Version manage enterprise risk, compliance, and resiliency. The Framework for Process Improvement. History
|
|
- Eleanore Carr
- 6 years ago
- Views:
Transcription
1 Manage Enterprise Risk, Compliance, and Resiliency DEFINITIONS AND KEY MEASURES Version The Framework for Process Improvement Experience shows that benchmarking s potential to drive dramatic improvement lies squarely in making out-of-the-box comparisons and searching for insights not typically found within intra-industry paradigms. To enable this type of beneficial benchmarking, the APQC Process Classification Framework SM (PCF) serves as a highlevel, industry-neutral enterprise model that allows organizations to see their activities from a cross-industry process viewpoint. The PCF enables organizations to understand their inner workings from a horizontal process perspective, rather than a vertical functional viewpoint. The PCF does not list all processes within a specific organization, and every process listed in the framework is not present in every organization. Originally created in 1992 by APQC and a group of members, the framework has experienced more than twenty years of creative use by thousands of organizations worldwide. The PCF is supported by APQC s Open Standards Benchmarking research. It is continuously enhanced as APQC s Open Standards Benchmarking team further develops definitions, processes, and measures. Please visit APQC s web site periodically for updates. The PCF is available for organizations of all industries and sizes at no charge by visiting Manage Enterprise Risk, Compliance, and Resiliency 1.0 develop vision and strategy operating Processes >>> 2.0 develop and manage Products and services >>> 3.0 market and sell Products and services >>> 4.0 deliver Products and services >>> management and support services 6.0 develop and manage human capital 7.0 manage Information Technology 8.0 manage Financial resources 9.0 acquire, construct, and manage assets 10.0 manage enterprise risk, compliance, and resiliency 5.0 manage customer service 11.0 manage external relationships History The Process Classification Framework was originally envisioned as a taxonomy of business processes. The initial design involved more than 80 organizations from the United States and worldwide. Since its inception, the PCF has been updated several times to reflect changes in the way organizations do business develop and manage Business capabilities In response to feedback from users of the PCF, APQC regularly engages practitioners, consultants, and academics to develop definitions based on real-world experience with the processes. That collaborative effort resulted in this document: a listing of processes with definitions and selected key performance indicators from APQC s Open Standards Benchmarking repository. This particular document was developed with assistance from IBM. The definitions contained in this document are to be considered in conjunction with the PCF. The content in this document will be updated according to research performed by APQC and subsequent updates to the PCF. This document was created using PCF version Version November 2012
2 10.0 Manage Enterprise Risk, Compliance, and Resiliency Definitions and Key Measures TABLE OF CONTENTS 10.1 Manage enterprise risk 3 Key Performance Indicators Establish the enterprise risk framework and policies Oversee and coordinate enterprise risk management activities Coordinate business unit and functional risk management activities Manage business unit and function risk Manage regulatory compliance Manage business resiliency 4 Key Performance Indicators Develop and manage business resiliency Manage environmental health and safety (EHS) 5 Key Performance Indicators Determine environmental health and safety impacts Develop and execute functional EHS program Train and educate functional employees Monitor and manage functional EHS management program Ensure compliance with regulations Manage remediation efforts 6 RIGHTS AND PERMISSIONS 2012 APQC. ALL RIGHTS RESERVED. APQC encourages the wide distribution, discussion, and use of the PCF and PCF definition documents for classifying and defining processes. APQC grants permission for use and adaptation of the PCF for internal use. For external use, APQC grants permission for publication, distribution, and use, provided that proper copyright acknowledgment is made to APQC. No modifications to the look or content should be made in external venues. About APQC APQC is a member-based nonprofit and one of the world s leading proponents of knowledge management, benchmarking, and best practices business research. Working with more than 750 organizations worldwide in all industries, APQC provides organizations with the information they need to work smarter, faster, and with confidence. Visit or call and learn how to Make Best Practices Your Practices SM. Please use the following text when reusing the PCF in external print or electronic content. The PCF was developed by APQC and member companies as an open standard to facilitate improvement through process management and benchmarking regardless of industry, size, or geography. The PCF organizes operating and management processes into a number of enterprise-level categories, including categories, process groups, and over 1,000 processes and associated activities. The PCF and its associated measures and benchmarking surveys are available for download and completion at no charge at 2 Permission granted to photocopy for personal use APQC. ALL RIGHTS RESERVED.
