ISACA. The recognized global leader in IT governance, control, security and assurance

Size: px
Start display at page:

Download "ISACA. The recognized global leader in IT governance, control, security and assurance"

Transcription

1 ISACA The recognized global leader in IT governance, control, security and assurance

2 High-level session overview 1. CRISC background information 2. Part I The Big Picture

3 CRISC Background information

4 About the CRISC Exam The content of the 2011 CRISC Review Manual is based on the CRISC job practice found at There are 5 domains in the CRISC job practice The CRISC exam is a practice-based exam. Simply reading the material in this manual will not properly prepare candidates for the exam. No representations or warranties are made by ISACA in regard to this or other ISACA publications assuring candidates passage of the CRISC exam. This publication was produced independently of the CRISC Certification Committee, which has no responsibility for the content of this manual.

5 About the CRISC Exam The CRISC certification is designed to meet the growing demand for professionals who can integrate enterprise risk management (ERM) with discrete IS control skills. The technical skills and practices the CRISC certification promotes and evaluates are the building blocks of success in this growing field, and the CRISC designation demonstrates proficiency in this role.

6 Exam Relevance Ensure that the CRISC candidate Has the practical knowledge required to perform the tasks described in the task and knowledge statements. The percentages listed with the domains indicate the emphasis or percentage of questions that will appear on the exam from each domain. For a description of each domain s task and knowledge statements, visit Note: The concepts introduced in In this manual are considered a fundamental part of the CRISC job practice. % of Total Exam Questions Domain 5; 18% Domain 1; 31% Domain 4; 17% Domain 3; 17% Domain 2; 17%

7 About the CRISC Exam The exam in 200 multiple choice questions. CRISC exam questions are developed with the intent of measuring and testing practical knowledge and the application of general concepts and standards. All questions are designed with one best answer. The candidate is asked to choose the correct or best answer from the options. Good preparation for the CRISC exam can be achieved through an organized plan of study. To assist individuals with the development of a successful study plan, ISACA offers study aids and review courses to exam candidates. See to view the ISACA study aids that can help prepare for the exam

8 Manual Setup The CRISC Review Manual 2011 is organized into three parts: Part I The Big Picture: How Risk Management Relates to Risk Governance Part II Risk Management and Information Systems Control Theory and Concepts Part III Risk Management and Information Systems Control in Practice

9 Additional Resources Study Questions, Answers and Explanations Glossary Suggested Resources for Further Study List of Exhibits The CRISC candidate also may find it useful to study the CRISC Review, Questions, Answers & Explanations Manual 2011, which consists of 100 multiple-choice study questions.

10 CRISC Review Course Part I The Big Picture: How Risk Management Relates to Risk Governance

11 Exam Relevance Discuss specific topics within the chapter Case Study Sample Questions Key Terms (Definition and Acronyms) Suggested Reading Section Overview

12 Part 1 Learning Objectives As a result of completing this chapter, the CRISC candidate should be able to: q Differentiate between risk management and risk governance q Identify the roles and responsibilities for risk management q Distinguish between various risk management methodologies q Apply and differentiate the standards, practices and principles of risk management q List the main tasks related to risk governance q Recognize relevant risk management standards, frameworks and practices q Explain the meaning of key risk management concepts, including risk appetite and risk tolerance

13 ISACA Trust in, and value from, information systems

14 Section Topic Risk Management

15 Section Topics Risk Management Essentials of Risk Governance Risk Appetite and Risk Tolerance Risk Awareness and Communication Risk Culture

16 Overview of Risk Management Risk Management: Is the process of balancing the risk associated with business activities with an adequate level of control that will enable the business to meet its objectives. Holistically covers all concepts and processes affiliated with managing risk, including the systematic application of management policies, procedures and practices; the tasks of communicating, consulting, establishing the context; and identifying, analyzing, evaluating, treating, monitoring and reviewing risk.

17 Risk Risk reflects the combination of the likelihood of events occurring and the impact those events have on the enterprise. Risk the potential for events and their consequences, contains both: Opportunities for benefit (upside) Threats to success (downside)

18 Risk and Opportunity Management Guiding Principles for Effective Risk Management 1. Maintain Business Objective Focus 2. Integrate IT Risk Management Into Enterprise Risk Management (ERM) 3. Balance The Costs And Benefits Of Managing Risk 4. Promote Fair And Open Communication 5. Establish Tone At The Top And Assign Personal Accountability 6. Daily Process With Continuous Improvement

19 Responsibility vs. Accountability Responsibility belongs to those who must ensure that the activities are completed successfully. Accountability applies to those who either own the required resources or those who have the authority to approve the execution and/or accept the outcome of an activity within specific risk management processes.

