An Integrated Approach to the Internal Control System

Size: px
Start display at page:

Download "An Integrated Approach to the Internal Control System"

Transcription

1 An Integrated Approach to the Internal Control System - New Methodology for Evaluating Design and Effectiveness - Carolyn Dittmeier President, IIA Italy Vice President, Head of Internal Auditing Poste Italiane 1

2 Increasing legislation and regulation of governance Anti corruption (Law 231) Sarbanes (Law 262) Stock Exchange Governance Code Bank Regulations New Corporate Governance players Corporate Governance Paper IIA Italy 2

3 Numerous corporate governance players Compliance Officer Audit Committee Board of Directors Board of Statutory Auditors Other Control Bodies CFO Quality Internal Audit Security Compliance Function Inspectorate Human Resource & Organization Safety Privacy Operational Management 3

4 Numerous Corporate Governance Players Possible consequences: Cost efficiency Cost of governance exceeds benefits in risk reduction Effectiveness Inadequate/fragmented risk coverage 4

5 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal Control System Three Control Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 5

6 Business Case Its Business General Strategy Logistics, postal and courrier express Banking, financial services and insurance Leveraging upon a major national network, integrating new innovative services to core businesses 150,000 Employees 14,000 Post offices 200 Logistic Centres Vehicles 2,700 ATM Total Sales (mil) of which: Logistics/Postal Financial/ Banking 6

7 Business Case Compliance Officer INTERNAL AUDITING CHAIRMAN BOARD OF DIRECTORS RS CHIEF EXECUTIVE OFFICE LEGAL AFFAIRS Court Auditors Statutory tory Auditors CORPORATE AFFAIRS ACCOUNTANCY & CONTROL RISK MGMT/ SECURITY HUMAN RESOURCES AND ORGANIZATION STRATEGIC PLANNING COMMUNICATION AND PUBLIC AFFAIRS FINANCE CHIEF INFORMATION OFFICE PURCHASING REAL ESTATE BUSINESS UNITS RETAIL NETWORK MAIL EXPRESS AND PARCELS LOGISTICS AND OPERATIONS PHILATELY BANCOPOSTA COMPLIANCE FUNCTION 7 AUDIT

8 Business Case CHAIRMAN CEO Court Auditors Statutory tory Auditors INTERNAL AUDITING Compliance Officer STANDARDS/ RESEARCH PLANNING ETHICS AUDIT Bancoposta AUDIT FINANCIAL & RETAIL NETWORK AUDIT LOGISTICS POSTAL AUDIT SUPPORT PROCESSES GEOGRAPHICAL AREA MANAGERS INTEGRATED PROCESS AUDIT

9 Business Case Governance milestones Public Economic Entity Transformation to a stock company Poste Italiane - Società per Azioni Poste Italiane is subject to supervision of Financial Regulatory Bodies Implementation of Internal Audit replacing Inspectorship Implementation of Ethics Officer Code of Ethics Implementation of Enterprise Risk Management Model 2007 Introduction of Sarbanes Accounting Officer 9

10 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model I. Global Business Risk Assessment 10

11 Global Business Risk Assessment? Operational risks Compliance risks Reputational risks Strategic risks Financial risks Accounting risks 11

12 Business Case Enterprise Risk Management framework adopted in 2006 Obiettivi Goal Model Poste Poste Obiettivi di Business Efficienza di Processo Volume/Ricavie Obiettivi di Governo Rispetto della normativa Sicurezza Affidabilità delle informazioni OBIETTIVI RISCHI POTENZIALI Risk Model Poste Rischi Interni Fattore Disegno umano Processo/Sistemi Compliance Processi IT Rischi Esterni Governo e controllo direzionale Monitoraggio/ Informativa Scenario Socio- Economico Concorrenza Mercato/ Cliente Contenimento Costi Customer Satisfaction Employee welfare CONTROLLI Risorse Umane Processi Ammin./ Contab. Pianificazione Partner/ Fornitori Quota di mercato Redditività Innovazione Tecnologica Certezza operativa Integrazione Efficacia ed Efficienza IT RISCHI RESIDUI Rischi Non Operativi Rischi Operativi Altri Processi Infrastruttura/ Risorse tecniche Integrazione Contesto Legale Attacchi/ Eventi esterni Tecnologia Risk Model based on Goal Model