3 10.1 Manage enterprise risk (16438) This process group addresses enterprise risk management. Risk is the probability or threat of a negative occurrence caused by potential events. Strategic, operational, financial, and hazard risks categories are included in this group. Manage enterprise risk includes establishing an enterprise risk management framework and policies, overseeing enterprise risk management activities across the organization, and coordinating business unit/functional risk management processes. Based on the enterprise-level risk management frameworks and policies, business unit/functional risk management activities are executed and managed. This process group also covers the management of regulatory compliance to ensure the organization has the required procedures in place and follows regulatory requirements. Key Performance Indicators: Risk components: risk events and actions overall risk prediction ratio total cost of risk events per year enterprise risk management participation risk exposure reduction mitigated reductions cost savings Business interruption valuation Impact and likelihood assessments Establish the enterprise risk framework and policies (16439) Establish the enterprise risk framework and policies involves determining an organization s risk tolerance, as well as developing and maintaining enterprise risk policies and procedures. After defining frameworks and policies, appropriate risk management tools are identified and implemented, and then risk management knowledge is distributed across the organization. This process includes preparing reports and communicating risk management procedures and activities to the organization s executive management team and/or board Oversee and coordinate enterprise risk management activities (16445) Oversee and coordinate enterprise risk management activities includes the identification and assessment of enterprise-level risks to determine which ones to mitigate at an enterprise level. An organization can choose to avoid, reduce, share, or accept risks. After the appropriate action is determined, risk mitigation and management strategies are developed, integrated into existing performance management processes, and communicated to the organization. In addition to enterprise-level risk management activities, this process includes verifying that business unit/functional risk mitigation plans are developed and implemented, while ensuring required risks and their mitigation actions are monitored. Finally, this process includes reporting on activities that monitor and manage risks Coordinate business unit and functional risk management activities (16452) Coordinate business unit and functional risk management activities ensures coherent, visible risk management procedures and activities throughout the organization. It includes ensuring that business units/functions follow common enterprise risk management and reporting processes, practices, and policies. Version December
4 ( 10.1 Manage enterprise risk continued ) Manage business unit and function risk (16455) Manage business unit and function risk consists of executing and managing business unit/functional risk activities. It includes the identification of business unit/functional-specific risks by assessing their probability and impact using enterprise risk framework policies and procedures. Based on the assessment, risk mitigation plans are developed, communicated to the organization, and implemented. Risks are continuously monitored, risk management activities are regularly analyzed, and plans are updated as needed. Risk activities are also regularly reported at the enterprise level Manage regulatory compliance (16463) Manage regulatory compliance involves developing the regulatory compliance strategy, identifying applicable regulatory requirements for technology solutions and business controls, and monitoring the regulatory environment for changes. Current policies, procedures, and architectures are assessed and weaknesses/shortfalls are identified; missing compliance controls/ policies are implemented and existing controls, policies, and architectures are strengthened as needed. Compliance positions and controls are monitored and tested on a regular basis, as defined by the regulatory compliance strategy, to identify controls that should be added, removed, or modified. An important part of regulatory compliance management is developing and maintaining relationships with regulators as appropriate. This process encompasses all aspects of regulatory compliance, such as financial reporting, health and safety regulations, environmental laws, export regulations, and product safety requirements. It therefore includes both industry-specific and cross-industry laws and regulations across all jurisdictions Manage business resiliency (11216) Manage business resiliency includes the processes that enable firms to rapidly adapt and respond to internal or external disruptions or threats and continue operations without significant negative impact to the business. Key Performance Indicators: Number of FTEs for manage business resiliency and risk per $1 billion revenue Total cost of the process Manage business resiliency and risk per $1,000 revenue Develop and manage business resiliency (11217) Develop and manage business resiliency consists of developing the business resilience strategy, performing continuous business operations planning, and testing, and maintaining continuous business operations. Development of the business resilience strategy includes tasks related to identifying and prioritizing overall risks to the business, determining how risks relate to critical business processes, and creating and maintaining a risk mitigation strategy. Performing continuous business operations planning includes developing tasks to evaluate the current continuity, availability, and recovery capabilities of the enterprise architecture; identifying gaps between current capabilities and the desired state; and designing and implementing a resilient enterprise architecture to enable continuous business operations. Testing of continuous business operations includes developing tasks to test critical business operations and identifying weaknesses in the operation model and tools. Maintaining continuous business operations consists of tasks to execute business resiliency projects, maintain the business resiliency plan, and execute the recovery plan. This process also covers sharing knowledge of specific risks across the organization. 4 Permission granted to photocopy for personal use APQC. ALL RIGHTS RESERVED.
