Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations"

Transcription

1 Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

2 Overview In late 2006 and 2007, Protiviti commissioned a study to gauge the fraud risk management (FRM) capabilities of FORTUNE 1000 companies and large not-for-profit organizations. The goal of the study was to better understand how FRM is operationalized, given the heightened awareness of fraud in today s corporate environment. This was accomplished by assessing how the nation s largest public companies and nonprofit organizations have addressed FRM and the maturity of related efforts to evaluate, mitigate and monitor fraud risk. After analyzing the results, three key points became clear: 1. Organizations are at different maturity points in their capabilities to evaluate, mitigate and monitor fraud risk. 2. Organizations are struggling to understand what FRM means in the context of their daily operations. 3. Education and awareness are critical issues that need greater attention in order to successfully manage fraud risk. Key Findings Discussion The following is a more in-depth look at the key points outlined above and what they mean for organizations: 1. Organizations are at different maturity points in their capabilities to evaluate, mitigate and monitor fraud risk. Many still are striving to define their fraud prevention, deterrence and detection strategies. Fraud risk assessments often are limited in the consideration of certain types of fraud risk. Anti-fraud controls need to be better monitored at the process level. FRM STRATEGY CONTINUUM Less defined 9% Reactive 1% Undefined no strategy 2% Defined 39% Very well defined 49% Most executives believe their organizations have a strategy in place for addressing fraud risk. However, only 49 percent said that their strategies are very well defined, in that they identify fraud risks proactively, and have corresponding anti-fraud programs and controls that are agreed upon, monitored and measured by a board and senior management on an ongoing basis. Looking at the FORTUNE 1000 companies alone, results surprisingly were not much better even after the impact of the Sarbanes-Oxley Act of 2002 with just 52 percent of those surveyed indicating they have very well defined FRM strategies. The majority of the remaining respondents said their efforts are defined: Anti-fraud programs and controls are agreed upon, monitored and measured by a board and senior management, but no formal strategy has been implemented. What is included typically within FRM? The vast majority of executives said financial processes are a key component. Approximately three-quarters cited operational processes and compliance with laws and regulations. Many organizations formally refresh their fraud risk assessment processes at least annually; however, of concern are the one-quarter of companies that do so only periodically, potentially leaving themselves open to using outdated and ineffective anti-fraud strategies. Those most vulnerable to suffering undetected fraud losses are the 16 percent who conduct a fraud risk assessment at neither the entity nor process level. 1

3 Is your organization s fraud risk assessment process informal and occurring periodically, formal and refreshed at least annually, or neither? Informal, occurs periodically 24% Don t know 1% Neither 6% Formal, refreshed at least annually 69% Does your organization have a defined fraud risk assessment process at the entity level, process level, both, or neither? Don t know 4% Process 13% Neither 16% Entity 22% Both 45% There also is much room for improvement when it comes to monitoring anti-fraud controls at the process level. Nearly 20 percent of executives said anti-fraud controls are not actively monitored or identified at the process level, or reported they did not know what was being done in this area. Those who do employ monitoring strategies primarily incorporate them within Sarbanes-Oxley or internal audit testing activities, use computer-assisted audit techniques or manually review documents such as spreadsheets and reports. And 40 percent of the FORTUNE 1000 companies surveyed do not utilize computer-assisted audit techniques actively and routinely to identify potential fraud indicators. Oversight of fraud risk is another area in which different capabilities are exemplified. While nearly two-thirds (61 percent) of organizations have a single individual designated with daily ownership and responsibility for fraud risk at the senior management level, 39 percent said no single person is assigned the role at that level. Those without designated ownership may find that they waste valuable resource time and program dollars due to an overlap in anti-fraud efforts. They also may have heightened exposure to fraud risk because of potential gaps resulting from uncoordinated FRM activities. 2

