Numerous corporate governance players

Size: px
Start display at page:

Download "Numerous corporate governance players"

Transcription

1 An Integrated Approach to the Internal System - New Methodology for Evaluating Design and Effectiveness - Carolyn Dittmeier President, IIA Italy Vice President, Head of Internal Auditing Poste Italiane 1 New laws and regulations D.Lgs 231 Anti corruption L. 262/05(Sarbanes) Bank Regulations Corporate Governance Code Italian Stock Exchange Corporate Governance and Internal New Corporate Governance players Corporate Governance Paper of IIA Italy 2

2 Numerous corporate governance players Officer Audit Committee Board of Directors Board of Statutory Auditors Other Bodies CFO Quality Internal Audit Security Function Inspectorate Human Resource & Organization Safety Privacy Operational Management 3 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal System Three Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 4

3 Business Case Its business General Strategy Business Plan Logistics, postal and courrier express business sectors; banking, financial services and insurance Leveraging upon a major national network for gaining efficiency in services and market potential Introducing innovative services to integrate core businesses, such as financial transaction services and direct marketing Employees Post offices 200 Logistic Centers ATM Vehicles Points of sale Total Sales (mil.) of which: Logistics/Postal Financial/ Banking 5 Business Case BOARD OF DIRECTORS RS CHIEF EXECUTIVE OFFICER E DIRETTORE GENERALE MASSIMO SARMI COMMUNICATION AND PUBLIC AFFAIRS HUMAN RESOURCES AND ORGANIZATION CHIEF INFORMATION OFFICE LEGAL AFFAIRS STRATEGIC PLANNING PURCHASING CORPORATE AFFAIRS ACCOUNTANCY & CONTROL REAL ESTATE INTERNAL AUDITING FINANCE SECURITY AND SAFETY CHIEF NETWORK AND SALES OFFICE BUSINESS UNIT MAIL BUSINESS UNIT EXPRESS AND PARCELS CHIEF OPERATING OFFICE BUSINESS UNIT PHILATELY BUSINESS UNIT BANCOPOSTA 6

4 Business Case Governance milestones Public Economic Entity Transformation to a stock company Poste Italiane - Società per Azioni Poste Italiane is subject to supervision of Financial Regulatory Bodies 2002 New Internal Audit Model Implementation of Organizational Model for Anti-corruption (L 231) Code of Ethics Implementation of Enterprise Management Model 7 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model I. Global Business Assessment 8

5 Global Business Assessment? Operational risks risks Strategic risks Financial risks Reputational risks Accounting risks 9 Business Case Enterprise Management framework adopted in 2006 Obiettivi Goal Model Poste Poste Obiettivi di Business Efficienza di Processo Volume/Ricavie Obiettivi di Governo Rispetto della normativa Sicurezza Affidabilità delle informazioni OBIETTIVI RISCHI POTENZIALI Model Poste Rischi Esterni Rischi Interni Fattore Disegno Governo e controllo umano Processo/Sistemi direzionale Monitoraggio/ Processi IT Informativa Scenario Socio- Economico Concorrenza Mercato/ Cliente Contenimento Costi Customer Satisfaction Employee welfare CONTROLLI Risorse Umane Processi Ammin./ Contab. Pianificazione Partner/ Fornitori Quota di mercato Redditività Certezza operativa RISCHI RESIDUI Altri Processi Integrazione Contesto Legale Innovazione Tecnologica Integrazione Efficacia ed Efficienza IT Rischi Non Operativi Rischi Operativi Infrastruttura/ Risorse tecniche Attacchi/ Eventi esterni Tecnologia Model based on Goal Model

6 ERM Business Maturity Checkpoints 1. Framework 2. Self-Assessment workshop 3. Strong professional development programs 4. Budget and incentive system incorporating Key Indicators 5. Full risk management culture Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model II. A Unified Internal System Three Levels Optimizing Relationships Single Evaluation Criteria 12

7 Three levels of control activities within the Enterprise Management Model Company Bodies Audit Committee Definition of Objectives Management Internal environment Information and communication COSO: activities 3 rd Level Assurance Activity (Internal Audit) 2 nd Level Monitoring Activity ( Management,, ler) 1 st Level Activity (Line ) 13 A Unified Internal System 2. Optimizing Relationships between bodies and functions Informational Reporting Communication by meetings and presentations Providing Directives In relation to their assurance, consulting or other roles 14