5 10.3 Manage environmental health and safety (EHS) (11179) Manage environmental health and safety concerns the management of environmental, health, and safety risks, including: environment, occupational health and safety, community health and safety, and construction/decommissioning. This process group includes determining the environmental, health, and safety impacts of an organization s products, services, and operations; developing and executing business unit/functional EHS programs; and training and educating employees. It also covers monitoring and managing business unit/functional EHS management programs, ensuring compliance with regulations, and managing remediation efforts. Key Performance Indicators: Environmental citations OSHA recordable rate Lost time Number and type of incidents Percentage of employee/contractor training completed Timeliness of reporting Closure of corrective action items Number of observations Completed and open maintenance work orders Determine environmental health and safety impacts (11180) Determine environmental health and safety impacts involves evaluating the impacts of organizational products, services, and operations. The process covers all the categories of EHS: environment, occupational health and safety, community health and safety, and construction/decommissioning. It also includes conducting health, safety, and environmental audits to ensure required EHS measures are in place and sufficient Develop and execute functional EHS program (11181) Develop and execute functional EHS program begins with identifying regulatory and stakeholder requirements, e.g., air emission regulations, building regulations, or communication and training requirements. Then risks and opportunities are assessed and EHS policies are created. Throughout this process, continuous recording and management of EHS events occurs Train and educate functional employees (11182) Train and educate functional employees involves communicating EHS issues to internal stakeholders, providing required training, and offering support where needed Monitor and manage functional EHS management program (11183) Monitor and manage functional EHS management program involves managing EHS costs and benefits, and it encompasses measuring and reporting functional EHS performance. This process also provides for the implementation of a functional emergency response program to ensure quick, effective responses to unexpected events. This process also includes the development of pollution prevention programs for the different types of waste produced by the organization and the creation of a system to provide EHS support to functional employees. Version December
6 ( 10.3 Manage environmental health and safety continued ) Ensure compliance with regulations (11184) Ensure compliance with regulations includes monitoring the organization s compliance, performing compliance audits, and assuring that operations comply with regulatory stakeholders requirements Manage remediation efforts (11185) Manage remediation efforts concerns the management of remediation efforts. It begins with defining remediation goals and creating remediation plans with the assistance of subject matter experts. Resources are identified and dedicated to their respective areas of responsibility. Legal aspects and causes of the incident are investigated and analyzed. Existing policies are amended or new policies are created to prevent further incidents from ocurring. 123 North Post Oak Lane, Third Floor Houston, Texas phone fax pcf_feedback@apqc.org 6 Permission granted to photocopy for personal use APQC. ALL RIGHTS RESERVED.
Version acquire, construct, and manage assets. The Framework for Process Improvement. History
Acquire, Construct, and Manage Assets DEFINITIONS AND KEY MEASURES Version 2.0.0 The Framework for Process Improvement Experience shows that benchmarking s potential to drive dramatic improvement lies
More informationPRODUCT AND SERVICE DEVELOPMENT DEFINITIONS AND KEY MEASURE
PRODUCT AND SERVICE DEVELOPMENT DEFINITIONS AND KEY MEASURE Version 2.0.0 THE FRAMEWORK FOR PROCESS IMPROVEMENT Experience shows that benchmarking s potential to drive dramatic improvement lies squarely
More informationINFORMATION TECHNOLOGY DEFINITIONS AND KEY MEASURES
INFORMATION TECHNOLOGY DEFINITIONS AND KEY MEASURES Version 2.0.0 THE FRAMEWORK FOR PROCESS IMPROVEMENT Experience shows that benchmarking s potential to drive dramatic improvement lies squarely in making
More informationCUSTOMER SERVICE DEFINITIONS AND KEY MEASURES
CUSTOMER SERVICE DEFINITIONS AND KEY MEASURES Version 2.0.0 THE FRAMEWORK FOR PROCESS IMPROVEMENT Experience shows that benchmarking s potential to drive dramatic improvement lies squarely in making out-of-the-box
More informationDEFINITIONS AND KEY MEASURES
PRODUCT AND SERVICE DEVELOPMENT DEFINITIONS AND KEY MEASURES The Framework for Process Improvement Experience shows that benchmarking s potential to drive dramatic improvement lies squarely in making out-of-the-box
More informationHUMAN CAPITAL DEFINITIONS AND KEY MEASURES
HUMAN CAPITAL DEFINITIONS AND KEY MEASURES Version 2.0.0 THE FRAMEWORK FOR PROCESS IMPROVEMENT Experience shows that benchmarking s potential to drive dramatic improvement lies squarely in making out-of-the-box
More informationSUPPLY CHAIN DEFINITIONS AND KEY MEASURES
SUPPLY CHAIN DEFINITIONS AND KEY MEASURES Version 2.0.0 THE FRAMEWORK FOR PROCESS IMPROVEMENT Experience shows that benchmarking s potential to drive dramatic improvement lies squarely in making out-of-the-box
More informationProcess Classification Framework. Developed By APQC s International Benchmarking Clearinghouse In Partnership With Arthur Andersen & Co.
