One year to go How fit are Swiss companies?*
|
|
- Clyde Griffin
- 8 years ago
- Views:
Transcription
1 Internal Control Systems One year to go How fit are Swiss companies?* Survey (November 2007)
2 Contents Introduction 3 Executive summary 4 How do risk assessment and scoping interlink? 6 How are internal controls effectively identified, documented and implemented? 7 Why is internal control effectiveness testing important for internal reporting on the ICS? 8 What about the people factor? 9 The way forward 10 Your contacts at PricewaterhouseCoopers 11
3 Introduction The amendments to the Swiss Code of Obligations designed to strengthen Internal Control Systems (ICS) over financial reporting became effective on 1 January While the quality of financial reporting and the public s trust in the financial information provided by companies will significantly improve following implementation, the required changes have imposed a substantial burden of time and resources on companies in Switzerland. To prepare for the December 2008 compliance deadline, companies will have to cover considerable ground to ensure that the appropriate controls are documented and in place. Many companies in Switzerland wish to deploy a sustainable, efficient and value-adding compliance process and are now looking for insights into how to do so. Senior managers are intent on reducing the cost of compliance and delivering real benefits from this process. PricewaterhouseCoopers is supporting Swiss companies with projects and knowledge-based activities to help them tackle this challenge. Most recently, in November 2007, it held half-day interactive workshops carried out across Switzerland. The main goal of these workshops was to ensure that ICS project leaders fully understood the requirements and implications of designing and implementing an efficient and effective ICS as well as to address their main challenges and concerns. In addition we wanted to assess their state of readiness to meet the requirements of Section 728a in conjunction with Section 716 of the Swiss Code of Obligations (CO). With one year to the compliance deadline, we wanted to find out whether companies felt confident with the concepts raised by the amendments to the Act that came into force on 1 January 2008 and how sure they are of becoming compliant during During these workshops, we used a survey tool to increase the learning effect and enhance the exchange of experience between participants. The findings and recommendations detailed in this document are the opinions expressed by more than 100 ICS project team leaders who participated in these workshops. Based on its practical experience with ICS projects for many companies, PwC believes these results are representative of the current situation for most Swiss companies. PwC would like to express its sincere thanks to the participants for sharing their knowledge and experience. Rainer van Alphen Leader Internal Control Services November
4 Executive summary The large majority of ICS project team leaders at Swiss companies are confident of becoming compliant with the requirements for an ICS by the end of However, potentially the largest danger is that of having to repeat costs and efforts incurred to achieve year one compliance in the future unless steps are taken now to address a number of key challenges. Overall, the responses obtained were upbeat. An overwhelming majority of 91% of Swiss ICS project leaders who participated said they felt comfortable with the concepts of an ICS, their ICS initiative was well established and they would be compliant with 728a CO by the end of % of the enterprises represented, named the Chief Financial Officers as the sponsor and person with overall responsibility for their ICS initiative. Risk management or internal audit was reportet to be in charge at around 9% of companies represented. Less than 5% had appointed an ICS officer to take overall responsibility for their entire ICS efforts. 64% of those polled indicated that their ICS initiative covered more than just financial accounting and reporting. Instead, it appeared that most enterprises were taking the advantage of the new requirements to address further operational issues, such as business risks and process inefficiencies. There was also a clear concurrence among more than 70% that there were benefits to be gained from adopting a risk-based approach and concentrating on (direct) company level controls as well as on automation and prevention when designing and implementing an ICS. A substantial portion (more that one third of respondents) believed that there were advantages in determining the quality of their ICS through targeted testing to serve as a basis for reporting to Senior Management and Boards of Directors. Some 85% of Swiss ICS leaders surveyed explained that their organisation had goal-directed internal reporting on ICS matters covering the effectiveness, traceability and efficiency of internal controls as well as the reliability of business processes, controls awareness and integration with risk management. Why not look beyond year one? The intense focus on the deadline might prevent businesses from treating Sections 716 and 728 of the Swiss Code of Obligations projects as milestones on the way to the larger goal of sustainable compliance. The legislation 91% of Swiss ICS project leaders who participated said they felt comfortable with the concepts of an ICS... 4
