Governance to the power of four. KPMG s 4D governance solutions: Pioneering support, new standards

Size: px
Start display at page:

Download "Governance to the power of four. KPMG s 4D governance solutions: Pioneering support, new standards"

Transcription

1 Governance to the power of four KPMG s 4D governance solutions: Pioneering support, new standards November 2016

2 All set for the governance of tomorrow The managers of companies in the middle of the last century would be astonished by the obligations imposed upon today s supervisory boards, management boards and management teams. With ongoing globalisation, digitisation and ever increasing complexity as a result of new business models, a company s management is faced with concrete demands in terms of the effectiveness of its corporate governance systems. And the pressure placed on them continues to grow: In addition to ever-greater statutory and regulatory requirements, the expectations of the public, suppliers and customers are steadily increasing, too. Effective governance is already about more than merely complying with regulations. It is increasingly becoming an explicit health factor for companies, which they need to take into account in order to be successful. If a governance system is implemented effectively and with perceptiveness and is incorporated into the business processes in a targeted manner, the costs involved can be contained. But how can a company s management prove it has met its due diligence obligations and has effective systems in place? The Institute of Public Auditors in Germany (IDW) has already delivered on this front with its Assurance Standard 980: IDW AssS 980 is a standardised approach to assessing compliance management systems (CMS), which has been very well received by companies. The IDW has now expanded this approach, giving a company s board and management, with the draft standards DAssS 981, 982 and 983, that complement AssS 980, the opportunity to prove that they fully meet the requirements in all four areas of corporate governance, namely risk management, internal control systems, compliance management and internal audit. Based on this, we have developed a comprehensive audit approach which takes on a pioneering role in terms of corporate governance development. We call it security across all dimensions and we look forward to taking you through this development, which points the way ahead. Jens C. Laue Head of Governance & Assurance Services 2

3 You should never relieve someone of their responsibilities. But you can help them bear them.

4

5 Even the calmest of waters can contain eddies KPMG AG Wirtschaftsprüfungsgesellschaft, a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks of KPMG International. 5

6 The four pillars of a governance system From legislation to changing social norms and volatility on the business side, external factors and occurrences such as corporate scandals and the lessons learned from the financial crisis are making preventative systems increasingly necessary within a company. Supervisory board: Germany s Accounting Law Modernisation Act (BilMoG) prescribes the obligation of a company s supervisory board to monitor the effectiveness of the corporate governance systems (Section 107 [3] sentence 2 German Stock Corporation Act [AktG]). The non-fulfilment of this obligation can lead to serious reputational damage and liability losses (Section 93 [2] in conjunction with Section 116 AktG). Supervisory board members are personally liable. Management board: The management board is obliged to deliver proof of the safeguarding of the effectiveness of all the corporate governance systems for the supervisory board (Section 90 [1] AktG, Section 43 [1] German Limited Liability Companies Act [GmbHG]). The non-fulfilment of due diligence obligations can lead to reputational damage and liability losses and significant fines (Sections 30, 130 German Administrative Offences Act [OWiG], Section 93 [2] AktG, Sections 831, 823 ff., 31 German Civil Code [BGB], Section 43 [2] GmbHG). The management board is also liable towards the company. Problem: There are significant overlaps in the activities, remits and goals of the individual governance functions. A lack of coordination of the responsibilities and measures results in duplicated activities in the four areas of risk management, internal control systems, compliance management and internal audit. The consequences: greater costs coupled with excessive control of the risks or a lack thereof and reduced transparency for the target audience. There is often a lack of synchronisation of the results in these four areas. 6

7 CORPORATE GOVERNANCE FUNCTIONS SUPERVISORY BOARD // MANAGEMENT BOARD Risk management Compliance management Internal control systems Setting targets Assessing risks Implementing measures Monitoring systems INTERNAL AUDIT Source: KPMG, 2016 Solution: Establishment of a standardised, optimised governance structure and ongoing monitoring of its effectiveness. To achieve this, the IDW has developed three new standards to complement AssS 980, which governs assurance engagements relating to compliance management systems, with the new standards focusing on the remaining governance systems: IDW DAssS 981 (Risk management) IDW DAssS 982 (Internal control systems) IDW DAssS 983 (Internal audit) Objectives: Preventing and controlling risks while complying with the increasingly stringent statutory and regulatory rules and safeguarding quality and transparency. Advantages: Early prevention of penalties, corporate scandals and damage to the company image. Elimination of uncertainty due to elaboration of the systems and their effectiveness. Greater cost efficiency. Greater transparency regarding the processes and controls within a company. Increasing confidence in the company by internal and external stakeholders and by the public. Achieving security within the business processes and reporting reliability. 7

8 IDW AssS 980 as a framework for auditing compliance management systems Assurance Standard 980 (AssS 980) published by the IDW in April 2011 serves as the basis upon which auditors can audit compliance management systems (CMS). It defines the fundamental components of a CMS and the framework in accordance with which it is audited. The standard is suitable for the auditing of the compliance management systems of any company, irrespective of size or the sector they are in. In practice, the CMS subsections, which a company determines based on its risks, frequently include legal issues such as corruption, competition law, export controls, data protection, money laundering, taxation, etc. 8

