exam can be achieved through an organized plan of study. To assist individuals with the development of a successful study plan, ISACA offers study aids and review courses to exam candidates. See to view the ISACA study aids that can help prepare for the exam
8 Manual Setup The CRISC Review Manual 2011 is organized into three parts: Part I The Big Picture: How Risk Management Relates to Risk Governance Part II Risk Management and Information Systems Control Theory and Concepts Part III Risk Management and Information Systems Control in Practice
9 Additional Resources Study Questions, Answers and Explanations Glossary Suggested Resources for Further Study List of Exhibits The CRISC candidate also may find it useful to study the CRISC Review, Questions, Answers & Explanations Manual 2011, which consists of 100 multiple-choice study questions.
10 CRISC Review Course Part I The Big Picture: How Risk Management Relates to Risk Governance
11 Exam Relevance Discuss specific topics within the chapter Case Study Sample Questions Key Terms (Definition and Acronyms) Suggested Reading Section Overview
12 Part 1 Learning Objectives As a result of completing this chapter, the CRISC candidate should be able to: q Differentiate between risk management and risk governance q Identify the roles and responsibilities for risk management q Distinguish between various risk management methodologies q Apply and differentiate the standards, practices and principles of risk management q List the main tasks related to risk governance q Recognize relevant risk management standards, frameworks and practices q Explain the meaning of key risk management concepts, including risk appetite and risk tolerance
13 ISACA Trust in, and value from, information systems
14 Section Topic Risk Management
15 Section Topics Risk Management Essentials of Risk Governance Risk Appetite and Risk Tolerance Risk Awareness and Communication Risk Culture
16 Overview of Risk Management Risk Management: Is the process of balancing the risk associated with business activities with an adequate level of control that will enable the business to meet its objectives. Holistically covers all concepts and processes affiliated with managing risk, including the systematic application of management policies, procedures and practices; the tasks of communicating, consulting, establishing the context; and identifying, analyzing, evaluating, treating, monitoring and reviewing risk.
17 Risk Risk reflects the combination of the likelihood of events occurring and the impact those events have on the enterprise. Risk the potential for events and their consequences, contains both: Opportunities for benefit (upside) Threats to success (downside)
18 Risk and Opportunity Management Guiding Principles for Effective Risk Management 1. Maintain Business Objective Focus 2. Integrate IT Risk Management Into Enterprise Risk Management (ERM) 3. Balance The Costs And Benefits Of Managing Risk 4. Promote Fair And Open Communication 5. Establish Tone At The Top And Assign Personal Accountability 6. Daily Process With Continuous Improvement
19 Responsibility vs. Accountability Responsibility belongs to those who must ensure that the activities are completed successfully. Accountability applies to those who either own the required resources or those who have the authority to approve the execution and/or accept the outcome of an activity within specific risk management processes.
20 Responsibility vs. Accountability
21 The CRISC executes on: Risk evaluation Risk response activities Risk Management Roles and Responsibilities The CRISC functions within the risk governance framework established within the enterprise
22 Section Topics Risk Management Frameworks, Standards and practices
23 Relevance of Risk Management Frameworks, Standards and Practices Risk Management Frameworks, standards and practices matter to the CRISC because they: Provide a view of things to watch Act as a guide to focus efforts Help achieve business objectives Provide credibility Save time and cost
24 Frameworks Framework Generally accepted, business process-oriented structures that establish a common language and enable repeatable business processes The Risk IT Framework is an example
25 Standards Standards Established mandatory rules, specifications and metrics used to measure compliance against quality, value, etc. Standards are usually intended for compliance purposes IT Audit and Assurance Standards are an example
26 Practices Practices are frequent or unusual actions performed as an application of knowledge. Practices are issued by a recognized authority Leading Practices are actions that optimally apply knowledge in a particular area. Practices are usually derived from supplement/support standards and frameworks The Risk IT Practitioner Guide is an example
27 Section Topic ESSENTIALS OF Risk Governance
28 Relevance of Risk Governance Risk is an integral part of business Risk is a core factor related to the stability, growth and success of the organization Risk represents the opportunity for growth and levels of profit Risk poses the possibility of loss or damage to the business objectives Risk governance addresses the oversight of the business risk strategy of the enterprise