5 ought to be seen as an opportunity to investigate operational processes, which often form the basis of reliable financial reporting, and to review them with a view to eliminating process inefficiencies. The ICS initiative should be seen as more than a standalone project with limited or no integration with other controls and compliance activities. Instead companies should be integrating it with other efforts such as process improvement and risk management. How do companies get the most out of technology? Companies should be taking full advantage of automation utilising both their existing in-house systems and dedicated ICS tools to assist with compliance. There is huge potential in the field of business critical systems where process controls can be automated (almost 30% of respondents had less than 30% of their controls automated and almost 50% did not know how many controls were automated) inherently providing for greater control efficiency; such controls are often preventive in nature thus ensuring early effectiveness in end-to-end processing of information. Why not challenge the status quo? Insights from ICS projects should be used as a powerful catalyst for change. The real rewards now are not just attaining compliance but cost savings, improved control and tangible business benefits through a process of controls optimisation resulting in having the right controls at the right cost for an organisation. In the section The way forward following the detailed survey findings and analysis, we offer some thoughts on how best in class organisations are addressing these challenges. 5
6 How do risk assessment and scoping interlink? The aim of Section 728a CO is to establish an ICS which, as explicitly stated by the Swiss Federal Council (Bundesrat), is aimed at bookkeeping and financial reporting. In other words, Section 728a OR does not focus on operational or compliance processes. Pursuant to this Section, an effective (and efficient) ICS is intended to prevent material misstatements in annual financial statements. Such misstatements can arise when material internal and external risks (e.g. in business operations [i.e. markets, services, products], forms of financing, business and IT processes, etc.) to which an enterprise is subject are not detected and controlled on a timely basis. Risks in reporting and operations can, as a rule, be managed by way of controls. Following a thorough risk assessment process, the next logical step in any top down ICS project would be to determine the scope of entities and processes relevant for an effective controls framework. Of those surveyed, 63% acknowledged that a top-down, risk-based approach is not only acceptable but also a pragmatic starting point when it comes to systematically performing the risk assessment and ultimately scoping for their future ICS. 55% assessed risks by evaluating both the impact and likelihood of a risk materialising and leading to a potential misstatement in their financial statements. 47% of ICS project team leaders also stated that the financial statement items within the scope of the ICS were determined by materiality (which is impacted by risk) and that underlying relevant processes were in turn, determined by the significant financial statement items selected. A number of ICS project team leaders indicated that they would scope their ICS project intuitively. While in a large number of cases this method will result in an ICS of appropriate scope, we suggest ensuring that the thought processes are properly documented. However, to ensure that the scope of the ICS does not unintentionally exceed what is necessary for the organisation, we suggest calibrating the scoping slightly more finely on the basis of quantitative and qualitative measures. 63% acknowledged that a top-down riskbased approach was not only acceptable but also a pragmatic starting point... 6
7 How are internal controls effectively identified, documented and implemented? To efficiently determine what control structures should be designed and put in place, we recommend the concept of direct and precise controls at the entity level, overlaying process and business activities. Effective controls at the entity level potentially require fewer controls at the process levels. However, as business is conducted through business processes, these also need to be supported by effective controls at process level to ensure the orderly processing of transactions. With modern business systems there is great potential for automating controls and preventive measures can be installed at the beginning of transaction processing. 70% of respondents acknowledged that they are already realising or planing to realise synergies by starting to define solid top level management controls as opposed to concentrating on controls at the process level first. 73% of ICS project team leaders stated that when eventually identifying controls on process levels, they would seek to achieve a fine balance between preventive and detective as well as manual and automated controls. However, most agreed they still had quite a long way to go before they had implemented a qualitative and efficient balance of controls. Depending on the size of company represented, the need for and the benefits of using an ICS Management Tool varied considerably. Beyond a certain company size, however, the advantages of using a tool were not questioned. Dedicated ICS Management Tools have functions for graphically depicting process flows, recording and performing risk assessments, supporting the mapping and documenting of processes, risks and controls and probably most importantly supporting consistent (dashboard) reporting on ICS to the Management and Board of Directors. Companies in Switzerland have already realised a number of benefits as a result of using such tools. Among other things, they have been able to streamline the change management process (processes and controls), manage the remediation of issues and control weaknesses, reduce the redundant holding of data, and facilitate version controlling. Almost 65% of company representatives felt that either no dedicated tool for documenting and managing internal controls was required or stated that they had not planned for the use of such a tool. We propose companies define their own criteria for managing a sustainable system of internal controls and investigate the market to establish whether dedicated tools exist that can meet these requirements. 73% stated that they would seek to achieve a fine balance between preventive and detective as well as manual and automated controls... 7