9 Basic elements of a compliance management system pursuant to IDW AssS 980 Are the compliance management system and its implementation monitored? Is compliance integrated in the corporate culture? Are the communication and reporting channels for (and within) the compliance organisation clearly defined, including specifications regarding regular and ad hoc compliance reporting? Communication Monitoring Culture Goals Are clear goals defined for the compliance management system? Does the organisation offer sufficient scope for the compliance regulations to be observed? Have clear roles and responsibilities been defined for the entire company? (This relates to, for example, the centralised and decentralised structure of the compliance department, lines of reporting, and infrastructure such as databases and hotlines) Organisation Programme Risks Have the compliance risks been sufficiently determined? What measures and controls have been implemented within the company for observance of the compliance rules? Source: KPMG, 2016 What are the specific advantages for you in having your CMS audited by KPMG in accordance with IDW AssS 980? Evidence of the fulfilment of due diligence and organisational obligations regarding the limitation of risks relating to possible violations of legal provisions and internal guidelines (compliance) Greater transparency regarding internal processes and the organisation s risk awareness Identification of potential weak points of the existing CMS and recommendations for action based on this Avoidance of liability losses and reputational damage 9

10 IDW DAssS 981 as a framework for auditing risk management systems The IDW s draft Assurance Standard DAssS 981 creates a binding basis and a standard framework concept for the elaboration and auditing of risk management systems (RMS). An RMS comprises all the rules that guarantee the structured management of opportunities and also the strategic and operating risks inherent to a company. The purpose of the audit is to assess the extent to which significant risks (that stand in the way of the goals of the RMS being achieved) are identified, appraised, managed and monitored. The analysis also includes general and key risks, and therefore goes above and beyond the requirements made of a risk early warning system for ongoing corporate risks. IDW DAssS 981 serves as a concrete guideline for companies of all sizes and in a vast number of sectors. 10

11 Integrated RMS set-up based on eight basic elements Regular monitoring of the controls intrinsic to the processes (for example by the internal audit function) Attitude and conduct of all the employees within the company regarding the handling of risks Reporting obligations and channels for the communication of risks to the relevant bodies within a company Monitoring Risk culture Risk strategy including risk appetite and tolerance Risk communication Goals Measures and controls for the avoidance, reduction, division and acceptance of risks Risk management Organisation Transparent and clear areas of responsibility and roles Quantitative and qualitative evaluation of risks and aggregation of individual risks Risk assessment Risk identification Systematic analysis of the causes of risks and of early warning indicators Source: KPMG, 2016 What are the specific advantages for you in having your RMS audited by KPMG in accordance with IDW DAssS 981? Structured and clearly defined approach to setting up and running an RMS Added certainty regarding your due diligence and organisational obligations concerning the management of strategic and operating risks to protect the company from unforeseen events and incidences of damage Recommendations for action regarding shortcomings and gaps in the system identified in all eight basic elements of the RMS Risk plausibility check in the management report 11

12 IDW DAssS 982 as a framework for auditing internal control systems The IDW s draft Assurance Standard DAssS 982 covers the auditing of internal control systems (ICS) regarding company reporting, i.e. information about the core business processes and supporting processes, which is relevant to decisions concerning the goals set. The audit can comprise all the (distinct) processes within a company. As such, it goes above and beyond the legally prescribed auditing of the accounting-related ICS during the auditing of the annual financial statements. It is effected in line with the basic elements of the 2013 Internal Control Framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and therefore consists of more than merely control activities. For example, a stringent ICS management process and the regular monitoring of its functionality are relevant to the effectiveness of a control system. IDW DAssS 982 is aimed at companies of all sizes and in all sectors. 12

13 Basic elements of ICS pursuant to IDW DAssS 982 Objective assessment of the effectiveness of an ICS, performed for example by process-independent company employees or by the internal audit function Employees basic attitude, awareness of the problems and conduct relating to the ICS Monitoring Control environment Adequate flow of information within the ICS so that the necessary information is shared in just the right format and tailored to the target audience (for example by means of training sessions or guidelines) Information and communication ICS goals Company reporting requirements derived from needs pertaining to information relevant to decision making Management and control measures in order to tackle the identified and assessed risks adequately, for example by means of the separation of duties, the four-eye principle or IT authorisation concepts Control activities Risk assessment Identification and evaluation of risks that jeopardise the process of producing company reports and achievement of the ICS goals Source: KPMG, 2016 What are the specific advantages for you in having your ICS audited by KPMG in accordance with IDW DAssS 982? Broad scope and flexible demarcation of the subject of the ICS audit Auditing of your ICS which is based on needs and the target audience, in particular taking into account your specific requirements regarding the subject of the audit Examples of good company practice for the optimisation of your ICS, taken from broad auditing and consulting experience Process transparency and security as well as approaches to improve the internal control system Security regarding your due diligence and organisational obligations in relation to the ICS for your company reporting, so as to avoid erroneous representations, fraud or economic losses 13

14 IDW DAssS 983 as a framework for auditing internal audit systems The internal audit function is an independent entity that serves as the third line of defence within a corporate governance system alongside the control activities of the internal control system and the monitoring activities of the compliance management system ( Three Lines of Defence model). The IDW s draft Assurance Standard DAssS 983 demonstrates a systematic approach to assessing the activities of a company s internal audit function. Based on more than 80 criteria in line with the relevant quality management auditing standards of the German Institute of Internal Auditors (DIIR), the minimum criteria for an effective internal auditing system (IAS) were defined in a criteria catalogue (IPPF). The catalogue is kept general and is therefore suited to companies in various sectors and of various sizes and organisational forms. 14