8 Business Case State Auditors' Department Board of Directors Reporting & Interchange between Governance & Bodies Monthly Statutory Auditors Ethics/ Officer (Law 231) Semiannual Bimonthly Bimonthly Accountancy & Quarterly Segreteria Tecnica: Financial Reporting control Internal Audit, Human Resources, Legal Affairs; Accountancy & ; Security & Safety Internal Audit Overall Internal Periodic : Management Security & Safety Function Bancoposta Company Business Units and Depts and issues 15 A Unified Internal System 3. Integrated methodology for business control identification and evaluation Focusing separately on: Design Operating Effectiveness ( functioning functioning ) 16

9 How to evaluate the Integrated Internal System Tolerance Objectives Acceptance Design Adequacy Effectiveness, Efficiency and cost Operating Relevance Strength Resources availability Red-flag analysis Coverage Reactivity verification 17 Definition of a control? A set of activities whose purpose is to identify and correct errors and anomalies in order to reach defined control objectives, risk based Input Standard Comparison input / standard Correction Output 18

10 Objectives, risk based (examples) Quality and timeliness of operations reliability and integrity of Company information (financial and operational) Proper and effective contractual relations with customers and suppliers to Regulations Prevention of fraud Business continuity 19 How to evaluate the Integrated Internal System Tolerance Objectives Acceptance Design Adequacy Effectiveness, Efficiency and cost Operating Relevance Strength Resources availability Red-flag analysis Coverage Reactivity verification 20

11 Business Case: Ensuring quality manufacturing of mozzarella in Italy Supplying Production Time Quqlity By lot, the Production Dept requests 5 days ahead milk supplies fro, Purchasing on the basis of approved monthly sales forecasts. Upon supply of milk (<3 days) the Production Dept proceeds: Pasteurisation (2 hours) Coagulation (2 hours) Drainage (1 hour) Pressing and salting (1 hour) (time frame automatically recorded in 3 of 4 phases) The Quality Dept: if production time standards not compliant, block of packaging process, requesting the lot to be destroyed and re-produced. Packaging Upon authorization (Quality Dept) Production must package within 24 hours for delivery by the Distribution Dept by the next day. Quality Dept: Ensuring quality standards for freshness Actual time Reports Time Standards Comparison Correction : blockage Destroy/ Reproduce lot 22

12 evaluation of the single control based on scale of 1-5 (1-2 positive, negative). Tolerance Objectives Acceptance Design Adequacy Effectiveness, Efficiency and cost Operating Relevance 1 Coverage 2 Strength 3 Reactivity 2 Resources availability test Red-flag analysis design evaluation: positive (2) 23 Case study: quality cheese production Discretion Integration Independence Segregation Automation Adaptability Traceability Strength 3

13 Case study: quality cheese production Coverage scenario 1^ 1^ scenario 2^ 2^ scenario 3^ 3^ Tolerance Design Relevance Strength Scenario Known and positive design Known; design non positive Unknown design Objectives Adequacy Effectiveness, Efficiency and cost Reactivity design evaluation: positive (2) Resources availability Acceptance Operating test Red-flag analysis operating evaluation: good (3) Test 1 Audit Program Verify Information system utilized for standard check Test 2 Examine Sample of production lots checked by Quality Dept Audit Exception Level Test 1: 20% - Test 2: 5% 25 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal System Three Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 26

14 III. Need for Mechanisms of Assurance Reporting issues and evaluations on the accomplishment of company governance objectives by an independent function or body Internal Auditing Internal Officer for Listed Companies 27

An Integrated Approach to the Internal Control System

An Integrated Approach to the Internal Control System An Integrated Approach to the Internal Control System - New Methodology for Evaluating Design and Effectiveness - Carolyn Dittmeier President, IIA Italy Vice President, Head of Internal Auditing Poste

More information

Procedure deliberative per il compimento di operazioni con soggetti collegati

Procedure deliberative per il compimento di operazioni con soggetti collegati COMMENTS TO THE DISCUSSION PAPER OF THE BANK OF ITALY S DISPOSIZIONI DI VIGILANZA PRUDENZIALE PER LE BANCHE SISTEMA DEI CONTROLLI INTERNI, SISTEMA INFORMATIVO E CONTINUITÀ OPERATIVA Deutsche Bank SpA Procedure

More information

Texas Workforce Commission

Texas Workforce Commission Fiscal Year 2016 Audit Plan Approved by Commission September 28, 2015 Fiscal Year 2016 Audit Plan 1 Table of Contents Overview... 3 The Role of Internal Audit... 3 Professional and Statutory Requirements...