8 Why is internal control effectiveness testing important for internal reporting on the ICS? The following diagram illustrates how the quality and operative effectiveness of internal controls typically deteriorate over time where there is no regular testing of such controls. Conversely, where regular and continuous assessment takes place, the quality of controls is often maintained in the bandwidth defined by the Board of Directors. While 35% of ICS project leaders stated that they had already tested and/or planned to test internal controls for effectiveness, about one quarter did not know whether they would embark on an internal self-testing programme. Goal-directed reporting depends on the concrete requirements specified, including the degree of controls maturity to be achieved. Matters of interest to the Management and Boards are typically: Risk environment, appetite and coverage Quality of enterprise-wide controls (e.g. control environment) Effective and efficient controls at the process level: Weaknesses and corrective measures that have been identified Costs and benefits Further need for optimisation. The vast majority of respondents, 79%, confirmed that internal reporting to Senior Management and the Board of Directors covered areas ranging from the effectiveness, traceability and efficiency of internal controls to the reliability of business processes, controls awareness and integration with risk management. Quality Optimised Level 5 Monitored Level 4 A Standardised Level 3 B Informal Level 2 Not very reliable Level 1 C Legend: A B C ICS quality requirement defined by the Board process with continuous assessment of control quality sporadic checks (improvement process not integrated) normal deterioration in control quality over time Time 8
9 What about the people factor? Probably the single most important factor for successful ICS projects is people. Manual controls and other monitoring functions are executed day-in, day-out by people. The sustainable and effective operation of internal controls depends on well trained employees who are fully aware of the need for internal controls and are conversant with the goals of their Board and Management in terms of the effective operation of the ICS. Training is paramount in running successful projects and knowledge sharing and transfer are key to a sustainable system of internal controls. Only some 25% of respondents stated that they had conducted training on matters relating to ICS and/or had a continuous training programme in place. A concerted effort should be made to transfer knowledge to educate the business about good internal control. Almost 75% of respondents said that internal training was not considered important and/or had not yet been planned. This could stand in the way of cost savings and the delivery of efficiencies going forward. To enable ICS projects to be executed more smoothly and efficiently, we recommend that ICS leaders promote this topic and ensure that it is addressed in a manner appropriate to their organisation. 25% of respondents stated that they had conducted training on matters relating to ICS and/or had a continuous training programme in place... 9
10 The way forward The survey findings reinforce the view that businesses have been taking a project-based approach to compliance. They also highlight tantalising opportunities to add value in the future by reducing the cost of compliance and enhancing finance function efficiency. Companies should be following the lead of best in class organisations by standing back and reviewing their financial reporting processes and controls environment with a view to ensuring that the costs and efforts associated with year one are not repeated. Key areas to focus on are as follows: Gradually broadening the scope beyond the financial accounting and reporting functions by assessing business risks in operational processes, increasing process efficiencies and implementing business controls which mitigate those risks and ensure process stability and reliability. Removing the burden of unnecessary complexity by reducing the number of key controls, prioritising remediation efforts, eliminating duplication and automating processes and controls. Enterprises that have embarked on programmes to centralise and standardise processes and controls typically realise the following benefits: Improved monitoring of business operations and clear organisation and ownership, roles and responsibilities Harmonised and integrated systems, processes and streamlined controls Robust controls environment with the focus on prevention and automation Improved data quality and data integrity fewer errors and reduced fraud risk Robust and reliable financial reporting, also for decision making Trust in financial reporting Reduced cost through elimination of redundant and ineffective/inefficient controls High degree of assurance that no revenues are lost as a result of ineffective process activities Heightened awareness of controls and better co-operation between functions Integration with risk management. Standardising systems, processes and controls by undertaking a structured programme to support the implementation of a one process and one set of controls approach. Centralising key processes and controls by evaluating the business case for centralising or outsourcing key back office processes across the organisation to support a homogenous control environment. 10
11 Your contacts at PricewaterhouseCoopers: Leader Internal Control Services Rainer van Alphen, Partner, Basel Tel , for Banks Martin Schmidt, Director, Zurich Tel , for Industrial Enterprises Cornelia Ritz Bossicard, Senior Manager, Zurich Tel , Dominique Perron, Senior Manager, Geneva Tel , Matthias Rist, Senior Manager, Basel Tel , for Insurances Alex Hofmann, Manager, Zurich Tel , PricewaterhouseCoopers. All rights reserved. PricewaterhouseCoopers refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
12
Understanding and articulating risk appetite
Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,
More informationNavigate the regulatory maze
www.pwc.com.cy Navigate the regulatory maze Delivering Regulatory Compliance services to the Financial Services industry September 2014 As at July 2014 there were more than 40 licensed banking institutions
More informationProcess Control Optimisation with SAP
Process Control Optimisation with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process.