15 Continuous improvement process combined with internal and external quality audits Feedback talks Basic attitude of the management and the supervisory board/audit committee regarding the necessity of internal auditing Approval of rules by the management Communication within the audit team and with the relevant stakeholders Including the internal audit function in the distribution list for key company information Audit communication Audit monitoring and optimisation approaches Audit culture IAS organisation Definition of roles and responsibilities, and provision of the necessary resources by the management Binding auditing guidelines in writing Audit preparation and follow-up work with the determining of milestones and the audit duration and definition of the audit procedures and follow-up Audit implementation Audit planning and programme IAS goals Definition and stipulation of the audit universe (audit areas and topics) This includes assessment of the effectiveness of the measures to identify fraudulent activities Risk-oriented general planning based on the audit universe and the identified and assessed risks Systematic annual audit planning Source: KPMG, 2016 What are the specific advantages for you in having your IAS audited by KPMG in accordance with IDW DAssS 983? Targeted, comprehensive and standardised auditing of your internal auditing system by an auditor regarding the criteria defined in the basic IAS elements (the International Professional Practices Framework [IPPF]) Certainty regarding the suitability and effectiveness of the internal audit function and thus of its process-independent monitoring function in line with the Three Lines of Defence model Quantitative and qualitative assessment of the criteria based on the basic IAS elements; this also allows for a meaningful overall evaluation of your IAS compared with others in your field and in terms of better practices 15

16 It takes solutions that hold water to demonstrate depth.

17 Common features of the IDW s assurance standards The IDW s four assurance standards share a common conceptional composition and are based on the relevant basic elements. The key similarities at a glance Commonalities AssS 980 CMS DAssS 981 RMS DAssS 982 ICS DAssS 983 IAS Support for management from the auditor Audit scope An auditor can be contracted to audit individual or all four corporate governance elements. Efficient and comprehensive evidence of effectiveness is ideally achieved for the entire company by combining the four corporate governance audits. The audits can be designed as an appropriateness test (for a specific date) or as an effectiveness test (for a specified period). Possibility of limiting the audit to specific subsections Legal matters (e.g. anti-corruption), companies, business units, countries Selected operating risks (e.g. purchasing risks), strategic risks Processes (e.g. the purchasing process) Processes First-time application Audits since 30 September 2011 Audits contracted after 31 December Early application on a voluntary basis is possible at any time. Source: KPMG,

18 4D governance security across all dimensions What are the characteristics of the 4D governance model developed by KPMG? The model s key characteristic is the coordination of four dimensions to achieve the best possible alignment of the audit with a company s security needs. Why are regular follow-up audits important? There is significantly less work involved in follow-up audits in comparison to the initial audit, as they can be based on the audit procedures and findings of the initial audit. Follow-up audits maintain security regarding the effectiveness of a corporate governance system and provide companies with evidence of this. The 4D governance model harmonises the four pillars of a governance system. If the four assurance standards are applied and coordinated intelligently, demonstrably effective governance divisions without overlaps can be created within a company in the long term. The model further allows the integration and streamlining of process structures, all the way up to the pooled management of all the governance areas in a single function. We see this as the path to the governance of the future, and we want to accompany you on this path with pioneering solutions. We look forward to doing so! 18

19 1 3 4D governance 4 model 2 1. Selection of the system areas and corporate governance system elements to be audited. 2. In accordance with a company s requirements, focusing on the relevant subsections of the selected system area, such as the purchasing process (ICS reporting) or competition law (CMS). First immerse yourself in the subject matter, then increase the pace. 3. Stipulation that selected companies/ business divisions be audited or auditing of entire company. 4. Definition of the effectiveness period and corresponding follow-up audits. Source: KPMG, KPMG AG Wirtschaftsprüfungsgesellschaft, a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

20 Contact KPMG AG Wirtschaftsprüfungsgesellschaft Tersteegenstraße Düsseldorf Deutschland The information contained in this brochure is general in nature and does not relate to the specific situation of an individual or a legal person. While we endeavour to provide reliable and up-to-date information, we are unable to offer a guarantee that said information is still as applicable as it was when incorporated or that it will continue to be just as applicable in the future. Nobody should act on the basis of this information without first seeking appropriate expert advice and without thoroughly assessing the situation KPMG AG Wirtschaftsprüfungsgesellschaft, a member of the KPMG network of independent member companies affiliated to the KPMG International Cooperative ( KPMG International ), which is a legal person in accordance with Swiss law. All rights reserved. Printed in Germany. The name KPMG and the logo are registered trademarks of KPMG International.

Henkel s Compliance Management System (CMS)

Henkel s Compliance Management System (CMS) Henkel s Compliance Management System (CMS) As a company that operates in an ethically and legally correct manner, Henkel s image and reputation is inseparable from the appropriate conduct of each of its

More information

DRAFT MALAYSIAN STANDARD

DRAFT MALAYSIAN STANDARD DRAFT MALAYSIAN STANDARD STAGE : PUBLIC COMMENT (40.20) DATE : 25/04/2017-25/06/2017 Anti-bribery management systems- Requirements with guidance for use ICS: 03.100.01 Descriptors: Company organization

More information

Criteria Catalogue for the Assessment of the Internal Audit System. Annex 1 from DIIR Revisionsstandard

Criteria Catalogue for the Assessment of the Internal Audit System. Annex 1 from DIIR Revisionsstandard Criteria Catalogue for the Assessment of the Internal Audit System Annex 1 from DIIR Revisionsstandard No. 3 Version 1.0, published 24.6.2018 Preamble This publication is a translation of Annex 1 of DIIR

More information

H2020 audits: The perspective of an auditor. Brussels, 21 March 2018

H2020 audits: The perspective of an auditor. Brussels, 21 March 2018 H2020 audits: The perspective of an auditor Brussels, 21 March 2018 Agenda I II 2nd level control EC s audit approach How to get things right auditor s view 2 Agenda I II 2nd level control EC s audit approach

