An Integrated Approach to the Internal Control System

Size: px
Start display at page:

Download "An Integrated Approach to the Internal Control System"

Transcription

1 An Integrated Approach to the Internal Control System - New Methodology for Evaluating Design and Effectiveness - Carolyn Dittmeier President, IIA Italy Vice President, Head of Internal Auditing Poste Italiane 1

2 Increasing legislation and regulation of governance Anti corruption (Law 231) Sarbanes (Law 262) Stock Exchange Governance Code Bank Regulations New Corporate Governance players Corporate Governance Paper IIA Italy 2

3 Numerous corporate governance players Compliance Officer Audit Committee Board of Directors Board of Statutory Auditors Other Control Bodies CFO Quality Internal Audit Security Compliance Function Inspectorate Human Resource & Organization Safety Privacy Operational Management 3

4 Numerous Corporate Governance Players Possible consequences: Cost efficiency Cost of governance exceeds benefits in risk reduction Effectiveness Inadequate/fragmented risk coverage 4

5 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal Control System Three Control Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 5

6 Business Case Its Business General Strategy Logistics, postal and courrier express Banking, financial services and insurance Leveraging upon a major national network, integrating new innovative services to core businesses 150,000 Employees 14,000 Post offices 200 Logistic Centres Vehicles 2,700 ATM Total Sales (mil) of which: Logistics/Postal Financial/ Banking 6

7 Business Case Compliance Officer INTERNAL AUDITING CHAIRMAN BOARD OF DIRECTORS RS CHIEF EXECUTIVE OFFICE LEGAL AFFAIRS Court Auditors Statutory tory Auditors CORPORATE AFFAIRS ACCOUNTANCY & CONTROL RISK MGMT/ SECURITY HUMAN RESOURCES AND ORGANIZATION STRATEGIC PLANNING COMMUNICATION AND PUBLIC AFFAIRS FINANCE CHIEF INFORMATION OFFICE PURCHASING REAL ESTATE BUSINESS UNITS RETAIL NETWORK MAIL EXPRESS AND PARCELS LOGISTICS AND OPERATIONS PHILATELY BANCOPOSTA COMPLIANCE FUNCTION 7 AUDIT

8 Business Case CHAIRMAN CEO Court Auditors Statutory tory Auditors INTERNAL AUDITING Compliance Officer STANDARDS/ RESEARCH PLANNING ETHICS AUDIT Bancoposta AUDIT FINANCIAL & RETAIL NETWORK AUDIT LOGISTICS POSTAL AUDIT SUPPORT PROCESSES GEOGRAPHICAL AREA MANAGERS INTEGRATED PROCESS AUDIT

9 Business Case Governance milestones Public Economic Entity Transformation to a stock company Poste Italiane - Società per Azioni Poste Italiane is subject to supervision of Financial Regulatory Bodies Implementation of Internal Audit replacing Inspectorship Implementation of Ethics Officer Code of Ethics Implementation of Enterprise Risk Management Model 2007 Introduction of Sarbanes Accounting Officer 9

10 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model I. Global Business Risk Assessment 10

11 Global Business Risk Assessment? Operational risks Compliance risks Reputational risks Strategic risks Financial risks Accounting risks 11

12 Business Case Enterprise Risk Management framework adopted in 2006 Obiettivi Goal Model Poste Poste Obiettivi di Business Efficienza di Processo Volume/Ricavie Obiettivi di Governo Rispetto della normativa Sicurezza Affidabilità delle informazioni OBIETTIVI RISCHI POTENZIALI Risk Model Poste Rischi Interni Fattore Disegno umano Processo/Sistemi Compliance Processi IT Rischi Esterni Governo e controllo direzionale Monitoraggio/ Informativa Scenario Socio- Economico Concorrenza Mercato/ Cliente Contenimento Costi Customer Satisfaction Employee welfare CONTROLLI Risorse Umane Processi Ammin./ Contab. Pianificazione Partner/ Fornitori Quota di mercato Redditività Innovazione Tecnologica Certezza operativa Integrazione Efficacia ed Efficienza IT RISCHI RESIDUI Rischi Non Operativi Rischi Operativi Altri Processi Infrastruttura/ Risorse tecniche Integrazione Contesto Legale Attacchi/ Eventi esterni Tecnologia Risk Model based on Goal Model