29 Overview of Risk Governance Risk governance is the domain of the enterprises senior management and shareholders. This group is responsible for: Establishing the organizations risk culture and acceptable levels of risk Setting up the risk framework Ensuring effectiveness of the risk management function
30 Objectives of Risk Governance Risk governance has three main objectives: 1. Establishing and maintaining a common risk view 2. Integrating risk management into the enterprise 3. Making risk-aware business decisions
31 An effective risk governance foundation requires : Foundation of Risk Governance 1. An understanding and consensus with respect to the risk appetite and risk tolerance of the enterprise 2. An awareness of risk and of the need for effective communication about risk throughout the enterprise 3. An understanding of the elements of risk culture
32 Objectives of Risk Governance cont. 1. Establishing and maintaining a common risk view Determines which controls are necessary to mitigate risk Determines how risk based controls are integrated into business processes and IS Risk governance function oversees the operations of the risk management team
33 2. Integrating risk management into the enterprise Enforces a holistic ERM approach for the enterprise Objectives of Risk Governance cont. Requires integration of RM into every departments, function, system and geographical location
34 Objectives of Risk Governance cont. 3. Making risk-aware business decisions Consider the full range of opportunities and consequences each statement through out the enterprise; society, and the environment
35 Essentials of Risk Governance Risk Appetite and Tolerance
36 Risk Appetite and Risk Tolerance Definitions Risk appetite The amount of risk, on a broad level, that an entity is willing to accept in pursuit of its mission Risk tolerance The acceptable level of variation that management is willing to allow for any particular risk as it pursues its objectives
37 Risk Appetite and Risk Tolerance cont. How Risk Appetite relates to risk scenarios with varying Frequency and Magnitude Frequency How often is the event expected to occur? Magnitude What is the impact to the enterprise when the event occurs?
38 Risk Appetite and Risk Tolerance cont. Applicable Guidelines for Risk Appetite and Risk Tolerance Connectivity of risk appetite and risk tolerance Review and approval of exceptions to risk tolerance standards Risk appetite and tolerance change over time Cost of risk mitigation options can affect risk tolerance
39 Essentials of Risk Governance Risk Awareness and Communication
40 Risk Awareness and Communication Description Risk awareness is about acknowledging that risk is an integral part of the business Risk communication stresses that is risk is to be managed and mitigated, it must first be discussed and effectively communicated throughout the enterprise
41 Risk Awareness and Communication cont. Good vs. Poor Communication Benefits of good communication include contributing to managements understanding of exposures, awareness, and transparency to external stakeholders Consequences of poor communication include a false sense of confidence relating to exposure, incorrect perception by external stakeholders and perception that the enterprise lacks transparency with external stakeholders
42 Types of Risk Information To Be Communicated Risk Awareness and Communication cont. Expectations from risk management (strategy, policies, procedures, awareness, training, etc.) Current risk management capability (risk management, process maturity) Status with regard to IT risk (risk profile, key risk indicators, loss data, etc.)
43 Key Concepts of Risk Governance Elements of Effective Communication Clear Concise Useful Timely Aimed at the correct target audience Available on a need-to-know basis
44 Stakeholder Communication Inputs and Outputs Key Concepts of Risk Governance It is important for the CRISC to know what types of information should come from and go to various stakeholders
45 Essentials of Risk Governance Risk culture
46 Risk Culture cont. Overview of a Risk-Aware Culture ü ü ü ü Allows for open discussions about risk components Acceptable levels of risk are understood and maintained Begins at the top (board and executive) Set direction Communicate risk-aware decision making Reward effective risk management behaviors Implies that all levels are aware of how and when to respond to adverse IT events
47 Risk Culture Risk-Aware Culture is a series of behaviors Behaviors toward taking risk Behavior toward negative outcomes Behavior toward policy compliance Symptoms of inadequate or problematic risk culture include: Misalignment between real risk appetite and translation into policies Existence of a blame culture
48 Case Study & Practice questions
49 Case Study Company XYZ has four offices located in the US, Canada, China, and Egypt. The company currently has four separate risk management plans and programs and while the offices all serve independent functions and have separate technology infrastructures, the plans are not integrated nor have ever been shared. The company plans to IPO in the US later this year and the companies CEO and board of directors has just directed the enterprise to build a centralized risk management and governance program. You are the CRISC for your location s IT shop. Based on the topics discussed in this chapter, how would you participate?