More information

Risk Advisory Services (RAS)

Risk Advisory Services (RAS) Risk Advisory Services Internal Audit With increasing legal requirements and growing importance of effective corporate governance in businesses and organizations internal audit plays an increasingly greater

More information

Drafting conventions for Auditing Guidelines and key terms for public-sector auditing

Drafting conventions for Auditing Guidelines and key terms for public-sector auditing PSC INTOSAI Professional Standards Committee Drafting conventions for Auditing Guidelines and key terms for public-sector auditing Introduction These drafting conventions were developed by the ISSAI Harmonisation

More information

(Information) INFORMATION FROM EUROPEAN UNION INSTITUTIONS, BODIES, OFFICES AND AGENCIES EUROPEAN COMMISSION

(Information) INFORMATION FROM EUROPEAN UNION INSTITUTIONS, BODIES, OFFICES AND AGENCIES EUROPEAN COMMISSION 27.7.2016 EN Official Journal of the European Union C 273/1 II (Information) INFORMATION FROM EUROPEAN UNION INSTITUTIONS, BODIES, OFFICES AND AGENCIES EUROPEAN COMMISSION COMMISSION NOTICE Commission

More information

Internal audit insights High impact areas of focus

Internal audit insights High impact areas of focus 2014 Internal audit insights High impact areas of focus To be truly effective, internal audit departments should ensure that their efforts are targeted at the key risks and issues facing their business

More information

DIIR Audit Standard No. 5 STANDARD FOR THE AUDIT OF THE ANTI-FRAUD MANAGEMENT SYSTEM BY THE INTERNAL AUDIT ACTIVITY

DIIR Audit Standard No. 5 STANDARD FOR THE AUDIT OF THE ANTI-FRAUD MANAGEMENT SYSTEM BY THE INTERNAL AUDIT ACTIVITY DIIR Audit Standard No. 5 STANDARD FOR THE AUDIT OF THE ANTI-FRAUD MANAGEMENT SYSTEM BY THE INTERNAL AUDIT ACTIVITY Issued by the DIIR under the auspices of the DIIR Working Group Aversion of White Collar

More information

EU General Data Protection Regulation in the digital age: Are you ready?

EU General Data Protection Regulation in the digital age: Are you ready? EU General Data Protection Regulation in the digital age: Are you ready? What do you need to know about the new EU General Data Protection Regulation? Data protection has entered a period of unprecedented

More information

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL FINANCIAL YEAR ENDED 31 DECEMBER 2017 INTRODUCTION The Board of Directors is pleased to provide the Statement on Risk Management and Internal Control pursuant

More information

The compliance investment

The compliance investment The compliance investment Realising the value of compliance through greater effectiveness, efficiency, and sustainability kpmg.com.au 2017 KPMG, an Australian partnership and a member firm of the KPMG

More information

Pillar II. Institutional Framework and Management Capacity

Pillar II. Institutional Framework and Management Capacity PILLAR II. INSTITUTIONAL FRAMEWORK AND MANAGEMENT CAPACITY Pillar II. Institutional Framework and Management Capacity Pillar II assesses how the procurement system defined by the legal and regulatory framework

More information

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017 Enhancing Audit Committee Excellences through Internal Audit 21 November 2017 Sharpen and Strengthen Excellences of Audit Committee Recent Trends and Emerging Challenges Global and Emerging Trends Roles

More information

Astrus Third Party Intelligence

Astrus Third Party Intelligence Astrus Third Party Intelligence Know your risks Introducing Astrus Enhanced Due Diligence and Astrus Monitoring www.kpmg.com/uk/astrus Astrus Background information Incorporation details Activities Addresses

More information

Circular on Anti-Money Laundering Officer

Circular on Anti-Money Laundering Officer Circular on Anti-Money Laundering Officer for the Prevention of Money Laundering and Terrorist Financing Table of contents Table of contents... 2 1. Introduction... 3 2. Legal basis... 5 3. General part...

More information

Official Journal of the European Union REGULATIONS

Official Journal of the European Union REGULATIONS L 21/2 REGULATIONS COMMISSION DELEGATED REGULATION (EU) 2016/98 of 16 October 2015 supplementing Directive 2013/36/EU of the European Parliament and of the Council with regard to regulatory technical standards

More information

Achieve. Performance objectives

Achieve. Performance objectives Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.

More information

Report to: Trust Board Agenda item: 11 Date of Meeting: 9 November 2011

Report to: Trust Board Agenda item: 11 Date of Meeting: 9 November 2011 Report to: Trust Board Agenda item: 11 Date of Meeting: 9 November 2011 Title of Report: Bribery Act 2010 Status: For Approval Board Sponsor: James Scott, Chief Executive Author: Eric Sanders, Trust Board

More information

Anti-Bribery Policy. for you for your community not for profit. Date: Head of HR. Author:

Anti-Bribery Policy. for you for your community not for profit. Date: Head of HR. Author: Anti-Bribery Policy Date: Author: 11.07.17 Head of HR for you for your community not for profit Control box : Document owner: Reviewed by: Claire Knight Claire Knight Approved by and date: Head of HR July

More information

Tax Technology Solutions. A summary of our solutions designed to meet your organisation s needs

Tax Technology Solutions. A summary of our solutions designed to meet your organisation s needs Tax Technology Solutions A summary of our solutions designed to meet your organisation s needs August 2017 Managing Disruption and Tax Technology Business, economic and political disruption, both on a

More information

EU Directive: disclosure of non-financial information and diversity information

EU Directive: disclosure of non-financial information and diversity information EU Directive: disclosure of non-financial information and diversity information EU Directive on disclosure of non-financial information and diversity information From reporting year 2017, the legal requirements

More information

Audit Committee Self Assessment

Audit Committee Self Assessment Audit Committee Institute United Kingdom Audit Committee Self Assessment The audit committee should regularly assess its own effectiveness and the adequacy of its terms of reference, work plans, forums

More information

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model Institute of Internal Auditors, Detroit Chapter Meeting February 2019 With you today Sarah Ann Moore Director Internal Audit and Enterprise

More information

Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management

Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management MP_8231_0070 01 27/06/2016 1 / 12 Table of contents 1. OBJECTIVE... Erro! Indicador não definido. 2. DEFINITIONS... Erro!

