npliance IN 2008, MICROSOFT CORP. WAS FINED 899 MILLION Auditing for
|
|
- Marjory Wilkins
- 6 years ago
- Views:
Transcription
1 IN 2008, MICROSOFT CORP. WAS FINED 899 MILLION EUROS (US $1.15 BILLION) BY EUROPEAN UNION REGULATORS for failing to comply with a 2004 antitrust order. The previous year, DaimlerChrysler paid a US $30 million fine for failing to meet U.S. federal fuel-efficiency standards. And that same year, York International Corp. agreed to pay US $12 million in connection with violations of the U.S. Foreign Corrupt Practices Act of In fact, media reports about companies incurring significant fines for regulatory noncompliance have become increasingly common. Today's organizations face greater regulatory scrutiny than ever before due to the proliferation of laws and regulations in number and complexity as well as increased regulatory oversight and audit activity. Companies with global Auditing for npliance SUSAN BURCH, CIA, CISA SENIOR MANAGER, INTERNAL AUDIT RTI INTERNATIONAL By auditing the organization's corporate compliance program, internal auditors can heip reduce regulatory violations and keep their board informed. 53 O K t M B t R ;(in» I N T E R N A L A U D I T O R
2 54 operations take on additional regulatory challenges, given their need to consider varying regulatory environments and cultures with different generally acceptable business practices. Because of the heightened risks associated with noncompliance, executive management and boards are under increased scrutiny not only from regulators, but also from customers, clients, stockholders, and business partners to ensure internal controls are in place to address compliance with laws and regulations. In response, many organizations are taking an integrated approach to implementing a regulatory compliance framework, which involves developing and establishing a compliance methodology, policies, procedures, and a training program. Responsibility for implementing such a framework generally falls on the chief compliance officer. Such an approach leads to myriad benefits, including corporate oversight and guidance for compliance activities, improved efficiencies and effectiveness, increased employee awareness of regulatory compliance requirements and issues, and the minimization or mitigation of legal, reputational, or financial risks. As part of their overall risk assessment, internal auditors should assess compliance risk and incorporate compliance auditing into their audit plans. One approach to auditing regulatory compliance is to test adherence to various regulations during each audit as it is conducted. Although this approach effectively assesses adherence to specific regulations, it does not provide executive management or the board with an enterprisewide view of the organization's compliance infrastructure. A better approach is to conduct a comprehensive entity-level audit of the organization's corporate compliance program. If an organization does not have a formal corporate compliance program, internal auditing can be a catalyst for the development of one by auditing compliance activities, identifying gaps, and recommending ways to improve efficiencies and make compliance activities more effective. KEY PROGRAM COMPONENTS There are several internal control frameworks that can help organizations implement appropriate internal controls to ensure compliance with laws and regulations (see "Common Internal Control Frameworks" on page 55 for an overview INTERNAL AUDITOR DECEMBER 2008 of some of the more widely used frameworks). An organization's management should select a framework or combination of frameworks that is best suited to its business based on industry, size, complexity, culture, and global reach. For example, an organization may select The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Internal Control-Integrated Framework as a guide in establishing a compliance program. COSO's rriodel includes an objective to ensure compliance with laws and regulations. Beginning with the control environment, the organí2ation would define its integrity and ethical values in a code of conduct as well as define authorities, responsibilities, and organizational structure. The organization would also conduct a compliance and/or fraud risk assessment as part of an overall enterprisewide risk assessment. Control activities would be developed and implemented to help ensure compliance, and regular communication channels would be established to inform employees and management about the organization's state of compliance. Additionally, monitoring mechanisms, such as regular compliance reviews, would be implemented and results reported to management. Regardless of the framework used, several key duties should be performed as part of the compliance Assign overau responsibility for overseeing compliance with established standards, policies, and procedures to a specific high-level individual within the organization, such as a compliance officer. Q Establish compliance standards, policies, and procedures to be followed by employees and other company representatives such as subcontractors, consultants, and vendors who are capable of reducing the possibility of regulatory violations. B Effectively communicate compliance standards, policies, and procedures to all employees and other company representatives. B Establish compliance training programs to ensure employees and other company representatives are aware of their compliance responsibilities. a Ensure substantial discretionary authority is delegated to trustworthy individuals, not persons whom the organization knew (or should have known through the exercise of due diligence) are likely to engage in illegal activity. s Maintain monitoring and auditing systems that are based on a compliance risk assessment and are designed to detect intentional or unintentional regulatory compliance violations by employees and other company representatives. a Maintain and publicize a whistleblower hotline and account whereby individuals can report potential regulatory compliance violations by employees and other company representatives confidentially and without fear of reprisal. a Consistently enforce compliance standards, policies, and procedures through appropriate, case-specific disciplinary mechanisms, including discipline of individuals responsible for the failure to detect a violation. H Take all reasonable steps to respond appropriately to violations that have been detected and to prevent future similar occurrences, including making any necessary modifications to the compliance program. Implementation of these key components should reduce the instances of noncompliance with regulations as well as reduce the impact to the organization should an instance occur. In addition, many regulatory agencies consider an organization's overall approach to compliance when assessing monetary fmes and penalties and may assess a lower fine if the organization has a strong corporate compliance program. TESTING THE PROGRAM Internal auditors should use a variety of audit techniques to test whether an organization has implemented an effective corporate compliance program and kept it up-to-date. The audit should include a review of formal policy, procedure, and program documents as well as interviews with employees, management, and relevant external parties such as consultants and vendors. Auditors should also conduct substantive testing on the following elements of the corporate compliance program to assess the program's effectiveness. ORGANIZATIONAL STRUCTURE AND ALIGNMENT Internal auditing should ensure that