50 Practice Question 1 X-1. Risk management should consider the following aspect(s) of risk: Thresholds Consequences Both, opportunities and threats Both, opportunities and thresholds
51 Practice Question 2 X-2. What factors chance risk appetite and tolerance: New technology New organizational structures New market conditions All of the above
52 Practice Question 3 X-3. Which of the following statements is true: Risk tolerance is the amount of risk the company is willing to accept Risk appetite is the acceptable variance relative to objective achievement Risk tolerance is the acceptable variance relative to objective achievement Risk tolerance level is based on the enterprise s ability to absorb loss
53 Practice Question 4 X-4. What risk components should be communicated? Expectations from process owners Status with regard to IT risk Future risk exposure Status with regard to Operational Risk
54 Practice Question 5 X-5. The IT risk action plan is an output communication from? CRISC Chief Information Officer IT Management Chief Risk Officer and the Enterprise Risk Management Committee
55 Definitions and acronyms
56 Acronym Review Review Guide Reference Source/Page Acronyms Definition I-D-1 CRO Chief Risk Officer I-D-1 CIO Chief Information Officer I-F-2 ERM Enterprise Risk Management
57 Definition Review Review Guide Reference Source/Page Word Definition I-C-1 Risk Reflects the combination of the likelihood of events occurring and the impact those events have on the enterprise. Risk means the potential for events and their consequences contains both: Opportunities for benefit (upside) & Threats to success (downside) I-D-1 Responsibility Belongs to those who must ensure that the activities are completed successfully I-D-1 Accountability Applies to those who own the required resources; has the authority to approve the execution and/or accept the outcome of an activity within specific risk management processes I-E-2 Standards Establish mandatory rules, specifications and metrics used to measure compliance against quality, value, etc. Standards are usually intended for compliance purposes and to provide assurance to others who interact with a process or outputs of a process I-E-2 Practices Are frequent or usual actions performed as an application of knowledge They are issued by a recognized authority that is appropriate to the subject matter. Issuing bodies may include professional associations and academic institutions or commercial entities such as software vendors. They are generally based on a combination of research, expert insight and peer review. Note: Practices usually are derived from and supplement/support standards and frameworks and are the least formal of the three.
58 Definition Review Review Guide Reference Source/Page Word Definition I-E-2 Leading Practice An action that optimally applies knowledge in a particular area I-F-3 Risk Appetite The broad-based amount of risk a company or other entity is willing to accept in pursuit of its mission (or vision) I-F-3 Risk Tolerance The acceptable variation relative to the achievement of an objective (and often is best measured in the same units as those used to measure the related objective) I-F-6 Risk Awareness Is about acknowledging that risk is an integral part of the business. This does not imply that all risk is to be avoided or eliminated, but rather that: Risk is well understood and known. IT risk issues are identifiable. The enterprise recognizes and uses the means to manage risk.
59 Supplemental Exercises
60 Big Picture Exercise 1 Your Answer For each identify is it is considered a Framework, Standard or Practice: COBIT 4.1 Correct Answer Framework Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE) Practice PCI Data Security Standard (PCI DSS) Standard NIST Special Publication (SP) , Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems ISO 31000:2009 (at the time of this manual s publication, the newest for general purpose risk management) The Risk IT Framework Practice Standard Framework The Risk IT Practitioner Guide Practice
61 Big Picture Exercise 2 Your Answer Identify the stakeholder for risk communication flow input and output Correct Answer Input - Current IT risk exposure/profile Output - Potential IT risk issues Input - Audit findings Executive management and board All Employees Risk control functions Output - Support on risk awareness initiatives Human resources (HR) Input - Enterprise appetite for IT risk Output - Financial information with regard to IT and IT programmes/projects (budget, actual, trends, etc.) Chief information officer (CIO) Chief financial officer (CFO) Output - Audit findings Compliance and audit
62 Big Picture Exercise 2 Your Answer Identify the stakeholder for risk communication flow input and output Correct Answer Input - Control and compliance monitoring External Auditor Output - Key performance objectives Input - Ongoing changes to IT risk factors Output - IT risk mitigation strategy and plan, including assignment of responsibility and development of metrics Input - Summary IT risk reports, including residual risk, controls maturity levels and audit findings Input - Risk awareness expectations Executive management and board Business management and business process owners IT management (including security and service management) Insurer All Employees Input - IT risk register Chief risk officer (CRO) and enterprise risk committee
63 Big Picture Exercise 2 Your Answer Identify the stakeholder for risk communication flow input and output Correct Answer Output - Audit findings External Auditor Input - Key performance objectives Output - IT risk reports Chief financial officer (CFO) Risk control functions Input - In general, all communications intended for the board and executive management Input - Executive summary risk reports Regulator Investors Output - Insurance coverage (property, business interruption, directors and officers) Insurer Output - Business impact of the IT risk and impacted business units Chief information officer (CIO)
64 Big Picture Exercise 2 Your Answer Identify the stakeholder for risk communication flow input and output Correct Answer Input - Risk awareness expectations Human resources (HR) Output - Enterprise appetite for IT risk Output - Risk tolerance levels for their portfolio of investments Chief risk officer (CRO) and enterprise risk committee Investor Input - IT risk RACI charts Compliance and audit Output - Control and compliance monitoring Output - Requirements for controls and reporting Business management and business process owners Regulator Input - Key performance objectives IT management (including security and service management)
65 Suggested resources for further study
66 Risk IT Framework and Practitioner Guides Val IT Framework 2.0 COBIT 4.1 Suggested Resources for Further Study See your CRISC Review Manual for more sources of information.
Strengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More informationCertificate in Internal Audit 3
Certificate in Internal Audit 3 Risk Based Auditing- the next level Who should attend? Heads of Audit, Audit managers and senior auditors Auditors responsible for developing or implementing a risk based
More informationCharter for Enterprise Risk Management
for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1
More informationLya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises
Richard F. Chambers Certified Internal Auditor Certification in Control Self-Assessment Certified Government Auditing Professional President April 16, 2009 Lya Villasuso OECD Corporate Affairs Division
More informationThe COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II
The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II S P E A K E R : D O T T. FA B I O A C C A R D I C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R
More informationCGEIT Certification Job Practice
CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge
More informationSample Strategy and Value Oversight Policy
Sample Strategy and Value Oversight Policy This document provides a sample Strategy & Value Oversight policy which includes a high level overview of the key roles and responsibilities of the various participants.
More informationCRISC EXAM PREP COURSE: SESSION 4
CRISC EXAM PREP COURSE: SESSION 4 Job Practice 2 Copyright 2016 ISACA. All rights reserved. DOMAIN 4 RISK AND CONTROL MONITORING AND REPORTING Copyright 2016 ISACA. All rights reserved. Domain 4 Continuously
More informationCGEIT QAE ITEM DEVELOPMENT GUIDE
CGEIT QAE ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS PURPOSE OF THE CGEIT ITEM DEVELOPMENT GUIDE 3 PURPOSE OF THE CGEIT QAE... 3 CGEIT EXAM STRUCTURE... 3 WRITING QUALITY ITEMS... 3 MULTIPLE-CHOICE ITEMS...
More informationTranslate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.
Principles Principle 1 - Meeting stakeholder needs The governing body is ultimately responsible for setting the direction of the organisation and needs to account to stakeholders specifically owners or
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationSuccessful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)
1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management
More informationSample Corporate Risk Management Policy
Sample Corporate Risk Management Policy This document provides a sample Risk Management policy which includes an overview of the key roles and responsibilities of the various stakeholders. Risk Oversight
More informationRisk Management Policy
Risk Management Policy 2015 Steadfast Group Limited ABN: 98 073 659 677 Risk Management Policy 1 ABN: 98 073 659 677 2013 Steadfast Group Limited Contents 1. INTRODUCTION 2 2. POLICY INTENT 2 3. POLICY
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent
More informationGRM OVERSEAS LIMITED RISK MANAGEMENT POLICY
GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY As approved by the Board of Directors at their meeting held on 11.11.2014. 1 P a g e Contents 1. Risk Management...3 2. Policy...3 3. Risk Management Philosophy...3
More informationCOSO ERM: Integrating with Strategy and Performance. Michael Parkinson
COSO ERM: Integrating with Strategy and Performance Michael Parkinson Content The COSO Frameworks Risk (Enterprise) Risk Management The COSO risk management framework A few highlights Questions for management
More informationSAMPLE BEC SuperfastCPA Review Notes
BEC 2018 SuperfastCPA Review Notes Table of Contents Corporate Governance 1 Internal Control Frameworks 1 Enterprise Risk Management Frameworks 6 Other Regulatory Frameworks and Provisions 10 Economic
More informationCGEIT ITEM DEVELOPMENT GUIDE
CGEIT ITEM DEVELOPMENT GUIDE Updated March 2017 TABLE OF CONTENTS Content Page Purpose of the CGEIT Item Development Guide 3 CGEIT Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps
More informationIf It s not a Business Initiative, It s not COBIT 5
If It s not a Business Initiative, It s not COBIT 5 Steve Romero CISSP PMP CPM Romero Consulting Core Competencies C22 CRISC CGEIT CISM CISA 1 9/13/2013 1 COBIT Page 11 COBIT 5 product family 2 COBIT Page
More informationGleim CIA Review Updates to Part Edition, 1st Printing June 2018
Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the
More informationINTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) ATTRIBUTE STANDARDS 1000 Purpose, Authority and Responsibility The purpose, authority, and responsibility of the internal
More informationFrom Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance
Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy
More informationEnhanced Risk Management Policy