20 Responsibility vs. Accountability

21 The CRISC executes on: Risk evaluation Risk response activities Risk Management Roles and Responsibilities The CRISC functions within the risk governance framework established within the enterprise

22 Section Topics Risk Management Frameworks, Standards and practices

23 Relevance of Risk Management Frameworks, Standards and Practices Risk Management Frameworks, standards and practices matter to the CRISC because they: Provide a view of things to watch Act as a guide to focus efforts Help achieve business objectives Provide credibility Save time and cost

24 Frameworks Framework Generally accepted, business process-oriented structures that establish a common language and enable repeatable business processes The Risk IT Framework is an example

25 Standards Standards Established mandatory rules, specifications and metrics used to measure compliance against quality, value, etc. Standards are usually intended for compliance purposes IT Audit and Assurance Standards are an example

26 Practices Practices are frequent or unusual actions performed as an application of knowledge. Practices are issued by a recognized authority Leading Practices are actions that optimally apply knowledge in a particular area. Practices are usually derived from supplement/support standards and frameworks The Risk IT Practitioner Guide is an example

27 Section Topic ESSENTIALS OF Risk Governance

28 Relevance of Risk Governance Risk is an integral part of business Risk is a core factor related to the stability, growth and success of the organization Risk represents the opportunity for growth and levels of profit Risk poses the possibility of loss or damage to the business objectives Risk governance addresses the oversight of the business risk strategy of the enterprise

29 Overview of Risk Governance Risk governance is the domain of the enterprises senior management and shareholders. This group is responsible for: Establishing the organizations risk culture and acceptable levels of risk Setting up the risk framework Ensuring effectiveness of the risk management function

30 Objectives of Risk Governance Risk governance has three main objectives: 1. Establishing and maintaining a common risk view 2. Integrating risk management into the enterprise 3. Making risk-aware business decisions

31 An effective risk governance foundation requires : Foundation of Risk Governance 1. An understanding and consensus with respect to the risk appetite and risk tolerance of the enterprise 2. An awareness of risk and of the need for effective communication about risk throughout the enterprise 3. An understanding of the elements of risk culture

32 Objectives of Risk Governance cont. 1. Establishing and maintaining a common risk view Determines which controls are necessary to mitigate risk Determines how risk based controls are integrated into business processes and IS Risk governance function oversees the operations of the risk management team

33 2. Integrating risk management into the enterprise Enforces a holistic ERM approach for the enterprise Objectives of Risk Governance cont. Requires integration of RM into every departments, function, system and geographical location

34 Objectives of Risk Governance cont. 3. Making risk-aware business decisions Consider the full range of opportunities and consequences each statement through out the enterprise; society, and the environment

35 Essentials of Risk Governance Risk Appetite and Tolerance

36 Risk Appetite and Risk Tolerance Definitions Risk appetite The amount of risk, on a broad level, that an entity is willing to accept in pursuit of its mission Risk tolerance The acceptable level of variation that management is willing to allow for any particular risk as it pursues its objectives

37 Risk Appetite and Risk Tolerance cont. How Risk Appetite relates to risk scenarios with varying Frequency and Magnitude Frequency How often is the event expected to occur? Magnitude What is the impact to the enterprise when the event occurs?

38 Risk Appetite and Risk Tolerance cont. Applicable Guidelines for Risk Appetite and Risk Tolerance Connectivity of risk appetite and risk tolerance Review and approval of exceptions to risk tolerance standards Risk appetite and tolerance change over time Cost of risk mitigation options can affect risk tolerance

39 Essentials of Risk Governance Risk Awareness and Communication

40 Risk Awareness and Communication Description Risk awareness is about acknowledging that risk is an integral part of the business Risk communication stresses that is risk is to be managed and mitigated, it must first be discussed and effectively communicated throughout the enterprise

41 Risk Awareness and Communication cont. Good vs. Poor Communication Benefits of good communication include contributing to managements understanding of exposures, awareness, and transparency to external stakeholders Consequences of poor communication include a false sense of confidence relating to exposure, incorrect perception by external stakeholders and perception that the enterprise lacks transparency with external stakeholders

42 Types of Risk Information To Be Communicated Risk Awareness and Communication cont. Expectations from risk management (strategy, policies, procedures, awareness, training, etc.) Current risk management capability (risk management, process maturity) Status with regard to IT risk (risk profile, key risk indicators, loss data, etc.)

43 Key Concepts of Risk Governance Elements of Effective Communication Clear Concise Useful Timely Aimed at the correct target audience Available on a need-to-know basis

44 Stakeholder Communication Inputs and Outputs Key Concepts of Risk Governance It is important for the CRISC to know what types of information should come from and go to various stakeholders

45 Essentials of Risk Governance Risk culture

46 Risk Culture cont. Overview of a Risk-Aware Culture ü ü ü ü Allows for open discussions about risk components Acceptable levels of risk are understood and maintained Begins at the top (board and executive) Set direction Communicate risk-aware decision making Reward effective risk management behaviors Implies that all levels are aware of how and when to respond to adverse IT events

47 Risk Culture Risk-Aware Culture is a series of behaviors Behaviors toward taking risk Behavior toward negative outcomes Behavior toward policy compliance Symptoms of inadequate or problematic risk culture include: Misalignment between real risk appetite and translation into policies Existence of a blame culture

48 Case Study & Practice questions

49 Case Study Company XYZ has four offices located in the US, Canada, China, and Egypt. The company currently has four separate risk management plans and programs and while the offices all serve independent functions and have separate technology infrastructures, the plans are not integrated nor have ever been shared. The company plans to IPO in the US later this year and the companies CEO and board of directors has just directed the enterprise to build a centralized risk management and governance program. You are the CRISC for your location s IT shop. Based on the topics discussed in this chapter, how would you participate?

