A different approach to risk maturity a simple model
|
|
- Gilbert Hopkins
- 6 years ago
- Views:
Transcription
1 A different approach to risk maturity a simple model Ayse Nordal, The Municipal Undertaking for Educational Buildings and Property in Oslo and Ole Martin Kjørstad, Bank of Norway 1
2 CONTENTS 1. How do we define risk maturity? 2. Why do we measure risk maturity? 3. What is in it for the organization? 4. Existing risk maturity models a) Examples b) Common features 5. The improvement potential 6. A simple model by Nordal and Kjørstad a) Maturity objectives b) Maturity dimensions c) Spider web chart and on-line assessment 2
3 1. HOW DO WE DEFINE RISK MATURITY? Risk maturity is a benchmarking tool, which measures to what extent an organization has implemented Enterprise Risk Management (ERM), in accordance with prevailing best practice. There is no universally accepted definition of risk maturity nor a common tool for benchmarking. HOWEVER, the draft documents for the new updated versions of COSO, Enterprise Risk Management, Aligning Risk with Strategy and Performance ISO, 31000, Risk Management Guidelines include the concept. 3
4 2. WHY DO WE MEASURE RISK MATURITY? COSO draft framework (181) introduces a relationship between risk maturity and risk appetite. According to the document: Enterprise risk management capability and maturity provide information on how well enterprise risk management is functioning. A mature organization is often able to define enterprise risk management capabilities that provide better insight into its existing risk appetite and factors influencing risk capacity. 4 A less mature organization with undefined enterprise risk management capabilities may not have the same understanding which can result in a broader risk appetite statement.
5 2. WHY DO WE MEASURE RISK MATURITY? ISO draft standard defines a relationship between continuous improvement and risk management maturity. According to the document: As relevant gaps or improvement opportunities are identified, the organization should develop plans and tasks and assign them to those accountable for implementation. Once implemented, these improvements should contribute to advances in risk management maturity. 5
6 2. WHY DO WE MEASURE RISK MATURITY? To be able to make a comprehensive evaluation of the organization s performance against best practice criteria To be able to identify improvement areas and opportunities which will bring the organization to a higher maturity level To be able to plan and initiate appropriate improvement measures 6
7 3.WHAT IS IN IT FOR THE ORGANIZATION? Existing literature often focuses on defining maturity levels and assigning attributes to given maturity levels in organizations. HOWEVER, there are some studies which aim to provide evidence of the benefits from employing risk maturity benchmarking. Examples: Research project by Mark Farrell from Queen s University Management School and Ronan Gallagher from University of Edinburgh Business School. EY study which uses a global survey based on 576 interviews with companies and a review of more than 2750 analysis and company reports. 7
8 3.WHAT IS IN IT FOR THE ORGANIZATION? Farrell and Gallagher s study has evidenced «a clear and significant statistical correlation between mature enterprise risk management practices and a firm s value. Organizations exhibiting mature risk management practices realize a valuation premium of 25%...» EY study has documented «that companies in the top 20% of risk maturity generated 3 times the level of EBITDA as those in the bottom 20%. 8
9 4. EXISTING RISK MATURITY MODELS- examples Many risk maturity models are built on the basic principles of the Capability Maturity Model which was developed by the Software Engineering Institute in Carnegie Melon University in EXAMPLE: David Hillson 1997 Levels & Attributes Natural Normalized Novice Naive Culture Process Experience Application 9
10 4. EXISTING RISK MATURITY MODELS- examples EXAMPLE: RIMS (The Risk Management Socity) s on-line assessment model by Steven Minsky 2006 Source: 10
11 4. EXISTING RISK MATURITY MODELS- examples 7 attributes: Adoption of ERM-based process ERM-Process management Risk appetite management Root cause discipline Uncovering risks Performance management Business resiliency and sustainability 11
12 4. EXISTING RISK MATURITY MODELS-Common features Many risk maturity models assume: A continuous progression to higher and higher maturity levels through time. A step by step development. It is not possible to skip a stage. These models do not: Recognize that different areas in the organization may have different maturity levels Employ a common scale, which enables a universal and homogenous assessment Recognize that the requirements/ expectations of risk management may be different in different organizations (sector, size, transaction volume) Recognize that traditionally, risk maturity has not been an area where the Board and management were expected to formalize and state their ambition levels 12
13 5. IMPROVEMENT POSSIBILITIES ERM programs can start and stop start and stagnate start slowly, react and atrophy evolve steadily and consistently 13
14 6. A SIMPLE MODEL by Nordal & Kjørstad OUR FOCUS MATURITY LEVELS MATURITY OBJECTIVES 14
15 6. A SIMPLE MODEL by Nordal & Kjørstad Dimensions Risk management, strategy and decision making processes Communication, information and reporting Organization, authority and interaction IT tools and analyses Framework and processes 15 Maturity objectives All decisions (strategical, tactical and operational) base on documented assessments of risks and opportunities. The organization ensures continual communication and reporting of relevant information, with appropriate frequency. The risk management function has an appropriate organization and resource allocation. Risk management is based on best available information and is suitable to organization s needs. The organization has implemented an effective and suitable risk management framework.