13 ERM Business Maturity Checkpoints 1. Risk Framework 2. Control Risk Self-Assessment worshop 3. Strong professional development programs 4. Budget and incentive system incorporating Key Risk Indicators 5. Full risk management culture

14 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model II. A Unified Internal Control System Three Control Levels Optimizing Relationships Single Evaluation Criteria 14

15 Three levels of control activities within the Enterprise Risk Management Model Company Bodies Audit Committee Definition of Objectives Risk Management Internal environment Information and communication COSO: Control activities 3 rd Level Assurance Activity (Internal Audit) 2 nd Level Monitoring Activity (Risk Management, Compliance, Controller) 1 st Level Control Activity (Line Control) 15

16 A Unified Internal Control System Optimizing Relationships between Control bodies and functions Informational Reporting Communication by meetings and presentations Providing Directives In relation to their assurance, consulting or other roles 16

17 Reporting & Interchange between Governance & Control Bodies Business Case Statutory tory Auditors BOARD OF DIRECTORS RS Monthly Court Auditors Compliance Officer Bimonthly CFO Financial Reporting control Quarterly INTERNAL AUDITING Overall Internal Control Semiannual Bimonthly COMMITTEE Internal Audit, Human Resources, Legal Affairs; CFO; Security/Risk Mgmt Risk and Compliance Periodic : issues Risk Management Bancoposta Compliance Function Bancoposta Company Business Units and Depts 17

18 A Unified Internal Control System Integrated methodology for business control identification and evaluation Focusing separately on: Control Design Control Operating Effectiveness 18

19 How to evaluate the Integrated Internal Control System Risk Tolerance Control Objectives Risk Acceptance Control Design Adequacy Effectiveness, Efficiency and cost effectiveness Operating effectiveness Relevance Strength Resources availability Red-flag analysis Coverage Reactivity Compliance verification 19

20 Definition of a control? A set of activities whose purpose is to identify and correct errors and anomalies in order to reach defined control objectives, risk based Input Standard Input Capture/ Measurement Comparison input / standard Correction Output 20

21 Control Objectives, risk based (examples) Quality and timeliness of operations Reliability and integrity of Company information (financial and operational) Proper and effective contractual relations with customers and suppliers Compliance to Regulations Prevention of fraud Business continuity 21

22 How to evaluate the Integrated Internal Control System Risk Tolerance Control Objectives Risk Acceptance Control Design Adequacy Effectiveness, Efficiency and Cost effectiveness Operating effectiveness Relevance Strength Resources availability Red-flag analysis Coverage Reactivity Compliance verification 22

23 Process Case study: quality cheese production Production of fresh cheese according to quality standards Activity 1 Supply request Activity 2 Production Control over Production Time Standards Activity 3 Packaging For every fresh cheese lot, the Production Dept requests, up to 5 days before the fermentation process, requests from the Purchasing Dept quantities of milk supplies on the basis of approved monthly sales forecasts. Upon supply of milk (<3 days) the Production Dept proceeds: Pasteurisation (2 hours) Coagulation of casein (2 hours) Drainage of whey (1 hour); Pressing and salting (1 hour) (time frame automatically recorded in 3 of 4 phases) The Quality Dept verifies respect of production time standards. If non compliant, it blocks the packaging process, requesting the lot to be destroyed and re-produced. Following authorization given by Quality Dept, the Production Dept proceeds to package the fresh cheese within 24 hours for delivery by the Distribution Dept by the next day. 23

24 Case study: quality cheese production Control objectives: Ensure fresh cheese according to quality standards Ensure the absence of pathogens in the milk Ensure production-time for avoiding pathogenic generation Ensure temperature-preservation for avoiding pathogenic generation Control over Production Time Standards Control components Actual time frame (automatic) Time Limitation Standards Information System Check Lot destruction when out of time standard Replacement of Production lot Authorization for packaging 24

25 Control evaluation:scale of 1-5 (1-2 positive, negative). Control Objective Adequacy 2 Control Design Operating effectiveness 1 Relevance Coverage Strength 3 Reactivity Resources availability Compliance test Red-flag analysis Discretion Integration Independe nt Segregatio n Automatio n Adaptabilit y Traceabilit y 25

26 Case study: quality cheese production Discretion Integration Independence Segregation Automation Adaptability Traceability Strength 3