13 ERM Business Maturity Checkpoints 1. Risk Framework 2. Control Risk Self-Assessment worshop 3. Strong professional development programs 4. Budget and incentive system incorporating Key Risk Indicators 5. Full risk management culture

14 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model II. A Unified Internal Control System Three Control Levels Optimizing Relationships Single Evaluation Criteria 14

15 Three levels of control activities within the Enterprise Risk Management Model Company Bodies Audit Committee Definition of Objectives Risk Management Internal environment Information and communication COSO: Control activities 3 rd Level Assurance Activity (Internal Audit) 2 nd Level Monitoring Activity (Risk Management, Compliance, Controller) 1 st Level Control Activity (Line Control) 15

16 A Unified Internal Control System Optimizing Relationships between Control bodies and functions Informational Reporting Communication by meetings and presentations Providing Directives In relation to their assurance, consulting or other roles 16

17 Reporting & Interchange between Governance & Control Bodies Business Case Statutory tory Auditors BOARD OF DIRECTORS RS Monthly Court Auditors Compliance Officer Bimonthly CFO Financial Reporting control Quarterly INTERNAL AUDITING Overall Internal Control Semiannual Bimonthly COMMITTEE Internal Audit, Human Resources, Legal Affairs; CFO; Security/Risk Mgmt Risk and Compliance Periodic : issues Risk Management Bancoposta Compliance Function Bancoposta Company Business Units and Depts 17

18 A Unified Internal Control System Integrated methodology for business control identification and evaluation Focusing separately on: Control Design Control Operating Effectiveness 18

19 How to evaluate the Integrated Internal Control System Risk Tolerance Control Objectives Risk Acceptance Control Design Adequacy Effectiveness, Efficiency and cost effectiveness Operating effectiveness Relevance Strength Resources availability Red-flag analysis Coverage Reactivity Compliance verification 19

20 Definition of a control? A set of activities whose purpose is to identify and correct errors and anomalies in order to reach defined control objectives, risk based Input Standard Input Capture/ Measurement Comparison input / standard Correction Output 20

21 Control Objectives, risk based (examples) Quality and timeliness of operations Reliability and integrity of Company information (financial and operational) Proper and effective contractual relations with customers and suppliers Compliance to Regulations Prevention of fraud Business continuity 21

22 How to evaluate the Integrated Internal Control System Risk Tolerance Control Objectives Risk Acceptance Control Design Adequacy Effectiveness, Efficiency and Cost effectiveness Operating effectiveness Relevance Strength Resources availability Red-flag analysis Coverage Reactivity Compliance verification 22

23 Process Case study: quality cheese production Production of fresh cheese according to quality standards Activity 1 Supply request Activity 2 Production Control over Production Time Standards Activity 3 Packaging For every fresh cheese lot, the Production Dept requests, up to 5 days before the fermentation process, requests from the Purchasing Dept quantities of milk supplies on the basis of approved monthly sales forecasts. Upon supply of milk (<3 days) the Production Dept proceeds: Pasteurisation (2 hours) Coagulation of casein (2 hours) Drainage of whey (1 hour); Pressing and salting (1 hour) (time frame automatically recorded in 3 of 4 phases) The Quality Dept verifies respect of production time standards. If non compliant, it blocks the packaging process, requesting the lot to be destroyed and re-produced. Following authorization given by Quality Dept, the Production Dept proceeds to package the fresh cheese within 24 hours for delivery by the Distribution Dept by the next day. 23

24 Case study: quality cheese production Control objectives: Ensure fresh cheese according to quality standards Ensure the absence of pathogens in the milk Ensure production-time for avoiding pathogenic generation Ensure temperature-preservation for avoiding pathogenic generation Control over Production Time Standards Control components Actual time frame (automatic) Time Limitation Standards Information System Check Lot destruction when out of time standard Replacement of Production lot Authorization for packaging 24