Enhanced Risk Management Policy Approved By: City Council Category: General Administration Approval Date: September 12, 2001 Effective Date: September 12, 2001 Revision Approved By: Revision Date: August,
More informationEnterprise risk management Protecting and enhancing value Advisory
Enterprise risk management Protecting and enhancing value Advisory October 2016 kpmg.co.za 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member
More informationMore than 2000 organizations use our ERM solution
5 STEPS TOWARDS AN ACTIONABLE RISK APPETITE Contents New Defining Pressures Risk Appetite and Risk Tolerance Benefits The 5 Best of Practices Risk Assessments Benefits of an Actionable Risk Appetite More
More informationRISK MANAGEMENT REPORT
RISK MANAGEMENT REPORT RISK POLICY STATEMENT Robust and effective management of risks is an essential and integral part of corporate governance. It helps to ensure that the risks encountered in the course
More informationIRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards
IRM s Professional Standards in Risk PART 1 Consultation: Functional Standards Setting standards Building capability Championing learning and development Raising the risk profession s profile Supporting
More informationGleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018
Page 1 of 16 Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 The content of BEC Study Unit 2, Subunit 2, has undergone extensive edits due to the 2017
More informationEnterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model
Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model Institute of Internal Auditors, Detroit Chapter Meeting February 2019 With you today Sarah Ann Moore Director Internal Audit and Enterprise
More informationAligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00
Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with
More informationCanadian Insurance Accountants Association
www.pwc.com/ca Canadian Insurance Accountants Association Corporate Governance Rising Expectations Presented By: Sandeep Dhiman May 20, 2015 Agenda 1. Current Corporate Governance Environment 2. Hot Topics
More informationBraindumps COBIT5 50q
Braindumps COBIT5 50q Number: COBIT5 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Isaca COBIT 5 COBIT 5 Foundation I have correct many of questions answers. If there
More informationRisk Management at Statistics Canada
Risk Management at Statistics Canada Presentation to Workshop on Risk Management Practices in Statistical Organizations J. Mayda April 25 th, 2016 Introduction Statistics Canada has had a formal Integrated
More informationTechnology s Role in Enterprise Risk Management
FEATURE Technology s Role in Enterprise Risk Management www.isaca.org/currentissue The new COSO ERM framework document, Enterprise Risk Management Integrating With Strategy and, 1 is expected to have a
More informationEnterprise Risk Management: Developing a Model for Organizational Success. White Paper
Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the
More informationCITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide
CITIBANK N.A JORDAN Governance and Management of Information and Related Technologies Guide 2018 Table of Contents 1. OVERVIEW... 2 2. Governance of Enterprise IT... 3 3. Principles of Governance of Enterprise
More informationRISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM
RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM Approved by the System Council at its 5 th meeting (SC/M5/DP12) 10 November 2017 CGIAR System Organization Page 1 of 9 Introduction 1. The scope of CGIAR s
More informationTactical Implementation of Enterprise Risk Management
Tactical Implementation of Enterprise Risk Management Presented by: Glen Cooper Copyright Tactical Implementation of ERM CONGRATULATIONS YOU HAVE SUCCESSFULLY MADE YOUR BUSINESS CASE AND ACHIEVED MANAGEMENT
More informationLeveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management
Leveraging ERM to meet regulatory requirements and create business value Susan Hwang, National Leader, Enterprise Risk Management Flora Do, Senior Manager, Enterprise Risk Management March 27, 2012 With
More informationEY Center for Board Matters. Leading practices for audit committees
EY Center for Board Matters for audit committees As an audit committee member, your role is increasingly complex and demanding. Regulators, standard-setters and investors are pressing for more transparency
More informationThe Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be
Enterprise Risk Management The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be 2 Enterprise Risk Management Table of content 1. Introduction...05 2. Takeaways...07 3. Key
More informationand COBIT 5 ISACA STRATEGIC ADVISORY BOARD VICE PRESIDENT STRATEGY & INNOVATION CA TECHNOLOGIES 2012 ISACA. All Rights Reserved.