3 A U D I T I N G FOR C O M P L I A N C E Common Internal Control Frameworks Internal Control Framework The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Internal Control- Integrated Framework Canadian Institute of Chartered Accountants' (CiCA's) Criteria of Control Framewotk (CoCo) The Basel Committee on Banking Supervision's Framewori< for Internal Control Systems Control Objectives for information and Related Technology (COBIT) international Organization for Standardization (iso) Standards for internal Control in the U.S. Federal Government Summary COSO's Internal Control - Integrated Framework was introduced in 1992 as guidance on how to establish better controls so companies can achieve their objectives with minimal surprises. COSO categorizes entity-level objectives into operations, financial reporting, and compliance. The framewori< includes more than 20 basic principles representing the fundamental concepts associated with its five components: control environment, risi< assessment, control activities, information and communication, and monitoring. Some of the principles include key elements for compliance, such as integrity and ethical values, authorities and responsibilities, policies and procedures, and reporting deficiencies. CoCo was introduced in 1992 with the objective of improving organizational performance and decision-making with better controls, risk management, and corporate governance. In 1995, Guidance on Control was produced and described the CoCo framework and defining controls. The framework includes 20 criteria for effective control in four areas of an organization: purpose (direction), commitment (identity and values), capability (competence), and monitoring and learning (evolution). The Basel Committee on Banking Supervision, which includes supervisory authorities from Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Sweden, Switzerland, the United Kingdom, and the United States, introduced the Framework for Internal Control Systems in Regulatory compliance is an integral part of the framework. The five elements of internal control are: management oversight and control culture, risk recognition and assessment, control activities and segregation of duties, information and communication, and monitoring activities and correcting deficiencies. The effective functioning of these five elements is key to an organization achieving its performance, information, and compliance objectives. COBIT is an internationally accepted controls-based framework for IT governance that was first released by ISACA in COBIT has 34 high-level processes that cover 210 control objectives categorized in four domains: planning and organization, acquisition and implementation, delivery and support, and monitoring and evaluation. The framework guides an organization on how to use IT resources (i.e., applications, information, infrastructure, and people) to manage IT domains, processes, and activities to respond to business requirements, which include compliance, effectiveness, efficiency, confidentiality, integrity, availability, and reliability. Well-governed IT practices can assist businesses in complying with laws, regulations, and contractual arrangements. ISO has developed more than 16,000 international standards for stakeholders such as industry and trade associations, science and academia, consumers and consumer associations, governments and regulators, and societal and other interest groups. The ISO 9000 series focuses on quality management systems, including ensuring controls are in place to comply with applicable regulatory requirements. The ISO series focuses on environmental management systems, including complying with applicable environmental regulatory requirements. ISO 9001 (introduced in 2000) and ISO (introduced in 1996) have been implemented by organizations in more than 160 countries. The ISO series focuses on information security management systems. The series helps organizations establish information security standards that meet business needs while ensuring compliance with regulatory and contractual requirements. The U.S. Government Accountability Office issued the Standards for Internal Control in the Federal Government in The standards provide guidance on assessing risks and internal controls in programmatic, financial, and compliance operations. They are similar to COSO's 1992 framework. DECEMBER 2008 INTERNAL AUDITOR
4 responsibility for oversight and stewardship of the corporate compliance program is assigned to a chief compliance officer or other appropriate high-level individual who reports to executive leadership. To administer an effective corporate compliance program, the chief compliance officer must have adequate internal staffing and external resources, a depth and breadth of regulatory compliance knowledge and experience, executive management support, and clear and direct access to senior leadership. The chief compliance officer should consider establishing a corporate compliance committee that includes representation from: Internal auditing. Finance. Human resources. Regulatory compliance. Quality assurance. IT. Environmental health and safety. Legal and ethics. Contracts and procurement. Risk management. Corporate security. Operations. The committee, under the direction of the corporate compliance officer, would oversee and administer the corporate compliance program and framework, including developing a charter for the corporate compliance committee, defining goals and objectives of the corporate compliance function, and determining the functional operating structure. The structure should be flexible enough to keep abreast of and address changes in regulations as well as support the organization from a regulatory compliance perspective when entering new markets or countries that represent new regulatory environments. Internal auditing should review the corporate compliance charter to ensure that it adequately defmes the role and responsibilities of the corporate compliance officer and corporate compliance committee. Internal auditing should also review corporate compliance committee meeting agendas and minutes to ensure meetings are held regularly