25 Control evaluation:scale of 1-5 (1-2 positive, negative). Control Objective Adequacy 2 Control Design Operating effectiveness 1 Relevance Coverage Strength 3 Reactivity Resources availability Compliance test Red-flag analysis Discretion Integration Independe nt Segregatio n Automatio n Adaptabilit y Traceabilit y 25

26 Case study: quality cheese production Discretion Integration Independence Segregation Automation Adaptability Traceability Strength 3

27 Case study: quality cheese production Coverage Risk Tolerance Control Design Relevance Strength Scenario Control Objectives Adequacy Effectiveness, Efficiency and cost effectiveness Reactivity Control design evaluation: positive (2) Resources availability Risk Acceptance Operating effectiveness Compliance test Red-flag analysis Control operating effectiveness evaluation: good (3) Test 1 Audit Program Verify Information system utilized for standard check Test 2 Examine Sample of production lots checked by Quality Dept scenario 1^ 1^ scenario 2^ 2^ scenario 3^ 3^ Known and and positive design Known; design non non positive Unknown design Audit Exception Level Test 1: 20% - Test 2: 5% 27

28 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal Control System Three Control Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 28

Numerous corporate governance players

Numerous corporate governance players An Integrated Approach to the Internal System - New Methodology for Evaluating Design and Effectiveness - Carolyn Dittmeier President, IIA Italy Vice President, Head of Internal Auditing Poste Italiane

More information

Procedure deliberative per il compimento di operazioni con soggetti collegati

Procedure deliberative per il compimento di operazioni con soggetti collegati COMMENTS TO THE DISCUSSION PAPER OF THE BANK OF ITALY S DISPOSIZIONI DI VIGILANZA PRUDENZIALE PER LE BANCHE SISTEMA DEI CONTROLLI INTERNI, SISTEMA INFORMATIVO E CONTINUITÀ OPERATIVA Deutsche Bank SpA Procedure

More information

Texas Workforce Commission

Texas Workforce Commission Fiscal Year 2016 Audit Plan Approved by Commission September 28, 2015 Fiscal Year 2016 Audit Plan 1 Table of Contents Overview... 3 The Role of Internal Audit... 3 Professional and Statutory Requirements...

More information

Addressing SOX compliance with XaitPorter. Version 1.0 Sept. 2014

Addressing SOX compliance with XaitPorter. Version 1.0 Sept. 2014 Addressing SOX compliance with XaitPorter Version 1.0 Sept. 2014 Table of Contents 1 Addressing Compliance... 1 2 SOX Compliance... 2 3 Key Benefits... 5 4 Contact Information... 6 1 Addressing Compliance

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

QA Work Paper Analysis

QA Work Paper Analysis QA Work Paper Analysis Part 1 Summary Audit No. 1 Audit No. 2 Audit No. 3 Audit No. 4 Audit No. 5

More information

COHERENT, INC. Board of Directors. Governance Guidelines

COHERENT, INC. Board of Directors. Governance Guidelines COHERENT, INC. Board of Directors Governance Guidelines Effective: December 12, 2013 1. Mission of the Board The Board of Directors (the Board ) has the ultimate responsibility for the well being of the

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE I. Committee Purpose The Risk Committee is appointed by the Board of Directors of HSBC Finance Corporation (the Corporation ) and is responsible,

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies James Barkley, Simon Property Group, Inc. and David E. Weiss, DDR Corp. Introduction: As lawyers, particularly real estate

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

August 2012 Report No. 12-048

August 2012 Report No. 12-048 John Keel, CPA State Auditor An Audit Report on The Texas Windstorm Insurance Association Report No. 12-048 An Audit Report on The Texas Windstorm Insurance Association Overall Conclusion The Texas Windstorm

More information

PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES

PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES A. THE ROLE OF THE BOARD OF DIRECTORS 1. Direct the Affairs of the Corporation for the Benefit of Shareholders The Prudential board