50 Practice Question 1 X-1. Risk management should consider the following aspect(s) of risk: Thresholds Consequences Both, opportunities and threats Both, opportunities and thresholds

51 Practice Question 2 X-2. What factors chance risk appetite and tolerance: New technology New organizational structures New market conditions All of the above

52 Practice Question 3 X-3. Which of the following statements is true: Risk tolerance is the amount of risk the company is willing to accept Risk appetite is the acceptable variance relative to objective achievement Risk tolerance is the acceptable variance relative to objective achievement Risk tolerance level is based on the enterprise s ability to absorb loss

53 Practice Question 4 X-4. What risk components should be communicated? Expectations from process owners Status with regard to IT risk Future risk exposure Status with regard to Operational Risk

54 Practice Question 5 X-5. The IT risk action plan is an output communication from? CRISC Chief Information Officer IT Management Chief Risk Officer and the Enterprise Risk Management Committee

55 Definitions and acronyms

56 Acronym Review Review Guide Reference Source/Page Acronyms Definition I-D-1 CRO Chief Risk Officer I-D-1 CIO Chief Information Officer I-F-2 ERM Enterprise Risk Management

57 Definition Review Review Guide Reference Source/Page Word Definition I-C-1 Risk Reflects the combination of the likelihood of events occurring and the impact those events have on the enterprise. Risk means the potential for events and their consequences contains both: Opportunities for benefit (upside) & Threats to success (downside) I-D-1 Responsibility Belongs to those who must ensure that the activities are completed successfully I-D-1 Accountability Applies to those who own the required resources; has the authority to approve the execution and/or accept the outcome of an activity within specific risk management processes I-E-2 Standards Establish mandatory rules, specifications and metrics used to measure compliance against quality, value, etc. Standards are usually intended for compliance purposes and to provide assurance to others who interact with a process or outputs of a process I-E-2 Practices Are frequent or usual actions performed as an application of knowledge They are issued by a recognized authority that is appropriate to the subject matter. Issuing bodies may include professional associations and academic institutions or commercial entities such as software vendors. They are generally based on a combination of research, expert insight and peer review. Note: Practices usually are derived from and supplement/support standards and frameworks and are the least formal of the three.

58 Definition Review Review Guide Reference Source/Page Word Definition I-E-2 Leading Practice An action that optimally applies knowledge in a particular area I-F-3 Risk Appetite The broad-based amount of risk a company or other entity is willing to accept in pursuit of its mission (or vision) I-F-3 Risk Tolerance The acceptable variation relative to the achievement of an objective (and often is best measured in the same units as those used to measure the related objective) I-F-6 Risk Awareness Is about acknowledging that risk is an integral part of the business. This does not imply that all risk is to be avoided or eliminated, but rather that: Risk is well understood and known. IT risk issues are identifiable. The enterprise recognizes and uses the means to manage risk.

59 Supplemental Exercises

60 Big Picture Exercise 1 Your Answer For each identify is it is considered a Framework, Standard or Practice: COBIT 4.1 Correct Answer Framework Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE) Practice PCI Data Security Standard (PCI DSS) Standard NIST Special Publication (SP) , Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems ISO 31000:2009 (at the time of this manual s publication, the newest for general purpose risk management) The Risk IT Framework Practice Standard Framework The Risk IT Practitioner Guide Practice

61 Big Picture Exercise 2 Your Answer Identify the stakeholder for risk communication flow input and output Correct Answer Input - Current IT risk exposure/profile Output - Potential IT risk issues Input - Audit findings Executive management and board All Employees Risk control functions Output - Support on risk awareness initiatives Human resources (HR) Input - Enterprise appetite for IT risk Output - Financial information with regard to IT and IT programmes/projects (budget, actual, trends, etc.) Chief information officer (CIO) Chief financial officer (CFO) Output - Audit findings Compliance and audit

62 Big Picture Exercise 2 Your Answer Identify the stakeholder for risk communication flow input and output Correct Answer Input - Control and compliance monitoring External Auditor Output - Key performance objectives Input - Ongoing changes to IT risk factors Output - IT risk mitigation strategy and plan, including assignment of responsibility and development of metrics Input - Summary IT risk reports, including residual risk, controls maturity levels and audit findings Input - Risk awareness expectations Executive management and board Business management and business process owners IT management (including security and service management) Insurer All Employees Input - IT risk register Chief risk officer (CRO) and enterprise risk committee