More informationMAGENTA KEYLINE IS A CUTTER GUIDE, DO NOT PRINT. PLEASE SET TRAPPING THROUGHOUT
Risk & Assurance Integrated software solution Managing risks and providing assurance that the process is working is a key requirement for any organisation, as is having an effective and efficient software
More informationLeveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com
Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive
More informationbuilding a business case for governance, risk and compliance
building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building
More informationThe National Commission of Audit
CA Technologies submission to The National Commission of Audit November, 2013 Kristen Bresch CA Technologies Executive Summary CA Technologies is pleased to present the National Commission of Audit the
More informationEnterprise Security Architecture
Enterprise Architecture -driven security April 2012 Agenda Facilities and safety information Introduction Overview of the problem Introducing security architecture The SABSA approach A worked example architecture
More informationAberdeen City Council IT Asset Management
Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates
More informationWhite Paper Governance, Risk Management and Compliance: Sustainability and Integration supported by Technology
White Paper Governance, Risk Management and Compliance: White Paper Governance, Risk Management and Compliance: Published by PricewaterhouseCoopers AG by: Christof Menzies Alan Martin Michael Koch Carsten
More informationBuilding a Strategic Internal Audit Function. A 10-Step Framework
Building a Strategic Internal Audit Function A 10-Step Framework Ten steps to a strategically focused internal audit function With passage of the Sarbanes-Oxley Act and the push for exchange-listed companies
More informationBuilding a Strategic Internal Audit Function
Internal Audit Building a Strategic Internal Audit Function Ten steps to a strategically focused internal audit function With the passage of internal control related rules and regulations in countries
More informationGetting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP
Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory
More informationAn Introduction to Continuous Controls Monitoring
An Introduction to Continuous Controls Monitoring Reduce compliance costs, strengthen the control environment and lessen the risk of unintentional errors and fraud Richard Hunt, Managing Director Marc
More informationUNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework
UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.
More informationWhite paper: Information Management. Information is a strategic business asset are you managing it as such?
White paper: Management Tieto 2013 is a strategic business asset are you managing it as such? White paper: Management Tieto 2013 Management the right decisions and actions at the right time based on correct
More informationP3M3 Portfolio Management Self-Assessment
Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction
More informationManaging the Cost of Compliance in Pharmaceutical Operations 1
Frances Bruttin and Dr. Doug Dean IBM Business Consulting Services Pharmaceutical Sector Aeschenplatz 2 CH-4002 Basel Switzerland +41-58-333-7687 (tel) +41-58-333-8117 (fax) Managing the Cost of Compliance
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationPROJECT MANAGEMENT SURVEY
INDUSTRY TRENDS PROJECT MANAGEMENT SURVEY JANUARY 2015 Introduction 2015 will continue to see organisations across all sectors facing one of the most competitive, challenging and changing corporate environments
More informationISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls
ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 defined Overview of service organisation control reports Service organisation
More informationUK HR & Payroll Compliance in SAP
UK HR & Payroll Compliance in SAP Business challenges Today s human resources and payroll departments are facing a compliance crunch. Continual legislative changes and new requirements are being introduced,
More informationUniversity of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007
University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas
More informationThe following criteria have been used to assess each of the options to ensure consistency and clarity:
4 Options appraisal 4.1 Overview We have appraised each of the options identified in section 3: Maintain the status quo Implement organisational change and service improvement Partner / collaborate with
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationRoyal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information
Royal Borough of Kensington and Chelsea Data Quality Framework ACE: A Framework for better quality data and performance information March 2010 CONTENTS FOREWORD 2 A CORPORATE FRAMEWORK FOR DATA QUALITY
More informationPORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3)
PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3) 1st February 2006 Version 1.0 1 P3M3 Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value
More informationInternal Audit Practice Guide
Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional
More informationThe English Nature and Joint Committee of Staff
This paper was provided to the Joint Committee for decision/discussion or information. Please refer to the minutes of the meeting for Committee s position on the paper. To view other Joint Committee papers
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationSAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance.