A P Q C I N T E R N A T I O N A L B E N C H M A R K I N G C L E A R I N G H O U S E Process Classification Framework Developed By APQC s International Benchmarking Clearinghouse In Partnership With Arthur
More informationSEVEN TENETS OF PROCESS MANAGEMENT
SEVEN TENETS OF PROCESS MANAGEMENT APQC s Proven Approach Process management is a management practice or approach that defines the governance of specific business processes, enabling improved business
More informationCitizens Property Insurance Corporation Business Continuity Framework
Citizens Property Insurance Corporation Framework Dated September 2015 Approvals: Risk Committee: September 17, 2015 (via email) Adopted by the Audit Committee: Page 1 of 12 Table of Contents 1 INTRODUCTION...
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationBPM with a KM Twist Using the APQC Model to Guide Process & Knowledge Management
BPM with a KM Twist Using the APQC Model to Guide Process & Knowledge Management Sondra Holt, Manager Business Processes Matt Foste, Sr. Business Process Analyst APQC 2010 Member Meeting November 4-5,
More informationOpen Standards Benchmarking Measure List
Cost Effectiveness Metric Group Metric Name Metric Formula KPI Flag PCF Page 1 100441 Total cost of IT development and maintenance per $1,000 100443 Total cost of IT operations per $1,000 100445 Total
More informationCERT Resilience Management Model, Version 1.2
CERT Resilience Management Model, Organizational Process Focus (OPF) Richard A. Caralli Julia H. Allen David W. White Lisa R. Young Nader Mehravari Pamela D. Curtis February 2016 CERT Program Unlimited
More informationPractical Risk Management: Framework and Methods
New SEI Course! Practical Risk Management: Framework and Methods September 23-24, 2009 Arlington, VA Register at: www.sei.cmu.edu/products/courses/p78.html 1 13 th International Software Product Line Conference
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationBusiness Resilience: Proactive measures for forward-looking enterprises
IBM Global Services Business Resilience: Proactive measures for forward-looking enterprises protect deflect predict adapt Working with IBM, you can develop and implement a flexible business resilience
More informationThe BEST Framework EDF Group s Expectations for Managing Health and Safety. The EDF Group BEST Framework
Version 1 The BEST Framework EDF Group s Expectations for Managing Health and Safety The EDF Group BEST Framework 2 CONTENTS 1 2 3 4 5 6 7 8 Leadership in Health and Safety 07 Incident Management 09 Contractor
More informationSOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS
RSA ARCHER PUBLIC SECTOR SOLUTIONS INTRODUCTION Federal information assurance (IA) professionals face many challenges. A barrage of new requirements and threats, a need for better risk insight, silos imposed
More informationEnhanced Risk Management Policy
Enhanced Risk Management Policy Approved By: City Council Category: General Administration Approval Date: September 12, 2001 Effective Date: September 12, 2001 Revision Approved By: Revision Date: August,
More informationIBM Service Management solutions To support your IT objectives. Create and manage value throughout the entire service management life cycle.
IBM Service Management solutions To support your IT objectives Create and manage value throughout the entire service management life cycle. Business services are the lifeblood of an organization, the means
More informationRisk management Principles and guidelines
AS/NZS ISO 31000:2009 Joint Australian New Zealand International Standard Risk management Principles and guidelines Superseding AS/NZS 4360:2004 AS/NZS ISO 31000:2009 AS/NZS ISO 31000:2009 This Joint Australian/New
More informationCMMI V2.0 MODEL AT-A-GLANCE. Including the following views: Development Services Supplier Management. CMMI V2.0 outline BOOKLET FOR print.