16 6. A SIMPLE MODEL by Nordal & Kjørstad Maturity is assessed separately in each dimension, by counting the number of criteria met by the organization. Maturity level Criteria 5 The organization satisfies all the criteria (all 10 requirements) 4 The organization satisfies 8 or more requirements 3 The organization satisfies 6 or more requirements 2 The organization satisfies 4 or more requirements 1 The organization satisfies 2 or more requirements 16
17 Risk management, strategy and decision making processes 6. A SIMPLE MODEL by Nordal & Kjørstad All decisions (strategic, tactical and operational) are based on a documented assessment of risks and opportunities. Criteria The organization s risk appetite is clearly defined and quantified through appropriate dimensions. This includes both financial and operational uncertainty. There exists documentation which evidences that decisions are made within the boundaries of approved risk appetite. The work on strategies and business plans includes risk assessment, which takes uncertainties in the internal and external context into account. Assessments of risks/uncertainties form the basis for the organization s resource allocations and budgeting. The head of the risk management function is invited to and involved in relevant decision making forums. Achievement of objectives is measured in a way that allows for the evaluation of the degree of achievement against the degree of uncertainty. Assessment of uncertainty is a factor for resource allocation. The costs and benefits of improvement tasks and actions are quantified and compared with quantified uncertainty. Risk assessment is an integrated part of the strategic decision making process. Documented decisions and minutes include an explicit assessment of risks and opportunities. 17 Achievement of objectives is reported in a manner that it can be compared to the initial risk assessments prior to undertaking those activities.
18 Communication, information and reporting The organization ensures regular communication and reporting of relevant information, with appropriate frequency. 6. A SIMPLE MODEL by Nordal & Kjørstad Criteria The organization has a plan and a policy for communication with external stakeholders. The head of risk management has access to external reporting regarding regulatory and administrative requirements. Internal communication mechanisms have been established. These ensure information is communicated to all relevant employees about the underlying principles, framework and processes of risk management. 18 Managers and decision makers have continual access to updated information about risks as well as status of improvement actions and work, through reporting and through continual communication. Quality assurance of risk reporting, including reporting by managers, has been established. This process ensures truthful, relevant, accurate and comprehensible reporting. The organization maintains a documented and accessible overview of risk-, action- and process owners. Information channels, forums and mechanisms have been established. These facilitate the distribution of risk information to line management and administrative functions. The organisation has in place processes and guidelines which take care of ethical principles, confidentiality and integrity in connection with internal and external communication. The organization enables transparency and cross industry co-operation when dealing with risks related to ITsecurity and financial crime. The head of risk management reports directly to the Board on a periodic basis and has a direct reporting line when needed.
19 Organization, authority and interaction The risk management function has an appropriate organization and resource allocation. 6. A SIMPLE MODEL by Nordal & Kjørstad Criteria The management ensures an appropriate risk management organization and supports its work. The role and responsibility for risk management is clearly anchored with management across the organisation. The risk management function has a mandate. It is rooted in the organization s strategy and it backs up the strategy. The head of risk management is either a member of top management or reports directly to it. The risk management function has the necessary resources to accomplish its tasks. The risk management organization and resources are appropriate to the size and complexity of the organization. The organization has developed a risk culture and a common terminology for risk management. The head of risk management has the necessary authorizations as well as the authority to be able to perform her/his responsibilities. The job description of the head of risk management contains requirements about risk management performance indicators, competence and integrity. Tasks are not allocated to the head of risk management which can hinder the execution of an effective risk management function. The head of risk management has established good relations with the rest of the organization. Appropriate cooperation forums have been established which ensure effective interaction between various functions and lines of defence. 19 The head of risk management can not be hired or fired without the approval of the Board of Directors.