and the goals and objectives of the compliance committee are being met. COMPLIANCE RISK ASSESSMENTS Internal auditing should ensure that the corporate compliance committee performs compliance risk assessments at least annually to identify the organization's level of exposure to compliance requirements specific to its business or industry. The committee should consider working closely with internal auditing and risk management to conduct the risk assessment to ensure a cohesive enterprisewide risk assessment process that minimizes disruptions to the operating business units. The assessment should then be used to identify which laws and regulations are relevant and have the greatest impact on the organization, and the compliance committee should ensure training courses to ensure employees are aware of their responsibilities for compliance with laws and regulations. Some corporate compliance committees also develop and implement separate compliance awareness campaigns. Internal auditing should review compliance training records to ensure employees have completed the required training. Auditors also should consider conducting interviews with a sample of employees who have completed the required compliance training to evaluate the effectiveness of the established training program. Internal auditors should review standards, policies, procedures, and tools used to aid regulatory compliance and ensure tiiey are appropriate to the organization's size and complexity. that there is a system of policies and procedures in place to address compliance with these laws and regulations. STANDARDS, POLICIES, AND PROCEDURES The corporate compliance officer and corporate compliance committee should work together to establish and implement standards, policies, and procedures to ensure compliance with applicable laws and regulations. The organization should have an overarching compliance policy along with procedures on how to comply with specific regulations. Many organizations implement automated solutions, such as a database, to help keep track of and disseminate information on laws and regulations. Internal auditors should review standards, policies, procedures, and tools used to aid regulatory compliance and ensure they are appropriate to the organization's size and complexity. Auditors also should ensure there is a process in place to keep the compliance standards, policies, and procedures updated and ensure any changes in regulations are disseminated to affected areas timely. COMPLIANCE TRAINING The company should provide mandatory compliance CODE OF CONDUCT Internal auditing should ensure the organization has developed and distributed an appropriate code of conduct that aligns with the organization's core values. The code should be reviewed periodically and updated as necessary. Employees should sign an agreement to abide by the code of conduct annually, and mechanisms should be in place to monitor whether all employees have completed the annual acknowledgement. Some organizations have implemented increasingly stricter consequences for not completing the acknowledgment. For example, an organization may elect to send reminder s to"^ delinquent employees and their managers, but if the employees still do not comply, consequences could escalate to disabling their accounts, preventing them from communicating as necessary to do their job until they complete the annual code of conduct acknowledgement. Some organizations also require subcontractors, consultants, and even vendors to adhere to a code of conduct. Internal auditing should perform substantive testing to determine whether management has implemented processes to ensure employees, as well as subcontractors, consultants, and vendors INTERNAL AUDITOR DECEMBER 2008
5 A U D I T I N G FOR C O M P L I A N C E if required are signing the code of conduct annually. WHISTLEBLOWER HOTLINE T h e code of conduct should also include provisions for reporting potential violations of the code to an anonymous hotline or account. Employees must feel free to report potential violations vvrithout fear of retribution. Many public and private companies, as weü. as government organizations, publish their hotline phone number and address so that vendors or citizens can report potential violations. Internal auditors should perform tests to ensure that calls and s are recorded in a database or log. They also should ensure that reports are kept confidential, directed to appropriate individuals to handle the investigation, and investigated and addressed timely. Reports made to the hotline or account should be grouped into categories such as confiicts of interest, employee relations, policies and procedures, and compliance with laws and regulations so they can be analyzed, tracked, and trended. INVESTIGATION POLICIES AND PROCEDURES The corporate compliance officer should ensure documented policies and procedures for ethics and fraud investigations are in place and can be carried out by qualified resources, either internal or external. In many companies, investigations are conducted by internal auditing. However, more complex investigations, such as those dealing with U.S. federal authorities or international authorities like Interpol, may require engaging corporate legal counsel and, in some cases, outside legal counsel. In these instances, representatives from corporate legal, corporate compliance, and internal auditing must work closely with outside resources to ensure a coordinated investigation. If an investigation results in the need for disciplinary action, an independent centralized group, such as legal or human resources, should review the recommended action to ensure consistency, fairness, and equity. Internal auditors should assess whether the organization has documented policies and procedures for conducting ethics and fraud investigations. Additionally, auditors should review workpapers and supporting documentation for a sample of ethics or fraud investigations to ensure cases were documented appropriately, necessary corrective actions were taken, and disciplinary actions were approved correctly. MONITORING MECHANISMS Internal auditing should ensure the corporate compliance committee has established methods to monitor or audit adherence to compliance policies and procedures. The organization should have a process to report the results of the compliance audits or reviews to the appropriate levels of management. The corporate compliance committee must have a process in place to develop corrective actions in response to identified compliance risks and internal control gaps and to monitor progress in completing the corrective actions. Internal auditing should review the corporate compliance committee's policies and procedures for conducting compliance audits to ensure appropriate audit coverage, sampling methodologies, and reporting requirements. Auditors also should review