CMMI V.0 MODEL AT-A-GLANCE Including the following views: Development Services Supplier Management CMMI V.0 outline BOOKLET FOR print.indd CMMI V.0 An Integrated Product Suite Designed to meet the challenges
More informationMeasuring the Digital Supply Chain Transformation
LI & FUNG LTD. Measuring the Digital Supply Chain Transformation In conjunction with the Center for Global Enterprise, APQC is examining how best-practice organizations measure supply chain performance
More informationUsing Metrics that Drive Bottom-Line Value. APQC s Process Conference Oct , 2012
Using Metrics that Drive Bottom-Line Value APQC s Process Conference Oct. 25-26, 2012 Study Highlights 1. Align measures with strategic objectives. 2. Use voice of customer feedback from external and internal
More informationPART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)
PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3) 3.1 IV&V Methodology and Work Plan 3.1.1 NTT DATA IV&V Framework We believe that successful IV&V is more than just verification that the processes
More informationHelping organizations worldwide work smarter, faster, and with greater confidence.
Helping organizations worldwide work smarter, faster, and with greater confidence. www.apqc.org 550+ member organizations worldwide in 45 industries Worldwide network of more than 150,000 professionals
More informationSafer Pipeline Operations: Smart Notifications for Faster Incident Response
Brief Safer Pipeline Operations: Smart Notifications for Faster Incident Response 3n Global, Inc., 2009. All rights reserved. www.3nonline.com Safer Pipeline Operations: Smart Notifications for Faster
More informationTELECOMMUNICATIONS PROCESS CLASSIFICATION FRAMEWORK SM
TELECOMMUNICATIONS PROCESS CLASSIFICATION FRAMEWORK SM THE TELECOMMUNICATIONS PROCESS CLASSIFICATION FRAMEWORK Based on the renowned Process Classification Framework SM (PCF), a taxonomy of cross-functional
More informationCOLGATE-PALMOLIVE COMPANY
COLGATE-PALMOLIVE COMPANY Driving Change through Measuring the Digital Supply Chain Interview conducted on June 13, 2017 Interviewee: Andres Bejarano Director, factory performance and reliability, global
More informationGleim CIA Review Updates to Part Edition, 1st Printing June 2018
Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the
More informationCity of Saskatoon Business Continuity Internal Audit Report
www.pwc.com/ca City of Saskatoon Business Continuity Internal Audit Report June 2018 Executive Summary The City of Saskatoon s (the City ) Strategic Risk Register identifies Business Continuity as a high
More informationExam Duration: 2 hours and 30 minutes
The PRINCE2 Practitioner Examination Sample paper TR Question Booklet Multiple Choice Exam Duration: 2 hours and 30 minutes Instructions 1. You should attempt all 75 questions. Each question is worth one
More informationIBM Maximo Asset Management solutions for the oil and gas industry
IBM Software Solution Brief Oil and Gas IBM Maximo Asset Management solutions for the oil and gas industry Internet of Things helps oil and gas companies achieve operational excellence and improve quality
More informationORACLE PROPERTY MANAGER
ORACLE PROPERTY MANAGER Oracle Property Manager streamlines and automates lease administration and space management, enabling you to more KEY FEATURES DEFINE AND MANAGE PROPERTIES AND SPACE Record and
More informationISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. This is a free 6 page sample. Access the full version online.
INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices Reference number ISO 31000:2009(E) ISO 2009 PDF
More informationADDRESSING PEOPLE CHALLENGES THAT IMPACT EFFICIENCY
ADDRESSING PEOPLE CHALLENGES THAT IMPACT EFFICIENCY More comprehensive training for managers can help the supply chain ease employee frustrations Effectively managing employees within the supply chain
More informationZTE CORP. Driving Change Through Measuring the Digital Supply Chain. Interview conducted on June 12, Interviewee:
ZTE CORP. Driving Change Through Measuring the Digital Supply Chain Interview conducted on June 12, 2017 Interviewee: Anders Karlborg Assistant Chief Executive Officer ZTE Corp. In conjunction with the
More informationEnabling a Globally Integrated Enterprise With BPO
Enabling a Globally Integrated Enterprise With BPO Susan E. Watson, Vice President IBM Enterprise Process Simplification March 2, 2012 1 Simpler, more responsive internal processes will allow IBM to better
More informationGood Governance and Anti-Corruption: The Role of Supreme Audit Institutions (SAIs)
Good Governance and Anti-Corruption: The Role of Supreme Audit Institutions (SAIs) Phillip Herr, Ph.D. Managing Director, Physical Infrastructure Issues U.S. Government Accountability Office The Vision
More informationEnterprise Digital Architect
Enterprise Digital Architect Location: [Asia & Pacific] [Australia] Town/City: Preferred locations: Australia, USA, Malaysia or Manila; or any other jurisdiction (country or US state) where WVI is registered
More informationEnterprise Risk Management And Beyond. Copyright WHA Insurance
Enterprise Risk Management And Beyond Copyright WHA Insurance Presented by Jeff Griffin September 18, 2018 ERM And Beyond Today s goals are: 1. What is ERM and why it s important to your organization 2.