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

IT Governance Charter

IT Governance Charter Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms

More information

MIDCONTINENT INDEPENDENT SYSTEM OPERATOR, INC. BOARD OF DIRECTORS CORPORATE GOVERNANCE & STRATEGIC PLANNING COMMITTEE CHARTER

MIDCONTINENT INDEPENDENT SYSTEM OPERATOR, INC. BOARD OF DIRECTORS CORPORATE GOVERNANCE & STRATEGIC PLANNING COMMITTEE CHARTER MIDCONTINENT INDEPENDENT SYSTEM OPERATOR, INC. BOARD OF DIRECTORS CORPORATE GOVERNANCE & STRATEGIC PLANNING COMMITTEE CHARTER I. ORGANIZATION There shall be a committee of the Board of Directors ( Board

More information

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER OF THE BOARD OF DIRECTORS OF Copyright/permission to reproduce Materials in this document were produced or compiled by

More information

Framework for Enterprise Risk Management

Framework for Enterprise Risk Management Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach

More information

Auditing Outsourcing Arrangements

Auditing Outsourcing Arrangements Auditing Outsourcing Arrangements Eileen Healy Enterprise Risk Services Director 16 April 2015 Contact Details: - Email: - ehealy@deloitte.ie Mobile: - 086 164 3082 Session Objectives To provide an understanding

More information

Internal/External Audits

Internal/External Audits Internal/External Audits Joint World Bank/Federal Reserve System Seminar for Senior Bank Supervisors Arthur Lindo Federal Reserve Board Presentation Topics ❿Internal Audit, Corporate Governance and Controls

More information

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218 Copyright in the material is owned by the State of New South Wales. Apart from any use as permitted under the Copyright Act 1968 and/or as explicitly permitted below, all other rights are reserved. You

More information

Crime Prevention and Anti- Fraud Policy of Gamesa Corporación Tecnológica, S.A. (March 23, 2011)

Crime Prevention and Anti- Fraud Policy of Gamesa Corporación Tecnológica, S.A. (March 23, 2011) Crime Prevention and Anti- Fraud Policy of Gamesa Corporación Tecnológica, S.A. (March 23, 2011) I. PURPOSE The Board of Directors of Gamesa Corporación Tecnológica, S.A. (the Company or Gamesa) has been

More information

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER Page 1 of 7 A. GENERAL 1. PURPOSE The purpose of the Audit Committee (the Committee ) of the Board of Directors (the Board ) of Teck Resources Limited ( the Corporation ) is to provide an open avenue of

More information

INTERNAL AUDIT CHARTER and STRATEGY

INTERNAL AUDIT CHARTER and STRATEGY INTERNAL AUDIT & INVESTIGATIONS SHARED SERVICE INTERNAL AUDIT CHARTER and STRATEGY 2015-16 1 This Charter and Strategy sets out the purpose, authority and responsibility of the Council s Internal Audit

More information

Sample Financial institution Risk Management Policy 2011

Sample Financial institution Risk Management Policy 2011 Sample Financial institution Risk Management Policy 2011 1 Contents Risk Management Program...2 Internal Control and Risk Management Diagram... 2 General Control Environment... 2 Specific Internal Control

More information

The purpose of internal control within the Cegedim Group are based on the following topics:

The purpose of internal control within the Cegedim Group are based on the following topics: CHAIRMAN OF THE BOARD OF DIRECTORS REPORT ON THE PREPARATION AND ORGANIZATION OF THE BOARD S WORK AND ON THE INTERNAL CONTROL PROCEDURES IMPLEMENTED BY THE COMPANY INTERNAL CONTROL PROCEDURES Purpose of

More information

For personal use only

For personal use only Statement of Corporate Governance for the Year Ended 30 June 2015 This Corporate Governance Statement is current as at 1 September 2015 and has been approved by the Board of Equus Mining Limited ( the

More information

Compliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert

Compliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Compliance Applicata Milano, 7 febbraio 2007 Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Legislazione e Normative Terrorism Act 2000 Sarbanes Oxley Act FSA CMA HIPAA Here is another one Obscene

More information

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document.