More information

IoD Code of Practice for Directors

IoD Code of Practice for Directors The Four Pillars of Governance Best Practice Institute of Directors in New Zealand (Inc). IoD Code of Practice for Directors This Code provides guidance to directors to assist them in carrying out their

More information

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational

More information

Can the public sector deliver a zero tolerance approach to corruption risk?

Can the public sector deliver a zero tolerance approach to corruption risk? Can the public sector deliver a zero tolerance approach to corruption risk? Australian Public Sector Anti-Corruption Conference November 2017 Disclaimer The presentation and accompanying slide pack are

More information

Internal audit: Threading the needle Strategic insights on internal audit A KPMG benchmark survey on internal audit

Internal audit: Threading the needle Strategic insights on internal audit A KPMG benchmark survey on internal audit Internal audit: Threading the needle Strategic insights on internal audit A KPMG benchmark survey on internal audit KPMG International February 2018 kpmg.com/ecb 2 Internal Audit Executive summary Over

More information

This policy establishes the approach to risk management at Sunshine Coast Council (Council) and outlines the guiding principles and framework.

This policy establishes the approach to risk management at Sunshine Coast Council (Council) and outlines the guiding principles and framework. Organisational policy Risk Management Policy Corporate Plan reference: Endorsed by Chief Executive Officer: Manager responsible for policy: A strong community In all our communitites, people are included,

More information

CORPORATE GOVERNANCE REPORT.

CORPORATE GOVERNANCE REPORT. CORPORATE GOVERNANCE REPORT. At Diebold Nixdorf, responsible, transparent business management and control centered on the creation of sustained added value is considered an essential basis for commercial

More information

Andrea ROSIGNOLI Partner KPMG

Andrea ROSIGNOLI Partner KPMG sponsored by THE FUTURE OF CORPORATE REPORTING AND THE ROLE OF THE INTEGRATED THINKING Andrea ROSIGNOLI Partner KPMG 1 The future of corporate reporting and integrated thinking What are the main challenges

More information

Internal Control Policy of IDGC of Centre, JSC

Internal Control Policy of IDGC of Centre, JSC APPROVED by the decision of the Board of Directors of IDGC of Centre on July 31, 2012 (Minutes # 19/12 of 03.08.2012) Internal Control Policy of IDGC of Centre, JSC (new edition) Moscow 2012 Table of contents

More information

Enel Guidelines of internal control and risk management system

Enel Guidelines of internal control and risk management system GUIDELINES OF THE ENEL GROUP S INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM (approved by the Board of Directors of Enel S.p.A. on November 7, 2013 and subsequently updated on February 25, 2015 and February

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles Application of Corporate Governance Principles / 1 This table is a useful reference to each of the principles and how, in broad terms, they have been applied by the Group. The information should be read

More information

SREP Transformation The Deloitte approach. Deloitte Malta Risk Advisory - Banking

SREP Transformation The Deloitte approach. Deloitte Malta Risk Advisory - Banking SREP Transformation The Deloitte approach Deloitte Malta Risk Advisory - Banking ECB onsite inspections Deloitte Malta Timeline for SREP and other 03 regulatory and supervisory requirements SREP Decoded

More information

INTEGRATED REPORT 2017 APPLICATION OF KING IV. Think Efficient. Realise potential.

INTEGRATED REPORT 2017 APPLICATION OF KING IV. Think Efficient. Realise potential. INTEGRATED REPORT 2017 APPLICATION OF KING IV Think Efficient. Realise potential. King IV Application Register The purpose of this register is to provide an overview of the application by EFG of the principles

More information

PRINCIPLES OF BANKING ETHICS (*)

PRINCIPLES OF BANKING ETHICS (*) 1 THE BANKS ASSOCIATION OF TURKEY PRINCIPLES OF BANKING ETHICS (*) I. Introduction: Ethics can be defined as a system of criteria and measures examining the values, norms and rules underlying the individual

More information

The state of play in project management

The state of play in project management The state of play in project management AIPM and KPMG Australian Project Management Survey 2018 November 2018 AIPM.com.au KPMG.com.au 2 AIPM and KPMG Australian Project Management Survey 2018 The era of

More information

The state of play in project management

The state of play in project management The state of play in project management AIPM and KPMG Australian Project Management Survey 2018 November 2018 KPMG.com.au AIPM.com.au 2 AIPM and KPMG Australian Project Management Survey 2018 The era of

More information

King III Chapter 7 & 9 Guidance on the Assessment of the System of Internal Control. June 2010

King III Chapter 7 & 9 Guidance on the Assessment of the System of Internal Control. June 2010 Chapter 7 & 9 Guidance on the Assessment of the System of Internal Control June 2010 The information contained in this Practice Note is of a general nature and is not intended to address the circumstances