4 Internal audit (56 percent) is most commonly responsible for conducting fraud risk assessments, followed by the Sarbanes-Oxley compliance team (25 percent). Given the typical duties of internal audit and Sarbanes-Oxley teams, results indicate many organizations may be overlooking key risks by limiting their assessments to certain types of financial fraud that may result only in a material misstatement of the financial statements. Sixty percent of executives said their audit committees have responsibility for the oversight of fraud risk. However, what that actually means, and the impact it has within the context of the organization, is unclear. Our client experience indicates this responsibility often is not stated explicitly in the audit committee charter, and interaction with management on fraud risk issues is not readily transparent. Which one entity within your organization is primarily responsible for conducting your fraud risk assessment? Internal audit 56% 56% Sarbanes-Oxley compliance team 25% 28% Corporate compliance 8% 8% General counsel/ Legal 5% 4% None of these Don t know 5% 3% 1% 1% All F1000 0% 10% 20% 30% 40% 50% 60% All organizations surveyed have adopted a code of ethics or code of conduct, and two-thirds require all management and employees to certify compliance with these rules. However, the majority of organizations do not require their board of directors to affirm compliance with their code, which raises concern as to the commitment of those responsible for ensuring that management sets an appropriate tone at the top. Nearly all executives said their codes are readily accessible within their organizations, but only six in 10 are providing the same degree of transparency in their business principles to external parties. Many have not made the effort to translate their code of ethics or code of conduct into foreign languages, raising further concern about whether information is communicated adequately to employees, especially in organizations in which multiple languages are spoken in U.S. and overseas locations. 3

5 A Look at Organizations With a Very Well Defined Fraud Risk Strategy: 10 Things They Do Differently Among the executives who participated in this survey, nearly half (n=49) indicated that their organizations have a very well defined fraud risk strategy. In comparing the survey results from this group virtually all of whom are from FORTUNE 1000 companies against those of the other respondents (n=51), there are a number of notable differences in how these very well defined strategy organizations address FRM: 1. When examining the question of ownership and responsibility for FRM, the findings indicate that there is a lower tendency among the very well defined strategy group to have just one individual from the ranks of senior management, rather than multiple individuals, designated with ownership and responsibility for FRM. This suggests that assigning a greater number of executives and business owners to coordinate FRM responsibilities may lead to more effective fraud risk practices and processes. 2. There is a greater tendency to have active and defined oversight of FRM by the organization s board of directors, suggesting FRM efforts and strategies benefit from such guidance. Additionally, there is a clear trend among the very well defined strategy group to inform the audit committee of all allegations, as well as investigations, involving accounting, auditing and internal control matters. 3. A notably higher percentage of the very well defined strategy group has a defined risk management process at both the entity and process levels, as suggested through authoritative guidance and leading practice. 4. A slightly higher percentage indicated they have a standalone fraud risk management process. As would be expected, this explicit and focused view on fraud risk likely brings greater definition to FRM strategy. Similarly, the very well defined strategy group clearly trends toward having a formal FRM process that is refreshed annually. 5. The very well defined strategy group trends toward including operational processes for consideration within fraud risk assessment. 6. A higher percentage of the very well defined strategy group indicated internal audit as the most common entity within an organization responsible for conducting fraud risk assessment. 7. A higher percentage of the very well defined strategy group not only offers a form of ethics and fraud awareness training, but also requires all employees to attend it. In addition, there is a greater likelihood among these organizations to include, as part of ethics and fraud awareness training, general fraud awareness, as well as fraud prevention techniques. 8. The very well defined strategy group more frequently uses both manual techniques (e.g., review of spreadsheets, reports, etc.) and computer-assisted audit techniques (e.g., data analysis, etc.) to monitor anti-fraud controls at the process level. 9. To support the reporting of concerns regarding potential fraud and misconduct, a higher percentage of the very well defined strategy group has created multiple reporting mechanisms for the reporting of concerns and complaints involving fraud, employing hotlines run by an external service provider, electronic mailboxes and P.O. boxes. Further, this group has a greater tendency to actively utilize these reporting mechanisms. 10. The survey results suggest that effective communication in support of the organization s code of conduct translates into more effective FRM. There is a higher tendency among the very well defined strategy group to have the organization s code of ethics or code of conduct readily accessible externally (for example, on the public website), as well as to have these materials translated into foreign languages. In addition, there is a slightly higher tendency to require that all management and employees certify or affirm compliance with the code of conduct. 4