the results of compliance audits or reviews along with supporting workpapers to ensure significant items were reported correctly. Finally, internal auditing should review the corrective action plans to be sure management is addressing compliance risks timely. CONTRACTS AND PURCHASE ORDERS The procurement or purchasing department should incorporate appropriate clauses addressing regulatory compliance into contracts and purchase orders to ensure vendors, business partners, and agents comply with applicable laws and regulations. Contracts and purchase orders should have a "right to audit" clause to preserve the company's right to conduct compliance audits of the subcontractor, consultant, or vendor. Auditors should review contract and purchase order templates to ensure the appropriate "right to audit" clauses are in place. In addition, auditors should determine whether the corporate procurement or purchasing department conducts periodic reviews of vendor activities, and they should examine the procedures and results of such reviews. BACKGROUND CHECKS The organization should require thorough pre-employment background checks that, at a minimum, include criminal record searches, verification of education and certifications, and confirmation of any special requirements necessary for the position. Additional background checks for certain positions or departments such as verification of a valid driver's license, good credit, or medical history may be necessary depending on the position. Background check capabilities can vary depending on the citizenship and location of the individual. International organizations must develop flexible, robust procedures for conducting background checks. In some countries, background checks can take an extensive amount of time, and companies need to develop plans to accommodate these requirements. In addition to reviewing policies and procedures on background checks, auditors should perform substantive testing to ensure the background checks are being conducted according to prescribed policies and procedures. DESIGNATION OF RESPONSIBILITIES Adequate segregation of duties and well-defined delegations of authority are two key components of a strong corporate compliance framework. Internal auditing can play a significant role in helping management evaluate whether adequate segregation of duties exists and whether delegations of authorities have been defined and communicated clearly. In addition to reviewing policies and procedures, internal auditing should interview key staff and independently evaluate whether incompatible duties are segregated appropriately. Moreover, auditors should perform substantive testing to determine the effectiveness of the delegations of authority. A VALUABLE CONTRIBUTION Audit departments can add value to organizational governance processes by auditing the company's corporate compliance framework and program. If an organization has a robust framework and program, it has the foundation to ensure internal controls are in place to comply with laws and regulations. Auditing that framework not only promotes more efficient, collaborative compliance-related processes, but it also ultimately minimizes the instances of noncompliance, enables early identification of systemic issues, and gives executive management, the audit committee, and the board an enterprisewide view of the state of corporate compliance. To comment on this article, the author at susan.burch@theiia.org. DECEMBER 2008 INTERNAL AUDITOR 59
6
Measuring Compliance Program Effectiveness
Measuring Compliance Program Effectiveness Measuring Compliance Program Effectiveness: A Resource Guide HCCA Hawaii Regional Debbie Troklus, CHC-F, CCEP-F, CCEP-I, CHRC, CHPC Aegis Compliance and Ethics
More informationDelta Dental of Michigan, Ohio, and Indiana. Compliance Plan
Delta Dental of Michigan, Ohio, and Indiana Compliance Plan Procedure #: 420-29 Issue Date: 5/15/2013 Last Revised Date: 5/23/2016 Last Review Date: 5/23/2016 Next Review Date: 5/23/2017 Title: Compliance
More informationTriple C Housing, Inc. Compliance Plan
Triple C Housing, Inc. Compliance Plan Adopted by Board of Directors on draft November 13, 2014 Overview Triple C Housing, Inc. is committed to its consumers, employees, contractual providers, vendors,
More informationIn Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal
More informationEFFICIENT USE OF AUDIT COMMITTEES
AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit
More information2017 The Global ABB Integrity Program.
2017 The Global ABB Integrity Program www.abb.com/integrity Tone from the Top Don t Look the Other Way A culture of integrity is a prerequisite for a world-class business. Many valuable customers choose
More informationGROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER
GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER The Board of Directors (the Board ) of Group 1 Automotive Inc. (the Company ) has heretofore constituted and established an Audit Committee (the Committee
More informationOrganizational Governance: Guidance for Internal Auditors. - July
Position Paper Organizational Governance: Guidance for Internal Auditors - July 2006 - The Institute of Internal Auditors, 247 Maitland Avenue, Altamonte Springs, Florida 32701-4102, USA http://www.theiia.org
More informationCOMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University
COMPLIANCE AT LARGER INSTITUTIONS November 11 13, 2009 Robert F. Roach Chief Compliance Officer New York University I. Introduction - What is Compliance? We re Watching You! In a University setting, the
More informationFraud Risk Management
Fraud Risk Management Introduction Bethmara Kessler, CFE, CISA Campbell Soup Company 2017 Association of Certified Fraud Examiners, Inc. CPE Information 2017 Association of Certified Fraud Examiners, Inc.
More informationWhat We Will Cover Today
Standards for the Professional Practice of Internal Auditing The IIA Red Book The Basics of Internal Auditing September 8, 2014 Sam McCall, PhD, CPA, CGFM, CIA, CGAP, CIG Chief Audit Officer Florida State
More informationCHARTER FEDERAL RESERVE BANK OF RICHMOND BOARD OF DIRECTORS AUDIT AND RISK COMMITTEE
CHARTER FEDERAL RESERVE BANK OF RICHMOND BOARD OF DIRECTORS AUDIT AND RISK COMMITTEE Purpose The Audit and Risk Committee (the Committee) is a committee of the Board of Directors (the Board). The Committee
More informationCorporate Compliance Program
June 26, 2001 Revision Approved June 26, 2002 Revision Approved by QMT December 9, 2003 Revision Approved by SLT December 12, 2007 Minor Revision August 25, 2008 TABLE OF CONTENTS INTRODUCTION...1 PURPOSE...1
More informationRules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management
Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management MP_8231_0070 01 27/06/2016 1 / 12 Table of contents 1. OBJECTIVE... Erro! Indicador não definido. 2. DEFINITIONS... Erro!