SAP Overview Brochure Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. Table of Contents 3) Build trust to achieve business results Introduction 4-5) Gain clarity from greater
More informationSolutions and contact guide
Financial Services Actuarial and Risk Services Solutions and contact guide pwc Introduction We help clients by developing a better understanding of the intersection of risk, reward, control and growth
More informationAccess Governance. Delivering value. What you gain. Putting a project back on track for success
What you gain Risk-managed access Having a second line of defence to identify what needs to be controlled and who owns it lowers your operational costs, while taking a risk-based approach ensures greater
More informationThe Lowitja Institute Risk Management Plan
The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute
More informationBalance collections with retention for each customer. Decision Analytics for debt management in telecommunications
Balance collections with retention for each customer Decision Analytics for debt management in telecommunications Debt management for telecommunications The dynamic telecommunications market is seeing
More informationProject organisation and establishing a programme management office
PROJECT ADVISORY Project organisation and establishing a programme office Leadership Series 1 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of major capital
More informationIntegrated performance management for sustained growth
Integrated performance management for sustained growth Introduction This paper provides Deloitte s insights on Integrated Performance Management (IPM). Organisations that are considering improving, planning,
More informationAudit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee
Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have
More informationRSA ARCHER AUDIT MANAGEMENT
RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures
More informationManaging global tax reporting challenges
Managing global tax reporting challenges tax & accounting Managing global tax reporting challenges there are many factors challenging the effective operation of today s modern corporate tax function. they
More informationSOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY
SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY 1. POLICY STATEMENT Having regard to AS/NZS ISO 31000 Risk Management, it shall be the Policy of SRW to manage risk to protect public safety, quality
More information<Insert Picture Here> Financial Audit Scoping Tool Blueprint for Oracle GRC Applications
Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Implement Audit Standard 5 (AS5) scoping to streamline financial reporting compliance Agenda Financial Audit Scoping
More informationFortune 500 Medical Devices Company Addresses Unique Device Identification
Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit
More informationAuditing Standard 5- Effective and Efficient SOX Compliance
Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the
More informationPFMA 2011-12 The drivers of internal control: Audit committees and internal audit
1 PFMA The drivers of internal control: Audit committees and internal audit CONSOLIDATED GENERAL REPORT on NATIONAL and PROVINCIAL audit outcomes Our reputation promise/mission The Auditor-General of South
More informationPerformance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08
Performance Detailed Report May 2008 Review of Performance Management Audit 2007/08 External audit is an essential element in the process of accountability for public money and makes an important contribution
More informationBridgend County Borough Council. Corporate Risk Management Policy
Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationData analytics Delivering intelligence in the moment
www.pwc.co.uk Data analytics Delivering intelligence in the moment January 2014 Our point of view Extracting insight from an organisation s data and applying it to business decisions has long been a necessary
More informationSouth Northamptonshire Council Contract Assurance: Leisure Contract
South Northamptonshire Council Contract Assurance: Leisure Contract FINAL Internal Audit Report 2012/2013 January 2013 Contents 1. Executive summary 4 2. Background and scope 5 3. Detailed current year
More informationThe Virtual Centre Model
1 - Introduction Since the late 1980 s the European ANS system has gradually become unable to cope with growing traffic demand. The Single European Sky initiative of the European Commission is meant to
More informationBegin with the end in mind
Begin with the end in mind Is your business vision driving your software purchases? Or is it the other way around? Organisations can be paying 25-35% too much for software, support and maintenance costs.