6 Nearly all executives surveyed said their code of ethics or code of conduct is evaluated on a periodic basis for relevant content. Most organizations monitor these codes through an affirmation/confirmation process. Most likely, this is because the monitoring of codes by management, the audit committee or board is an explicit consideration by external auditors during their review of the control environment. 2. Organizations are struggling to understand what FRM means in the context of their daily operations. Senior management does not always support anti-fraud initiatives. Accountability for fraud risk is not widespread. Audit committees often receive filtered information about fraud allegations and concerns. Organizations face considerable challenges in proactively managing fraud risk. Executives surveyed noted that their greatest obstacles include fraud and misconduct not being considered a high risk within the organization; a no fraud here mentality; availability and alignment of internal resources (i.e., decentralized, focused on other corporate priorities); adequacy of funding for anti-fraud programs and initiatives; and the laws and regulations or cultural norms in non-u.s. locations. Ensuring that senior management supports proactive management of fraud risk in words and actions clearly needs to be a higher priority for many organizations. Challenges in Managing Fraud Risk Rankings Fraud and misconduct not considered high risk within the organization (tie) No fraud here mentality (tie) Availability and alignment of internal resources Adequacy of funding for anti-fraud program and initiatives Laws and regulations or cultural norms in non-u.s. locations Proactive FRM is not a corporate priority No proactive FRM focus on incident response No unified FRM strategy No member of senior management designated with ownership and responsibility for FRM Many organizations seem unclear about what to include within written anti-fraud or FRM policies, and tend to take a generic or high-level approach to their efforts. Less than half of the organizations surveyed address key issues in their written policies, such as providing an anti-fraud program overview, a definition of fraud, roles and responsibilities regarding FRM, tolerance toward fraud and misconduct, and anti-fraud program components. Less than half of the executives polled claim their organizations define the fraud risk assessment process at both the entity and process levels. This may signal a notable deficiency, given that fraud risk assessment should be both robust and sustainable, and further, should occur using a top-down approach as recommended in authoritative guidance. 5

7 Two-thirds of organizations incorporate fraud risk assessment within another initiative, primarily internal audit planning or Sarbanes-Oxley compliance. In these situations, our client experience indicates that fraud risk can become so far embedded within these other initiatives that it may become difficult to differentiate from all other categories of risk, may not be given explicit consideration or may be overlooked completely. Just 18 percent of executives surveyed said fraud risk assessment is incorporated within enterprise risk management modules much lower results than anticipated. A significant finding was that even in this post-sarbanes-oxley environment, one-third of FORTUNE 1000 companies polled have no documented investigative policies or procedures, one-half have no incident response plan, and six out of 10 do not use escalation or decision trees to help treat concerns or complaints when they are received. Organizations with mechanisms in place for reporting allegations regarding potential fraud and misconduct rely primarily on hotlines, electronic mailboxes and designated members of senior management to support the reporting of allegations regarding potential fraud and misconduct. Percentage of policies and processes that DO NOT EXIST within organizations to support the review or investigation of concerns/complaints regarding potential issues involving fraud and misconduct. (Multiple responses permitted.) Documented investigative protocols and procedures Incident response plan Escalation or decision trees Informal investigative protocols and procedures Case management system 37% 47% 65% 70% 78% The filtering of information to the audit committee involving accounting, auditing and internal control matters raises questions about management s interpretation and execution of their audit committee s Sarbanes- Oxley Section 301 procedures, particularly in terms of what types of concerns and complaints are shared, the method of prioritization, timeliness of notification and the independence of those managing the process. Executives also appear to be uncertain about how human resource activities can support their FRM efforts, and fail to use fraud prevention as a performance or management metric. Only 54 percent of organizations hold management accountable for the actions of employees, explicitly state accountability for fraud prevention in job descriptions or roles and responsibilities, or incorporate ethics or fraud prevention goals within performance management. 3. Education and awareness are critical issues that need greater attention in order to successfully manage fraud risk. Although ethics and fraud awareness training is prevalent, there is significant room for growth. Training sessions often fail to address key topics. Individuals responsible for implementing FRM strategies typically are excluded from training. 6

8 Does your organization offer ethics and fraud awareness training? Don t know 3% No 25% IF YES: Percentage of topics NOT covered in ethics and fraud awareness training. Code of conduct General fraud awareness 11% 36% Yes 72% Fraud prevention techniques Fraud detection techniques Specialized training 43% 49% 65% It is encouraging that three out of four organizations provide ethics and fraud awareness training. While this comprises a majority of companies, 25 percent acknowledge a notable weakness in their fraud prevention efforts, as they do not provide such training. This is significant, given that education is the cornerstone of a healthy control environment. Thirty percent of those providing training hold relevant sessions less than once a year. Only 46 percent of the FORTUNE 1000 companies polled rely on in-person training; the majority turns to online methods. Survey findings suggest many organizations need to enhance their training programs to ensure appropriate topics are addressed. Approximately half of the organizations do not cover fraud detection techniques, 36 percent do not cover general fraud awareness, 43 percent do not address fraud prevention techniques, and 11 percent do not train on the code of conduct. Nearly three-quarters of companies 72 percent require all employees to attend ethics and fraud awareness training, which is essential in building a healthy control environment. However, among all organizations polled, only 13 percent of audit committees and less than 10 percent of board members the individuals most responsible for the oversight of FRM activities are required to attend ethics and fraud awareness training. Implications for Organizations Fraud risk is dynamic and evolves in conjunction with an organization s people and processes. Combating such risk requires a collective effort from all ranks no single executive or employee stands alone on the front lines as there is no one-size-fits-all approach that will result in the successful management of fraud risk. The artificial or mechanical consideration of fraud and the use of a checklist approach will not provide adequate answers to the identification and resolution of the incentives, pressures, opportunities and rationalizations that create fraudulent behavior. Fraud prevention, deterrence and detection strategies need to evolve in the context of, and in alignment with, an organization s fraud risk. Due to the nature of fraud, corporate executives need to understand and accept that intentional misconduct can happen anywhere, at any time and in any organization. Adopting a no fraud here mentality is, in and of itself, a critical risk one that may lead to imminent failure of an organization s FRM program. By embracing an open, robust and sustainable top-down approach to the evaluation of fraud risk and corresponding programs and controls, management s efforts to evaluate, mitigate and monitor the risk of fraud can be vigorous and, also, can specifically address strategic issues that truly jeopardize an organization s governance, reputation and enterprise value. 7