63 Big Picture Exercise 2 Your Answer Identify the stakeholder for risk communication flow input and output Correct Answer Output - Audit findings External Auditor Input - Key performance objectives Output - IT risk reports Chief financial officer (CFO) Risk control functions Input - In general, all communications intended for the board and executive management Input - Executive summary risk reports Regulator Investors Output - Insurance coverage (property, business interruption, directors and officers) Insurer Output - Business impact of the IT risk and impacted business units Chief information officer (CIO)

64 Big Picture Exercise 2 Your Answer Identify the stakeholder for risk communication flow input and output Correct Answer Input - Risk awareness expectations Human resources (HR) Output - Enterprise appetite for IT risk Output - Risk tolerance levels for their portfolio of investments Chief risk officer (CRO) and enterprise risk committee Investor Input - IT risk RACI charts Compliance and audit Output - Control and compliance monitoring Output - Requirements for controls and reporting Business management and business process owners Regulator Input - Key performance objectives IT management (including security and service management)

65 Suggested resources for further study

66 Risk IT Framework and Practitioner Guides Val IT Framework 2.0 COBIT 4.1 Suggested Resources for Further Study See your CRISC Review Manual for more sources of information.

Strengthening Your Enterprise Risk Management Process

Strengthening Your Enterprise Risk Management Process Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise

More information

Certificate in Internal Audit 3

Certificate in Internal Audit 3 Certificate in Internal Audit 3 Risk Based Auditing- the next level Who should attend? Heads of Audit, Audit managers and senior auditors Auditors responsible for developing or implementing a risk based

More information

Charter for Enterprise Risk Management

Charter for Enterprise Risk Management for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1

More information

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

Lya Villasuso OECD Corporate Affairs Division Response  ed to: RE: Corporate Governance and the Financial Crises Richard F. Chambers Certified Internal Auditor Certification in Control Self-Assessment Certified Government Auditing Professional President April 16, 2009 Lya Villasuso OECD Corporate Affairs Division

More information

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II S P E A K E R : D O T T. FA B I O A C C A R D I C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R

More information

CGEIT Certification Job Practice

CGEIT Certification Job Practice CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge

More information

Sample Strategy and Value Oversight Policy

Sample Strategy and Value Oversight Policy Sample Strategy and Value Oversight Policy This document provides a sample Strategy & Value Oversight policy which includes a high level overview of the key roles and responsibilities of the various participants.

More information

CRISC EXAM PREP COURSE: SESSION 4

CRISC EXAM PREP COURSE: SESSION 4 CRISC EXAM PREP COURSE: SESSION 4 Job Practice 2 Copyright 2016 ISACA. All rights reserved. DOMAIN 4 RISK AND CONTROL MONITORING AND REPORTING Copyright 2016 ISACA. All rights reserved. Domain 4 Continuously

More information

CGEIT QAE ITEM DEVELOPMENT GUIDE

CGEIT QAE ITEM DEVELOPMENT GUIDE CGEIT QAE ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS PURPOSE OF THE CGEIT ITEM DEVELOPMENT GUIDE 3 PURPOSE OF THE CGEIT QAE... 3 CGEIT EXAM STRUCTURE... 3 WRITING QUALITY ITEMS... 3 MULTIPLE-CHOICE ITEMS...

More information

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests. Principles Principle 1 - Meeting stakeholder needs The governing body is ultimately responsible for setting the direction of the organisation and needs to account to stakeholders specifically owners or

More information

International Standards for the Professional Practice of Internal Auditing (Standards)

International Standards for the Professional Practice of Internal Auditing (Standards) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the

More information

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM) The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview

More information

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM) 1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management

More information

Sample Corporate Risk Management Policy

Sample Corporate Risk Management Policy Sample Corporate Risk Management Policy This document provides a sample Risk Management policy which includes an overview of the key roles and responsibilities of the various stakeholders. Risk Oversight

More information

Risk Management Policy

Risk Management Policy Risk Management Policy 2015 Steadfast Group Limited ABN: 98 073 659 677 Risk Management Policy 1 ABN: 98 073 659 677 2013 Steadfast Group Limited Contents 1. INTRODUCTION 2 2. POLICY INTENT 2 3. POLICY

More information

International Standards for the Professional Practice of Internal Auditing (Standards)

International Standards for the Professional Practice of Internal Auditing (Standards) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent

More information

GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY

GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY As approved by the Board of Directors at their meeting held on 11.11.2014. 1 P a g e Contents 1. Risk Management...3 2. Policy...3 3. Risk Management Philosophy...3

More information

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson COSO ERM: Integrating with Strategy and Performance Michael Parkinson Content The COSO Frameworks Risk (Enterprise) Risk Management The COSO risk management framework A few highlights Questions for management

More information

SAMPLE BEC SuperfastCPA Review Notes

SAMPLE BEC SuperfastCPA Review Notes BEC 2018 SuperfastCPA Review Notes Table of Contents Corporate Governance 1 Internal Control Frameworks 1 Enterprise Risk Management Frameworks 6 Other Regulatory Frameworks and Provisions 10 Economic