More informationAnalytical Procedures
International Auditing and Assurance Standards Board ISA 520 April 2009 International Standard on Auditing Analytical Procedures International Auditing and Assurance Standards Board International Federation
More informationISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices
INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices http://mahdi.hashemitabar.com Reference number ISO
More informationExternal Supplier Control Obligations
External Supplier Control Obligations Resilience Control Title Control Description Why this is important 1.Resilience and recovery governance Supplier must establish effective governance to maintain resilience
More informationAudit and Compliance Committee Enterprise Risk Management
Enterprise Risk Management What is Enterprise Risk Management? An organization-wide systematic approach to identify and tactically manage risk. A best practice to prioritize risk and implement processes
More informationAgreeing the Terms of Audit Engagements
International Auditing and Assurance Standards Board ISA 210 April 2009 International Standard on Auditing Agreeing the Terms of Audit Engagements International Auditing and Assurance Standards Board International
More informationIBM Sterling B2B Integrator
IBM Sterling B2B Integrator B2B integration software to help synchronize your extended business partner communities Highlights Enables connections to practically all of your business partners, regardless
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Guidelines for information security management systems auditing
INTERNATIONAL STANDARD ISO/IEC 27007 First edition 2011-11-15 Information technology Security techniques Guidelines for information security management systems auditing Technologies de l'information Techniques
More informationCGEIT Certification Job Practice
CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge
More informationSub-section Content. 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx
Sub-section Content 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx 2 Job Purpose - To assist in the maintenance and development of
More informationBusiness Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA
Business Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA Learning Bites Understand the context and relevance of BCM A Philippine & Telco Perspective Comprehend how
More informationDesign for Environmental, Health and Safety. Mark Harralson; Intel Corporation, Chandler, AZ
Design for Environmental, Health and Safety. Mark Harralson; Intel Corporation, Chandler, AZ Introduction In order to ensure a safe working environment, it is Intel s objective to purchase equipment that
More informationInternational Auditing and Assurance Standards Board ISA 500. April International Standard on Auditing. Audit Evidence
International Auditing and Assurance Standards Board ISA 500 April 2009 International Standard on Auditing Audit Evidence International Auditing and Assurance Standards Board International Federation of
More informationIBM Software Rational. Five tips for improving the ROI of your software investments
IBM Software Rational Five tips for improving the ROI of your software investments 2 Five tips for improving the ROI of your software investments It s estimated that companies may waste billions of dollars
More informationSTRATEGIC PLAN WORKPLACE SAFETY AND INSURANCE BOARD
STRATEGIC PLAN 2016 2018 WORKPLACE SAFETY AND INSURANCE BOARD OUR VISION, OUR VALUES WSIB Mandate In a financially responsible and accountable manner: Promote health and safety in the workplace. Facilitate
More informationSecurity Guideline for the Electricity Sector: Business Processes and Operations Continuity
Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability
More informationSTREAM Integrated Risk Manager. ISO Application. How STREAM supports compliance with ISO 27001
STREAM Integrated Risk Manager ISO 27001 Application How STREAM supports compliance with ISO 27001 Plan Do Check - Act STREAM provides support to all 4 stages of the international management system model
More informationProject, programme and portfolio management Guidance on portfolio management
BS ISO 21504:2015 BSI Standards Publication Project, programme and portfolio management Guidance on portfolio management BS ISO 21504:2015 BRITISH STANDARD National foreword This British Standard is the
More informationREALIZING THE POTENTIAL FROM FINANCIAL ANALYSIS APPLICATION INVESTMENTS
REALIZING THE POTENTIAL FROM FINANCIAL ANALYSIS APPLICATION INVESTMENTS A STAR ANALYTICS BUSINESS WHITE PAPER CONTENTS Introduction: The Evolution Of Financial Analysis... 2 The Business Problem... 2 The
More informationEnterprise Risk Management Report
Effective risk management is fundamental to the achievement of the Group s strategic objectives. The ERM System has been in place since 2010 which provides clear responsibility and accountability structures
More informationSample Corporate Risk Management Policy
Sample Corporate Risk Management Policy This document provides a sample Risk Management policy which includes an overview of the key roles and responsibilities of the various stakeholders. Risk Oversight
More informationEMERGENCY MANAGEMENT... DEFINITION VISION MISSION PRINCIPLES
EMERGENCY MANAGEMENT... DEFINITION VISION MISSION PRINCIPLES Presentation developed by Jim Fraser jhfras@gmail.com February 14, 2008 Updated August 2011 Principles of Emergency Management Working Group
More informationBusiness Continuity Framework
Business Continuity Framework A definition to the Components of Resiliency March, 1 Business Continuity Framework 1. INTRODUCTION... 3 2. PURPOSE... 3 3. THE FRAMEWORK... 4 4. STEERING COMMITTEE... 5 5.