9 Survey Methodology and Demographics The study was conducted by an independent research firm via a phone survey of 100 executives (with strategic responsibilities for FRM and reporting to the board of directors at their organizations) and equivalents at not-for-profits. The margin of error is 9.8 percent. Respondents Organizations FORTUNE 1000 (84 percent public and 6 percent private) Not-for-profits N-Size Respondents Job Titles Chief executive officer Chief financial officer Executive vice president or senior vice president (or equivalent) Vice president or equivalent Managing director or equivalent Director or equivalent Manager or equivalent All (percent) About Protiviti Protiviti ( is a leading provider of independent risk consulting and internal audit services. We provide consulting and advisory services to help clients identify, assess, measure and manage financial, operational and technology-related risks encountered in their industries, and assist in the implementation of the processes and controls to enable their continued monitoring. We also offer a full spectrum of internal audit services to assist management and directors with their internal audit functions, including full outsourcing, co-sourcing, technology and tool implementation, and quality assessment and readiness reviews. Protiviti, which has more than 60 locations in the Americas, Asia-Pacific and Europe, is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index. Our Fraud Risk Management, Financial Investigations, and Litigation Consulting Services Our consulting products include fraud risk management, financial investigations, and litigation consulting services. We help companies and their legal advisors measure, manage and mitigate risks, and are committed to helping protect and enhance enterprise value. As a result, organizations protect their reputations, improve their bottom lines, and achieve their fiduciary and regulatory responsibilities. For more information about the topics covered in this survey or our FRM, financial investigations, and litigation consulting services, please contact: John Cherpock Managing Director Paul Sachs Managing Director Pam Verick Stone Director

10 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. protiviti.com Protiviti Inc. An Equal Opportunity Employer. PRO0308

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

Technology Investment: Achieving Balance Between Business Requirements and Regulatory Compliance

Technology Investment: Achieving Balance Between Business Requirements and Regulatory Compliance Technology Investment: Achieving Balance Between Business Requirements and Regulatory Compliance Over the past decade, IT organizations have endured a historic pendulum swing, from reckless IT development

More information

Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd.

Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd. Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd. Call them the twin peaks of continuity continuous auditing and continuous monitoring. There are certainly similarities

More information

Control Self-Assessment. The Future of Store Audits in Retail Stores

Control Self-Assessment. The Future of Store Audits in Retail Stores Control Self-Assessment The Future of Store Audits in Retail Stores Introduction According to the 2003 National Retail Security Survey, produced by Richard Hollinger at the University of Florida, retailers

More information

Process Control Optimisation with SAP

Process Control Optimisation with SAP Process Control Optimisation with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process.

More information

Fraud Prevention and Deterrence

Fraud Prevention and Deterrence Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT New Internal Control Requirements for Companies with Operations in India November 9, 2015 In the aftermath of major global financial frauds, several countries enacted legislation

More information

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Halozyme Therapeutics,

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

Antifraud program and controls assessment grid*

Antifraud program and controls assessment grid* Advisory Services Antifraud program and * Fraud risks & controls February 2008 *connectedthinking 2008 PricewaterhouseCoopers LLP. All rights reserved. PricewaterhouseCoopers refers to PricewaterhouseCoopers

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Overview Discussion Questions 1) Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization

More information

Fraud Prevention and Detection in a Manufacturing Environment

Fraud Prevention and Detection in a Manufacturing Environment Fraud Prevention and Detection in a Manufacturing Environment Introduction The Association of Certified Fraud Examiners (ACFE) estimated in its 2008 Report to the Nation on Occupational Fraud and Abuse