More information

QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents

QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents Chapter j 38 Self Assessment 729 QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements 1. Establishing and implementing a documented quality management system 2. Implementing a documented quality

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

OAC Presentation to UNESCO Member States

OAC Presentation to UNESCO Member States OAC Presentation to UNESCO Member States Scope and Purpose of Audit and Risk Committees 29 June 2016 1 Content: 1. Context 2. Audit and Risk Management in UNESCO today 3. Relationship between Entreprise

More information

Relevant COSO Principles. Policies and procedures are maintained. Policies and Procedures. Roles and responsibilities are identified

Relevant COSO Principles. Policies and procedures are maintained. Policies and Procedures. Roles and responsibilities are identified Accountability is unable to govern service processes No consistent or communicated policies procedures structure is inadequate Policies procedures are maintained Roles responsibilities are identified Policies

More information

Compliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert

Compliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Compliance Applicata Milano, 7 febbraio 2007 Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Legislazione e Normative Terrorism Act 2000 Sarbanes Oxley Act FSA CMA HIPAA Here is another one Obscene

More information

Sample Financial institution Risk Management Policy 2011

Sample Financial institution Risk Management Policy 2011 Sample Financial institution Risk Management Policy 2011 1 Contents Risk Management Program...2 Internal Control and Risk Management Diagram... 2 General Control Environment... 2 Specific Internal Control

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

Framework for Enterprise Risk Management

Framework for Enterprise Risk Management Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach

More information

A Framework for Managing Crime and Fraud

A Framework for Managing Crime and Fraud A Framework for Managing Crime and Fraud ASIS European Security Conference & Exhibition Gothenburg, April 15, 2013 Torsten Wolf Group Head of Crime and Fraud Prevention Agenda Introduction Economic Crime

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE I. Committee Purpose The Risk Committee is appointed by the Board of Directors of HSBC Finance Corporation (the Corporation ) and is responsible,

More information

Contents of the ISO 9001:2008 Quality System Checklist

Contents of the ISO 9001:2008 Quality System Checklist Contents of the ISO 9001:2008 Quality System Checklist Page Hyperlinks (click underlines) This SAMPLE document includes 4 clauses of the standard. You receive the Windows.doc file (with hyperlinks). You

More information

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits.

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits. Feature A Higher Level of Governance Monitoring IT Internal Controls Mike Garber, CGEIT, CIA, CITP, CPA, has many years experience as both director for IT governance and as IT audit director for Motorola

More information

The IIA Standards: The IPPF Framework

The IIA Standards: The IPPF Framework The IIA Standards: The IPPF Framework S P E A K E R : D O T T. R O B E R TO R O S ATO C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R S I T Y O F R O M E T O R V E R G A T A D E C E M B E R

More information

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing

More information

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL JANUARY 2013 TABLE OF CONTENTS Introduction... 1 Before the Three Lines: Risk Management Oversight and Strategy-Setting...

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER OF THE BOARD OF DIRECTORS OF Copyright/permission to reproduce Materials in this document were produced or compiled by

More information

Independent third-party company specialized in second and third-party audits

Independent third-party company specialized in second and third-party audits Independent third-party company specialized in second and third-party audits SOCIETY PRESENTATION From several years, AUDIT S.r.l. deals with second and third-party audit services for verification of compliance

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

AGA Kansas City Chapter Data Analytics & Continuous Monitoring AGA Kansas City Chapter Data Analytics & Continuous Monitoring Agenda Market Overview & Drivers for Change Key challenges that organizations face Data Analytics What is data analytics and how can it help

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

Addressing SOX compliance with XaitPorter. Version 1.0 Sept. 2014

Addressing SOX compliance with XaitPorter. Version 1.0 Sept. 2014 Addressing SOX compliance with XaitPorter Version 1.0 Sept. 2014 Table of Contents 1 Addressing Compliance... 1 2 SOX Compliance... 2 3 Key Benefits... 5 4 Contact Information... 6 1 Addressing Compliance

More information

PCI Compliance reporting solution

PCI Compliance reporting solution PCI Compliance reporting solution This document describes GamePlan s PCI DSS compliance solution and its ability to assist organisations to be compliant with the regulatory requirements of the Payment

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

An Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

An Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.