20 IT-tools and analyses Risk management is based on the best available information and is suitable to organization s needs 6. A SIMPLE MODEL by Nordal & Kjørstad Criteria The organization has appropriate tools to facilitate and document risk management tasks, i.e. risk identification, risk analysis, the follow-up of the actions and improvement measures. Users of IT-tools understand the assumptions, limitations and possibilities of these tools. Decision makers have been informed about the possible limitations of models and systems which are used. The use of models and tools is not fragmented. The models and tools include parameters which allow comparisons across the organization. Risk analyses are verifiable and they satisfy the requirements of reliability, completeness and traceability. The systems which are in use are flexible and can produce reports required by the authorities and external stakeholders (HSE reports, financial reporting etc.). The systems which are in use can handle sensitive data in compliance with prevailing requirements. The organization can monitor the quantifiable risk parameters continuously. The organization has appropriate channels and tools for the reporting of events. There exists an overview of IT-applications, interfaces between these as well as the criticality of the operations. 20
21 Framework and processes The organization has implemented an effective and suitable risk management framework. Y 6. A SIMPLE MODEL by Nordal & Kjørstad Criteria The organization has established mechanisms which take into account knowledge of the internal and external context. The method and framework are built on a clear mandate and risk management policy with clearly defined authorityand resource allocations. Risk management is embedded and integrated in all processes, business and administrative. No area, level or process is excluded in the design of the risk management framework. The framework is evaluated on a regular basis and is subject to continual improvement. Risk management is an inclusive process which enables feedback and input from the whole organization. Risk management is an iterative process. The process responds to changes in the environment, organization, systems and structures. There is a defined and readily apparent connection between calculated risks and the measurement of value creation. Assessment models for likelihood and consequence, parameters and criteria are defined as components of the framework and are evaluated on a regular basis. The framework includes a system for setting priorities and for monitoring actions and improvement measures. The framework includes periodic assessments of effectiveness as well as cost benefit of all key processes, controls and actions. 21
22 6. A SIMPLE MODEL by Nordal & Kjørstad Available online via IIA Norway s website interaction 22
Fraud Risk Management
Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which
More informationREPORT 2015/077 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/077 Advisory engagement to assist the International Trade Centre in its efforts to develop a risk management framework 29 July 2015 Assignment No. VE2014/350/01 CONTENTS
More informationAdvisory Services Governance, Risk & Compliance
Advisory Services Governance, Risk & Compliance Caribbean Association of Audit Committee Members Inc. 2010 Conference Caretakers of Integrity and Accountability: The Role of Internal Audit in Corporate
More informationQuality Assurance and Improvement Program
Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The
More informationCGEIT Certification Job Practice
CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge
More informationInternal Oversight Division. Audit Report. Audit of Enterprise Risk Management
Internal Oversight Division Reference: IA 2016-08 Audit Report Audit of Enterprise Risk Management December 16, 2016 IA 2016-08 2. TABLE OF CONTENTS LIST OF ACRONYMS... 3 EXECUTIVE SUMMARY... 4 1. INTRODUCTION...