More information

Deloitte Forensic Fraud Risk Management

Deloitte Forensic Fraud Risk Management Deloitte Forensic Fraud Risk Management Introduction Organizations cannot afford to be unconcerned about the risk of fraud. Directors and management have a fiduciary obligation and a corporate responsibility

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT OCC Finalizes Its Heightened Standards for Large Financial Institutions September 15, 2014 Transforming Heightened Expectations to Minimum Standards On September 2, 2014,

More information

The Updated COSO Internal Control Framework

The Updated COSO Internal Control Framework The Updated COSO Internal Control Framework Frequently Asked Questions Second Edition Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing

More information

Schedule 46 SAO Certificate FAQs

Schedule 46 SAO Certificate FAQs Schedule 46 SAO Certificate FAQs Ensuring Correct Completion and Submission of the SAO Certificate The first submission of the Schedule 46 Finance Act 2009 (FA09) senior accounting officer (SAO) certificate

More information

The Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting

The Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting The Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting Introduction In the past 10 years, exception-based reporting (EBR) has become a widespread tool for loss prevention in retail

More information

Internal Auditing is an Asset for Small Companies as well as Large Ones

Internal Auditing is an Asset for Small Companies as well as Large Ones Internal Auditing is an Asset for Small Companies as well as Large Ones The term internal audit usually inspires two immediate responses. The first is fear: Is something wrong in our organization? Have

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Fraud Risk Management Procedures

Fraud Risk Management Procedures Fraud Risk Management Procedures 1. Introduction KCE Electronics Public Company Limited ( KCE or the Company ) is committed to achieving the highest levels of business integrity, morals and transparency

More information

SEC FLASH REPORT. SEC Issues Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934

SEC FLASH REPORT. SEC Issues Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934 SEC FLASH REPORT SEC Issues Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934 May 25, 2011 Today, the Securities and Exchange Commission (SEC) voted

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

Addressing Internal Controls in Your ERP Implementation - Working with Your System Integrator to Engineer Compliance By John Folk, Protiviti Inc.

Addressing Internal Controls in Your ERP Implementation - Working with Your System Integrator to Engineer Compliance By John Folk, Protiviti Inc. Addressing Internal Controls in Your ERP Implementation - Working with Your System Integrator to Engineer Compliance By John Folk, Protiviti Inc. Despite the already heavy penetration of ERP software in

More information

Fraud Risk Management

Fraud Risk Management RISK CONSULTING Fraud Risk Management A proactive approach to counter the risk of fraud and misconduct kpmg.ca/forensic 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the

More information

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE I. Committee Purpose The Risk Committee is appointed by the Board of Directors of HSBC Finance Corporation (the Corporation ) and is responsible,

More information

Operational Risk Management Program Version 1.0 October 2013

Operational Risk Management Program Version 1.0 October 2013 Introduction This module applies to Fannie Mae and Freddie Mac (collectively, the Enterprises), the Federal Home Loan Banks (FHLBanks), and the Office of Finance, (which for purposes of this module are

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity

More information

Managing Supply Disruptions

Managing Supply Disruptions Managing Supply Disruptions Building fundamentals to manage supply risk and improve supply chain performance All organizations have internal and external supply chains that deliver goods or services to

More information

The Updated COSO Internal Control Framework. Frequently Asked Questions

The Updated COSO Internal Control Framework. Frequently Asked Questions The Updated COSO Internal Control Framework Frequently Asked Questions Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing thought leadership

More information

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/Continuous Monitoring INTRODUCTION New demands from the board, senior organizational

More information

February 2015. Audit committee performance evaluation

February 2015. Audit committee performance evaluation February 2015 Audit committee performance evaluation Audit committee performance evaluation The following questionnaire is based on emerging and leading practices to assist in the self-assessment of an

More information

Nonprofits Focus on a More Robust Investment Oversight Process

Nonprofits Focus on a More Robust Investment Oversight Process Survey: Nonprofit Investment Challenges 2014 Nonprofits Focus on a More Robust Investment Oversight Process SEI s Nonprofit Management Research Panel recently completed a survey of executives and Investment

More information

Forensic Audit Building a World Class Program

Forensic Audit Building a World Class Program Forensic Audit Building a World Class Program PAUL E. ZIKMUND DIRECTOR GLOBAL INTEGRITY AND FORENSIC AUDIT 1 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL Why the Need for Forensic Audit Program In response

More information

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition 1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers Table of Contents Requirements of the Act.............................................................. 1 Accelerated Filer s...........................................................