27 Case study: quality cheese production Coverage Risk Tolerance Control Design Relevance Strength Scenario Control Objectives Adequacy Effectiveness, Efficiency and cost effectiveness Reactivity Control design evaluation: positive (2) Resources availability Risk Acceptance Operating effectiveness Compliance test Red-flag analysis Control operating effectiveness evaluation: good (3) Test 1 Audit Program Verify Information system utilized for standard check Test 2 Examine Sample of production lots checked by Quality Dept scenario 1^ 1^ scenario 2^ 2^ scenario 3^ 3^ Known and and positive design Known; design non non positive Unknown design Audit Exception Level Test 1: 20% - Test 2: 5% 27

28 Corporate Governance Paper Associazione Italiana Internal Auditors Key points to an Integrated Corporate Governance Model: I. Global business risk assessment II. Unified Internal Control System Three Control Levels Optimizing Relationships Single Evaluation Criteria III. Mechanisms of Assurance 28

Numerous corporate governance players

Numerous corporate governance players An Integrated Approach to the Internal System - New Methodology for Evaluating Design and Effectiveness - Carolyn Dittmeier President, IIA Italy Vice President, Head of Internal Auditing Poste Italiane

More information

Procedure deliberative per il compimento di operazioni con soggetti collegati

Procedure deliberative per il compimento di operazioni con soggetti collegati COMMENTS TO THE DISCUSSION PAPER OF THE BANK OF ITALY S DISPOSIZIONI DI VIGILANZA PRUDENZIALE PER LE BANCHE SISTEMA DEI CONTROLLI INTERNI, SISTEMA INFORMATIVO E CONTINUITÀ OPERATIVA Deutsche Bank SpA Procedure

More information

Texas Workforce Commission

Texas Workforce Commission Fiscal Year 2016 Audit Plan Approved by Commission September 28, 2015 Fiscal Year 2016 Audit Plan 1 Table of Contents Overview... 3 The Role of Internal Audit... 3 Professional and Statutory Requirements...

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE I. Committee Purpose The Risk Committee is appointed by the Board of Directors of HSBC Finance Corporation (the Corporation ) and is responsible,

More information

Addressing SOX compliance with XaitPorter. Version 1.0 Sept. 2014

Addressing SOX compliance with XaitPorter. Version 1.0 Sept. 2014 Addressing SOX compliance with XaitPorter Version 1.0 Sept. 2014 Table of Contents 1 Addressing Compliance... 1 2 SOX Compliance... 2 3 Key Benefits... 5 4 Contact Information... 6 1 Addressing Compliance

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

Internal/External Audits

Internal/External Audits Internal/External Audits Joint World Bank/Federal Reserve System Seminar for Senior Bank Supervisors Arthur Lindo Federal Reserve Board Presentation Topics ❿Internal Audit, Corporate Governance and Controls

More information

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies James Barkley, Simon Property Group, Inc. and David E. Weiss, DDR Corp. Introduction: As lawyers, particularly real estate

More information

Crime Prevention and Anti- Fraud Policy of Gamesa Corporación Tecnológica, S.A. (March 23, 2011)

Crime Prevention and Anti- Fraud Policy of Gamesa Corporación Tecnológica, S.A. (March 23, 2011) Crime Prevention and Anti- Fraud Policy of Gamesa Corporación Tecnológica, S.A. (March 23, 2011) I. PURPOSE The Board of Directors of Gamesa Corporación Tecnológica, S.A. (the Company or Gamesa) has been

More information

For personal use only

For personal use only Statement of Corporate Governance for the Year Ended 30 June 2015 This Corporate Governance Statement is current as at 1 September 2015 and has been approved by the Board of Equus Mining Limited ( the

More information

Compliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert

Compliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Compliance Applicata Milano, 7 febbraio 2007 Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Legislazione e Normative Terrorism Act 2000 Sarbanes Oxley Act FSA CMA HIPAA Here is another one Obscene

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218 Copyright in the material is owned by the State of New South Wales. Apart from any use as permitted under the Copyright Act 1968 and/or as explicitly permitted below, all other rights are reserved. You

More information

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER OF THE BOARD OF DIRECTORS OF Copyright/permission to reproduce Materials in this document were produced or compiled by

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

Auditing Outsourcing Arrangements

Auditing Outsourcing Arrangements Auditing Outsourcing Arrangements Eileen Healy Enterprise Risk Services Director 16 April 2015 Contact Details: - Email: - ehealy@deloitte.ie Mobile: - 086 164 3082 Session Objectives To provide an understanding

More information

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document.