More informationA Risk Practitioners Guide to ISO 31000: 2018
A Risk Practitioners Guide to ISO 31000: 2018 Review of the 2018 version of the ISO 31000 risk management guidelines and commentary on the use of this standard by risk professionals 1 A Risk Practitioners
More informationQuestions a Board may ask to understand how an organisation controls its risks
Questions a Board may ask to understand how an organisation controls its risks Styrets spørsmål til administrasjon Questions a Board may ask to understand how an organisation controls its risks RESPONSIBILITY
More informationERM: Risk Maps and Registers. Performing an ISO Risk Assessment
ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following
More informationRisk Management Policy
Risk Management Policy IPH Limited ACN 169 015 838 1. Introduction Organisations of all types and scale face internal and external factors and influences that make it uncertain whether and when they will
More informationFrom Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance
Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy
More informationISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices
INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices http://mahdi.hashemitabar.com Reference number ISO
More informationRisk management Principles and guidelines
AS/NZS ISO 31000:2009 Joint Australian New Zealand International Standard Risk management Principles and guidelines Superseding AS/NZS 4360:2004 AS/NZS ISO 31000:2009 AS/NZS ISO 31000:2009 This Joint Australian/New
More informationCOCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY
COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY 1. INTRODUCTION The effective management of risk is central to the ongoing success and resilience of Coca-Cola Hellenic Bottling Company (CCHBC).
More informationRAISING THE STANDARD THE NEW ISO RISK MANAGEMENT STANDARD
RAISING THE STANDARD THE NEW ISO RISK MANAGEMENT STANDARD Grant Purdy Associate Director, Broadleaf Capital International Chair, Standards Australia and Standards New Zealand Risk Management Committee,
More informationFrom the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks
From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks Review of the 2004 and 2017 Enterprise Risk Management (ERM) frameworks published by COSO and commentary
More informationRisk Management Update ISO Overview and Implications for Managers
Contents - ISO 31000 highlights 1 - Changes to key terms and definitions 2 - Aligning key components of the risk management framework 3 - The risk management process 4 - The principles of risk management
More informationEnterprise Risk Management Demystified
Enterprise Risk Management Demystified Charles W. Soucy, CPCU, CLU, ARM Joe C. Underwood, CPCU, ARM, AIC October 27, 2010 Agenda 1. What is it? A formal definition of ERM How it s different 2. Why do it?
More informationIPPF Practice Guide. Assessing the Adequacy of
Assessing the Adequacy of Risk Management Using ISO 31000 December 2010 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management in the Organization... 2 Internal Auditing and Risk Management...
More informationEnterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.
Enterprise Risk Management Applying enterprise risk management to environmental, social and governance-related Executive Summary PRELIMINARY DRAFT January 2018 This document was developed by the Committee
More informationCharter for Enterprise Risk Management
for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1
More informationMapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013
Mapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013 Carlos Bachmaier http://excelente.tk/ - 20140218 2005 2013 In 2005 0 Introduction 0 Process approach PDCA In 2013 0 No explicit process approach ISMS part
More informationThe Latest on ISO 31000: Advancing the Mission
The Latest on ISO 31000: Advancing the Mission Carol Fox, ARM Vice President Strategic Initiatives, RIMS Chair, U.S. TAG to ANSI for ISO TC262-Risk Management 1 My Mission Today is for you to Gain a greater
More informationEnterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update
Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update April 4, 2017 Agenda 1. Setting the Stage for Enterprise Risk Management 2. Project Overview 3. Key Changes
More informationAsset Management Policy
Asset Management Policy January 2018 Introduction Our Asset Management Policy was last published in 2014. It is being updated to reflect our commitment to regularly review and improve all of our Asset
More informationISO 31000:2009 IEC/ISO 31010:2009 & ISO Guide 73:2009 International Standards for the Management of Risk
ISO 31000:2009 IEC/ISO 31010:2009 & ISO Guide 73:2009 International Standards for the Management of Risk Kevin W Knight AM CHAIRMAN UNECE GRM P 0 BOX 226, NUNDAH Qld 4012, Australia E-mail: kknight@bigpond.net.au
More informationRisk Management Strategy
Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved
More information2017 ENTERPRISE RISK MANAGEMENT BENCHMARK SURVEY
2017 ENTERPRISE RISK MANAGEMENT BENCHMARK SURVEY 2017 ENTERPRISE RISK MANAGEMENT BENCHMARK SURVEY ANALYSIS Brandon Righi Carol Fox PUBLICATIONS EDITOR Morgan O Rourke ART DIRECTOR Nick Nguyen METHODOLOGY
More informationIT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams
IT Audit at Brown A collaboration between the Information Technology and Internal Audit Teams Page 1 Agenda Objective Risk Management Overview Internal Audit at Brown IT Audit at Brown Frequently Asked
More informationISO 31000:2009 PRINCIPLESAND GUIDELINESCHECKLIST
ISO 31000:2009 RISKMANAGEMENT PRINCIPLESAND GUIDELINESCHECKLIST ISO 31000:2009 RISK MANAGEMENT PRINCI PLES AND GUIDELINES CHECKLIST Use this self-assessment checklist to show how close you are to being
More informationReport. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report
Report Quality Assessment of Internal Audit at Draft Report / Final Report Quality Self-Assessment by Independent Validation by Table of Contents 1.