More information

Risk appetite and internal audit

Risk appetite and internal audit 30 April 2018 Risk appetite and internal audit Chartered Institute of Internal Auditors This guidance looks at the nature of risk appetite and how it has come to the fore following the financial crisis

More information

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the

More information

Comments on Chapter IV Part I Controller and processor 25/08/2015 Page 1

Comments on Chapter IV Part I Controller and processor 25/08/2015 Page 1 Comments on Chapter IV Part I Controller and processor 25/08/2015 Page 1 Bitkom represents more than 2,300 companies in the digital sector, including 1,500 direct members. With more than 700,000 employees,

More information

Life Sciences Compliance in Asia

Life Sciences Compliance in Asia Life Sciences Compliance in Asia How the Evolution of Asia s Compliance Landscape is Driving Uncertainty 2017 kpmg.com.sg The Evolution of Asia s Compliance Landscape is Driving Uncertainty For many Life

More information

Fraud Investigation & Dispute Services. Forensic analysis and global experience: the intelligent connection

Fraud Investigation & Dispute Services. Forensic analysis and global experience: the intelligent connection Fraud Investigation & Dispute Services Forensic analysis and global experience: the intelligent connection Protect your company s reputation and reduce financial risk Businesses are always under scrutiny

More information

THE ARCG CHARTER. Issued in March 2008

THE ARCG CHARTER. Issued in March 2008 THE ARCG CHARTER Issued in March 2008 Index Part A Internal Audit Purpose Charter Mission Independence Scope & Responsibilities Authority Accountability Standards Part B Compliance Introduction Guiding

More information

Integrity. Purpose of the Checklist. Description

Integrity. Purpose of the Checklist. Description Integrity Purpose of the Checklist To guide and support public procurement practitioners in reviewing, developing and updating their procurement framework, according to the 12 principles of the Recommendation

More information

Internal Audit Charter

Internal Audit Charter Internal Audit Charter September 2017 1. Policy The EIF function responsible for the performance of internal audit ( Internal Audit or IA ) shall perform internal audit services pursuant to the terms of

More information

Risk management framework: compliance risk policy

Risk management framework: compliance risk policy Meeting of the Board 26 28 February 2019 Songdo, Incheon, Republic of Korea Provisional agenda item 30 1 February 2019 Risk management framework: compliance risk policy Proposal by the Risk Management

More information

AUDITING. Auditing PAGE 1

AUDITING. Auditing PAGE 1 AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal

More information

PostNL group procedure

PostNL group procedure 1 January 2017 PostNL Holding B.V. Audit & Security PostNL group procedure on fraud prevention guidance on bribery and corruption Author Director Audit & Security Title PostNL group procedure on Fraud

More information

Risk frameworks. Driving business strategy with effective risk frameworks

Risk frameworks. Driving business strategy with effective risk frameworks Risk frameworks Driving business strategy with effective risk frameworks Integrating risk management with business strategy Each year, a board begins its planning period with a set of strategic options

More information

EU General Data Protection Regulation: Are you ready?

EU General Data Protection Regulation: Are you ready? EU General Data Protection Regulation: Are you ready? Powered by Global Markets EY Knowledge Contents What do you need to know about the new EU General Data Protection Regulation? Are organisations ready

More information

Review of Compliance. Review completed 30 June 2015 Unclassified summary released October 2015

Review of Compliance. Review completed 30 June 2015 Unclassified summary released October 2015 Review of Compliance Review completed 30 June 2015 Unclassified summary released October 2015 Contents Introduction... 3 Summary of Review... 3 Recommendations of the Review:... 4 Director s Response...

More information

Business beyond borders

Business beyond borders Business beyond borders Fasten efficiency gains to your international trade November 2016 Business beyond borders 1 02 From controlling the costs of international trade to unlocking payroll efficiencies,

More information

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS Introduction INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE (Effective for audits of financial statements for periods beginning on or after December 15, 2009) +

More information

Thomson Reuters SCREENING RESOLUTION SERVICE

Thomson Reuters SCREENING RESOLUTION SERVICE Thomson Reuters SCREENING RESOLUTION SERVICE Benefits Reduce the compliance burden and maximize existing staff resources Demonstrate a complete audit trail to regulators Improve regulatory compliance Adopt

More information

PASA GUIDANCE. Trustees Administration Governance Checklist. July 2018

PASA GUIDANCE. Trustees Administration Governance Checklist. July 2018 PASA GUIDANCE Trustees Administration Governance Checklist July 2018 Administration Governance Occupational Pension Scheme Trustee Checklist The Pensions Administration Standards Association (PASA) has

More information

TEACHERS RETIREMENT BOARD. AUDITS AND RISK MANAGEMENT COMMITTEE Item Number: 9 SUBJECT: Scope and Structure of the Enterprise Compliance Program

TEACHERS RETIREMENT BOARD. AUDITS AND RISK MANAGEMENT COMMITTEE Item Number: 9 SUBJECT: Scope and Structure of the Enterprise Compliance Program TEACHERS RETIREMENT BOARD AUDITS AND RISK MANAGEMENT COMMITTEE Item Number: 9 SUBJECT: Scope and Structure of the Enterprise Compliance Program CONSENT: ATTACHMENT(S): 3 ACTION: DATE OF MEETING: / 30 mins

More information

An Overview of the 2013 COSO Framework. August 2013

An Overview of the 2013 COSO Framework. August 2013 An Overview of the 2013 COSO Framework August 2013 Introduction Dean Geesler, KPMG Senior Manager Course Objectives Summarize the key changes from the 1992 Framework to the 2013 Framework including the

More information

Your incentive compensation plans have no borders. Why should your compliance processes?