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document. Internal Control ACCA P1 Internal Control Turnbull Report 1999 provided guidance for creating strong internal control system and later incorporated into Combined code, it was last revised in 2005 and still

More information

CHAPTER 9: IT AUDIT CHECKLISTS

CHAPTER 9: IT AUDIT CHECKLISTS CHAPTER 9: IT AUDIT CHECKLISTS An ounce of action is worth a ton of theory. Friedrich Engels (Philosopher) The IT Audit Checklist series IT Audit Checklists are a T2P (Truth to Power) membersonly free

More information

IT Insights. Managing Third Party Technology Risk

IT Insights. Managing Third Party Technology Risk IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

Enterprise Risk Management Program at HCA. ERM Roundtable. February 25, 2005 HCA. David Hughes, CPA, CIA AVP, ERM Office

Enterprise Risk Management Program at HCA. ERM Roundtable. February 25, 2005 HCA. David Hughes, CPA, CIA AVP, ERM Office Enterprise Risk Management Program at ERM Roundtable February 25, 2005 David Hughes, CPA, CIA AVP, ERM Office Agenda 1. 1. Overview of of 2. 2. Evolution of of our ERM Program 3. 3. Risk Identification

More information

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER KING III CORPORATE GOVERNANCE REGISTER CHAPTER 1: ETHICAL LEADERSHIP AND CORPORATE CITIZENSHIP NON 1.1. The board should provide effective leadership based on an ethical foundation 1.2. The board should

More information

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area CODE OF CORPORATE GOVERNANCE INTRODUCTION Corporate Governance is a term used to describe how organisations direct and control what they do. As well as systems and processes this includes cultures and

More information

A Sarbanes-Oxley Roadmap to Business Continuity

A Sarbanes-Oxley Roadmap to Business Continuity A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT

More information

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

AGA Kansas City Chapter Data Analytics & Continuous Monitoring AGA Kansas City Chapter Data Analytics & Continuous Monitoring Agenda Market Overview & Drivers for Change Key challenges that organizations face Data Analytics What is data analytics and how can it help

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS RISK FACTORS Report by the Chairman of the Board of Directors on corporate governance, risk management and internal controls Property damage and operating loss insurance Property damage/operating loss

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

A Framework for Managing Crime and Fraud

A Framework for Managing Crime and Fraud A Framework for Managing Crime and Fraud ASIS European Security Conference & Exhibition Gothenburg, April 15, 2013 Torsten Wolf Group Head of Crime and Fraud Prevention Agenda Introduction Economic Crime

More information

Revised May 2007. Corporate Governance Guideline

Revised May 2007. Corporate Governance Guideline Revised May 2007 Corporate Governance Guideline Table of Contents 1. INTRODUCTION 1 2. PURPOSES OF GUIDELINE 1 3. APPLICATION AND SCOPE 2 4. DEFINITIONS OF KEY TERMS 2 5. FRAMEWORK USED BY CENTRAL BANK

More information

How to Develop Successful Enterprise Risk and Vendor Management Programs

How to Develop Successful Enterprise Risk and Vendor Management Programs Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

House of Representatives passes the Alternative Investment Funds (AIF) law of 2014

House of Representatives passes the Alternative Investment Funds (AIF) law of 2014 July 2014 House of Representatives passes the Alternative Investment Funds (AIF) law of 2014 On Thursday 10 July 2014, the House of Representatives passed a Law ( the Law ) concerning the Alternative Investment

More information

Internal Audit and Advisory Services DRAFT

Internal Audit and Advisory Services DRAFT Internal Audit and Advisory Services DRAFT PAGE(S) Message from the Internal Audit and Advisory Services...1-2 Internal Audit and Advisory Services Plan...3-5 Objectives...6-7 Risk Assessment Process...8