More information

Compliance in motion A closer look at the Corporate Sector. Deloitte Risk Services March 2015

Compliance in motion A closer look at the Corporate Sector. Deloitte Risk Services March 2015 Compliance in motion A closer look at the Corporate Sector Deloitte Risk Services March 2015 2 Contents Preface 5 Management summary 6 The compliance culture 7 Compliance priorities for the next five years

More information

Capital Projects and Construction: Building in Risk Management and Project Controls

Capital Projects and Construction: Building in Risk Management and Project Controls Capital Projects and Construction: Building in Risk Management and Project Controls Making Every Dollar Count The global economic crisis sparked by the subprime mortgage debacle, the collapse of the securitized

More information

PASSUR AEROSPACE, INC (the "Company") AUDIT COMMITTEE CHARTER. The purpose of the Audit Committee (the Committee ) shall be as follows:

PASSUR AEROSPACE, INC (the Company) AUDIT COMMITTEE CHARTER. The purpose of the Audit Committee (the Committee ) shall be as follows: Purpose PASSUR AEROSPACE, INC (the "Company") AUDIT COMMITTEE CHARTER The purpose of the Audit Committee (the Committee ) shall be as follows: 11. To oversee the accounting and financial reporting processes

More information

2015 Ethics & Compliance Healthcare Policy Management Benchmark Report

2015 Ethics & Compliance Healthcare Policy Management Benchmark Report 2015 Ethics & Compliance Healthcare Policy Management Benchmark Report Findings, Analysis and Recommendations to Develop and Maintain a Strong Policy Management Program at Your Healthcare Organization

More information

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,

More information

Internal Audit Practice Guide

Internal Audit Practice Guide Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional

More information

CIT Group Inc. Charter of the Audit Committee of the Board of Directors

CIT Group Inc. Charter of the Audit Committee of the Board of Directors CIT Group Inc. Charter of the Audit Committee of the Board of Directors Adopted: October 22, 2003 Last Amended: April 20, 2015 I. PURPOSE The purpose of the Committee is to assist the Board in fulfilling

More information

Customer Data and Reputational Risk in the Pharmaceutical Industry

Customer Data and Reputational Risk in the Pharmaceutical Industry 1 Customer Data and Reputational Risk in the Pharmaceutical Industry Sensitive Data: A Chain of Trust Organizations of all types, from banks to government agencies to healthcare providers, are taking steps

More information

Is Your Company Vulnerable to a Rogue Trader?

Is Your Company Vulnerable to a Rogue Trader? Is Your Company Vulnerable to a Rogue Trader? Financial instruments are powerful tools utilized by traders to manage market risk. However, things can easily go wrong when transactions are managed inappropriately,

More information

Key Elements for Effective Compliance Program Board Reporting

Key Elements for Effective Compliance Program Board Reporting WHITEPAPER Key Elements for Effective Compliance Program Board Reporting By Randy Stephens, JD, CCEP, VP of NAVEX Global s Advisory Services Team Know your audience. It s a cardinal rule of business communications

More information

Frequently Asked Questions Regarding the Sarbanes-Oxley Act Executive Certification Requirements

Frequently Asked Questions Regarding the Sarbanes-Oxley Act Executive Certification Requirements Frequently Asked Questions Regarding the Sarbanes-Oxley Act Executive Certification Requirements Table of Contents Page No. Introduction 3 Applicability of Requirements 1. Which companies are subject to

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,

More information

Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard (PCI DSS) Payment Card Industry Data Security Standard (PCI DSS) WARNING: Your company may be in noncompliance with the Payment Card Industry Data Security Standard (PCI DSS), placing it at risk of brand damage,

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

AUDIT COMMITTEE BEST PRACTICES CHECKLIST

AUDIT COMMITTEE BEST PRACTICES CHECKLIST AUDIT COMMITTEE BEST PRACTICES CHECKLIST General 1. Members have the appropriate predefined qualifications to meet the objectives of the audit committee s charter, including appropriate financial literacy.