Your incentive compensation plans have no borders. Why should your compliance processes? Your incentive compensation plans have no borders. Why should your compliance processes? KPMG LINK Global Equity Tracker Powered by KPMG LINK Work Force Take care of risks before take off Challenges of

More information

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING All public companies either have begun or will soon begin a process, required under Section 404 of the Sarbanes-Oxley Act of 2002 ( SOX ), of reviewing

More information

B U S I N E S S R I S K M A N A G E M E N T L T D

B U S I N E S S R I S K M A N A G E M E N T L T D B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop

More information

INTEGRITY COMPLIANCE GUIDELINES

INTEGRITY COMPLIANCE GUIDELINES AFRICAN DEVELOPMENT BANK GROUP African Development Bank Group Integrity and Anti-Corruption Department INTEGRITY COMPLIANCE GUIDELINES 1 1. Prohibition of Misconduct A clearly articulated and visible prohibition

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) ATTRIBUTE STANDARDS 1000 Purpose, Authority and Responsibility The purpose, authority, and responsibility of the internal

More information

EY Center for Board Matters. Leading practices for audit committees

EY Center for Board Matters. Leading practices for audit committees EY Center for Board Matters for audit committees As an audit committee member, your role is increasingly complex and demanding. Regulators, standard-setters and investors are pressing for more transparency

More information

ISO & ISO TRAINING DAY 4 : Certifying ISO 37001

ISO & ISO TRAINING DAY 4 : Certifying ISO 37001 ISO 19600 & ISO 37001 TRAINING DAY 4 : Certifying ISO 37001 2017 SLIDE 1 DAY 4 Program Part 1 : Audit rules 1. Audit principles 2. Types of findings Part 2 : Audit process 3. The steps of an audit 4. Audit

More information

NAMPAK LIMITED Application of the King IV Report on Corporate Governance for South Africa 2016 ( King IV TM )

NAMPAK LIMITED Application of the King IV Report on Corporate Governance for South Africa 2016 ( King IV TM ) NAMPAK LIMITED Application of the King IV Report on Corporate Governance for South Africa 2016 ( King IV TM ) Nampak Limited ( Nampak or the Company ) is a listed company on the Johannesburg Stock Exchange

More information

SS/288 Sylvia Smith. 30 October Dear Sirs

SS/288 Sylvia Smith. 30 October Dear Sirs . Tel +44 (0)20 7694 8871 15 Canada Square sylvia.smith@kpmgifrg.com London E14 5GL United Kingdom Technical Director International Auditing and Assurance Standards Board International Federation of Accountants

More information

SRI LANKA AUDITING STANDARD 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

SRI LANKA AUDITING STANDARD 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS SRI LANKA AUDITING STANDARD 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE Introduction (Effective for audits of financial statements for periods beginning on or after 01 January 2012) CONTENTS Paragraph

More information

Product Safety and Market Surveillance Package COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Product Safety and Market Surveillance Package COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document EUROPEAN COMMISSION Brussels, 13.2.2013 SWD(2013) 34 final Product Safety and Market Surveillance Package COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT Accompanying the document

More information

SUMMARY OF KING IV PRINCIPAL DISCLOSURES. Leadership, ethics and corporate citizenship

SUMMARY OF KING IV PRINCIPAL DISCLOSURES. Leadership, ethics and corporate citizenship Capitec Bank Holdings Limited (Capitec or the group) is a bank controlling company and is listed on the Johannesburg Stock Exchange (JSE) equity market. Capitec Bank Limited (Capitec Bank), a wholly owned

More information

Final Report. Guidelines. on internal governance under Directive 2013/36/EU EBA/GL/2017/ September 2017

Final Report. Guidelines. on internal governance under Directive 2013/36/EU EBA/GL/2017/ September 2017 EBA/GL/2017/11 26 September 2017 Final Report Guidelines on internal governance under Directive 2013/36/EU Contents Executive Summary 3 Background and rationale 5 1. Compliance and reporting obligations

More information

The Institute of Directors of South Africa ( IoDSA ) is the convener of the King Committee and the custodian of the King reports and practice notes.

The Institute of Directors of South Africa ( IoDSA ) is the convener of the King Committee and the custodian of the King reports and practice notes. ANDULELA INVESTMENT HOLDINGS LIMITED CORPORATE GOVERNANCE Corporate Governance Overview December 2016 The Board of Directors is committed to the implementation of good corporate governance within the group

More information

Transformation confidence Helping you get closer to your transformation programme

Transformation confidence Helping you get closer to your transformation programme www.pwc.com/riskassurance Transformation confidence Helping you get closer to your transformation programme The executive summary series paper No.4 Most senior executives will only ever sponsor one or

More information

By the Financial Forensic Investigation Team of the Attorneys Fidelity Fund

By the Financial Forensic Investigation Team of the Attorneys Fidelity Fund Find the problem before it finds you By the Financial Forensic Investigation Team of the Attorneys Fidelity Fund Allowing events to destroy the vision you have of your firm can be managed and limited,

More information

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015 In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal

More information

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404 Beyond Compliance Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404 Note to Readers Regarding This First Edition April 2003: This document was published

More information

Advisory Services Governance, Risk & Compliance

Advisory Services Governance, Risk & Compliance Advisory Services Governance, Risk & Compliance Caribbean Association of Audit Committee Members Inc. 2010 Conference Caretakers of Integrity and Accountability: The Role of Internal Audit in Corporate

More information

Managing your risk, creating value: The role of Internal Audit and emerging technologies