More informationHenkel s Compliance Management System (CMS)
Henkel s Compliance Management System (CMS) As a company that operates in an ethically and legally correct manner, Henkel s image and reputation is inseparable from the appropriate conduct of each of its
More informationCharter of the Audit Committee of the Board of Directors of Novo Nordisk A/S. CVR no
Charter of the Audit Committee of the Board of Directors of Novo Nordisk A/S CVR no. 24 25 67 90 1. Status The Audit Committee is a committee of the Board of Directors established in accordance with Section
More informationInternal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 30, 2017 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org
More informationA Discussion About Internal Controls February 2016
A Discussion About Internal Controls February 2016 What we will cover today 001 Introductions 002 Defining Internal Controls 003 COSO Internal Controls Integrated Framework 004 Approach to Designing Internal
More informationSHRINERS HOSPITALS FOR CHILDREN CORPORATE COMPLIANCE PLAN
SHRINERS HOSPITALS FOR CHILDREN CORPORATE COMPLIANCE PLAN 1.0 INTRODUCTION Shriners Hospitals for Children ( SHC ) is committed to conducting itself according to applicable business ethical standards and
More informationSession 7: Corporate Governance
Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
More informationInternal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)
Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017) Assessor 1: Assessor 2: Date: Date: Legend: Generally
More informationINTERNAL AUDIT OF PROCUREMENT AND CONTRACTING
OFFICE OF THE COMMISSIONNER OF LOBBYING OF CANADA INTERNAL AUDIT OF PROCUREMENT AND CONTRACTING AUDIT REPORT Presented by: Samson & Associates February 20, 2015 TABLE OF CONTENT EXECUTIVE SUMMARY... I
More informationGOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS
GOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS TABLE OF CONTENTS Title Page 1. History 3 2. Foreword 4 3. Mission and Vision Statement 5 4. Board Membership 5 Size of Board Mix
More informationStrengthening Control and integrity: A Checklist for government Managers
Forum: Analytics and Risk Management Tools for Making Better Decisions Strengthening Control and integrity: A Checklist for government Managers By James A. Bailey The next contribution is based on a Center
More informationWORKING WITH THIRD PARTIES POLICY POLICY ADOPTED MARCH 2015, REVISED FEBRUARY 2017
WORKING WITH THIRD PARTIES POLICY POLICY ADOPTED MARCH 2015, REVISED FEBRUARY 2017 TABLE OF CONTENTS WORKING WITH THIRD PARTIES POLICY... 3 Introduction... 3 Working with third parties... 3 Due diligence
More informationGUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))
GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for
More informationYour Guide to the Compliance Process
Your Guide to the Compliance Process Our Commitment and Your Responsibilities Disciplinary Action Guidelines Guidance for Managers Investigations Process Overview US Reporting Process Overview Corporate
More informationInternal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016
New perspectives as per Companies Act 2013 and CARO 2016 1 Contents: Background Meaning of IFC IFC on Financial Reporting Why IFC? Regulatory mandate Role of various authorities Components of IFC IFC under
More informationAudit Committee Charter Amended September 3, Tyco International plc
Audit Committee Charter Amended September 3, 2015 Tyco International plc Page 1 Purpose The Audit Committee is appointed by the board to assist the board in monitoring: a. The integrity of the financial
More informationIMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS
IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS Introduction As part of the corporate governance policies, processes and procedures of ImmunoGen, Inc. ( ImmunoGen or the Company
More informationUPMC POLICY AND PROCEDURE MANUAL. Links to policies referenced within this policy can be found in Section V.
UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1800 Ethics & Compliance SUBJECT: Corporate Ethics & Compliance Program DATE: April 1, 2016 I. STATEMENT OF PURPOSE It is the policy of UPMC to
More informationAssessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive
Assessment of the Design Effectiveness of Entity Level Controls Office of the Chief Audit Executive February 2017 Cette publication est également disponible en français. This publication is available in
More informationBrink's Modern Internal Auditing
Brink's Modern Internal Auditing A Common Body of Knowledge Seventh Edition ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Preface About the Author xix XXV PART ONE CHAPTER 1 FOUNDATIONS OF MODERN INTERNAL
More informationESTERLINE ANTI-CORRUPTION PROGRAM CHARTER
ESTERLINE ANTI-CORRUPTION PROGRAM CHARTER Anti-Corruption Program Overview Introduction At Esterline, we win business based on the superiority of our products and services, and never as a result of bribery
More informationAugust 14, Dear Ms. Gula:
Department of Internal Audit North End Center, Suite 3200, Virginia Tech 300 Turner Street NW Blacksburg, Virginia 24061 Campus Mail Code: 0328 540-231-5883 Fax: 540-231-4681 www.ia.vt.edu August 14, 2013
More informationCompliance Program Effectiveness Guide
Compliance Program Effectiveness Guide June 2017 This Guide is a comparison of: Compliance Program Elements New York State, Social Services Law 363-D Office of Inspector General (OIG) Compliance Program
More informationPresent and functioning: Fine-tuning your ICFR using the COSO update
Present and functioning: Fine-tuning your ICFR using the COSO update November 2014 With the COSO s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time
More informationATTACHMENT C CORPORATE COMPLIANCE PROGRAM
ATTACHMENT C CORPORATE COMPLIANCE PROGRAM In order to address deficiencies in its internal controls, policies, and procedures regarding compliance with the Foreign Corrupt Practices Act ( FCPA ), 15 U.S.C.