More informationMiles CPA Review: BEC Q Updates for 2017 Edition
Miles CPA Review Miles CPA Review: BEC Q2 2018 Updates for 2017 Edition Summary of updates: - New version CPA exam structure (w.e.f. April 2017) Time management on the exam - BEC-1.3 Enterprise Risk Management
More informationMore than 2000 organizations use our ERM solution
5 STEPS TOWARDS AN ACTIONABLE RISK APPETITE Contents New Defining Pressures Risk Appetite and Risk Tolerance Benefits The 5 Best of Practices Risk Assessments Benefits of an Actionable Risk Appetite More
More informationISO whitepaper, January Inspiring Business Confidence.
Inspiring Business Confidence. ISO 31000 whitepaper, January 2015 Author: Graeme Parker enquiries@parkersolutionsgroup.co.uk www.parkersolutionsgroup.co.uk ISO 31000 is an International Standard for Risk
More informationCatching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010
Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified
More informationRisk Management and Corporate Governance in Local Government
Local Government Seminar: Addressing Risks through Public Enablement - A renewal of the Local Authority Engineer's role Risk Management and Corporate Governance in Local Government Brian Cassidy CENG,
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationOrganizational Governance: Guidance for Internal Auditors. - July
Position Paper Organizational Governance: Guidance for Internal Auditors - July 2006 - The Institute of Internal Auditors, 247 Maitland Avenue, Altamonte Springs, Florida 32701-4102, USA http://www.theiia.org
More information3. In addition, it describes the process the Court will use to evaluate the effectiveness of the institution s internal control procedures.
Purpose EDINBURGH NAPIER UNIVERSITY RISK MANAGEMENT POLICY 1. is a fundamental aspect of good corporate governance and the successful delivery of business objectives. This risk management policy forms
More informationAsset Management Maturity
Asset Management Maturity A Position Statement First Edition English Version ISBN 978-0-9870602-4-2 Published October 2015 www.gfmam.org Forward With the publication of the ISO 55000 series of standards,
More informationTaking ERM to a. 6 GRC Today / October 2015
GLOBAL SCALE 6 GRC Today / October 2015 Global Scale lobal events highlighted by G business scandals, failures, information theft, and natural disasters have shone the spotlight yet again on risk management
More informationRISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt. Here s a primer on how to use two well-known approaches.
RISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt Here s a primer on how to use two well-known approaches. By Mark L. Frigo, CMA, CPA, and Richard J. Anderson, CPA As enterprise risk management (ERM) continues
More informationInternal Control Integrated Framework. An IAASB Overview September 2016
Internal Control Integrated Framework An IAASB Overview September 2016 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing
More informationActionable enterprise architecture management
Enterprise architecture White paper June 2009 Actionable enterprise architecture management Jim Amsden, solution architect, Rational software, IBM Software Group Andrew Jensen, senior product marketing
More informationThe Value of Consulting Assuring Audit Committee & other Key Stakeholders of IA s Quality
The Value of Consulting Assuring Audit Committee & other Key Stakeholders of IA s Quality Shirley Machaba Africa IA leader, SA board chairman, Africa board member, Partner In Charge Menlyn/ Pretoria office
More informationIBM Institute for Business Value. Brazil Point of View IBM Corporation
IBM Institute for Business Value Brazil Point of View Introduction The 2010 IBM CFO Study is the fourth edition since 2003 and builds upon our primary research from 2005 and 2008 CFO Studies 2003 2005
More informationAPM Risk SiG Conference 26 th October 2006 Reporting risks to the board
APM Risk SiG Conference 26 th October 2006 Reporting risks to the board Purpose The purpose of this paper is to summarise the key points from the various presentations and knowledge sharing session held
More informationStaff development planning template
Staff development planning template A template providing options, guidelines and planning timeframe for preparing a Staff Development Plan for a Portfolio, School or Group. Context Staff Development Plans
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More informationAligning organisational culture with Enterprise Risk Management
Aligning organisational culture with Enterprise Risk Management Krishna Nagar & Mark George Hayes University of the Witwatersrand School of Statistics and Actuarial Science DST-NRF Centre of Excellence
More informationGuidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note
More informationUNF Finance and Audit Committee January 15, 2013
Item 7 UNF Finance and Audit Committee January 15, 2013 Issue Office of Internal Auditing Audit Planning Methodology Proposed Action Report Background Information The purpose of this item is to present
More informationREVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION
January 9, 2015 Secretariat of the Basel Committee on Banking Supervision Bank for International Settlements CH-4002 Basel, Switzerland Submitted via http://www.bis.org/bcbs/commentupload.htm REVISED CORPORATE
More informationIncreasing the Intensity and Effectiveness of Supervision
Increasing the Intensity and Effectiveness of Supervision Consultative Document Guidance on Supervisory Interaction with Financial Institutions on Risk Culture 18 November 2013 Table of Contents Page
More informationCompliance Risk Management Powers Performance
Compliance Risk Management Powers Performance February 2018 Proposal title goes here Section title goes here Today s business climate is characterized by disruption and volatility. At Deloitte, we help
More informationBusiness Context of ISO conform Internal Financial Control Assessment
Business Context of ISO 15504 conform Internal Financial Control Assessment By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction In this paper the business context of the ISO/IEC 15504 [1] conformant
More informationRequirements Analysis and Design Definition. Chapter Study Group Learning Materials
Requirements Analysis and Design Definition Chapter Study Group Learning Materials 2015, International Institute of Business Analysis (IIBA ). Permission is granted to IIBA Chapters to use and modify this
More informationInternal Audit of Third Party Monitoring in WFP. Office of the Inspector General Internal Audit Report AR/16/09
Fighting Hunger Worldwide Internal Audit of Third Party Monitoring in WFP Office of the Inspector General Internal Audit Report AR/16/09 Contents Page I. Executive Summary 3 II. Context and Scope 5 III.
More informationStrengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More informationEnterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.
Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, 2017 3:45 p.m. 4:45 p.m. Presented by: Marc Winkler Director P&G Associates 646 Highway 18 East Brunswick, NJ 08816 P: 877-651-1700
More informationGuidance Note on the Principles of Materiality, Completeness and Responsiveness as they Relate to the AA1000 Assurance Standard
Guidance Note on the Principles of Materiality, Completeness and Responsiveness as they Relate to the AA1000 Assurance Standard AccountAbility s mission is to promote accountability for sustainable development.
More informationAdvisory on UNESCO s Enterprise Risk Management. Internal Oversight Service Audit Section. IOS/AUD/2016/05 Original: English.
Internal Oversight Service Audit Section IOS/AUD/2016/05 Original: English Advisory on UNESCO s Enterprise Risk Management July 2016 Auditors: Sameer Pise Dawn Clemitson Christian Muco EXECUTIVE SUMMARY
More informationERM: Mandate & Commitment in 60 Minutes
ERM: Mandate & Commitment in 60 Minutes November 2 12:00 pm 1:30 pm EST Robin Flint, ARM, ASP, CEAS 1 Senior Risk Management Consultant ACWA JPIA Wendell Bosen, CPCU, ARM-P Senior Account Executive Moreton
More informationQuality Assessments what you need to know
Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches
More informationEnterprise Risk Management. Focus on the Future June 2017
Enterprise Risk Management Focus on the Future June 2017 2017 Crowe 2017 Crowe Horwath Horwath LLP LLP Learning Objectives and Agenda Objectives Distinguish Risk Management from ERM Understand the Value
More informationHOW TO BRING YOUR ERM FRAMEWORK INTO LINE WITH ISO
BROADLEAF CAPITAL INTERNATIONAL PTY LTD ABN 24 054 021 117 PO Box 1098 Tel: +61 (0) 3 9893 0011 Mitcham North Mobile: +61 (0) 412 121 631 VIC 3132 Fax: +61 (0) 3 9893 0011 Australia www.broadleaf.com.au
More informationCGMA Competency Framework
CGMA Competency Framework Technical skills CGMA Competency Framework 1 Technical skills : This requires a basic understanding of the business structures, operations and financial performance, and includes
More informationTo be checked against delivery
To be checked against delivery JOINT INSPECTION UNIT of the United Nations System CORPS COMMUN d INSPECTION du Système des Nations Unies United Nations General Assembly Fifth Committee 72 nd Session Agenda
More informationISACA All Rights Reserved.