Comparing COBIT4.1 and COBIT 5 ROBERT E STROUD CGEIT CRISC ISACA STRATEGIC ADVISORY BOARD VICE PRESIDENT STRATEGY & INNOVATION CA TECHNOLOGIES 1 2012 ISACA. All Rights Reserved. Comparing COBIT 4.1 and
More information29/11/2017. Risk Management Policy
1 Purpose APA Group (APA) is Australia s leading energy infrastructure business delivering smart, reliable and safe solutions through our deep industry knowledge and interconnected infrastructure. Risk
More informationSession 7: Corporate Governance
Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
More informationGuidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note
More informationGuidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationMETROPOLITAN TRANSPORTATION AUTHORITY
ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation
More informationSelftestengine COBIT5 36q
Selftestengine COBIT5 36q Number: COBIT5 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Isaca COBIT 5 COBIT 5 Foundation I have correct many of questions answers.
More informationAligning Corporate Governance with IT Governance and Why Should I Care?
Aligning Corporate Governance with IT Governance and Why Should I Care? Presentation for American Society for Quality Software SIG (509/511) July 25, 2017 Introduction Stakeholders across an organization
More informationCONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH
CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH OVERVIEW The following topics will be addressed: A broad outline of the role of the internal
More informationLeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT
LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT This policy provides an overview of the bank s risk management process and defines the broad responsibilities for overseeing corporate governance and
More informationE D M O N T O N ADMINISTRATIVE PROCEDURE
DEPARTMENT FINANCIAL AND CORPORATE SERVICES DELEGATED AUTHORITY CONTACT GENERAL MANAGER, CFO & TREASURER CORPORATE MANAGER, ENTERPRISE RISK MANAGEMENT DEFINITIONS The definitions used in City Policy C587
More informationGood Corporate Governance (GCG) Being a good corporate citizen is good risk management
Good Corporate Governance (GCG) Being a good corporate citizen is good risk management Margaret Jackson Chairman Qantas Airlines, March 2004 Being a good corporate citizen is good risk management Margaret
More informationRisk Management Policy
9 Spokes International Limited Risk Management Policy Last Updated: May 2016 9 Spokes International Limited Risk Management Policy 1 Contents 1 Introduction... 3 2 Purpose... 3 3 Scope... 3 4 General roles
More informationCOBIT 5 for Information Security. Dr. Derek J. Oliver Co-Chair, COBIT 5 Task Force
COBIT 5 for Information Security Dr. Derek J. Oliver Co-Chair, COBIT 5 Task Force First, a bit of background Just to level the playing field COBIT 5 Objectives o ISACA Board of Directors: tie together
More informationThe Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector
The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational
More informationDeloitte Governance Framework and Maturity Model
Deloitte Governance Framework and Maturity Model Deloitte Governance Framework The Deloitte Governance Framework was developed to help boards and executive management assess the effectiveness of the organization
More informationActive Essex Risk Management Strategy
Active Essex Risk Management Strategy 2017-2021 November 2017 Contents 1. Policy Statement 2. Statement of Commitment 3. Risk Management Framework 4. Risk Appetite 5. Risk Maturity 6. Risk Management Levels
More informationTaking ERM to a. 6 GRC Today / October 2015
GLOBAL SCALE 6 GRC Today / October 2015 Global Scale lobal events highlighted by G business scandals, failures, information theft, and natural disasters have shone the spotlight yet again on risk management
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More informationChanging Hats: Business Continuity to Operations Risk Manager. Presenter
Changing Hats: Business Continuity to Operations Manager Continuity Insights Management Conference New Orleans, Louisiana Tuesday, April 13, 2008 9:45 11:00 AM Presenter Susan Rogers, MBCP Senior Vice
More informationEnterprise Risk Management Montana State Fund
Enterprise Risk Management Montana State Fund Report to the Board January 28, 2011 Presented by: Mary Peter, Director of Enterprise Risk Management Enterprise Risk Management (ERM) Defined An integrated
More informationRisk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade
Risk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade All Comments Presented Here and Discussed Represent the View of the Speaker and Are Not Necessarily the