More information

Establishing a Quality Assurance and Improvement Program

Establishing a Quality Assurance and Improvement Program Chapter 2 Establishing a Quality Assurance and Improvement Program O v e rv i e w IIA Practice Guide, Quality Assurance and Improvement Program, states that Quality should be built in to, and not on to,

More information

Risk Management Solution for NPO

Risk Management Solution for NPO Risk Management Solution for NPO Achieving Mission with Best in Governance Disclaimer While utmost care has been taken to ensure content accuracy at the time of writing, no person should rely on the contents

More information

INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00

INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00 APPROVED by Resolution of the Board of Directors of Rosneft Minutes No. 16 dated May 07, 2013 In effect from July 22, 2013 by Order dated July 22, 2013 No. 311 COMPANY POLICY INTERNAL CONTROL AND ENTERPRISE

More information

Standards for the Professional Practice of Internal Auditing

Standards for the Professional Practice of Internal Auditing Standards for the Professional Practice of Internal Auditing THE INSTITUTE OF INTERNAL AUDITORS 247 Maitland Avenue Altamonte Springs, Florida 32701-4201 Copyright c 2001 by The Institute of Internal Auditors,

More information

Internal Audit and Advisory Services DRAFT

Internal Audit and Advisory Services DRAFT Internal Audit and Advisory Services DRAFT PAGE(S) Message from the Internal Audit and Advisory Services...1-2 Internal Audit and Advisory Services Plan...3-5 Objectives...6-7 Risk Assessment Process...8

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

Poste Italiane ICT Measurement

Poste Italiane ICT Measurement Poste Italiane ICT Measurement Paolo Baldelli DCPT Process and Technologies Central Department Poste Italiane S.p.A. 1 Direzione Centrale Processi e Tecnologie Agenda! Poste Italiane : the Company and

More information

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218 Copyright in the material is owned by the State of New South Wales. Apart from any use as permitted under the Copyright Act 1968 and/or as explicitly permitted below, all other rights are reserved. You

More information

(A) DESNET Identification. Identification

(A) DESNET Identification. Identification VLABInstruction Ver 4.0.doc (A) DESNET Identification Name Address Web site E mail Friuli Venezia Giulia Food Industry District Consorzio del prosciutto di S.Daniele Via Umberto I 16, 33038 S.Daniele del

More information

Quality Assurance Checklist

Quality Assurance Checklist Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The

More information

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL 32701-4201 USA

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL 32701-4201 USA INTERNATIONAL Professional Practices Framework (IPPF) Disclosure Copyright 2009 by The Institute of Internal Auditors Research Foundation (IIARF), 247 Maitland Avenue, Altamonte Springs, Florida 32701-4201.

More information

Measuring Capital for Operational Risk: A Scenario based AMA

Measuring Capital for Operational Risk: A Scenario based AMA Measuring Capital for Operational Risk: A Scenario based AMA Budapest, September 2003 Agenda Introduction The Road to AMA Overview of the AMA approach in Intesa The Scenario-based Self Risk Assessment

More information

Internal/External Audits

Internal/External Audits Internal/External Audits Joint World Bank/Federal Reserve System Seminar for Senior Bank Supervisors Arthur Lindo Federal Reserve Board Presentation Topics ❿Internal Audit, Corporate Governance and Controls

More information

Smarter Data Center di IBM

Smarter Data Center di IBM Sergio Eufemi - GTS Offering Management and Development Leader Marzo 2011 Smarter Data Center di IBM I nuovi modelli di business richiedono un salto qualitativo e quantitativo all IT in un difficile contesto

More information

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER Page 1 of 7 A. GENERAL 1. PURPOSE The purpose of the Audit Committee (the Committee ) of the Board of Directors (the Board ) of Teck Resources Limited ( the Corporation ) is to provide an open avenue of

More information

Page 1 of 2. Exhibit 99.1

Page 1 of 2. Exhibit 99.1 Page 1 of 2 Report of the Chairman of the Board of Directors as presented in the French-language document de référence (Section L. 225-37 of the French Commercial Code) In preparing this report, the Chairman