More information

CGEIT ITEM DEVELOPMENT GUIDE

CGEIT ITEM DEVELOPMENT GUIDE CGEIT ITEM DEVELOPMENT GUIDE Updated March 2017 TABLE OF CONTENTS Content Page Purpose of the CGEIT Item Development Guide 3 CGEIT Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps

More information

If It s not a Business Initiative, It s not COBIT 5

If It s not a Business Initiative, It s not COBIT 5 If It s not a Business Initiative, It s not COBIT 5 Steve Romero CISSP PMP CPM Romero Consulting Core Competencies C22 CRISC CGEIT CISM CISA 1 9/13/2013 1 COBIT Page 11 COBIT 5 product family 2 COBIT Page

More information

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018 Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) ATTRIBUTE STANDARDS 1000 Purpose, Authority and Responsibility The purpose, authority, and responsibility of the internal

More information

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy

More information

Enhanced Risk Management Policy

Enhanced Risk Management Policy Enhanced Risk Management Policy Approved By: City Council Category: General Administration Approval Date: September 12, 2001 Effective Date: September 12, 2001 Revision Approved By: Revision Date: August,

More information

Enterprise risk management Protecting and enhancing value Advisory

Enterprise risk management Protecting and enhancing value Advisory Enterprise risk management Protecting and enhancing value Advisory October 2016 kpmg.co.za 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member

More information

More than 2000 organizations use our ERM solution

More than 2000 organizations use our ERM solution 5 STEPS TOWARDS AN ACTIONABLE RISK APPETITE Contents New Defining Pressures Risk Appetite and Risk Tolerance Benefits The 5 Best of Practices Risk Assessments Benefits of an Actionable Risk Appetite More

More information

RISK MANAGEMENT REPORT

RISK MANAGEMENT REPORT RISK MANAGEMENT REPORT RISK POLICY STATEMENT Robust and effective management of risks is an essential and integral part of corporate governance. It helps to ensure that the risks encountered in the course

More information

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards IRM s Professional Standards in Risk PART 1 Consultation: Functional Standards Setting standards Building capability Championing learning and development Raising the risk profession s profile Supporting

More information

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 Page 1 of 16 Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 The content of BEC Study Unit 2, Subunit 2, has undergone extensive edits due to the 2017

More information

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model Institute of Internal Auditors, Detroit Chapter Meeting February 2019 With you today Sarah Ann Moore Director Internal Audit and Enterprise

More information

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00 Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with

More information

Canadian Insurance Accountants Association

Canadian Insurance Accountants Association www.pwc.com/ca Canadian Insurance Accountants Association Corporate Governance Rising Expectations Presented By: Sandeep Dhiman May 20, 2015 Agenda 1. Current Corporate Governance Environment 2. Hot Topics

More information

Braindumps COBIT5 50q

Braindumps COBIT5 50q Braindumps COBIT5 50q Number: COBIT5 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Isaca COBIT 5 COBIT 5 Foundation I have correct many of questions answers. If there

More information

Risk Management at Statistics Canada

Risk Management at Statistics Canada Risk Management at Statistics Canada Presentation to Workshop on Risk Management Practices in Statistical Organizations J. Mayda April 25 th, 2016 Introduction Statistics Canada has had a formal Integrated

More information

Technology s Role in Enterprise Risk Management

Technology s Role in Enterprise Risk Management FEATURE Technology s Role in Enterprise Risk Management www.isaca.org/currentissue The new COSO ERM framework document, Enterprise Risk Management Integrating With Strategy and, 1 is expected to have a

More information

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the

More information

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide CITIBANK N.A JORDAN Governance and Management of Information and Related Technologies Guide 2018 Table of Contents 1. OVERVIEW... 2 2. Governance of Enterprise IT... 3 3. Principles of Governance of Enterprise

More information

RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM

RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM Approved by the System Council at its 5 th meeting (SC/M5/DP12) 10 November 2017 CGIAR System Organization Page 1 of 9 Introduction 1. The scope of CGIAR s

More information

Tactical Implementation of Enterprise Risk Management

Tactical Implementation of Enterprise Risk Management Tactical Implementation of Enterprise Risk Management Presented by: Glen Cooper Copyright Tactical Implementation of ERM CONGRATULATIONS YOU HAVE SUCCESSFULLY MADE YOUR BUSINESS CASE AND ACHIEVED MANAGEMENT

More information

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management Leveraging ERM to meet regulatory requirements and create business value Susan Hwang, National Leader, Enterprise Risk Management Flora Do, Senior Manager, Enterprise Risk Management March 27, 2012 With

More information

EY Center for Board Matters. Leading practices for audit committees

EY Center for Board Matters. Leading practices for audit committees EY Center for Board Matters for audit committees As an audit committee member, your role is increasingly complex and demanding. Regulators, standard-setters and investors are pressing for more transparency

More information

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be Enterprise Risk Management The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be 2 Enterprise Risk Management Table of content 1. Introduction...05 2. Takeaways...07 3. Key