More informationOPERATIONAL RISK EXAMINATION TECHNIQUES
OPERATIONAL RISK EXAMINATION TECHNIQUES 1 OVERVIEW Examination Planning Oversight Policies, Procedures, and Limits Measurement, Monitoring, and MIS Internal Controls and Audit 2 Risk Assessment: Develop
More informationCobit 5! Not just for your Auditor!! Fusion (Cobit as an approach to Business & IT Alignment)! Integra(on
Cobit 5! Not just for your Auditor!! Fusion (Cobit as an approach to Business & IT Alignment)! Integra(on Cobit 5! John Krogh Twitter: @jakrogh Blog: www.johnakrogh.com! proven experience proven tactics
More informationTHE ENTERPRISE AND RISK MANAGEMENT POLICY
Appendix 10 THE ENTERPRISE AND RISK MANAGEMENT POLICY 1. INTRODUCTION The Manila Water Company, Inc. (Manila Water) operates in a regulated and dynamic business environment where uncertainties, both detrimental
More informationCORPORATE GOVERNANCE KING III COMPLIANCE
CORPORATE GOVERNANCE KING III COMPLIANCE Analysis of the application as at March 2013 by AngloGold Ashanti Limited (AngloGold Ashanti) of the 75 corporate governance principles as recommended by the King
More informationAudit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016
Audit, Risk and Compliance Committee Terms of Reference Atlas Mara Limited (The "COMPANY") Amendments approved by the Board on 22 March 2016 1. OVERVIEW 1.1 The primary objective of the committee is to
More informationCreating a Risk Intelligent Enterprise: Risk governance
Creating a Risk Intelligent Enterprise: Risk governance Risk governance: Overseeing risk and risk management Robust risk governance drives a consistent and coordinated approach to risk across the organization
More informationEnvironmental Reporting Guidance: CSA Staff Notice What does it mean, why does it matter and where do you go from here?
Environmental Reporting Guidance: CSA Staff Notice 51-333 What does it mean, why does it matter and where do you go from here? Increasing the transparency and quality of environmental disclosures On October
More informationB U S I N E S S R I S K M A N A G E M E N T L T D
B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop
More informationSPTF Universal Standards for. Social Performance. Management. Version 2.0, Published August 2016
SPTF Universal Standards for Social Performance Version 2.0, Published August 2016 Management Pathway to Improved Practice REPORT 5 1 LEARN Responsible Inclusive Finance 2 ASSESS IMPLEMENT 4 PLAN 3 The
More informationRole of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018
Role of Board of Directors in Risk Management Presentation by: CPA Erick Audi Thursday, 15 th November 2018 Uphold public interest Presentation Agenda Introduction & Definitions Legal Provisions/Guidelines
More informationCORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE
CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE What is on the agenda Corporate Governance: In Theory Brief history The concept Principles Corporate Governance: In Practice Corporate governance elements
More informationSeptember 17, 2012 Pittsburgh ISACA Chapter
September 17, 2012 Pittsburgh ISACA Chapter What is COBIT? Control Objectives for Information and related Technologies ISACA s guidance on the enterprise governance and management of IT. Builds on more
More informationGLOBAL ADVOCACY PLATFORM
GLOBAL ADVOCACY PLATFORM 2 INTRODUCTION The Global Advocacy Platform has been developed to support the advocacy efforts of IIA institutes, chapters, volunteers, members, and other practitioners and stakeholders
More informationPRACTICE. Reframing risk BY MARK BUTTERWORTH
Feature PRACTICE Reframing risk As the major revision of one of the world s most influential pieces of guidance on risk turns one year old, what does COSO ERM mean to the profession? BY MARK BUTTERWORTH
More information"IT Governance Helping Business Survival
"IT Governance Helping Business Survival Steve Crutchley CEO & Founder Consult2Comply www.consult2comply.com Introduction Steve Crutchley Founder & CEO of Consult2Comply 39 Years IT & Business Experience
More informationNATIONAL AUSTRALIA BANK LIMITED ACN BOARD RISK COMMITTEE CHARTER
NATIONAL AUSTRALIA BANK LIMITED ACN 004 044 937 BOARD RISK COMMITTEE CHARTER 1 Purpose of Charter This Charter sets out the authority, responsibilities, membership and terms of operation of the Board Risk
More informationCertification Candidates Examination Guide
Certification Candidates Examination Guide Certification Candidates Examination Guide V2 5 Page 1 of 15 Contents Introduction... 3 Knowledge Based Examination... 3 Body of Knowledge... 3 1. Domains...