Tichaona Zororo CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor B.Sc. Honours Information Systems, PGD Computer Auditing Accredited COBIT 5 Trainer ISACA 2016. Business Value Value
More informationInternal Audit Charter
Internal Audit Charter Authority Source: Endorsed by the Audit and Risk Management Committee and approved by the Vice- Chancellor Approval Date: 20/10/2017 Publication Date: 24/10/2017 Review Date: 20/10/2018
More informationGovernance SPICE. Using COSO and COBIT Process Assessment Models BPM GOSPEL
Governance SPICE Using COSO and COBIT Process Assessment Models Linking Governance to Sustainable Value Creation BPM GOSPEL (LLP-LDV-TOI-2010-HU-001) This project has been funded with support from the
More informationERM vs. Internal Audit
ERM vs. Internal Audit Differences and Overlaps Kuwait ERM Conference March 2015 Evolving expectations Risk Management Programs Organisations today are struggling with effectively managing risks across
More informationIntroductions. Enterprise Risk Management. Thinus Nienaber. Why are You here? Where are You coming from? Where are You going?
Enterprise Risk Management PRESENTED BY Thinus Nienaber Introductions Why are You here? Where are You coming from? Where are You going? What do You expect? From the intervention? From Yourself? Let s share!
More informationTHE ENTERPRISE AND RISK MANAGEMENT POLICY
Appendix 10 THE ENTERPRISE AND RISK MANAGEMENT POLICY 1. INTRODUCTION The Manila Water Company, Inc. (Manila Water) operates in a regulated and dynamic business environment where uncertainties, both detrimental
More informationENTERPRISE RISK MANAGEMENT TRAINING A ROAD MAP TO ENTERPRISE RISK MANAGEMENT
ENTERPRISE RISK MANAGEMENT TRAINING A ROAD MAP TO ENTERPRISE RISK MANAGEMENT Marsh Risk Consulting Marsh Risk Consulting has been involved in the delivery of various enterprise risk management (ERM) programmes
More informationInternal Auditing 101
Internal Auditing 101 Presented By: Sam Capuano - Manager of Internal Audit, Wolf & Co. John Gallagher - Director of Internal Audit, SEFCU (NY) Barry Lucas - Internal Auditor, Desco FCU (Ohio) 1 Introductions
More informationSustainable Development Guidance
World Resources Institute, UNEP DTU Partnership 0 0 0 Sustainable Development Guidance Guidance for assessing the environmental, social and economic impacts of policies and actions First Draft, July 0
More informationPractice Advisory : Quality Assurance and Improvement Program
Practice Advisory 1300-1: Quality Assurance and Improvement Program Primary Related Standard 1300: Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality
More informationApplying PSM to Enterprise Measurement
Applying PSM to Enterprise Measurement Technical Report Prepared for U.S. Army TACOM by David Card and Robert MacIver Software Productivity Consortium March 2003 SOFTWARE PRODUCTIVITY CONSORTIUM Applying
More informationSWEN 256 Software Process & Project Management
SWEN 256 Software Process & Project Management Understanding existing processes Introducing process changes to achieve organisational objectives which are usually focused on quality improvement, cost reduction
More informationGuideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016
Guideline Subject: Category: Sound Business and Financial Practices No: E-21 Date: June 2016 1. Purpose and Scope of the Guideline This Guideline sets out OSFI s expectations for the management of operational
More informationInstitute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN
IIA CHICAGO CHAPTER JOIN US: @IIACHI CURIOUS AND EVER CHANGING DOMINIQUE VINCENTI / NORDSTROM APRIL 9, 2018 A case for never suffering transformation but leading change at all times. IIA CHICAGO CHAPTER
More informationDEPUTY CHIEF OF POLICE RECRUITMENT PACKAGE
The Bradford West Gwillimbury and the Town of Innisfil Police Services Board DEPUTY CHIEF OF POLICE RECRUITMENT PACKAGE TABLE OF CONTENTS Description Page No. Letter from the Chief of Police Designate
More informationStrategy Analysis. Chapter Study Group Learning Materials
Chapter Study Group Learning Materials 2015, International Institute of Business Analysis (IIBA ). Permission is granted to IIBA Chapters to use and modify this content to support chapter activities. All
More informationRoad map for. March 19, Enterprise Risk Management USI Insurance Services National, Inc. All rights reserved.
Road map for Enterprise Risk Management March 19, 2018 2018 USI Insurance Services National, Inc. All rights reserved. Enterprise Risk Management (ERM) Roadmap ERM has come full circle in some ways. When
More informationInternal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationStock markets are mainstreaming non-financial reporting. Are New Zealand companies ready?
Stock markets are mainstreaming non-financial reporting Are New Zealand companies ready? Contents How are investors redefining who the winners are? 3 What changes are in store for NZX listed companies?
More informationAgenda Item 17 CORPORATE GOVERNANCE FRAMEWORK
CORPORATE GOVERNANCE FRAMEWORK Draft September 2016 1 Introduction The purpose of this framework is to set out how the Police and Crime Commissioner (the PCC) as a corporation sole will govern ensuring
More informationISO 31000:2009(E):Risk Management Principles and Guidelines
International Organization for Standardization ISO 31000:2009(E):Risk Management Principles and Guidelines Sections 4 through Section 5 First Edition: November 15, 2009 2 International Organization for
More informationSeptember 17, 2012 Pittsburgh ISACA Chapter
September 17, 2012 Pittsburgh ISACA Chapter What is COBIT? Control Objectives for Information and related Technologies ISACA s guidance on the enterprise governance and management of IT. Builds on more
More informationNational Policy Corporate Governance Principles. Table of Contents
National Policy 58-201 Corporate Governance Principles Table of Contents PART 1 INTRODUCTION AND APPLICATION 1.1 What is corporate governance? 1.2 Purpose of this Policy 1.3 Structure of this Policy 1.4
More informationSoftware Quality Management
Software Quality Management CONTENTS I. Basic Quality Concepts II. Software Quality Assurance (SQA) 1. Definition of SQA 2. SQA Activities III. Quality Evaluation Standards 1. Six sigma for software 2.
More informationFinance s New Role: Insights from the 2010 IBM Global CFO Study
Finance s New Role: Insights from the 2010 IBM Global CFO Study David Thomas Strategy & Transformation Leader Middle East and North Africa IBM Global Business Services Introduction The 2010 IBM CFO Study
More informationFaster Payments Effectiveness Criteria - What s Next?
Faster Payments Task Force Faster Payments Effectiveness - What s Next? March 2016 Presented by Kylie Stewart Welcome and Agenda Review 2 Agenda Background: Faster Payments Task Force and Effectiveness
More informationIt s time for the Active Risk Manager. Successful Organizations have World-Class Risk Management
It s time for the Active Risk Manager Successful Organizations have World-Class Risk Management Strengthen your business by Embracing the Management of Risk and Opportunity with Active Risk Manager No
More informationISO 9001:2015 Transition Evidence Guide
ISO 9001:2015 Transition Evidence Guide Purpose: This document provides a guide about interpretation and acceptable evidence that demonstrates compliance to the new requirements of ISO 9001:2015 Standard.
More informationISO Revisions. ISO 9001 Whitepaper. The importance of risk in quality management. Approaching change
ISO Revisions ISO 9001 Whitepaper The importance of risk in quality management Approaching change Background and overview to the ISO 9001:2015 revision As an International Standard, ISO 9001 is subject
More informationAudit and Compliance Committee Enterprise Risk Management
Enterprise Risk Management What is Enterprise Risk Management? An organization-wide systematic approach to identify and tactically manage risk. A best practice to prioritize risk and implement processes
More informationEnterprise Risk Management: Developing a Model for Organizational Success. White Paper
Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the
More information