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

Chapter 2 Highlights: M&A and Compliance With The Sarbanes-Oxley Act of 2002

Chapter 2 Highlights: M&A and Compliance With The Sarbanes-Oxley Act of 2002 Chapter 2 Highlights: M&A and Compliance With The Sarbanes-Oxley Act of 2002 Excerpted From The Complete Guide to Mergers And Acquisitions: Process Tools To Support M&A Integration At Every Level Second

More information

Annual Governance Statement 2013/14

Annual Governance Statement 2013/14 31 Annual Governance Statement 2013/14 1. SCOPE OF RESPONSIBILITY ESPO is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money

More information

Oceaneering International, Inc. Audit Committee Charter

Oceaneering International, Inc. Audit Committee Charter Oceaneering International, Inc. Audit Committee Charter Purpose The Audit Committee of the Board of Directors (the Committee ) is appointed by the Board of Directors (the Board ) to assist the Board in

More information

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER Page 1 of 7 A. GENERAL 1. PURPOSE The purpose of the Audit Committee (the Committee ) of the Board of Directors (the Board ) of Teck Resources Limited ( the Corporation ) is to provide an open avenue of

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

SALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS. (Revised September 11, 2012)

SALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS. (Revised September 11, 2012) I. STATEMENT OF POLICY SALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS (Revised September 11, 2012) This Charter specifies the scope of the responsibilities of

More information

FRAUD CONTROL POLICY

FRAUD CONTROL POLICY FRAUD CONTROL POLICY Contents Fraud Control Policy 1 Leadership Message 4 1.1 Purpose 4 1.2 Definitions 4 1.3 Policy Objectives and Scope 4 2 Governance and Professional Ethics Statement 5 2.1 Code of

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Is Department of Justice Dismissal of Morgan Stanley Case a Litmus Test for Corruption Risk Compliance? November 1, 2012 In April 2012, a former Morgan Stanley managing director

More information

Time Warner Cable Inc. Audit Committee Charter. Effective February 14, 2013

Time Warner Cable Inc. Audit Committee Charter. Effective February 14, 2013 Time Warner Cable Inc. Audit Committee Charter Effective February 14, 2013 The Board of Directors of Time Warner Cable Inc. (the Corporation ; Company refers to the Corporation and its consolidated subsidiaries)

More information

Sample risk committee charter

Sample risk committee charter Sample risk committee charter 1 Next This sample risk committee charter is based on leading practices observed by Deloitte in the analysis of a variety of materials. It is important to note that the Risk

More information

Accenture Risk Management. Industry Report. Life Sciences

Accenture Risk Management. Industry Report. Life Sciences Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive

More information

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services Agenda Fraud Overview Fraud Prevention Fraud Detection Fraud Response Questions Page 2 Fraud Overview

More information

Developing a Fraud Risk Management Program

Developing a Fraud Risk Management Program Developing a Fraud Risk Management Program Erick O. Bell Priyanka Jhang Deloitte Financial Advisory Services LLP September 11, 2013 Agenda Making the case for a Fraud Risk Management Program A COSO-consistent

More information

The Bulletin. Is Your Compliance Management Making a Difference? The Present State of Compliance. Volume 4, Issue 10

The Bulletin. Is Your Compliance Management Making a Difference? The Present State of Compliance. Volume 4, Issue 10 The Bulletin Volume 4, Issue 10 Is Your Compliance Management Making a Difference? Compliance management consists of the organization s policies and processes for adhering to applicable laws and regulations.

More information

Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter

Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter Purpose The Audit Committee is appointed by the Board of Directors (the Board ) of Sears Hometown and Outlet Stores,

More information

COUPONS.COM INCORPORATED CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

COUPONS.COM INCORPORATED CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS COUPONS.COM INCORPORATED CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY This Charter specifies the authority and scope of the responsibilities of the Audit Committee (the

More information

SunTrust Banks, Inc. Audit Committee of the Board of Directors Charter

SunTrust Banks, Inc. Audit Committee of the Board of Directors Charter SunTrust Banks, Inc. Audit Committee of the Board of Directors Charter PURPOSE The Audit Committee (the Committee ) is appointed by the Board of Directors (the Board ) of SunTrust Banks, Inc. (the Company

More information

FORTRESS TRANSPORTATION AND INFRASTRUCTURE INVESTORS LLC CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS MAY 11, 2015

FORTRESS TRANSPORTATION AND INFRASTRUCTURE INVESTORS LLC CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS MAY 11, 2015 FORTRESS TRANSPORTATION AND INFRASTRUCTURE INVESTORS LLC I. PURPOSE OF THE COMMITTEE CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS MAY 11, 2015 The purpose of the Audit Committee (the Committee

More information

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report Data Analysis: The Cornerstone of Effective Internal Auditing A CaseWare Analytics Research Report Contents Why Data Analysis Step 1: Foundation - Fix Any Cracks First Step 2: Risk - Where to Look Step