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More information10/3/2013 MAPPING YOUR PROGRAM TO THE FEDERAL SENTENCING GUIDELINES FOR ORGANIZATIONS (FSGO) AGENDA HOW MUCH DO YOU KNOW ABOUT THE FSGO?
MAPPING YOUR PROGRAM TO THE FEDERAL SENTENCING GUIDELINES FOR ORGANIZATIONS (FSGO) Shelley Aul, CCEP Vernon Speshock, CCEP Apollo Group, Inc. AGENDA Overview of the FSGO Participant Activity Resources/Templates
More informationDeveloping an Integrated Anti-Fraud, Compliance, and Ethics Program
Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Implementing a Whistleblower Helpline 2018 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationCHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
Purpose of the Audit Committee CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS The Audit Committee (the Committee ) is appointed by the Board of Directors (the Board ) of TechnipFMC plc (the Company
More informationCODE OF BUSINESS CONDUCT AND ETHICS. FRONTIER AIRLINES, INC. Adopted May 27, 2004
1. Introduction CODE OF BUSINESS CONDUCT AND ETHICS FRONTIER AIRLINES, INC. Adopted May 27, 2004 The Board of Directors adopted this Code of Business Conduct ( Code ) to establish basic legal and ethical
More informationOver the last ten years, Congress has appropriated hundreds
Information Bulletin #23 RM RISK MANAGEMENT Series Jacqueline C. Leifer, Esq. Adam J. Falk, Esq. Feldesman Tucker Leifer Fidell LLP Washington, DC For more information contact: Betsy Vieth National Association
More informationAllergan plc COMPREHENSIVE COMPLIANCE PROGRAM
Allergan plc COMPREHENSIVE COMPLIANCE PROGRAM 1. Compliance with Law All colleagues, officers and directors of the Company shall respect and comply with all applicable federal, state, local and foreign
More informationBearing the Bad News Reporting to the Board on Internal Corruption. Peter Dent, National Leader Deloitte Forensics September 11, 2013
Bearing the Bad News Reporting to the Board on Internal Corruption Peter Dent, National Leader Deloitte Forensics September 11, 2013 Agenda Assessment of Risk in Canada Recent trends in enforcement activity
More informationMODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING
MODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING 2 0 1 4 A Message From Our CEO and Compliance Officer At PacificSource, we pride ourselves on maintaining a culture of compliance and high ethical
More informationPwC Kenya Transparency Report 2015
www.pwc.com/ke 30 September 2015 PwC Kenya Transparency Report 2015 Contents Introduction 4 Legal structure and ownership of the firm 5 Network arrangements 6 Governance structure of the firm 8 Internal
More informationSIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure
SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure SIAAB Interpretation Adopted July 9, 2013 Revised In Accordance
More informationAudit Committee - Agenda
Audit Committee - Agenda Board of Trustees Audit and Compliance Committee October 11, 2017, 4:30 5:00 pm President s Board Room Conference Call-In Phone #1-800-442-5794, passcode 463796 AGENDA I. CALL
More informationInternal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP
Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP March 28, 2012-1 - Speaker Introduction Laurie Shen is a Director at Grant Thornton's Northeast Internal Audit
More informationAudit Committee Charter
Audit Committee Charter 1.1 The role of the Audit Committee This Audit Committee Charter (the Charter ) has been adopted by the Board of Directors (the Board ) of Seadrill Partners LLC (the Company ) and
More informationBRONX ACCOUNTABLE HEALTHCARE NETWORK IPA INC., D.B.A. MONTEFIORE ACO PIONEER ACO CORPORATE COMPLIANCE PLAN
BRONX ACCOUNTABLE HEALTHCARE NETWORK IPA INC., D.B.A. MONTEFIORE ACO PIONEER ACO CORPORATE COMPLIANCE PLAN Approved by: The ACO Board of Directors Date: December 11, 2012 Introduction In cooperation with
More informationAdopted June 22, 2017
BOARD GOVERNANCE GUIDELINES for SLM CORPORATION The directors of SLM Corporation (the Corporation ) share a strong commitment to principles of accountability to shareholders. The Board recognizes the importance
More informationBUILDING AN EFFECTIVE COMPLIANCE PROGRAM
BUILDING AN EFFECTIVE COMPLIANCE PROGRAM April 22, 2010 Joseph L. Barloon Partner Litigation & Government Enforcement, Skadden Arps Slate Meagher & Flom LLP WMACCA Conference Julie A. Bell April 22, 2010
More informationDeveloping an Integrated Anti-Fraud, Compliance, and Ethics Program
Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Introduction Eric Feldman, CFE, CIG Affiliated Monitors, Inc. 2018 Association of Certified Fraud Examiners, Inc. CPE Information 2018
More informationCode of Business Conduct and Ethics
Code of Business Conduct and Ethics Table of Contents Purpose... 1 Scope... 1 Policy... 2 Responsibilities... 8 Enforcement... 8 Review and Revision... 8 PURPOSE Pursuant to the Sarbanes-Oxley Act of 2002
More informationUsing a Compliance Program Assessment to Elevate Institutional Compliance Effectiveness
Using a Compliance Program Assessment to Elevate Institutional Compliance Effectiveness Kevin Robinson Associate Vice President, Office of Audit, Compliance & Privacy Auburn University Michael Somich Executive
More information2013 COSO Internal Control Framework Update. September 5, 2013
2013 COSO Internal Control Framework Update September 5, 2013 Agenda 2013 COSO IC Framework Topic Minutes The update process 5 What is not changing / What is changing 5 The 17 principles and changes to
More informationWhite Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC
THE ROBERTS COMPANY, LLC Compliance Services: IT and Business Processes 3394 Holly Oak Lane, Escondido, CA 92027 TEL: 760.550.2160 * FAX 760.839.2160 E-mail: robertputrus@therobertsglobal.com http://www.therobertsglobal.com/
More informationCITY OF CORPUS CHRISTI
CITY OF CORPUS CHRISTI CITY AUDITOR S OFFICE Audit of Purchasing Program Project No. AU12-004 September 20, 2012 City Auditor Celia Gaona, CIA CISA CFE Auditor Nora Lozano, CIA CISA Executive Summary In
More informationAN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PRELIMINARY STAFF VIEWS AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL
More informationTDC WHISTLEBLOWER POLICY
TDC WHISTLEBLOWER POLICY May 1 2016 St. Kitts Nevis Anguilla T rading and Development Company Limited (T DC Ltd and Subsidiaries- hereinafter referred to as the Com pany ) Table of Contents A. Introduction..