More information

Guide to Internal Control Over Financial Reporting

Guide to Internal Control Over Financial Reporting Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Improvements Are Needed to the Information Security Program March 11, 2008 Reference Number: 2008-20-076 This report has cleared the Treasury Inspector

More information

A Sarbanes-Oxley Roadmap to Business Continuity

A Sarbanes-Oxley Roadmap to Business Continuity A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT

More information

Year 2000 Business Continuity and Contingency Planning: Day One Strategy (Report Number TR-AR-00-002)

Year 2000 Business Continuity and Contingency Planning: Day One Strategy (Report Number TR-AR-00-002) December 7, 1999 CLARENCE E. LEWIS, JR. CHIEF OPERATING OFFICER AND EXECUTIVE VICE PRESIDENT SUBJECT: Year 2000 Business Continuity and Contingency Planning: (Report Number ) This audit report presents

More information

Top Ten Issues facing Internal Auditing in the Future

Top Ten Issues facing Internal Auditing in the Future Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1

More information

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area CODE OF CORPORATE GOVERNANCE INTRODUCTION Corporate Governance is a term used to describe how organisations direct and control what they do. As well as systems and processes this includes cultures and

More information

SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID

SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID State of New Jersey Department of Community Affairs Division of Local Government

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

Principles for the audit committee s role in performance management

Principles for the audit committee s role in performance management Principles for the audit committee s role in performance management The information contained in this guidance paper is provided for discussion purposes. As such, it is intended to provide the reader and

More information

Compliance by Design (CbD)

Compliance by Design (CbD) Compliance by Design (CbD) Building an Effective & Sustainable Compliance Program Dale Skivington Executive Director, Global Compliance and Privacy Dell today Technology has always been about enabling

More information

Semiannual Report to Congress. Office of Inspector General

Semiannual Report to Congress. Office of Inspector General Semiannual Report to Congress Office of Inspector General Federal Election Commission 999 E Street, N.W., Suite 940 Washington, DC 20463 April 1, 2005 September 30, 2005 November 2005 TABLE OF CONTENTS

More information

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education. ISO 2002 All rights reserved ISO / IWA 2 / WD1 N5 Date: 2002-10-25 Secretariat: SEP-MÉXICO International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000

More information

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS RISK FACTORS Report by the Chairman of the Board of Directors on corporate governance, risk management and internal controls Property damage and operating loss insurance Property damage/operating loss

More information

The role of Internal Audit under Solvency II

The role of Internal Audit under Solvency II The role of Internal Audit under Solvency II ECIIA task force / Solvency II / position paper / Internal audit TABLE CONTENT 1. INTRODUCTION 1. Introduction... p.3 2. Does the role of Internal Audit change

More information

ISO 9001:2008 Audit Checklist

ISO 9001:2008 Audit Checklist g GE Power & Water ISO 9001:2008 Audit Checklist Organization Auditor Date Page 1 Std. 4.1 General s a. Are processes identified b. Sequence & interaction of processes determined? c. Criteria for operation

More information

Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE. of the ATTORNEY GENERAL.

Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE. of the ATTORNEY GENERAL. Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE of the ATTORNEY GENERAL Charities Bureau 120 Broadway New York, NY 10271 (212) 416-8400 www.charitiesnys.com

More information

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW) EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW) Phil Tarling PRESIDENT Carolyn Dittmeier VICE PRESIDENT Head Office: c/o IIA Belgium Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)

More information

1. Corporate Governance Corporate governance is discussed in the French-language document de référence in section 1.2. Gouvernement d entreprise.

1. Corporate Governance Corporate governance is discussed in the French-language document de référence in section 1.2. Gouvernement d entreprise. Report of the Chairman of the Board of Directors as presented in the French-language document de référence (Section L. 225-37 of the French Commercial Code) In preparing this report, the Chairman consulted

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

Quality Management System Manual

Quality Management System Manual Quality Management System Manual This manual has been reviewed and approved for use by: Jack Zazulak President, Aurora Machine Limited March 07, 2011 Date - Copyright Notice - This document is the exclusive

More information

Using data analytics and continuous auditing for effective risk management

Using data analytics and continuous auditing for effective risk management Using data analytics and continuous auditing for effective risk management April 2014 Irakis Kanavaris Agenda Current trends Common terminology of Data Analytics and CA/CM KPMG approach & observations