Managing your risk, creating value: The role of Internal Audit and emerging technologies www.pwc.com/vn Internal Audit. Expected More. Managing your risk, creating value: The role of Internal Audit and emerging technologies Xavier Potier Director, Risk Assurance Services 13 th April 2018 With

More information

Fraud in focus March Fraud & Corruption in the Victorian Public Sector learnings and insight for 2017 and beyond

Fraud in focus March Fraud & Corruption in the Victorian Public Sector learnings and insight for 2017 and beyond Fraud in focus March 2017 Fraud & Corruption in the Victorian Public Sector learnings and insight for 2017 and beyond Introduction The Victorian Public Sector has a comprehensive integrity framework with

More information

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements AUDITING STANDARD No. 2 An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements March 9, 2004 AUDITING AND RELATED PROFESSIONAL PRACTICE STANDARDS

More information

Data protection (GDPR) policy

Data protection (GDPR) policy Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL

More information

Information governance strategy

Information governance strategy Information governance strategy January 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment V 1.0 Trevor Duplessis 22/01/18 Due for review Dec

More information

NOT PROTECTIVELY MARKED. Item Number 5.10 Gary Devlin, Partner, Scott- Moncrieff Recommendation to Members Members are requested to note the report.

NOT PROTECTIVELY MARKED. Item Number 5.10 Gary Devlin, Partner, Scott- Moncrieff Recommendation to Members Members are requested to note the report. NOT PROTECTIVELY MARKED Meeting Audit Committee Date 24 July 2018 Location Pacific Quay, Glasgow Title of Paper Internal Audit Annual Report Item Number 5.10 Presented By Gary Devlin, Partner, Scott- Moncrieff

More information

KPMG s Audit Committee Institute

KPMG s Audit Committee Institute New Zealand Analysis: 2015 Global Audit Committee Survey KPMG s Audit Committee Institute kpmg.com/nz What Our 2015 Survey Tells Us Introduction Short of a crisis, the issues on the audit committee s radar

More information

The RUAG Code of Conduct

The RUAG Code of Conduct Visionary thinking Collaboration High performance The RUAG Code of Conduct Contents 4 Foreword 8 Our Values 9 Brand Promise 10 Integrity@RUAG 11 Guiding questions 12 Application 16 Zero tolerance for

More information

Risk Management and the Internal Audit profession Two sides of the same coin? 30 th September 2015

Risk Management and the Internal Audit profession Two sides of the same coin? 30 th September 2015 Risk Management and the Internal Audit profession Two sides of the same coin? 30 th September 2015 Risk Management and the Internal Audit profession Two sides of the same coin? Mike Wilson Partner M: 07557564333

More information

LONDON BOROUGH OF BARNET CODE OF CORPORATE GOVERNANCE

LONDON BOROUGH OF BARNET CODE OF CORPORATE GOVERNANCE 1. INTRODUCTION LONDON BOROUGH OF BARNET CODE OF CORPORATE GOVERNANCE 1.1 As with all Local Authorities, the council operates through a governance framework. This is an inter-related system that brings

More information

KPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk

KPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk KPMG Smart Controls Putting you in control of your controls kpmg.co.uk KPMG Smart Controls Putting you in control of your controls Our solution for Control Testing, Assurance and Clouded by controls Many

More information

International Standards for the Professional Practice of Internal Auditing (Standards)

International Standards for the Professional Practice of Internal Auditing (Standards) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent

More information

BOTSWANA ACCOUNTANCY OVERSIGHT AUTHORITY (BAOA)

BOTSWANA ACCOUNTANCY OVERSIGHT AUTHORITY (BAOA) BOTSWANA ACCOUNTANCY OVERSIGHT AUTHORITY (BAOA) BOARD CHARTER BOTSWANA ACCOUNTANCY OVERSIGHT AUTHORITY BOARD CHARTER 1 TABLE OF CONTENTS CONTENTS PAGE 1. OVERVIEW 3 2. PURPOSE 3 3. COMPOSITION 3 4. INDUCTION

More information

Board charter and relationship with management

Board charter and relationship with management Board Charter Board charter and relationship with management SpeedCast International Limited (Company) ACN 600 699 241 Adopted by the Board on 10 July 2014 Board Charter Page 1 Contents Table of contents

More information

MACQUARIE TELECOM GROUP LIMITED CORPORATE GOVERNANCE

MACQUARIE TELECOM GROUP LIMITED CORPORATE GOVERNANCE MACQUARIE TELECOM GROUP LIMITED CORPORATE GOVERNANCE A. Introduction Macquarie Telecom Group Limited operates in a challenging, rapidly changing telecommunications and hosting environment and the Board

More information

Public Internal Control Systems in the European Union

Public Internal Control Systems in the European Union Public Internal Control Systems in the European Union Illustrating essential Internal Control elements Discussion Paper No. 8 Ref. 2017-1 The information and views set out in this paper are those of the

More information

Combining Governance, Risk and Compliance Provides Security.

Combining Governance, Risk and Compliance Provides Security. Company Profile Sustainable Fight Against Financial and White-Collar Crime Combining Governance, Risk and Compliance Provides Security. FICO TONBELLER s GRC Approach www.tonbeller.com www.fico.com Global

More information

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices http://mahdi.hashemitabar.com Reference number ISO

More information

Statement on Risk Management and Internal Control

Statement on Risk Management and Internal Control INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased

More information

National Farmers Federation

National Farmers Federation National Farmers Federation Consultation Regulation Impact Statement on A National Scheme for Assessment, Registration and Control of Use of 11 April 2011 Prepared by Dr Sam Nelson Member Organisations

More information