More informationA Guide to Business Continuity
A Guide to Business Continuity Getting Started Business Continuity Management is a process driven from the top of the organisation. The first stage has to be an acceptance by the Board or the Executive
More informationIT Management & Governance Tool Assess the importance and effectiveness of your core IT processes
IT & Governance Tool Assess the importance and effectiveness of your core IT processes STRATEGY& GOVERNANCE IT & Governance Framework APPS EDM01 ITRG04 DATA &BI ITRG06 IT Governance Application Portfolio
More informationGovernance Institute of Australia Ltd
Governance Institute of Australia Ltd Management Policy 1. Overview management is a key element of effective corporate governance. In view of this, Governance Institute of Australia Ltd (Governance Institute)
More informationTaking the Next Step: Water Sector Steering Group Review of Effective Utility Management
Taking the Next Step: Water Sector Steering Group Review of Effective Utility Management Fact Sheet - February 2016 BACKGROUND In 2007 a historic agreement was signed to jointly promote Effective Utility
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationAgile CIO Operating Model
Technology Agile CIO Operating Model Next Generation CIO Event GTEC 2013 What it means to be a CIO Complex supply chain Citizen expectations Changing role levels Legacy systems Disruptive technologies
More informationSmall Enterprises Should Overcome the Silo Mentality to Successfully Implement a PSM Program
Small Enterprises Should Overcome the Silo Mentality to Successfully Implement a PSM Program Presented to the 2004 54th Canadian Chemical Engineering Conference in Calgary, Alberta By Yves Dubeau, Eng.
More informationSKILLS FRAMEWORK FOR HOTEL AND ACCOMMODATION SERVICES SKILLS STANDARDS FOR PUBLIC RELATIONS MANAGER / MARKETING COMMUNICATIONS MANAGER
Occupation: Public Relations Manager/Marketing Communications Manager Occupation Description: The Public Relations Manager/Marketing Communications Manager directs the development and execution of marketing
More informationEnterprise Risk Management Montana State Fund
Enterprise Risk Management Montana State Fund Report to the Board January 28, 2011 Presented by: Mary Peter, Director of Enterprise Risk Management Enterprise Risk Management (ERM) Defined An integrated
More informationRISK MANAGEMENT STRATEGY AND POLICY
NEWPORT COMMUNITY SCHOOL PRIMARY ACADEMY Date Adopted: 12 th July 2012 Author/owner: Resources Committee Anticipated Review: Ongoing RISK MANAGEMENT STRATEGY AND POLICY Risk Management Strategy The Governing
More informationSTRATEGIC PLANNING FOR KNOWLEDGE MANAGEMENT
The world s foremost authority in benchmarking, best practices, process and performance improvement, and knowledge management. STRATEGIC PLANNING FOR KNOWLEDGE MANAGEMENT Cindy Hubert, Executive Director
More informationRethinking the way personal computers are deployed in your organization
IBM Global Technology Services August 2009 Rethinking the way personal computers are deployed in your organization Leveraging an innovative, end-to-end model to save time and reduce costs 2 IBM Global
More informationEGI.eu IT Service Management Service Management Plan
EGI.eu IT Service Management Service Management Plan Abstract: The purpose of this Service Management Plan is to provide clear direction and to include all aspects of ITSM processes, plans, and roles and
More informationAccenture Risk Management. Risk Analytics Network
Accenture Risk Management Risk Analytics Network Organizations make decisions every day, and each decision is accompanied by risk. A structured approach to understanding risk and reducing uncertainty can
More informationRole Profile. Role Details. Grade 4 Business unit. Date produced or updated March 2017
Role Profile Role Details Role Title Risk Officer Permanent Grade Business unit Risk Reporting to Head of Risk Date produced or updated March 2017 Purpose of Role To support the Head of Risk and Risk Director
More informationManagement systems: Part 1 of 2
Management systems: Part 1 of 2 (Business) Management Systems: Purpose and benefits A (business) management system can be (should be?) a means to: achieve business objectives increase understanding of
More informationIRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards
IRM s Professional Standards in Risk PART 1 Consultation: Functional Standards Setting standards Building capability Championing learning and development Raising the risk profession s profile Supporting
More informationAre your profits tangled in the evolving web of fraud tactics?