More information

Five-Year Strategic Plan

Five-Year Strategic Plan U.S. Department of Education Office of Inspector General Five-Year Strategic Plan Fiscal Years 2014 2018 Promoting the efficiency, effectiveness, and integrity of the Department s programs and operations

More information

February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER HENRY A. PANKEY, VICE PRESIDENT, DELIVERY AND RETAIL

February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER HENRY A. PANKEY, VICE PRESIDENT, DELIVERY AND RETAIL February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER CHARLES E. BRAVO SENIOR VICE PRESIDENT, INTELLIGENT MAIL AND ADDRESS QUALITY HENRY A. PANKEY, VICE PRESIDENT, DELIVERY

More information

Annual Governance Statement 2013/14

Annual Governance Statement 2013/14 31 Annual Governance Statement 2013/14 1. SCOPE OF RESPONSIBILITY ESPO is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money

More information

IT Governance Charter

IT Governance Charter Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms

More information

Semi-Annual Audit, Compliance, and Enterprise Risk Management Update

Semi-Annual Audit, Compliance, and Enterprise Risk Management Update Semi-Annual Audit, Compliance, and Enterprise Risk Management Update Steve Byone Chief Financial Officer February 20 th, 2007 Audit Update February 20 th, 2007 Page 2 2 Audit Update February 2007 ERCOT

More information

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO Information Governance Workshop David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO Recognition of Information Governance in Industry Research firms have begun to recognize the

More information

August 12, 1997. To the Corporate Credit Union Addressed: SUBJ: Part 704 Guidance Letter No. 2

August 12, 1997. To the Corporate Credit Union Addressed: SUBJ: Part 704 Guidance Letter No. 2 To the Corporate Credit Union Addressed: SUBJ: Part 704 Guidance Letter No. 2 On July 15, 1997, I issued Part 704 Guidance Letter No. 1 to each corporate credit union. In that letter, I indicated that

More information

Social Responsibility in the Italian gold industry. Ethics and Sustainability in the Supply Chain

Social Responsibility in the Italian gold industry. Ethics and Sustainability in the Supply Chain Social Responsibility in the Italian gold industry Ethics and Sustainability in the Supply Chain Federica Cembali D.G.P.I.C. Ethics and Business: yesterday, today and tomorrow Today/Tomorrow Today Yesterday/

More information

Corporate policy statement on ethical business practices of BCD Travel

Corporate policy statement on ethical business practices of BCD Travel Corporate policy statement on ethical business practices of BCD Travel 1. Statement of policy It is a fundamental policy of the company to conduct its business with honesty and integrity and in accordance

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

Quality Management System Manual

Quality Management System Manual Effective Date: 03/08/2011 Page: 1 of 17 Quality Management System Manual Thomas C. West Eric Weagle Stephen Oliver President ISO Management General Manager Representative Effective Date: 03/08/2011 Page:

More information

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report Data Analysis: The Cornerstone of Effective Internal Auditing A CaseWare Analytics Research Report Contents Why Data Analysis Step 1: Foundation - Fix Any Cracks First Step 2: Risk - Where to Look Step

More information

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND

More information

ENTERPRISE RISK MANAGEMENT SURVEY. 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:

ENTERPRISE RISK MANAGEMENT SURVEY. 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY: t RIMS2013 ENTERPRISE RISK MANAGEMENT SURVEY 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY: Administered by: Advisen Ltd. Zurich Authored by: RIMS and Advisen Ltd. Publishers: Mary Roth,

More information

Office of the City Auditor 2016 Annual Work Plan and Long Term Audit Plan

Office of the City Auditor 2016 Annual Work Plan and Long Term Audit Plan Office of the City Auditor 2016 Annual Work Plan and Long Term Audit Plan November 2, 2015 This page is intentionally blank. Office of the City Auditor 2016 OCA Annual Work Plan and Long Term Audit Plan

More information

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter Board of Directors Meeting 12/04/2010 Document approved Operational Risk Management Charter Table of contents A. INTRODUCTION...3 I. Background...3 II. Purpose and Scope...3 III. Definitions...3 B. GOVERNANCE...4

More information

M-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.