More informationBuilding a framework for operational risk management: the FSA s observations
Policy Statement Financial Services Authority Building a framework for operational risk management: the FSA s observations Feedback on industry practice as we prepare to implement CP142 July 2003 Contents
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...
More informationMANAGING DIGITAL CONTINUITY
MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance
More informationData Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality...
Data Quality Policy Appendix A Updated August 2011 Contents 1. Why do we need a Data Quality Policy?... 2 2 Scope of this Policy... 2 3 Principles of data quality... 3 4 Applying the policy... 4 5. Roles
More informationPart A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
More informationOSFI Updates Guidance on Regulatory Compliance Management. By Carol Lyons and Jared Grossman
Introduction OSFI Updates Guidance on Regulatory Compliance Management By Carol Lyons and Jared Grossman More than 10 years have passed since OSFI 1 first issued Guideline E-13 entitled Legislative Compliance
More informationRisk Management Strategy & Implementation Plan 2014 2016
St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received
More informationOutsourcing and the Affiliate Model
Outsourcing and the Affiliate Model Streamlining Processes and Emphasising Strategy REPORT Outsourcing and Consulting Services for Life Sciences www.productlife-group.com Table of Contents Executive Summary...1
More informationESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014
ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014 Dear Chairperson, I would like to thank you for the opportunity to provide management
More informationRailway Management Maturity Model (RM 3 )
Railway Management Maturity Model (RM 3 ) (Version 1.02) March 2011 Published by the Office of Rail Regulation 1 Contents Introduction... 1 Excellence in safety management systems... 3 Governance, policy
More informationRisk Management Within an Organisation
COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority
More informationRisk Management Framework
Risk Management Framework THIS PAGE INTENTIONALLY LEFT BLANK Foreword The South Australian Government Risk Management Policy Statement 2009 advocates that consistent and systematic application of risk
More informationOrganisational Change Management. Fusing People, Process and Technology www.h3partners.co.uk
Organisational Change Management Fusing People, Process and Technology www.h3partners.co.uk 3 OUR CREDENTIALS At H3 Partners, our mission is to provide clients with improved systems and processes to meet
More informationRISK MANAGEMENT AND COMPLIANCE
RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6
More informationBalance collections with retention for each customer. Decision Analytics for debt management in retail banking
Balance collections with retention for each customer Decision Analytics for debt management in retail banking Debt management for retail banking In the highly competitive retail banking environment, banks
More informationCompliance Policy AGL Energy Limited
Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5
More informationGUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES
Level 37, 2 Lonsdale Street Melbourne 3000, Australia Telephone.+61 3 9302 1300 +61 1300 664 969 Facsimile +61 3 9302 1303 GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES ENERGY INDUSTRIES JANUARY
More informationFramework: Supporting transformation of government financial
Performance Improvement Framework: Supporting transformation of government financial management services: Background DECK for workshop attendees State Services Commission, Room 10.3, No 2 The Terrace,
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationThe Compliance Journey
The Compliance Journey Balancing Risk and Controls with Business Improvement ADVISORY Contents 2 Introduction 4 Balancing Risk and Controls with Business Improvement 6 Using Controls as a New Lens 10 Getting
More informationShepway District Council Risk Management Policy
Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk
More informationRISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY
RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY Page 1 CONTENTS 1. Foreword by the Mayor... 3 2. Background... 4 2.1 Introduction... 4 2.2 Overall purpose of the Enterprise Risk Management
More informationInsights and Trends: Current Portfolio, Programme and Project Management Practices
www.pwc.com Insights and Trends: Current Portfolio, Programme and Project Management Practices The third global survey on the current state of project management Contents Executive Summary... 3 Special
More informationHow to gather and evaluate information
09 May 2016 How to gather and evaluate information Chartered Institute of Internal Auditors Information is central to the role of an internal auditor. Gathering and evaluating information is the basic