More information

and COBIT 5 ISACA STRATEGIC ADVISORY BOARD VICE PRESIDENT STRATEGY & INNOVATION CA TECHNOLOGIES 2012 ISACA. All Rights Reserved.

and COBIT 5 ISACA STRATEGIC ADVISORY BOARD VICE PRESIDENT STRATEGY & INNOVATION CA TECHNOLOGIES 2012 ISACA. All Rights Reserved. Comparing COBIT4.1 and COBIT 5 ROBERT E STROUD CGEIT CRISC ISACA STRATEGIC ADVISORY BOARD VICE PRESIDENT STRATEGY & INNOVATION CA TECHNOLOGIES 1 2012 ISACA. All Rights Reserved. Comparing COBIT 4.1 and

More information

29/11/2017. Risk Management Policy

29/11/2017. Risk Management Policy 1 Purpose APA Group (APA) is Australia s leading energy infrastructure business delivering smart, reliable and safe solutions through our deep industry knowledge and interconnected infrastructure. Risk

More information

Session 7: Corporate Governance

Session 7: Corporate Governance Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

More information

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note

More information

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

METROPOLITAN TRANSPORTATION AUTHORITY

METROPOLITAN TRANSPORTATION AUTHORITY ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation

More information

Selftestengine COBIT5 36q

Selftestengine COBIT5 36q Selftestengine COBIT5 36q Number: COBIT5 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Isaca COBIT 5 COBIT 5 Foundation I have correct many of questions answers.

More information

Aligning Corporate Governance with IT Governance and Why Should I Care?

Aligning Corporate Governance with IT Governance and Why Should I Care? Aligning Corporate Governance with IT Governance and Why Should I Care? Presentation for American Society for Quality Software SIG (509/511) July 25, 2017 Introduction Stakeholders across an organization

More information

CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH

CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH OVERVIEW The following topics will be addressed: A broad outline of the role of the internal

More information

LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT

LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT This policy provides an overview of the bank s risk management process and defines the broad responsibilities for overseeing corporate governance and

More information

E D M O N T O N ADMINISTRATIVE PROCEDURE

E D M O N T O N ADMINISTRATIVE PROCEDURE DEPARTMENT FINANCIAL AND CORPORATE SERVICES DELEGATED AUTHORITY CONTACT GENERAL MANAGER, CFO & TREASURER CORPORATE MANAGER, ENTERPRISE RISK MANAGEMENT DEFINITIONS The definitions used in City Policy C587

More information

Good Corporate Governance (GCG) Being a good corporate citizen is good risk management

Good Corporate Governance (GCG) Being a good corporate citizen is good risk management Good Corporate Governance (GCG) Being a good corporate citizen is good risk management Margaret Jackson Chairman Qantas Airlines, March 2004 Being a good corporate citizen is good risk management Margaret

More information

Risk Management Policy

Risk Management Policy 9 Spokes International Limited Risk Management Policy Last Updated: May 2016 9 Spokes International Limited Risk Management Policy 1 Contents 1 Introduction... 3 2 Purpose... 3 3 Scope... 3 4 General roles

More information

COBIT 5 for Information Security. Dr. Derek J. Oliver Co-Chair, COBIT 5 Task Force

COBIT 5 for Information Security. Dr. Derek J. Oliver Co-Chair, COBIT 5 Task Force COBIT 5 for Information Security Dr. Derek J. Oliver Co-Chair, COBIT 5 Task Force First, a bit of background Just to level the playing field COBIT 5 Objectives o ISACA Board of Directors: tie together

More information

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational

More information

Deloitte Governance Framework and Maturity Model

Deloitte Governance Framework and Maturity Model Deloitte Governance Framework and Maturity Model Deloitte Governance Framework The Deloitte Governance Framework was developed to help boards and executive management assess the effectiveness of the organization

More information

Active Essex Risk Management Strategy

Active Essex Risk Management Strategy Active Essex Risk Management Strategy 2017-2021 November 2017 Contents 1. Policy Statement 2. Statement of Commitment 3. Risk Management Framework 4. Risk Appetite 5. Risk Maturity 6. Risk Management Levels

More information

Taking ERM to a. 6 GRC Today / October 2015

Taking ERM to a. 6 GRC Today / October 2015 GLOBAL SCALE 6 GRC Today / October 2015 Global Scale lobal events highlighted by G business scandals, failures, information theft, and natural disasters have shone the spotlight yet again on risk management

More information

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )

More information

Changing Hats: Business Continuity to Operations Risk Manager. Presenter

Changing Hats: Business Continuity to Operations Risk Manager. Presenter Changing Hats: Business Continuity to Operations Manager Continuity Insights Management Conference New Orleans, Louisiana Tuesday, April 13, 2008 9:45 11:00 AM Presenter Susan Rogers, MBCP Senior Vice