M-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003. M-Aud Comptroller of the Currency Administrator of National Banks Internal and External Audits Comptroller s Handbook April 2003 M Management Internal and External Audits Table of Contents Introduction...1

More information

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need

More information

INTERNAL CONTROLS EVALUATION

INTERNAL CONTROLS EVALUATION INTERNAL CONTROLS EVALUATION Planning an Internal Controls Evaluation Project Internal Control Documentation Internal Control Testing Evaluation of Internal Control Deficiency Reporting Internal Control

More information

Auditing Outsourcing Arrangements

Auditing Outsourcing Arrangements Auditing Outsourcing Arrangements Eileen Healy Enterprise Risk Services Director 16 April 2015 Contact Details: - Email: - ehealy@deloitte.ie Mobile: - 086 164 3082 Session Objectives To provide an understanding

More information

For personal use only

For personal use only Statement of Corporate Governance for the Year Ended 30 June 2015 This Corporate Governance Statement is current as at 1 September 2015 and has been approved by the Board of Equus Mining Limited ( the

More information

Contents of the ISO 9001:2000 Quality System Checklist

Contents of the ISO 9001:2000 Quality System Checklist Contents of the ISO 9001:2000 Quality System Checklist Page Hyperlinks (click underlines) This SAMPLE document includes 4 clauses of the standard. You receive the Windows.doc file (with hyperlinks). You

More information

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) 1 Introduction 1.1 Section 316 (4) of the International Business

More information

http://www.procognis.com January 2005 Lynda Radke, CPA CFO, ProCognis, Inc. info@procognis.com Abstract 1. Planning for Sarbanes-Oxley 404 Compliance

http://www.procognis.com January 2005 Lynda Radke, CPA CFO, ProCognis, Inc. info@procognis.com Abstract 1. Planning for Sarbanes-Oxley 404 Compliance http://www.procognis.com January 2005 Sarbanes-Oxley Section 404 Planning and Documentation Complying with the Provisions of the new Law: Developing a Compliance Plan and Documenting Controls Abstract

More information

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING A CaseWare IDEA Research Report CaseWare IDEA Inc. is a privately held software development and marketing company, with offices in Toronto

More information

INTERNAL AUDIT GRC SERIES: CHALLENGES AND SOLUTIONS TO ALIGNMENT

INTERNAL AUDIT GRC SERIES: CHALLENGES AND SOLUTIONS TO ALIGNMENT INTERNAL AUDIT GRC SERIES: CHALLENGES AND SOLUTIONS TO ALIGNMENT Internal Audit (IA) is one of many organizational groups whose mission is to assess risks, evaluate controls, raise issues and improve processes.

More information

Quality Manual ALABAMA RESEARCH & DEVELOPMENT. This Quality Manual complies with the Requirements of ISO 9001:2008.

Quality Manual ALABAMA RESEARCH & DEVELOPMENT. This Quality Manual complies with the Requirements of ISO 9001:2008. ALABAMA RESEARCH & DEVELOPMENT This complies with the Requirements of ISO 9001:2008. Prepared By: Phyllis Olsen Release Date: 03/19/09 Quality Policy & Objectives s quality policy is to achieve sustained,

More information

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office. GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers

More information

SUBJECT: Audit Report Oracle Application Control Review Invoice Processing and Discounts (Report Number IS AR 08 003)

SUBJECT: Audit Report Oracle Application Control Review Invoice Processing and Discounts (Report Number IS AR 08 003) January 10, 2008 SUSAN BROWNELL VICE PRESIDENT, SUPPLY MANAGEMENT LYNN MALCOLM VICE PRESIDENT, CONTROLLER SUBJECT: Audit Report Oracle Application Control Review Invoice Processing and Discounts (Report

More information

TRUE TITLE BEST PRACTICES

TRUE TITLE BEST PRACTICES TRUE TITLE BEST PRACTICES Mission Statement The American Land Title Association (ALTA) seeks to guide its membership on best practices to protect consumers, promote quality service, provide for ongoing

More information

Quanto costa NON dotarsi di un sistema di governo delle informazioni

Quanto costa NON dotarsi di un sistema di governo delle informazioni Quanto costa NON dotarsi di un sistema di governo delle informazioni Roberta Raimondi Sda Bocconi Professor Information Management Unit KNOWLEDGE BOX AUTUMN 2013 / MILANO / 22 OTTOBRE 2013 Quanto tempo

More information