More informationCHARTER OF THE AUDIT COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION
CHARTER OF THE AUDIT COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION ESTABLISHMENT The Audit Committees are committees of the Board of Directors
More informationLEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE
Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson
More informationCode of Corporate Governance
Code of Corporate Governance 1 FOREWORD From the Chairman of the General Purposes Committee I am pleased to endorse this Code of Corporate Governance, which sets out the commitment of Cambridgeshire County
More informationIPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:
IPO Readiness Sarbanes-Oxley Compliance & Other Considerations Presented by: IPO Readiness Enhanced Financial / Legal compliance SEC / Stock Exchange Compliance Entity Structure / Registration Filing Requirements
More informationQuality Assurance and Improvement Program (QAIP)
Quality Assurance and Improvement Program (QAIP) Presenters: Lori Carmichael, CPA Rafael Guijarro, CPA Florida Michigan North Carolina Texas Insight. Oversight. Foresight. Class Overview Overview- QAIP
More informationGRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER
GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER Purpose The Audit/Compliance Committee ( Committee ) is appointed by the Board of Directors and its purpose is to assist the Board in
More informationInternal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 15, 2016 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org
More information4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.
Commitment to Good Corporate Governance 1. Ownership structure. Please provide a chart setting out the important shareholdings, holding companies, affiliates and subsidiaries of the company. If the company
More informationBeyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404
Beyond Compliance Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404 Note to Readers Regarding This First Edition April 2003: This document was published
More informationGATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA
GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA Definition of Internal Controls COSO Internal Control Framework Internal Controls (2 CFR 200.303) Grantee responsibilities Awarding state agency
More informationReview of Duke Energy Florida, LLC Internal Audit Function
Review of Duke Energy Florida, LLC Internal Audit Function MAY 2017 B Y A U T H O R I T Y O F The Florida Public Service Commission Office of Auditing and Performance Analysis Review of Duke Energy Florida,
More informationCompliance Monitoring and Enforcement Program Implementation Plan. Version 1.7
Compliance Monitoring and Enforcement Program Table of Contents TABLE OF CONTENTS NERC Compliance Monitoring and Enforcement Program... 1 Introduction... 2 NERC Compliance Monitoring and Enforcement Program
More informationEuropean CEI. Compliance 101
European CEI Compliance 101 Debbie Troklus, CHC-F, CCEP-F, CHRC, CHPC, CCEP-I Managing Director Aegis Compliance and Ethics Center dtroklus@aegis-compliance.com Sheryl Vacca, CHC- F, CCEP-F, CCEP-I, CHRC,
More informationEffective implementation of COSO s new anti-fraud guidance
Effective implementation of COSO s new anti-fraud guidance In September 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a new Fraud Risk Management Guide (Anti-fraud
More informationBroad European Compliance to Sarbanes-Oxley Act Expected
For More Information, contact: Amy Dean Citigate Communications (312) 895-4707 Broad European Compliance to Sarbanes-Oxley Act Expected Citigate Financial Intelligence Survey Find Compliance Obstacles
More informationQ&A: Implementing the Code of Conduct
Question 1: What are the most effective ways to implement a code of conduct? Answer 1: General guidelines that an organization should follow when implementing a code of conduct include identifying and
More informationCode of Business Conduct
Reckitt Benckiser Group plc 103-105 Bath Road, Slough, Berkshire SL1 3UH, United Kingdom Tel: +44 (0) 1753 217 800 Fax: +44 (0) 1753 217 899 www.rb.com Code of Business Conduct Reckitt Benckiser is committed
More informationIndependent Validation of the Internal Auditing Self-Assessment
Minnesota State Colleges & Universities Office of Internal Auditing Independent Validation of the Internal Auditing Self-Assessment Final Report March 7, 2007 Reference Number: 2007-03-004 INDEPENDENT
More informationStatements of Membership Obligations 1 7
IFAC Board Statements of Membership Obligations Issued April 2004 Statements of Membership Obligations 1 7 The mission of the International Federation of Accountants (IFAC) is to serve the public interest,
More informationCORPORATE COMPLIANCE PROGRAM CHARTER