More information

Enterprise Risk Management Montana State Fund

Enterprise Risk Management Montana State Fund Enterprise Risk Management Montana State Fund Report to the Board January 28, 2011 Presented by: Mary Peter, Director of Enterprise Risk Management Enterprise Risk Management (ERM) Defined An integrated

More information

Risk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade

Risk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade Risk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade All Comments Presented Here and Discussed Represent the View of the Speaker and Are Not Necessarily the

More information

OPERATIONAL RISK EXAMINATION TECHNIQUES

OPERATIONAL RISK EXAMINATION TECHNIQUES OPERATIONAL RISK EXAMINATION TECHNIQUES 1 OVERVIEW Examination Planning Oversight Policies, Procedures, and Limits Measurement, Monitoring, and MIS Internal Controls and Audit 2 Risk Assessment: Develop

More information

Cobit 5! Not just for your Auditor!! Fusion (Cobit as an approach to Business & IT Alignment)! Integra(on

Cobit 5! Not just for your Auditor!! Fusion (Cobit as an approach to Business & IT Alignment)! Integra(on Cobit 5! Not just for your Auditor!! Fusion (Cobit as an approach to Business & IT Alignment)! Integra(on Cobit 5! John Krogh Twitter: @jakrogh Blog: www.johnakrogh.com! proven experience proven tactics

More information

THE ENTERPRISE AND RISK MANAGEMENT POLICY

THE ENTERPRISE AND RISK MANAGEMENT POLICY Appendix 10 THE ENTERPRISE AND RISK MANAGEMENT POLICY 1. INTRODUCTION The Manila Water Company, Inc. (Manila Water) operates in a regulated and dynamic business environment where uncertainties, both detrimental

More information

CORPORATE GOVERNANCE KING III COMPLIANCE

CORPORATE GOVERNANCE KING III COMPLIANCE CORPORATE GOVERNANCE KING III COMPLIANCE Analysis of the application as at March 2013 by AngloGold Ashanti Limited (AngloGold Ashanti) of the 75 corporate governance principles as recommended by the King

More information

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The COMPANY) Amendments approved by the Board on 22 March 2016 Audit, Risk and Compliance Committee Terms of Reference Atlas Mara Limited (The "COMPANY") Amendments approved by the Board on 22 March 2016 1. OVERVIEW 1.1 The primary objective of the committee is to

More information

Creating a Risk Intelligent Enterprise: Risk governance

Creating a Risk Intelligent Enterprise: Risk governance Creating a Risk Intelligent Enterprise: Risk governance Risk governance: Overseeing risk and risk management Robust risk governance drives a consistent and coordinated approach to risk across the organization

More information

Environmental Reporting Guidance: CSA Staff Notice What does it mean, why does it matter and where do you go from here?

Environmental Reporting Guidance: CSA Staff Notice What does it mean, why does it matter and where do you go from here? Environmental Reporting Guidance: CSA Staff Notice 51-333 What does it mean, why does it matter and where do you go from here? Increasing the transparency and quality of environmental disclosures On October

More information

B U S I N E S S R I S K M A N A G E M E N T L T D

B U S I N E S S R I S K M A N A G E M E N T L T D B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop

More information

SPTF Universal Standards for. Social Performance. Management. Version 2.0, Published August 2016

SPTF Universal Standards for. Social Performance. Management. Version 2.0, Published August 2016 SPTF Universal Standards for Social Performance Version 2.0, Published August 2016 Management Pathway to Improved Practice REPORT 5 1 LEARN Responsible Inclusive Finance 2 ASSESS IMPLEMENT 4 PLAN 3 The

More information

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018 Role of Board of Directors in Risk Management Presentation by: CPA Erick Audi Thursday, 15 th November 2018 Uphold public interest Presentation Agenda Introduction & Definitions Legal Provisions/Guidelines

More information

CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE

CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE What is on the agenda Corporate Governance: In Theory Brief history The concept Principles Corporate Governance: In Practice Corporate governance elements

More information

September 17, 2012 Pittsburgh ISACA Chapter

September 17, 2012 Pittsburgh ISACA Chapter September 17, 2012 Pittsburgh ISACA Chapter What is COBIT? Control Objectives for Information and related Technologies ISACA s guidance on the enterprise governance and management of IT. Builds on more

More information

GLOBAL ADVOCACY PLATFORM

GLOBAL ADVOCACY PLATFORM GLOBAL ADVOCACY PLATFORM 2 INTRODUCTION The Global Advocacy Platform has been developed to support the advocacy efforts of IIA institutes, chapters, volunteers, members, and other practitioners and stakeholders

More information

PRACTICE. Reframing risk BY MARK BUTTERWORTH

PRACTICE. Reframing risk BY MARK BUTTERWORTH Feature PRACTICE Reframing risk As the major revision of one of the world s most influential pieces of guidance on risk turns one year old, what does COSO ERM mean to the profession? BY MARK BUTTERWORTH

More information

"IT Governance Helping Business Survival

IT Governance Helping Business Survival "IT Governance Helping Business Survival Steve Crutchley CEO & Founder Consult2Comply www.consult2comply.com Introduction Steve Crutchley Founder & CEO of Consult2Comply 39 Years IT & Business Experience