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document. Internal Control ACCA P1 Internal Control Turnbull Report 1999 provided guidance for creating strong internal control system and later incorporated into Combined code, it was last revised in 2005 and still

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER Page 1 of 7 A. GENERAL 1. PURPOSE The purpose of the Audit Committee (the Committee ) of the Board of Directors (the Board ) of Teck Resources Limited ( the Corporation ) is to provide an open avenue of

More information

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER KING III CORPORATE GOVERNANCE REGISTER CHAPTER 1: ETHICAL LEADERSHIP AND CORPORATE CITIZENSHIP NON 1.1. The board should provide effective leadership based on an ethical foundation 1.2. The board should

More information

Sample Financial institution Risk Management Policy 2011

Sample Financial institution Risk Management Policy 2011 Sample Financial institution Risk Management Policy 2011 1 Contents Risk Management Program...2 Internal Control and Risk Management Diagram... 2 General Control Environment... 2 Specific Internal Control

More information

COHERENT, INC. Board of Directors. Governance Guidelines

COHERENT, INC. Board of Directors. Governance Guidelines COHERENT, INC. Board of Directors Governance Guidelines Effective: December 12, 2013 1. Mission of the Board The Board of Directors (the Board ) has the ultimate responsibility for the well being of the

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS RISK FACTORS Report by the Chairman of the Board of Directors on corporate governance, risk management and internal controls Property damage and operating loss insurance Property damage/operating loss

More information

A Framework for Managing Crime and Fraud

A Framework for Managing Crime and Fraud A Framework for Managing Crime and Fraud ASIS European Security Conference & Exhibition Gothenburg, April 15, 2013 Torsten Wolf Group Head of Crime and Fraud Prevention Agenda Introduction Economic Crime

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area CODE OF CORPORATE GOVERNANCE INTRODUCTION Corporate Governance is a term used to describe how organisations direct and control what they do. As well as systems and processes this includes cultures and

More information

The purpose of internal control within the Cegedim Group are based on the following topics:

The purpose of internal control within the Cegedim Group are based on the following topics: CHAIRMAN OF THE BOARD OF DIRECTORS REPORT ON THE PREPARATION AND ORGANIZATION OF THE BOARD S WORK AND ON THE INTERNAL CONTROL PROCEDURES IMPLEMENTED BY THE COMPANY INTERNAL CONTROL PROCEDURES Purpose of

More information

Framework for Enterprise Risk Management

Framework for Enterprise Risk Management Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach

More information

PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES

PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES A. THE ROLE OF THE BOARD OF DIRECTORS 1. Direct the Affairs of the Corporation for the Benefit of Shareholders The Prudential board

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...

More information

Independent third-party company specialized in second and third-party audits

Independent third-party company specialized in second and third-party audits Independent third-party company specialized in second and third-party audits SOCIETY PRESENTATION From several years, AUDIT S.r.l. deals with second and third-party audit services for verification of compliance

More information

Principles for the audit committee s role in performance management

Principles for the audit committee s role in performance management Principles for the audit committee s role in performance management The information contained in this guidance paper is provided for discussion purposes. As such, it is intended to provide the reader and

More information

A Sarbanes-Oxley Roadmap to Business Continuity

A Sarbanes-Oxley Roadmap to Business Continuity A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT

More information

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need

More information

LafargeHolcim Ltd. Finance & Audit Committee Charter Review date: July 28, 2015

LafargeHolcim Ltd. Finance & Audit Committee Charter Review date: July 28, 2015 LafargeHolcim Ltd Finance & Audit Committee Charter Review date: July 28, 2015 1. Purpose 1.1 Mission The Finance & Audit Committee ( FAC ) is an expert committee formally appointed by the Board of Directors

More information

Application Processing Monitoring the processing of the application with the regulator, and liaising with the parties involved

Application Processing Monitoring the processing of the application with the regulator, and liaising with the parties involved Investment Funds The use of foreign companies for investment fund activities is a widely spread practice amongst international investors. Abacus offers a comprehensive solution for investment funds and

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

Revised May 2007. Corporate Governance Guideline

Revised May 2007. Corporate Governance Guideline Revised May 2007 Corporate Governance Guideline Table of Contents 1. INTRODUCTION 1 2. PURPOSES OF GUIDELINE 1 3. APPLICATION AND SCOPE 2 4. DEFINITIONS OF KEY TERMS 2 5. FRAMEWORK USED BY CENTRAL BANK