More information

Code of Practice for Directors

Code of Practice for Directors Code of Practice for Directors This Code provides guidance to directors to assist them in carrying out their duties and responsibilities in accordance with the highest professional standards. 1.0 INTRODUCTION

More information

Corporate Governance Attestation Statement Health Support Services 2011-12

Corporate Governance Attestation Statement Health Support Services 2011-12 Corporate Governance Attestation Statement 2011-12 ESTABLISH ROBUST GOVERNANCE AND OVERSIGHT FRAMEWORKS Role and function of the Chief Executive The Chief Executive carries out that Offices functions,

More information

La Qualità dietro lo sportello: metodi, strumenti e tecnologie

La Qualità dietro lo sportello: metodi, strumenti e tecnologie 1 La Qualità dietro lo sportello: metodi, strumenti e tecnologie Dr.ssa Paola Pizzi U.O. Collaudo e Certificazione Sessione di Studio AIEA, Verona, 25 novembre 2005 Poste Italiane Group Group s Profile

More information

Enterprise Risk Management for Independent Schools. Denise K. Gutches President DKG Consulting, Inc.

Enterprise Risk Management for Independent Schools. Denise K. Gutches President DKG Consulting, Inc. Enterprise Risk Management for Independent Schools CAIS Trustee/ School Heads Conference Westin St. Francis January 25-26, 2014 Ronald C. Wanglin, CIC, CSRM Chairman of the Board Bolton & Company Denise

More information

Ethics and Compliance Training

Ethics and Compliance Training www.pwc.com Ethics and Compliance Training Keep Up Your Dukes - Benchmarking and Maintaining Your System April 1, 2014 Ethics and Compliance Keep Up Your Dukes - Benchmarking and Maintaining Your System

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...

More information

The IIA Standards: The IPPF Framework

The IIA Standards: The IPPF Framework The IIA Standards: The IPPF Framework S P E A K E R : D O T T. R O B E R TO R O S ATO C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R S I T Y O F R O M E T O R V E R G A T A D E C E M B E R

More information

INTERNAL AUDIT SERVICES CHARTER

INTERNAL AUDIT SERVICES CHARTER INTERNAL AUDIT SERVICES CHARTER www.afrimat.co.za F2016 MISSION AND SCOPE OF WORK The mission of the Internal Audit Service ( IAS ) is to provide independent, risk based internal auditing and consulting

More information

International Standards for the Professional Practice of Internal Auditing INTRODUCTION ATTRIBUTE STANDARDS

International Standards for the Professional Practice of Internal Auditing INTRODUCTION ATTRIBUTE STANDARDS INTRODUCTION Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives

More information

Regulatory aspects of Finance and Leasing Companies

Regulatory aspects of Finance and Leasing Companies Regulatory aspects of Finance and Leasing Companies R.M.C.H.K. Jayasinghe Senior Assistant Director Department of Supervision of Non Bank Financial Institutions 1 Relevant Legislation Licensed Finance

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

COSO 2013 Internal Control Framework

COSO 2013 Internal Control Framework COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What

More information

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL JANUARY 2013 TABLE OF CONTENTS Introduction... 1 Before the Three Lines: Risk Management Oversight and Strategy-Setting...

More information

Principles for the audit committee s role in performance management

Principles for the audit committee s role in performance management Principles for the audit committee s role in performance management The information contained in this guidance paper is provided for discussion purposes. As such, it is intended to provide the reader and

More information

Charter of the Audit Committee of the Board of Directors

Charter of the Audit Committee of the Board of Directors Charter of the Audit Committee of the Board of Directors Dated as of April 27, 2015 1. Purpose The Audit Committee is a committee of the Board of Directors (the Board ) of Yamana Gold Inc. (the Company

More information

Independent third-party company specialized in second and third-party audits

Independent third-party company specialized in second and third-party audits Independent third-party company specialized in second and third-party audits SOCIETY PRESENTATION From several years, AUDIT S.r.l. deals with second and third-party audit services for verification of compliance

More information

INTERNAL AUDIT POLICY

INTERNAL AUDIT POLICY INTERNAL AUDIT POLICY Version control information Document Name: INTERNAL AUDIT POLICY Prepared by: D Davis Version: V 1.0 Date 08/06/2016 health.wa.gov.au MP 0008-16 Effective: 1/7/2016 Title: INTERNAL

More information

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits.