More informationIn Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal
More informationQuality Assessments what you need to know
Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches
More informationERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2
Practical Enterprise Risk Management (ERM) Casualty Loss Reserve Seminar, Fall 2013 Agenda ERM 101 2 Building an effective ERM program 8 Case study 28 Lessons learned 34 Q&A 38 1 Practical Enterprise Risk
More informationIT Management & Governance Tool Assess the importance and effectiveness of your core IT processes
IT & Governance Tool Assess the importance and effectiveness of your core IT processes STRATEGY& GOVERNANCE IT & Governance Framework APPS EDM01 ITRG04 DATA &BI ITRG06 IT Governance Application Portfolio
More informationGovernance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
More informationEmerging Trends in Auditing ERM COSO ERM 2017
Emerging Trends in Auditing ERM COSO ERM 2017 AGENDA Our Agenda for today will Include; Introducing COSO ERM 2017. Organizational Bias Risk - Aware Culture Risk Portfolio View. Risk Appetite & Tolerance.
More informationSelf Assessment Workbook
Self Assessment Workbook Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Deposit Insurance Corporation of Ontario Applicability The Self Assessment Workbook:
More informationTexas Tech University System
Texas Tech University System October 31, 2017 ERM Overview Evolution of Risk Management Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster Minimizing
More informationInternal Control Integrated Framework. An IAASB Overview September 2016
Internal Control Integrated Framework An IAASB Overview September 2016 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing
More informationInternal Control Integrated Framework. An IAASB Overview September 2016
Internal Control Integrated Framework An IAASB Overview September 2016 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing
More informationAgenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.
Agenda 1 Agenda Definitions and Processes Risks Audit & ERM Key Strategies Conclusions 2 2017 1 ERM: Definition From Wikipedia, the free encyclopedia ERM in business includes the methods and processes
More informationGeneral Comments. Comments on CEBS Consultation Paper CP 24 ( high-level principles for risk management )
Comments on CEBS Consultation Paper CP 24 ( high-level principles for risk management ) Background and introduction.omissis General Comments AIFIRM welcomes CEBS CP24 proposal as a sign understanding of
More informationICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com
ICAAP Engaging the business in risk management A presentation to FIDE Forum by Penny Fosker 10 January 2013 1 Agenda What is an ICAAP and what s in it for me? Managing capital and risk or managing my business?
More information5 DAY MBA. Certified Enterprise Risk Management
5 DAY MBA Certified Enterprise Risk Management Certified by the International Academy of Business and Financial Management A leading provider of training and educational programs worldwide Incorporated
More informationNext-generation enterprise risk management
Next-generation enterprise risk management Advancing strategy and performance in light of the COSO 2017 refresh Heading into the beginning of the year, the EY Center for Board Matters published the Top
More informationMANAGING RISK AT SUNCORP
SUNCORP GROUP LIMITED CORPORATE GOVERNANCE MANAGING RISK AT SUNCORP 1 MANAGING RISK AT SUNCORP Managing risk is a key contributor to Suncorp Group's success. The Board and management recognise that an
More informationDirector Training and Qualifications
4711 Yonge Street Suite 700 Toronto ON M2N 6K8 Telephone: 416-325-9444 Toll Free 1-800-268-6653 Fax: 416-325-9722 4711, rue Yonge Bureau 700 Toronto (Ontario) M2N 6K8 Téléphone : 416 325-9444 Sans frais
More informationGAIT FOR BUSINESS AND IT RISK
GAIT FOR BUSINESS AND IT RISK (GAIT-R) The Institute of Internal Auditors March 2008 Table of Contents 1. Introduction...1 2. Executive Summary...2 3. Why GAIT-R?...4 4. The GAIT-R Principles...6 5. GAIT-R
More information