More information

As is the case in many industries today, corporate governance

As is the case in many industries today, corporate governance How Health Care Organizations Risk and Compliance Executives Can Become Strategic Board Advisors Terry Puchley, Partner, PwC, terry.puchley@us.pwc.com Mitchel Harris, Director, PwC, mitchel.s.harris@us.pwc.com

More information

Proactive Risk Management with SAP BusinessObjects

Proactive Risk Management with SAP BusinessObjects Proactive Risk Management with SAP BusinessObjects Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions INTRODUCTION What is the totality of our enterprise

More information

IFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11 October 2008, Beijing, China

IFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11 October 2008, Beijing, China International Accounting Standards Committee Foundation, Ministry of Finance (PRC), and Shulun Pan Certified Public Accountants IFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11, Beijing,

More information

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

IT Governance Dr. Michael Shaw Term Project

IT Governance Dr. Michael Shaw Term Project IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3

More information

The ADT Corporation. Audit Committee Charter. December 2014

The ADT Corporation. Audit Committee Charter. December 2014 The ADT Corporation Audit Committee Charter December 2014 1 TABLE OF CONTENTS Purpose... 3 Authority... 3 Composition... 3 Meetings... 3 Responsibilities... 4 Financial Statements... 4 External Audit...

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

The Journey to ORSA Begins. Assessing the Results of the 2015 ORSA Survey from St. John s University and Protiviti

The Journey to ORSA Begins. Assessing the Results of the 2015 ORSA Survey from St. John s University and Protiviti The Journey to ORSA Begins Assessing the Results of the 2015 ORSA Survey from St. John s University and Protiviti Executive Summary PUBLIC COMPANIES HAVE SOX. FINANCIAL SERVICES ORGANIZATIONS (AND OTHERS)

More information

MISSION VALUES. The guide has been printed by:

MISSION VALUES. The guide has been printed by: www.cudgc.sk.ca MISSION We instill public confidence in Saskatchewan credit unions by guaranteeing deposits. As the primary prudential and solvency regulator, we promote responsible governance by credit

More information

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014 CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014 Purpose The Audit Committee (the Committee ) is created by the Board of Directors of

More information

NEW PERSPECTIVES. Data Analysis Challenges: C1 is customer provided. Anticipate IRS Audits: System Development and Implementation Projects:

NEW PERSPECTIVES. Data Analysis Challenges: C1 is customer provided. Anticipate IRS Audits: System Development and Implementation Projects: NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 31, No. 2, Summer, 2012 C1 is customer provided Data Analysis

More information

KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER

KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER I. PURPOSE The Audit and Finance Committee (the Committee ) of Keysight Technologies, Inc. (the Company ) is appointed by the Board of Directors

More information

The Internal Audit fraud challenge Prevention, protection, detection

The Internal Audit fraud challenge Prevention, protection, detection The Internal Audit fraud challenge Prevention, protection, detection Contents Introduction to survey 1 Key findings 2 What are the views of senior management? 3 Adequately resourced? 6 Current trends and

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

Guide to the Sarbanes-Oxley Act:

Guide to the Sarbanes-Oxley Act: Guide to the Sarbanes-Oxley Act: internal Control Reporting Requirements Frequently Asked Questions Regarding Section 404 Fourth Edition Table of Contents Page No. Introduction... 1 Applicability of Section

More information

FERRARI N.V. AUDIT COMMITTEE CHARTER (Effective as of January 3, 2016)

FERRARI N.V. AUDIT COMMITTEE CHARTER (Effective as of January 3, 2016) FERRARI N.V. AUDIT COMMITTEE CHARTER (Effective as of January 3, 2016) For so long as shares of Ferrari N.V. (the Company ) are listed on the New York Stock Exchange ( NYSE ) and the rules of the NYSE

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin

More information

Charter of the Audit Committee of Asterias Biotherapeutics, Inc.

Charter of the Audit Committee of Asterias Biotherapeutics, Inc. Charter of the Audit Committee of Asterias Biotherapeutics, Inc. This Charter was adopted by the Board of Directors (the Board ) of Asterias Biotherapeutics, Inc. (the Company ) on March 10, 2013. I. Purpose

More information

High-Shrink Store Programs: Why Focusing Your Resources on the Worst Performing Stores Will Reap the Most Benefits

High-Shrink Store Programs: Why Focusing Your Resources on the Worst Performing Stores Will Reap the Most Benefits High-Shrink Store Programs: Why Focusing Your Resources on the Worst Performing Stores Will Reap the Most Benefits Introduction: Why shrink matters Retailers are used to managing a certain amount of shrink

More information

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied

More information