More information

NATIONAL AUSTRALIA BANK LIMITED ACN BOARD RISK COMMITTEE CHARTER

NATIONAL AUSTRALIA BANK LIMITED ACN BOARD RISK COMMITTEE CHARTER NATIONAL AUSTRALIA BANK LIMITED ACN 004 044 937 BOARD RISK COMMITTEE CHARTER 1 Purpose of Charter This Charter sets out the authority, responsibilities, membership and terms of operation of the Board Risk

More information

Certification Candidates Examination Guide

Certification Candidates Examination Guide Certification Candidates Examination Guide Certification Candidates Examination Guide V2 5 Page 1 of 15 Contents Introduction... 3 Knowledge Based Examination... 3 Body of Knowledge... 3 1. Domains...

More information

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015 In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal

More information

Quality Assessments what you need to know

Quality Assessments what you need to know Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches

More information

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2 Practical Enterprise Risk Management (ERM) Casualty Loss Reserve Seminar, Fall 2013 Agenda ERM 101 2 Building an effective ERM program 8 Case study 28 Lessons learned 34 Q&A 38 1 Practical Enterprise Risk

More information

IT Management & Governance Tool Assess the importance and effectiveness of your core IT processes

IT Management & Governance Tool Assess the importance and effectiveness of your core IT processes IT & Governance Tool Assess the importance and effectiveness of your core IT processes STRATEGY& GOVERNANCE IT & Governance Framework APPS EDM01 ITRG04 DATA &BI ITRG06 IT Governance Application Portfolio

More information

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship

More information

Emerging Trends in Auditing ERM COSO ERM 2017

Emerging Trends in Auditing ERM COSO ERM 2017 Emerging Trends in Auditing ERM COSO ERM 2017 AGENDA Our Agenda for today will Include; Introducing COSO ERM 2017. Organizational Bias Risk - Aware Culture Risk Portfolio View. Risk Appetite & Tolerance.

More information

Self Assessment Workbook

Self Assessment Workbook Self Assessment Workbook Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Deposit Insurance Corporation of Ontario Applicability The Self Assessment Workbook:

More information

Texas Tech University System

Texas Tech University System Texas Tech University System October 31, 2017 ERM Overview Evolution of Risk Management Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster Minimizing

More information

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016 Internal Control Integrated Framework An IAASB Overview September 2016 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing

More information

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016 Internal Control Integrated Framework An IAASB Overview September 2016 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing

More information

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit. Agenda 1 Agenda Definitions and Processes Risks Audit & ERM Key Strategies Conclusions 2 2017 1 ERM: Definition From Wikipedia, the free encyclopedia ERM in business includes the methods and processes

More information

General Comments. Comments on CEBS Consultation Paper CP 24 ( high-level principles for risk management )

General Comments. Comments on CEBS Consultation Paper CP 24 ( high-level principles for risk management ) Comments on CEBS Consultation Paper CP 24 ( high-level principles for risk management ) Background and introduction.omissis General Comments AIFIRM welcomes CEBS CP24 proposal as a sign understanding of

More information

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com ICAAP Engaging the business in risk management A presentation to FIDE Forum by Penny Fosker 10 January 2013 1 Agenda What is an ICAAP and what s in it for me? Managing capital and risk or managing my business?

More information

5 DAY MBA. Certified Enterprise Risk Management

5 DAY MBA. Certified Enterprise Risk Management 5 DAY MBA Certified Enterprise Risk Management Certified by the International Academy of Business and Financial Management A leading provider of training and educational programs worldwide Incorporated

More information

Next-generation enterprise risk management

Next-generation enterprise risk management Next-generation enterprise risk management Advancing strategy and performance in light of the COSO 2017 refresh Heading into the beginning of the year, the EY Center for Board Matters published the Top

More information

MANAGING RISK AT SUNCORP

MANAGING RISK AT SUNCORP SUNCORP GROUP LIMITED CORPORATE GOVERNANCE MANAGING RISK AT SUNCORP 1 MANAGING RISK AT SUNCORP Managing risk is a key contributor to Suncorp Group's success. The Board and management recognise that an

More information

Director Training and Qualifications

Director Training and Qualifications 4711 Yonge Street Suite 700 Toronto ON M2N 6K8 Telephone: 416-325-9444 Toll Free 1-800-268-6653 Fax: 416-325-9722 4711, rue Yonge Bureau 700 Toronto (Ontario) M2N 6K8 Téléphone : 416 325-9444 Sans frais

More information

GAIT FOR BUSINESS AND IT RISK

GAIT FOR BUSINESS AND IT RISK GAIT FOR BUSINESS AND IT RISK (GAIT-R) The Institute of Internal Auditors March 2008 Table of Contents 1. Introduction...1 2. Executive Summary...2 3. Why GAIT-R?...4 4. The GAIT-R Principles...6 5. GAIT-R

More information