More information

Supervisory Board Activities Newsletter April-May 2010

Supervisory Board Activities Newsletter April-May 2010 Supervisory Board Activities Newsletter April-May 2010 During April and May 2010 the Telecom Italia Supervisory Board (Organo di vigilanza OdV) carried on monitoring the correct execution of the Undertakings

More information

Tabcorp Holdings Limited

Tabcorp Holdings Limited (ABN 66 063 780 709) Audit, Risk and Compliance Committee Terms of Reference Contents 1 Introduction to the Terms of Reference 1 1.1 General 1 1.2 Board approval 1 1.3 Definitions 1 2 Role of the Committee

More information

Audit, Risk Management and Compliance Committee Charter

Audit, Risk Management and Compliance Committee Charter Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition

More information

IT Governance Charter

IT Governance Charter Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms

More information

August 2012 Report No. 12-048

August 2012 Report No. 12-048 John Keel, CPA State Auditor An Audit Report on The Texas Windstorm Insurance Association Report No. 12-048 An Audit Report on The Texas Windstorm Insurance Association Overall Conclusion The Texas Windstorm

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL 32701-4201 USA

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL 32701-4201 USA INTERNATIONAL Professional Practices Framework (IPPF) Disclosure Copyright 2009 by The Institute of Internal Auditors Research Foundation (IIARF), 247 Maitland Avenue, Altamonte Springs, Florida 32701-4201.

More information

La Qualità dietro lo sportello: metodi, strumenti e tecnologie

La Qualità dietro lo sportello: metodi, strumenti e tecnologie 1 La Qualità dietro lo sportello: metodi, strumenti e tecnologie Dr.ssa Paola Pizzi U.O. Collaudo e Certificazione Sessione di Studio AIEA, Verona, 25 novembre 2005 Poste Italiane Group Group s Profile

More information

Kesa Risk Universe Compliance Risks

Kesa Risk Universe Compliance Risks Page 1 POLICY CHANGE MANAGEMENT Amendments made Edition Date Original version 00 09/2003 New original version all pages amended 01 06/2009 Pages 5, 7, 8, 9 amended 02 12/2010 Page 2 KESA AUDIT COMMITTEE

More information

Internal Audit and Advisory Services DRAFT

Internal Audit and Advisory Services DRAFT Internal Audit and Advisory Services DRAFT PAGE(S) Message from the Internal Audit and Advisory Services...1-2 Internal Audit and Advisory Services Plan...3-5 Objectives...6-7 Risk Assessment Process...8

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles Application of Corporate Governance Principles Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have been applied

More information

MIDCONTINENT INDEPENDENT SYSTEM OPERATOR, INC. BOARD OF DIRECTORS CORPORATE GOVERNANCE & STRATEGIC PLANNING COMMITTEE CHARTER

MIDCONTINENT INDEPENDENT SYSTEM OPERATOR, INC. BOARD OF DIRECTORS CORPORATE GOVERNANCE & STRATEGIC PLANNING COMMITTEE CHARTER MIDCONTINENT INDEPENDENT SYSTEM OPERATOR, INC. BOARD OF DIRECTORS CORPORATE GOVERNANCE & STRATEGIC PLANNING COMMITTEE CHARTER I. ORGANIZATION There shall be a committee of the Board of Directors ( Board

More information

Internal Controls and Risk Management Report

Internal Controls and Risk Management Report 42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management

More information

Standards for the Professional Practice of Internal Auditing

Standards for the Professional Practice of Internal Auditing Standards for the Professional Practice of Internal Auditing THE INSTITUTE OF INTERNAL AUDITORS 247 Maitland Avenue Altamonte Springs, Florida 32701-4201 Copyright c 2001 by The Institute of Internal Auditors,

More information

Relevant COSO Principles. Policies and procedures are maintained. Policies and Procedures. Roles and responsibilities are identified

Relevant COSO Principles. Policies and procedures are maintained. Policies and Procedures. Roles and responsibilities are identified Accountability is unable to govern service processes No consistent or communicated policies procedures structure is inadequate Policies procedures are maintained Roles responsibilities are identified Policies

More information

The IIA Standards: The IPPF Framework

The IIA Standards: The IPPF Framework The IIA Standards: The IPPF Framework S P E A K E R : D O T T. R O B E R TO R O S ATO C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R S I T Y O F R O M E T O R V E R G A T A D E C E M B E R