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits. Feature A Higher Level of Governance Monitoring IT Internal Controls Mike Garber, CGEIT, CIA, CITP, CPA, has many years experience as both director for IT governance and as IT audit director for Motorola

More information

LafargeHolcim Ltd. Finance & Audit Committee Charter Review date: July 28, 2015

LafargeHolcim Ltd. Finance & Audit Committee Charter Review date: July 28, 2015 LafargeHolcim Ltd Finance & Audit Committee Charter Review date: July 28, 2015 1. Purpose 1.1 Mission The Finance & Audit Committee ( FAC ) is an expert committee formally appointed by the Board of Directors

More information

on Asset Management Management

on Asset Management Management 2008 Guidelines for for Insurance Insurance Undertakings Undertakings on Asset on Asset Management Management 2 Contents Context...3 1. General...3 2. Introduction...3 3. Regulations and guidelines for

More information

ORICA LIMITED 1) THE BOARD - 2) BOARD COMMITTEES - 3) CHAIRMAN - 4) MANAGING DIRECTOR & CEO

ORICA LIMITED 1) THE BOARD - 2) BOARD COMMITTEES - 3) CHAIRMAN - 4) MANAGING DIRECTOR & CEO ORICA LIMITED 1) THE BOARD - Powers, Duties and Responsibilities 2) BOARD COMMITTEES - Overview 3) CHAIRMAN - Remit 4) MANAGING DIRECTOR & CEO - Remit DEFINITIONS In these documents: the Company means

More information

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need

More information

Application Processing Monitoring the processing of the application with the regulator, and liaising with the parties involved

Application Processing Monitoring the processing of the application with the regulator, and liaising with the parties involved Investment Funds The use of foreign companies for investment fund activities is a widely spread practice amongst international investors. Abacus offers a comprehensive solution for investment funds and

More information

February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER HENRY A. PANKEY, VICE PRESIDENT, DELIVERY AND RETAIL

February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER HENRY A. PANKEY, VICE PRESIDENT, DELIVERY AND RETAIL February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER CHARLES E. BRAVO SENIOR VICE PRESIDENT, INTELLIGENT MAIL AND ADDRESS QUALITY HENRY A. PANKEY, VICE PRESIDENT, DELIVERY

More information

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing

More information

MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER

MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER Purpose MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER The purpose of the Audit Committee (the Committee ) is to provide assistance to the Board of Directors (the Board ) of Mattel, Inc. (the

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks; Enterprise Content Management (ECM) Policy Version Information A. Introduction Purpose 1. Outline and articulate the strategy for enterprise content management across Redland City Council (RCC). This document

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

International Standards for the Professional Practice of Internal Auditing

International Standards for the Professional Practice of Internal Auditing International Standards for the Professional Practice of Internal Auditing Introduction Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve

More information

OAC Presentation to UNESCO Member States

OAC Presentation to UNESCO Member States OAC Presentation to UNESCO Member States Scope and Purpose of Audit and Risk Committees 29 June 2016 1 Content: 1. Context 2. Audit and Risk Management in UNESCO today 3. Relationship between Entreprise

More information

HEALTH CARE REIT, INC. CORPORATE GOVERNANCE GUIDELINES

HEALTH CARE REIT, INC. CORPORATE GOVERNANCE GUIDELINES HEALTH CARE REIT, INC. CORPORATE GOVERNANCE GUIDELINES The Board of Directors (the Board ) of Health Care REIT, Inc. ( HCN ) has adopted these guidelines to promote the effective functioning of the Board

More information

Audit, Risk Management and Compliance Committee Charter

Audit, Risk Management and Compliance Committee Charter Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition

More information

Tabcorp Holdings Limited

Tabcorp Holdings Limited (ABN 66 063 780 709) Audit, Risk and Compliance Committee Terms of Reference Contents 1 Introduction to the Terms of Reference 1 1.1 General 1 1.2 Board approval 1 1.3 Definitions 1 2 Role of the Committee

More information

January 9, 2009 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS, CHIEF FINANCIAL OFFICERS, AND INSPECTORS GENERAL

January 9, 2009 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS, CHIEF FINANCIAL OFFICERS, AND INSPECTORS GENERAL EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 DEPUTY DIRECTOR FOR MANAGEMENT M-09-06 January 9, 2009 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS,

More information

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a

More information

Top Ten Issues facing Internal Auditing in the Future

Top Ten Issues facing Internal Auditing in the Future Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1

More information

Microsoft Confidential

Microsoft Confidential Brock Phillips, CPA, CFE, CCEP Forensic Accounting Sr. Manager Financial Integrity Unit Microsoft Audit Group Lou DeCola, CPA, CIA, CFE Forensic Accounting Sr. Manager Financial Integrity Unit Microsoft

More information

WEC Energy Group, Inc. Board of Directors Corporate Governance Guidelines (Adopted on August 28, 1996; Revised July 16, 2015)

WEC Energy Group, Inc. Board of Directors Corporate Governance Guidelines (Adopted on August 28, 1996; Revised July 16, 2015) WEC Energy Group, Inc. Board of Directors Corporate Governance Guidelines (Adopted on August 28, 1996; Revised July 16, 2015) ROLE OF THE BOARD The primary responsibility of the Board is to provide effective

More information

Supervisory Board Activities Newsletter April-May 2010

Supervisory Board Activities Newsletter April-May 2010 Supervisory Board Activities Newsletter April-May 2010 During April and May 2010 the Telecom Italia Supervisory Board (Organo di vigilanza OdV) carried on monitoring the correct execution of the Undertakings

More information

Ally Financial Inc. Board of Directors Governance Guidelines

Ally Financial Inc. Board of Directors Governance Guidelines Ally Financial Inc. Board of Directors Governance Guidelines Approved: March 4, 2014 I. Role and Responsibilities of the Board 3 II. Board Size and Composition 4 III. Directorships.. 5 IV. Meetings and

More information

Quality Assurance Checklist

Quality Assurance Checklist Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The

More information

KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER

KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER I. PURPOSE The Audit and Finance Committee (the Committee ) of Keysight Technologies, Inc. (the Company ) is appointed by the Board of Directors

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

Quality Manual ALABAMA RESEARCH & DEVELOPMENT. This Quality Manual complies with the Requirements of ISO 9001:2008.

Quality Manual ALABAMA RESEARCH & DEVELOPMENT. This Quality Manual complies with the Requirements of ISO 9001:2008. ALABAMA RESEARCH & DEVELOPMENT This complies with the Requirements of ISO 9001:2008. Prepared By: Phyllis Olsen Release Date: 03/19/09 Quality Policy & Objectives s quality policy is to achieve sustained,

More information

Risk Committee Charter

Risk Committee Charter Director tools This is part of a series of Director Tools prepared by the Australian Institute of Company Directors. The tools have been designed to assist members with general background information and

More information

Page 1 of 2. Exhibit 99.1

Page 1 of 2. Exhibit 99.1 Page 1 of 2 Report of the Chairman of the Board of Directors as presented in the French-language document de référence (Section L. 225-37 of the French Commercial Code) In preparing this report, the Chairman

More information

Enterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A

Enterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A Brochure More information from http://www.researchandmarkets.com/reports/2243175/ Enterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A Description: High-level

More information

INTERNAL AUDIT DEPARTMENT POLICY MANUAL

INTERNAL AUDIT DEPARTMENT POLICY MANUAL Policy Manual Page 1 INTERNAL AUDIT DEPARTMENT POLICY MANUAL Revised: Page 1 Policy Manual Page 2 Table of Contents Page # Internal Audit Charter (Purpose, Authority, and Responsibility).. 3 University

More information