GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Similar documents
RISK INTELLIGENCE Assurance and efficiency improvement through a robust Enterprise Risk Management approach

locuz.com SOC Services

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

Singapore Quick Guide to the COSO. Enterprise Risk Management and Internal Control Frameworks Edition

Turning Risk into Advantage

MNsure Privacy Program Strategic Plan FY

Achieving effective risk management and continuous compliance with Deloitte and SAP

Critical Infrastructure Protection Version 5

Next Generation Policy & Compliance

MetricStream GRC Summit 2013: Case Study

Heading Text. Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC

Security and Privacy Governance Program Guidelines

NERC Staff Organization Chart Budget 2019

Risk Advisory Academy Training Brochure

Heads of Internal Audit Webinar. Integrated Assurance. 24 July In partnership with

INTELLIGENCE DRIVEN GRC FOR SECURITY

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

OVERVIEW BROCHURE GRC. When you have to be right

REPORT 2015/149 INTERNAL AUDIT DIVISION

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

NERC Staff Organization Chart Budget 2019

POSITION DESCRIPTION

Demystifying GRC. Abstract

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

TSC Business Continuity & Disaster Recovery Session

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Enterprise GRC Implementation

Symantec Data Center Transformation

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Pave the way: Build a value driven SAP GRC roadmap March 2015

GOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018

A Framework for Managing Crime and Fraud

Position Description IT Auditor

Privacy Breach Policy

NERC Staff Organization Chart Budget 2018

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

SOC for cybersecurity

POSITION DESCRIPTION

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

COBIT 5 With COSO 2013

Cybersecurity in Higher Ed

POSITION DESCRIPTION

Security Director - VisionFund International

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Improve your business performance

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

LAMOND W. KEARSE Metropolitan Transportation Authority Chief Compliance Officer

Oracle Buys Automated Applications Controls Leader LogicalApps

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Rethinking Information Security Risk Management CRM002

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Annexure 08 (Profile of the Project Team)

INFORMATION ASSURANCE DIRECTORATE

Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION

STRATEGIC PLAN. USF Emergency Management

The new cybersecurity operating model

354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

ISACA Cincinnati Chapter March Meeting

Accelerate Your Enterprise Private Cloud Initiative

AUDIT REPORT. Network Assessment Audit Audit Opinion: Needs Improvement. Date: December 15, Report Number: 2014-IT-03

IT Strategic Planning: Making Your IT Organization Efficient and Effective

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

IT Audit Process Prof. Liang Yao Week Six IT Audit Planning

EXIN BCS SIAM Foundation. Sample Exam. Edition

CISM Certified Information Security Manager

ISE Canada Executive Forum and Awards

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Multi-Region Registered Entity Coordinated Oversight Program

CONCLUSIONS AND RECOMMENDATIONS

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

NERC Staff Organization Chart Budget 2017

Cybersecurity. Securely enabling transformation and change

Defining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Securing Your Digital Transformation

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Department of Justice Policing and Victim Services BUSINESS PLAN

Incident Response Services

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

Transcription:

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles in GRC Contemporary Internal Audit Report Conclusion

OVERVIEW Historical Perceptive to Strategy Governance of Risk 2007/2008 Economic Crunch/Global Melt down WHY? Risk management not linked to strategy Weak Board of Directors oversight on Risk Management Activities due to Knowledge Gap Lack of a clearly defined risk appetite. Inadequate and often fragmented technological infrastructures that hindered effective risk identification and measurement; and Silo approach to risk management Weak Control & Compliance Framework

STRATEGIC GOVERNANCE OF RISK Conceptual definition Strategic Governance of Risk is also referred to as Governance, Risk Management & Compliance (GRC) and this entail Integration of governance, risk assessment and mitigation, and compliance and control activities to operate in synergy and balance. Internal Audit provide assurance to the Board on effectiveness on institution s GRC GRC Approach:focuses on maintaining the right balance between risk and reward Objective: An effective risk management program focuses simultaneously on value protection and value creation.

STRATEGIC GOVERNANCE OF RISK Board of Directors set a broad vision and objectives of GRC Framework Governance Processes define the governance structure, processes and responsibilities Enterprise Risk Management Framework addresses contemporary, emerging and dynamic business risks Regulatory and Compliances are managed through an effective framework and compliance management process Internal Audit is an integral part of the GRC framework which assesses the effectiveness of other GRC elements

STRATEGIC GOVERNANCE OF RISK Strategic Risk Governance also known as GRC is a continuous process that is embedded into the culture of an organization and governs how management identifies and protects against material and relevant risks, monitors and evaluates the effectiveness of internal controls, and; responds and improves operations based on learned insights from internal audit findings on the assurance of GRC Framework Governance Processes define the governance structure, processes and responsibilities.