More information

Security Control Standard

Security Control Standard Security Standard The security and risk management baseline for the lottery sector worldwide Updated by the WLA Security and Risk Management Committee V1.0, November 2006 The WLA Security Standard is the

More information

House of Representatives passes the Alternative Investment Funds (AIF) law of 2014

House of Representatives passes the Alternative Investment Funds (AIF) law of 2014 July 2014 House of Representatives passes the Alternative Investment Funds (AIF) law of 2014 On Thursday 10 July 2014, the House of Representatives passed a Law ( the Law ) concerning the Alternative Investment

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents

QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents Chapter j 38 Self Assessment 729 QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements 1. Establishing and implementing a documented quality management system 2. Implementing a documented quality

More information

Dairy Market, Romania, 2009-2016

Dairy Market, Romania, 2009-2016 Brochure More information from http://www.researchandmarkets.com/reports/3043644/ Dairy Market, Romania, 2009-2016 Description: In 2013 the milk and dairy market in Romania rose 8% in volume and 12% in

More information

Guide to Internal Control Over Financial Reporting

Guide to Internal Control Over Financial Reporting Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).

More information

Ramsay Health Care Limited ACN 001 288 768 Board Charter. Charter

Ramsay Health Care Limited ACN 001 288 768 Board Charter. Charter Ramsay Health Care Limited ACN 001 288 768 Board Charter Charter Approved by the Board of Ramsay Health Care Limited on 23 October 2012 Ramsay Health Care Limited ABN 57 001 288 768 Board Charter Contents

More information

Regulatory aspects of Finance and Leasing Companies

Regulatory aspects of Finance and Leasing Companies Regulatory aspects of Finance and Leasing Companies R.M.C.H.K. Jayasinghe Senior Assistant Director Department of Supervision of Non Bank Financial Institutions 1 Relevant Legislation Licensed Finance

More information

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits.

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits. Feature A Higher Level of Governance Monitoring IT Internal Controls Mike Garber, CGEIT, CIA, CITP, CPA, has many years experience as both director for IT governance and as IT audit director for Motorola

More information

Corporate Governance Attestation Statement Health Support Services 2011-12

Corporate Governance Attestation Statement Health Support Services 2011-12 Corporate Governance Attestation Statement 2011-12 ESTABLISH ROBUST GOVERNANCE AND OVERSIGHT FRAMEWORKS Role and function of the Chief Executive The Chief Executive carries out that Offices functions,

More information

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS INTERNATIONAL STANDARD ON AUDITING 315 IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (Effective for audits of financial statements for

More information

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report Data Analysis: The Cornerstone of Effective Internal Auditing A CaseWare Analytics Research Report Contents Why Data Analysis Step 1: Foundation - Fix Any Cracks First Step 2: Risk - Where to Look Step

More information

AMTRUST FINANCIAL SERVICES, INC. AUDIT COMMITTEE CHARTER

AMTRUST FINANCIAL SERVICES, INC. AUDIT COMMITTEE CHARTER Audit Committee Charter AMTRUST FINANCIAL SERVICES, INC. AUDIT COMMITTEE CHARTER Audit Committee Purpose The Audit Committee ( Committee ) is appointed by the Board of Directors of AmTrust Financial Services,

More information

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND

More information

Charter of the Audit Committee of the Board of Directors

Charter of the Audit Committee of the Board of Directors Charter of the Audit Committee of the Board of Directors Dated as of April 27, 2015 1. Purpose The Audit Committee is a committee of the Board of Directors (the Board ) of Yamana Gold Inc. (the Company

More information

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM)) Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose

More information

Internal Audit Terms of Reference

Internal Audit Terms of Reference Internal Audit Terms of Reference Introduction 1. The Internal Audit Terms of Reference (ToR) describes the framework within which the Internal Audit Service is delivered. It is intended to act as a guide

More information

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL JANUARY 2013 TABLE OF CONTENTS Introduction... 1 Before the Three Lines: Risk Management Oversight and Strategy-Setting...