CORPORATE COMPLIANCE PROGRAM CHARTER PURPOSE Eagle Pharmaceuticals, Inc. ( Eagle ) has established a Corporate Compliance Program ( Compliance Program ) designed to identify, prevent and mitigate compliance
More informationCORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017
CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017 This document has been prepared in terms of the JSE Listing Requirements and sets out the application of the 75 corporate governance principles by
More informationImplementation Guide 1200
Implementation Guide 1200 Standard 1200 Proficiency and Due Professional Care Engagements must be performed with proficiency and due professional care. Revised Standards Effective 1 January 2017 Getting
More informationCombating Trafficking in Persons Compliance Plan
Corporate Headquarters Corporate Policy Statement CPS-734A Revision No: Original Effective: September 8, 2015 Copyright 2015 Lockheed Martin Corporation Current policies and procedures are on the Lockheed
More informationETHICAL CODE OF CONDUCT
S E C U R I N G T H E F U T U R E ETHICAL CODE OF CONDUCT 1 TABLE OF CONTENT 1. THE ETHICAL CODE OF CONDUCT 4 1.1 Purpose 4 1.2 Commitment 5 1.3 Presentation of the Code of Conduct 5 2. GENERAL PRINCIPLES
More informationQOGNIFY LIMITED CODE OF ETHICS AND BUSINESS CONDUCT. Adopted and Approved by the Board of Directors on November 8, 2016
QOGNIFY LIMITED CODE OF ETHICS AND BUSINESS CONDUCT Adopted and Approved by the Board of Directors on November 8, 2016 Code of Ethics and Business Conduct I. ETHICS AND BASIC PRINCIPLES... 1 II. CONFIDENTIALITY...
More informationConsultation Paper: Going public a director s guide
Consultation Paper: Going public a director s guide 17 November 2014 A public offering is a transformational event for an organisation. The process of preparing for, becoming, and being a public issuer
More informationKing lll Principle Comments on application in 2016 Reference Chapter 1: Ethical leadership and corporate citizenship Principle 1.
Clicks Group Application of King III Principles 2016 APPLICATION OF King III PrincipleS 2016 This document has been prepared in terms of the JSE Listings Requirements and sets out the application of King
More informationEPCOR Utilities Inc. Ethics Policy
ETHICS POLICY Contents 1. APPLICATION... 2 2. POLICY REQUIREMENTS... 2 Fundamental Principles... 2 Respectful Workplace... 2 Use of EPCOR Property and Resources... 2 Appropriate Use of Technology and Electronic
More informationAudit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization
Audit Training-of-Trainers Workshop, 18-19 November 2014, Vienna Components of internal control within organization Andrei Busuioc, Senior Financial Management Specialist, CFRR Session objectives The session
More informationCOSO Updates and Expectations. IIA San Diego Chapter January 8, 2014
COSO Updates and Expectations IIA San Diego Chapter January 8, 2014 Agenda Overview of 2013 Internal Control-Integrated Framework and Companion Guidance 2013 Framework General Enhancements by Component
More informationHuman Resources & Risk Manager Class Specification
Human Resources & Risk Manager Class Specification FLSA Designation: Exempt Effective: 03/2004 Revised: 06/2007 DEFINITION Under general direction, to plan, direct, manage, and oversee the activities and
More informationACI s Quick Guide to Culture, Ethics, Governance, Compliance, Risk and Corporate Social Responsibility
ACI s Quick Guide to Culture, Ethics, Governance, Compliance, Risk and Corporate Social Responsibility ACI Supporting you, your organisation, your profession Principal Members The Australasian Compliance
More informationThe last update, made in 2015, can be divided into five sections as follows:
Corporate Governance Corporate Governance Policy The Board of Directors (the Board ) of Electronics Industry Public Company Limited (the Company ) passed a resolution to approve the Corporate Governance
More informationKPMG N.V. Code of Conduct. kpmg.nl
KPMG N.V. Code of Conduct kpmg.nl Contents 01 02 06 08 10 12 12 Leadership message Introduction The KPMG Values Commitments Responsibilities Where to get help Compliance with the Code Leadership message
More informationFROM LANDING TO TAKE OFF: WE CARE! CODE OF CONDUCT ETHICAL BEHAVIOUR GUIDELINES FOR THE SWISSPORT GROUP
FROM LANDING TO TAKE OFF: WE CARE! CODE OF CONDUCT ETHICAL BEHAVIOUR GUIDELINES FOR THE SWISSPORT GROUP INFORMATION FROM THE CEO Swissport International Ltd. and its subsidiaries (collectively, Swissport
More informationInternal Audit Best Practices for Community Banks. A CSH White Paper
Internal Audit Best Practices for Community Banks A CSH White Paper Internal audit is not an option; examiners expect your bank to have an effective internal audit program in place. However, in today s
More information