More informationReport to Parliament No. 4 for 2011 Information systems governance and security. Financial and Assurance audit. Enhancing public sector accountability
Financial and Assurance audit Report to Parliament No. 4 for 2011 Information systems governance and security ISSN 1834-1128 Enhancing public sector accountability RTP No. 4 cover.indd 1 15/06/2011 3:19:31
More informationInternal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014
Internal Audit Testing and Sampling Techniques Chartered Institute of Internal Auditors May 2014 Controls Testing Slide 1 Testing Priorities Risk B1 Risk A1 Risk B2 Risk A2 Risk C2 Risk C1 Controls testing
More informationORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION
ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with
More informationFollowing up recommendations/management actions
09 May 2016 Following up recommendations/management actions Chartered Institute of Internal Auditors At the conclusion of an audit, findings and proposed recommendations are discussed with management and
More informationEmpowering you to outperform
HR Outsourcing Empowering you to outperform Sharing HR expertise and helping you to do what you do best. Contents 4 Award-Winning HR Services Who are we? 6 Why outsource your HR and payroll? Add real value
More informationFinding your balance Top tips for successful HR delivery in multiple countries across Europe
Perspectives Finding your balance Top tips for successful HR delivery in multiple countries across Europe ...organisations are striving for a more standardised approach across all their business locations
More informationFinance Effectiveness Efficiency
Business Unit Finance Effectiveness Efficiency An overview Agenda Page 1 Efficiency - An overview 1 2 Our services 7 3 Case study 14 Section 1 Efficiency - An overview 1 Section 1 Efficiency - An overview
More informationTitle: Rio Tinto management system
Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationOperational Risk Management - The Next Frontier The Risk Management Association (RMA)
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
More informationApplication Value Assessment
Value Assessment Journey to Realising the Value of an Organisation s Portfolio Fujitsu UK & Ireland - Business & Services By Chris Waite, Fujitsu Businesses today operate in highly competitive environments
More informationCompliance. Group Standard
Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public
More informationFIVE NEW BUSINESS DASHBOARDS every Life Insurer Needs
FIVE NEW BUSINESS DASHBOARDS every Life Insurer Needs by Des Field Corbett Allfinanz Product Manager Table Table of of Contents Contents Executive Summary 3 Deeper Business Insight Becoming the Lifeblood
More informationEnterprise Workforce Management Solutions
Enterprise Workforce Management Solutions The EmpCenter Suite Automate All Labour Policies, for All Workers Large employers have complex labour policies and compliance concerns, all of which can differ
More informationHow To Outsource Project Management Office (Pmo)
PMO Managed Services Model Imran Malik PMP, PgMP, 6σ, OPM3 Emirates Integrated Telecoms Company P.O.Box-502666 Dubai, United Arab Emirates Tel : +971 55 6797000 E-mail :imran.malik@du.ae Synopsis This
More informationCOCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY
COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY 1. INTRODUCTION The effective management of risk is central to the ongoing success and resilience of Coca-Cola Hellenic Bottling Company (CCHBC).
More informationJob description - Business Improvement Manager
Job description - Business Improvement Manager Main Purpose of job The post has lead responsibility for optimising operational performance within the Operations directorate, and across the Society for
More informationCapital Adequacy: Advanced Measurement Approaches to Operational Risk
Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements
More informationAudit of the Policy on Internal Control Implementation
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
More informationCash Management for Asset Managers
SQUARE MILE CONSULTING Cash Management for Asset Managers Making the most from your cash Prepared January 2004 Introduction Efficient management of cash is essential to successful fund management Mistakes
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More informationPlanning, Budgeting and Forecasting
MANAGEMENT CONSULTING Planning, Budgeting and Forecasting How is your planning process helping you identify and unlock value? kpmg.co.uk Key considerations How effective and efficient is your organisation
More informationSuccessfully identifying, assessing and managing risks for stakeholders
Introduction Names like Enron, Worldcom, Barings Bank and Menu Foods are household names but unfortunately as examples of what can go wrong. With these recent high profile business failures, people have
More informationNational Approach to Information Assurance 2014-2017
Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version
More information