More information

INTERNAL CONTROLS EVALUATION

INTERNAL CONTROLS EVALUATION INTERNAL CONTROLS EVALUATION Planning an Internal Controls Evaluation Project Internal Control Documentation Internal Control Testing Evaluation of Internal Control Deficiency Reporting Internal Control

More information

Reputation, Brand & Communications

Reputation, Brand & Communications Group Standard Reputation, Brand & Communications Serco is committed to building a positive reputation with its stakeholders, wherever we operate SMS-GS-BC4 Reputation, Brand and Communication December

More information

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

AGA Kansas City Chapter Data Analytics & Continuous Monitoring AGA Kansas City Chapter Data Analytics & Continuous Monitoring Agenda Market Overview & Drivers for Change Key challenges that organizations face Data Analytics What is data analytics and how can it help

More information

MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER

MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER Purpose MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER The purpose of the Audit Committee (the Committee ) is to provide assistance to the Board of Directors (the Board ) of Mattel, Inc. (the

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

CHARTER PEOPLE S UNITED FINANCIAL, INC. AUDIT COMMITTEE

CHARTER PEOPLE S UNITED FINANCIAL, INC. AUDIT COMMITTEE CHARTER PEOPLE S UNITED FINANCIAL, INC. AUDIT COMMITTEE Purpose and Authority: The Audit Committee (the Committee ) of People s United Financial, Inc. (together with its subsidiary People s United Bank

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

COSO 2013 Internal Control Framework

COSO 2013 Internal Control Framework COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What

More information

PCI Compliance reporting solution

PCI Compliance reporting solution PCI Compliance reporting solution This document describes GamePlan s PCI DSS compliance solution and its ability to assist organisations to be compliant with the regulatory requirements of the Payment

More information

Poste Italiane ICT Measurement

Poste Italiane ICT Measurement Poste Italiane ICT Measurement Paolo Baldelli DCPT Process and Technologies Central Department Poste Italiane S.p.A. 1 Direzione Centrale Processi e Tecnologie Agenda! Poste Italiane : the Company and

More information

Top Ten Issues facing Internal Auditing in the Future

Top Ten Issues facing Internal Auditing in the Future Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1

More information

Industry Sound Practices for Financial and Accounting Controls at Financial Institutions

Industry Sound Practices for Financial and Accounting Controls at Financial Institutions Industry Sound Practices for Financial and Accounting Controls at Financial Institutions Federal Reserve Bank of New York January 2006 FINANCIAL AND ACCOUNTING CONTROLS: INDUSTRY SOUND PRACTICES FOR FINANCIAL

More information

February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER HENRY A. PANKEY, VICE PRESIDENT, DELIVERY AND RETAIL

February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER HENRY A. PANKEY, VICE PRESIDENT, DELIVERY AND RETAIL February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER CHARLES E. BRAVO SENIOR VICE PRESIDENT, INTELLIGENT MAIL AND ADDRESS QUALITY HENRY A. PANKEY, VICE PRESIDENT, DELIVERY

More information

IT Insights. Managing Third Party Technology Risk

IT Insights. Managing Third Party Technology Risk IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate

More information

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING A CaseWare IDEA Research Report CaseWare IDEA Inc. is a privately held software development and marketing company, with offices in Toronto

More information

Enhancing Sustainability and Profitability for Utility Businesses through Effective & Efficient Supply Chain Management

Enhancing Sustainability and Profitability for Utility Businesses through Effective & Efficient Supply Chain Management Enhancing Sustainability and Profitability for Utility Businesses through Effective & Efficient Supply Chain Management Kevin Jacoby Chief Financial Officer City of Cape Town South Africa Overview Supply

More information

Semiannual Report to Congress. Office of Inspector General

Semiannual Report to Congress. Office of Inspector General Semiannual Report to Congress Office of Inspector General Federal Election Commission 999 E Street, N.W., Suite 940 Washington, DC 20463 April 1, 2005 September 30, 2005 November 2005 TABLE OF CONTENTS

More information

Page 1 of 2. Exhibit 99.1

Page 1 of 2. Exhibit 99.1 Page 1 of 2 Report of the Chairman of the Board of Directors as presented in the French-language document de référence (Section L. 225-37 of the French Commercial Code) In preparing this report, the Chairman

More information

CORPORATE GOVERNANCE STATEMENT

CORPORATE GOVERNANCE STATEMENT CORPORATE GOVERNANCE STATEMENT CORPORATE GOVERNANCE PRINCIPLES AND RECOMMENDATIONS In determining what those standards should involve, Sundance has considered the 3 rd Edition of ASX Corporate Governance

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge

More information