Are your profits tangled in the evolving web of fraud tactics? Combat identity fraud with sophisticated scoring and leading analytics. LexisNexis FraudPoint Solutions Risk Solutions Financial Services
More informationCase Study. Technical Talent Management
Case Study Technical Talent Management Best practices from Lockheed Martin A global security company headquartered in Bethesda, MD., Lockheed Martin employs 126,000 people worldwide. Primarily engaged
More informationContents. viii. List of figures. List of tables. OGC s foreword. 6 Organizing for Service Transition 177. Chief Architect s foreword.
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 ix xi xii 1.1 Overview 3 1.2 Context 3 1.3 Goal and scope of Transition
More informationLeveraging Emerging Management System Standards to Create Improved EHS and Sustainability Performance
Management Leveraging Emerging Management System Standards to Create Improved EHS and Sustainability Performance Susan Mazzarella, LEED AP and Harmony Scofield Management systems can strengthen business
More informationProject Management Professional (PMP) Examination Content Outline
Project Management Professional (PMP) Examination Content Outline Project Management Institute Project Management Professional (PMP) Examination Content Outline April 2015 Published by: Project Management
More informationBusiness Continuity & Risk Management
Business Continuity & Risk Management David Muil, Global VP Business Development 1 Intertek 2013, Agenda Understanding Risk Business Continuity Management Risk assessment Summary 2 Intertek 2013, Risk
More informationKEYSTONE FOODS. Corporate Social Responsibility Program Overview
KEYSTONE FOODS Corporate Social Responsibility Program Overview Our Company Keystone Foods is a diversified multi-national food company that supplies, supports, and partners with leading consumer brands.
More informationAustralian Hardware. Risk Management Plan
Australian Hardware Risk Management Plan This is a simulated business, not a real one. It is provided for education purposes only, for Learn.com.au courses (content provided by IBSA [ibsa.org.au]. Risk
More informationBringing HSE Management Systems from Oil & Gas to Rail
Bringing HSE Management Systems from Oil & Gas to Rail 2018 AAC ANNUAL CONFERENCE April 2018 Factors shaping HSE Management Systems in Oil & Gas Factors shaping the HSE Management Systems in Oil & Gas
More informationOperational Excellence By Automating Operational Risk Management. February 4, 2016 Doug Hatler, EVP of Sales
Operational Excellence By Automating Operational Risk Management February 4, 2016 Doug Hatler, EVP of Sales Industry is in a Paradigm Shift Stakeholders & Reputation Operational Excellence & Risk Management
More information1. This risk management policy (the policy) forms part of the agency s internal control and corporate governance arrangements.
Enterprise Risk Management Policy Texas AgriLife Research November 3, 2008 Purpose of this document 1. This risk management policy (the policy) forms part of the agency s internal control and corporate
More informationGleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018
Page 1 of 16 Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 The content of BEC Study Unit 2, Subunit 2, has undergone extensive edits due to the 2017
More informationCOMPLIANCE TRUMPS RISK
RSA ARCHER GRC Product Brief COMPLIANCE TRUMPS RISK Organizations are finding themselves buried in compliance activities and reacting to the latest laws and regulations. The ever-increasing volume, complexity
More informationDRAFT ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance
INTERNATIONAL STANDARD ISO/IEC 27003 First edition 2010-02-01 Information technology Security techniques Information security management system implementation guidance Technologies de l'information Techniques
More informationAligning IT risk management with strategic business goals
IBM Global Technology Services White Paper IBM Business Continuity and Resiliency Services Aligning IT risk management with strategic business goals New metrics and technologies help meet the challenges
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Service management Part 2: Code of practice
INTERNATIONAL STANDARD ISO/IEC 20000-2 First edition 2005-12-15 Information technology Service management Part 2: Code of practice Technologies de l'information Gestion de services Partie 2: Code de bonne
More informationSelftestengine COBIT5 36q
Selftestengine COBIT5 36q Number: COBIT5 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Isaca COBIT 5 COBIT 5 Foundation I have correct many of questions answers.
More informationOffice of Internal Audit. The University of Texas Southwestern Medical Center Business Continuity/Disaster Recovery. Internal Audit Report 16:32
Office of Internal Audit The University of Texas Southwestern Medical Center Business Continuity/Disaster Recovery Internal Audit Report 16:32 December 7, 2016 Table of Contents I. Executive Summary 3
More information