IMPLEMENTION OF STRATEGIC RISK GOVERNANCE Risk Governance is basically the responsibilities of BOD; Approve Enterprise Risk Management Framework that aligns with Strategy Common Risk definition Transparency and full disclosure to governing bodies Internal Audit Assurance to the BOD on the effectiveness of GRC Risk Infrastructure and Management Institute uniform and Common Risk Infrastructure that is independent and report to Board Risk Committee comprising Risk Management Process Adequately skilled Risk Management Team led by CRO Risk Automation to drive risk analysis, measurement and monitoring Executive Management is responsible for daily implementation of Enterprise Risk Management Framework Risk Management assurance and monitoring reports Risk Ownership & Accountability Business Unit Responsibilities Support Function Compliance: institutionalize a compliance culture of zero penalties

GOVERNANCE RISK & COMPLIANCE FRAMEWORK Corporate Governance Management Annual Evaluation of institution s corporate governance Remediation Strategies Corporate Governance Performance Monitoring Internal Audit Assurance Risk Management Strategic & entity level risk assessment Alignment of strategic & entity level risks with operational controls Development of Risk Mitigation Risk Monitoring Compliance Management Internal Control & Matrix development Internal Control Evaluation Internal Monitoring Regulatory & Legislation Compliance Matrix development Regulatory & Legislation Compliance Observance Regulatory & Legislation Compliance Monitoring

SUCCESS FACTORS 1. Addresses business needs and strategically align to the organization s overall objective. 2. An integrated approach of risk and control with accurate and timely communication of risk information to the decision making 3.Strong collaboration and teamwork. 4. A risk aware culture. 5. Demonstrated return on investment on GRC implementation. 6. Risk awareness and training for risk owners

WHY GRC FAILS 1. Lack of shared vision for risk management and compliance 2. Ineffective stakeholder engagement 3. Ineffective change management. 4. Project implementation delay

CHANGING INTERNAL AUDIT ROLE UNDER GRC Board Audit Committee reviews the GRC initiatives, priorities, process, framework and implementation plans of GRC model Internal Audit is an integral part of the GRC framework which assesses the effectiveness GRC elements (Governance, Risk & Compliance) and provide assurance to the Board of Directors. Anti-fraud Governance Structure defines the framework for fraud avoidance and detection through the use of process and technology

CHANGING INTERNAL AUDIT ROLE UNDER GRC S/ N TRADITIONAL APPROACH PROCESS VALUE ADDED/DEVELOPMENT AL 1 Policing Collaboration with stakeholders 2 Transactions Based-Accounts & Verification, detection, fraud & investigation Risk based (focus on activities that matter to the organization). STRATEGIC VALUE ADDED/FORWARD LOOKING Business Partners to risk owners Solution provider to Business growth and sustenance, 3 Inspection Adequacy of Controls Adviser and Mentor 4 Lower level of accountability Robust accountability 5 Compliance Based System Based (Horizontal/Vertical) 6 Joining up signoffs and year end confirmations for accepting and following policy 7 Key Focus- Detailed Financial Review Policy related proactive awareness creation and implementation All function-financial and Non-Financial Key issues for the business

PROGRESSION OF INTERNAL AUDIT FUNCTION Risk & Control Effectiveness Risk Based Internal Audit Risk Control Self Assessment Operational Efficiency Operational Framework System integrity with business operations and business need Governance Process Risk Management Committee Audit Committee effectiveness Cost Efficiency Cost Optimization and Rationalization plans Performance Efficiency Key Performance Indicators and Key Results Areas Balanced Scorecards Business Strategy & Plan Review of Business Strategies and plans Review of Annual Business Plans Budgets & Budgetary Controls

S/ N RISK MANAGEMENT 1 Develop Enterprise Risk Management Framework 2 Implement Enterprise Risk Management Framework 3 Advise Management on integration of risk management into business operations and their roles in making it work 4 Advise on the allocation of accountability for risks, controls and tasks 5 Advise Management and Board on the interpretation of risk management information 6 Provide appropriate risk management status and performance information to the Board Audit and Risk Committees 7 Acts as an advisor and mentor to management on risk management matters 8 Review Governance, institute global best practice Enterprise Risk Management and Compliance INTERNAL AUDIT Audit the adequacy and effectiveness of the risk management framework Audit implementation of the risk management framework Audit management s commitment to risk management and the take up of their roles Audit whether accountable managers fulfill those roles and are capable Provide independent assurance of the risk management information submitted to the Board Provide independent view on the credibility and reliability of the risk management of the risk management information submitted to the Board Audit and Risk Committee. Act as independent reviewer to provide assurance on management s capability and performance in risk management Internal Audit provides assurance on Governance, risk and compliance

CONTEMPORARY AUDIT FINDINGS Rating High, Medium Low on risk profiling High Substantial financial loss, possibly in conjunction with other weaknesses in the control framework or the organizational entity or process being audited Serious violation of corporate strategies, policies, or values Significant adverse regulatory impact, such as loss of operating licenses or material fines Medium Timely management attention is warranted. This is an internal control or risk management issue that could lead to financial loss, reputation damage, adverse regulatory impact Low As this is a low priority issue, routine management attention is warranted

CONCLUSION CONCLUSIOD Strategic Governance requires that the Internal Audit be more proactive in their audit approach using collaborative and consultative approach to create and protect shareholders value. The following are the benefits of GRC for Internal Audit Quick identification of potential issues due to rapid authorization flow, giving greater visibility within the organization Reducing runtimes audit plans through self-managed reports and evidence centralized online Improved coordination and utilization of resources area Timely and accurate business operations (continuous monitoring) Improved process of remediation and risk management

Parting Shot THANK YOU!

Interactive Session

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback