One year to go How fit are Swiss companies?*

Size: px
Start display at page:

Download "One year to go How fit are Swiss companies?*"

Transcription

1 Internal Control Systems One year to go How fit are Swiss companies?* Survey (November 2007)

2 Contents Introduction 3 Executive summary 4 How do risk assessment and scoping interlink? 6 How are internal controls effectively identified, documented and implemented? 7 Why is internal control effectiveness testing important for internal reporting on the ICS? 8 What about the people factor? 9 The way forward 10 Your contacts at PricewaterhouseCoopers 11

3 Introduction The amendments to the Swiss Code of Obligations designed to strengthen Internal Control Systems (ICS) over financial reporting became effective on 1 January While the quality of financial reporting and the public s trust in the financial information provided by companies will significantly improve following implementation, the required changes have imposed a substantial burden of time and resources on companies in Switzerland. To prepare for the December 2008 compliance deadline, companies will have to cover considerable ground to ensure that the appropriate controls are documented and in place. Many companies in Switzerland wish to deploy a sustainable, efficient and value-adding compliance process and are now looking for insights into how to do so. Senior managers are intent on reducing the cost of compliance and delivering real benefits from this process. PricewaterhouseCoopers is supporting Swiss companies with projects and knowledge-based activities to help them tackle this challenge. Most recently, in November 2007, it held half-day interactive workshops carried out across Switzerland. The main goal of these workshops was to ensure that ICS project leaders fully understood the requirements and implications of designing and implementing an efficient and effective ICS as well as to address their main challenges and concerns. In addition we wanted to assess their state of readiness to meet the requirements of Section 728a in conjunction with Section 716 of the Swiss Code of Obligations (CO). With one year to the compliance deadline, we wanted to find out whether companies felt confident with the concepts raised by the amendments to the Act that came into force on 1 January 2008 and how sure they are of becoming compliant during During these workshops, we used a survey tool to increase the learning effect and enhance the exchange of experience between participants. The findings and recommendations detailed in this document are the opinions expressed by more than 100 ICS project team leaders who participated in these workshops. Based on its practical experience with ICS projects for many companies, PwC believes these results are representative of the current situation for most Swiss companies. PwC would like to express its sincere thanks to the participants for sharing their knowledge and experience. Rainer van Alphen Leader Internal Control Services November

4 Executive summary The large majority of ICS project team leaders at Swiss companies are confident of becoming compliant with the requirements for an ICS by the end of However, potentially the largest danger is that of having to repeat costs and efforts incurred to achieve year one compliance in the future unless steps are taken now to address a number of key challenges. Overall, the responses obtained were upbeat. An overwhelming majority of 91% of Swiss ICS project leaders who participated said they felt comfortable with the concepts of an ICS, their ICS initiative was well established and they would be compliant with 728a CO by the end of % of the enterprises represented, named the Chief Financial Officers as the sponsor and person with overall responsibility for their ICS initiative. Risk management or internal audit was reportet to be in charge at around 9% of companies represented. Less than 5% had appointed an ICS officer to take overall responsibility for their entire ICS efforts. 64% of those polled indicated that their ICS initiative covered more than just financial accounting and reporting. Instead, it appeared that most enterprises were taking the advantage of the new requirements to address further operational issues, such as business risks and process inefficiencies. There was also a clear concurrence among more than 70% that there were benefits to be gained from adopting a risk-based approach and concentrating on (direct) company level controls as well as on automation and prevention when designing and implementing an ICS. A substantial portion (more that one third of respondents) believed that there were advantages in determining the quality of their ICS through targeted testing to serve as a basis for reporting to Senior Management and Boards of Directors. Some 85% of Swiss ICS leaders surveyed explained that their organisation had goal-directed internal reporting on ICS matters covering the effectiveness, traceability and efficiency of internal controls as well as the reliability of business processes, controls awareness and integration with risk management. Why not look beyond year one? The intense focus on the deadline might prevent businesses from treating Sections 716 and 728 of the Swiss Code of Obligations projects as milestones on the way to the larger goal of sustainable compliance. The legislation 91% of Swiss ICS project leaders who participated said they felt comfortable with the concepts of an ICS... 4

5 ought to be seen as an opportunity to investigate operational processes, which often form the basis of reliable financial reporting, and to review them with a view to eliminating process inefficiencies. The ICS initiative should be seen as more than a standalone project with limited or no integration with other controls and compliance activities. Instead companies should be integrating it with other efforts such as process improvement and risk management. How do companies get the most out of technology? Companies should be taking full advantage of automation utilising both their existing in-house systems and dedicated ICS tools to assist with compliance. There is huge potential in the field of business critical systems where process controls can be automated (almost 30% of respondents had less than 30% of their controls automated and almost 50% did not know how many controls were automated) inherently providing for greater control efficiency; such controls are often preventive in nature thus ensuring early effectiveness in end-to-end processing of information. Why not challenge the status quo? Insights from ICS projects should be used as a powerful catalyst for change. The real rewards now are not just attaining compliance but cost savings, improved control and tangible business benefits through a process of controls optimisation resulting in having the right controls at the right cost for an organisation. In the section The way forward following the detailed survey findings and analysis, we offer some thoughts on how best in class organisations are addressing these challenges. 5

6 How do risk assessment and scoping interlink? The aim of Section 728a CO is to establish an ICS which, as explicitly stated by the Swiss Federal Council (Bundesrat), is aimed at bookkeeping and financial reporting. In other words, Section 728a OR does not focus on operational or compliance processes. Pursuant to this Section, an effective (and efficient) ICS is intended to prevent material misstatements in annual financial statements. Such misstatements can arise when material internal and external risks (e.g. in business operations [i.e. markets, services, products], forms of financing, business and IT processes, etc.) to which an enterprise is subject are not detected and controlled on a timely basis. Risks in reporting and operations can, as a rule, be managed by way of controls. Following a thorough risk assessment process, the next logical step in any top down ICS project would be to determine the scope of entities and processes relevant for an effective controls framework. Of those surveyed, 63% acknowledged that a top-down, risk-based approach is not only acceptable but also a pragmatic starting point when it comes to systematically performing the risk assessment and ultimately scoping for their future ICS. 55% assessed risks by evaluating both the impact and likelihood of a risk materialising and leading to a potential misstatement in their financial statements. 47% of ICS project team leaders also stated that the financial statement items within the scope of the ICS were determined by materiality (which is impacted by risk) and that underlying relevant processes were in turn, determined by the significant financial statement items selected. A number of ICS project team leaders indicated that they would scope their ICS project intuitively. While in a large number of cases this method will result in an ICS of appropriate scope, we suggest ensuring that the thought processes are properly documented. However, to ensure that the scope of the ICS does not unintentionally exceed what is necessary for the organisation, we suggest calibrating the scoping slightly more finely on the basis of quantitative and qualitative measures. 63% acknowledged that a top-down riskbased approach was not only acceptable but also a pragmatic starting point... 6

7 How are internal controls effectively identified, documented and implemented? To efficiently determine what control structures should be designed and put in place, we recommend the concept of direct and precise controls at the entity level, overlaying process and business activities. Effective controls at the entity level potentially require fewer controls at the process levels. However, as business is conducted through business processes, these also need to be supported by effective controls at process level to ensure the orderly processing of transactions. With modern business systems there is great potential for automating controls and preventive measures can be installed at the beginning of transaction processing. 70% of respondents acknowledged that they are already realising or planing to realise synergies by starting to define solid top level management controls as opposed to concentrating on controls at the process level first. 73% of ICS project team leaders stated that when eventually identifying controls on process levels, they would seek to achieve a fine balance between preventive and detective as well as manual and automated controls. However, most agreed they still had quite a long way to go before they had implemented a qualitative and efficient balance of controls. Depending on the size of company represented, the need for and the benefits of using an ICS Management Tool varied considerably. Beyond a certain company size, however, the advantages of using a tool were not questioned. Dedicated ICS Management Tools have functions for graphically depicting process flows, recording and performing risk assessments, supporting the mapping and documenting of processes, risks and controls and probably most importantly supporting consistent (dashboard) reporting on ICS to the Management and Board of Directors. Companies in Switzerland have already realised a number of benefits as a result of using such tools. Among other things, they have been able to streamline the change management process (processes and controls), manage the remediation of issues and control weaknesses, reduce the redundant holding of data, and facilitate version controlling. Almost 65% of company representatives felt that either no dedicated tool for documenting and managing internal controls was required or stated that they had not planned for the use of such a tool. We propose companies define their own criteria for managing a sustainable system of internal controls and investigate the market to establish whether dedicated tools exist that can meet these requirements. 73% stated that they would seek to achieve a fine balance between preventive and detective as well as manual and automated controls... 7

8 Why is internal control effectiveness testing important for internal reporting on the ICS? The following diagram illustrates how the quality and operative effectiveness of internal controls typically deteriorate over time where there is no regular testing of such controls. Conversely, where regular and continuous assessment takes place, the quality of controls is often maintained in the bandwidth defined by the Board of Directors. While 35% of ICS project leaders stated that they had already tested and/or planned to test internal controls for effectiveness, about one quarter did not know whether they would embark on an internal self-testing programme. Goal-directed reporting depends on the concrete requirements specified, including the degree of controls maturity to be achieved. Matters of interest to the Management and Boards are typically: Risk environment, appetite and coverage Quality of enterprise-wide controls (e.g. control environment) Effective and efficient controls at the process level: Weaknesses and corrective measures that have been identified Costs and benefits Further need for optimisation. The vast majority of respondents, 79%, confirmed that internal reporting to Senior Management and the Board of Directors covered areas ranging from the effectiveness, traceability and efficiency of internal controls to the reliability of business processes, controls awareness and integration with risk management. Quality Optimised Level 5 Monitored Level 4 A Standardised Level 3 B Informal Level 2 Not very reliable Level 1 C Legend: A B C ICS quality requirement defined by the Board process with continuous assessment of control quality sporadic checks (improvement process not integrated) normal deterioration in control quality over time Time 8

9 What about the people factor? Probably the single most important factor for successful ICS projects is people. Manual controls and other monitoring functions are executed day-in, day-out by people. The sustainable and effective operation of internal controls depends on well trained employees who are fully aware of the need for internal controls and are conversant with the goals of their Board and Management in terms of the effective operation of the ICS. Training is paramount in running successful projects and knowledge sharing and transfer are key to a sustainable system of internal controls. Only some 25% of respondents stated that they had conducted training on matters relating to ICS and/or had a continuous training programme in place. A concerted effort should be made to transfer knowledge to educate the business about good internal control. Almost 75% of respondents said that internal training was not considered important and/or had not yet been planned. This could stand in the way of cost savings and the delivery of efficiencies going forward. To enable ICS projects to be executed more smoothly and efficiently, we recommend that ICS leaders promote this topic and ensure that it is addressed in a manner appropriate to their organisation. 25% of respondents stated that they had conducted training on matters relating to ICS and/or had a continuous training programme in place... 9

10 The way forward The survey findings reinforce the view that businesses have been taking a project-based approach to compliance. They also highlight tantalising opportunities to add value in the future by reducing the cost of compliance and enhancing finance function efficiency. Companies should be following the lead of best in class organisations by standing back and reviewing their financial reporting processes and controls environment with a view to ensuring that the costs and efforts associated with year one are not repeated. Key areas to focus on are as follows: Gradually broadening the scope beyond the financial accounting and reporting functions by assessing business risks in operational processes, increasing process efficiencies and implementing business controls which mitigate those risks and ensure process stability and reliability. Removing the burden of unnecessary complexity by reducing the number of key controls, prioritising remediation efforts, eliminating duplication and automating processes and controls. Enterprises that have embarked on programmes to centralise and standardise processes and controls typically realise the following benefits: Improved monitoring of business operations and clear organisation and ownership, roles and responsibilities Harmonised and integrated systems, processes and streamlined controls Robust controls environment with the focus on prevention and automation Improved data quality and data integrity fewer errors and reduced fraud risk Robust and reliable financial reporting, also for decision making Trust in financial reporting Reduced cost through elimination of redundant and ineffective/inefficient controls High degree of assurance that no revenues are lost as a result of ineffective process activities Heightened awareness of controls and better co-operation between functions Integration with risk management. Standardising systems, processes and controls by undertaking a structured programme to support the implementation of a one process and one set of controls approach. Centralising key processes and controls by evaluating the business case for centralising or outsourcing key back office processes across the organisation to support a homogenous control environment. 10

11 Your contacts at PricewaterhouseCoopers: Leader Internal Control Services Rainer van Alphen, Partner, Basel Tel , for Banks Martin Schmidt, Director, Zurich Tel , for Industrial Enterprises Cornelia Ritz Bossicard, Senior Manager, Zurich Tel , Dominique Perron, Senior Manager, Geneva Tel , Matthias Rist, Senior Manager, Basel Tel , for Insurances Alex Hofmann, Manager, Zurich Tel , PricewaterhouseCoopers. All rights reserved. PricewaterhouseCoopers refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.

12

Understanding and articulating risk appetite

Understanding and articulating risk appetite Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,

More information

Navigate the regulatory maze

Navigate the regulatory maze www.pwc.com.cy Navigate the regulatory maze Delivering Regulatory Compliance services to the Financial Services industry September 2014 As at July 2014 there were more than 40 licensed banking institutions

More information

White paper: Information Management. Information is a strategic business asset are you managing it as such?

White paper: Information Management. Information is a strategic business asset are you managing it as such? White paper: Management Tieto 2013 is a strategic business asset are you managing it as such? White paper: Management Tieto 2013 Management the right decisions and actions at the right time based on correct

More information

Process Control Optimisation with SAP

Process Control Optimisation with SAP Process Control Optimisation with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process.

More information

MAGENTA KEYLINE IS A CUTTER GUIDE, DO NOT PRINT. PLEASE SET TRAPPING THROUGHOUT

MAGENTA KEYLINE IS A CUTTER GUIDE, DO NOT PRINT. PLEASE SET TRAPPING THROUGHOUT Risk & Assurance Integrated software solution Managing risks and providing assurance that the process is working is a key requirement for any organisation, as is having an effective and efficient software

More information

building a business case for governance, risk and compliance

building a business case for governance, risk and compliance building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building

More information

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive

More information

The National Commission of Audit

The National Commission of Audit CA Technologies submission to The National Commission of Audit November, 2013 Kristen Bresch CA Technologies Executive Summary CA Technologies is pleased to present the National Commission of Audit the

More information

Enterprise Security Architecture

Enterprise Security Architecture Enterprise Architecture -driven security April 2012 Agenda Facilities and safety information Introduction Overview of the problem Introducing security architecture The SABSA approach A worked example architecture

More information

Aberdeen City Council IT Asset Management

Aberdeen City Council IT Asset Management Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

White Paper Governance, Risk Management and Compliance: Sustainability and Integration supported by Technology

White Paper Governance, Risk Management and Compliance: Sustainability and Integration supported by Technology White Paper Governance, Risk Management and Compliance: White Paper Governance, Risk Management and Compliance: Published by PricewaterhouseCoopers AG by: Christof Menzies Alan Martin Michael Koch Carsten

More information

Managing the Cost of Compliance in Pharmaceutical Operations 1

Managing the Cost of Compliance in Pharmaceutical Operations 1 Frances Bruttin and Dr. Doug Dean IBM Business Consulting Services Pharmaceutical Sector Aeschenplatz 2 CH-4002 Basel Switzerland +41-58-333-7687 (tel) +41-58-333-8117 (fax) Managing the Cost of Compliance

More information

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

An Introduction to Continuous Controls Monitoring

An Introduction to Continuous Controls Monitoring An Introduction to Continuous Controls Monitoring Reduce compliance costs, strengthen the control environment and lessen the risk of unintentional errors and fraud Richard Hunt, Managing Director Marc

More information

Balance collections with retention for each customer. Decision Analytics for debt management in telecommunications

Balance collections with retention for each customer. Decision Analytics for debt management in telecommunications Balance collections with retention for each customer Decision Analytics for debt management in telecommunications Debt management for telecommunications The dynamic telecommunications market is seeing

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Solutions and contact guide

Solutions and contact guide Financial Services Actuarial and Risk Services Solutions and contact guide pwc Introduction We help clients by developing a better understanding of the intersection of risk, reward, control and growth

More information

PROJECT MANAGEMENT SURVEY

PROJECT MANAGEMENT SURVEY INDUSTRY TRENDS PROJECT MANAGEMENT SURVEY JANUARY 2015 Introduction 2015 will continue to see organisations across all sectors facing one of the most competitive, challenging and changing corporate environments

More information

SAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance.

SAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. SAP Overview Brochure Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. Table of Contents 3) Build trust to achieve business results Introduction 4-5) Gain clarity from greater

More information

ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls

ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 defined Overview of service organisation control reports Service organisation

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

UK HR & Payroll Compliance in SAP

UK HR & Payroll Compliance in SAP UK HR & Payroll Compliance in SAP Business challenges Today s human resources and payroll departments are facing a compliance crunch. Continual legislative changes and new requirements are being introduced,

More information

Royal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information

Royal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information Royal Borough of Kensington and Chelsea Data Quality Framework ACE: A Framework for better quality data and performance information March 2010 CONTENTS FOREWORD 2 A CORPORATE FRAMEWORK FOR DATA QUALITY

More information

The following criteria have been used to assess each of the options to ensure consistency and clarity:

The following criteria have been used to assess each of the options to ensure consistency and clarity: 4 Options appraisal 4.1 Overview We have appraised each of the options identified in section 3: Maintain the status quo Implement organisational change and service improvement Partner / collaborate with

More information

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have

More information

Building a Strategic Internal Audit Function. A 10-Step Framework

Building a Strategic Internal Audit Function. A 10-Step Framework Building a Strategic Internal Audit Function A 10-Step Framework Ten steps to a strategically focused internal audit function With passage of the Sarbanes-Oxley Act and the push for exchange-listed companies

More information

Building a Strategic Internal Audit Function

Building a Strategic Internal Audit Function Internal Audit Building a Strategic Internal Audit Function Ten steps to a strategically focused internal audit function With the passage of internal control related rules and regulations in countries

More information

Auditing Standard 5- Effective and Efficient SOX Compliance

Auditing Standard 5- Effective and Efficient SOX Compliance Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the

More information

JNCC Board paper - March 2006

JNCC Board paper - March 2006 This paper was provided to the Joint Committee for decision/discussion or information. Please refer to the minutes of the meeting for Committee s position on the paper. To view other Joint Committee papers

More information

PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3)

PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3) PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3) 1st February 2006 Version 1.0 1 P3M3 Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value

More information

Performance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08

Performance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08 Performance Detailed Report May 2008 Review of Performance Management Audit 2007/08 External audit is an essential element in the process of accountability for public money and makes an important contribution

More information

Internal Audit Practice Guide

Internal Audit Practice Guide Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional

More information

P3M3 Portfolio Management Self-Assessment

P3M3 Portfolio Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction

More information

South Northamptonshire Council Contract Assurance: Leisure Contract

South Northamptonshire Council Contract Assurance: Leisure Contract South Northamptonshire Council Contract Assurance: Leisure Contract FINAL Internal Audit Report 2012/2013 January 2013 Contents 1. Executive summary 4 2. Background and scope 5 3. Detailed current year

More information

Access Governance. Delivering value. What you gain. Putting a project back on track for success

Access Governance. Delivering value. What you gain. Putting a project back on track for success What you gain Risk-managed access Having a second line of defence to identify what needs to be controlled and who owns it lowers your operational costs, while taking a risk-based approach ensures greater

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

Project organisation and establishing a programme management office

Project organisation and establishing a programme management office PROJECT ADVISORY Project organisation and establishing a programme office Leadership Series 1 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of major capital

More information

Balance collections with retention for each customer. Decision Analytics for debt management in retail banking

Balance collections with retention for each customer. Decision Analytics for debt management in retail banking Balance collections with retention for each customer Decision Analytics for debt management in retail banking Debt management for retail banking In the highly competitive retail banking environment, banks

More information

Integrated performance management for sustained growth

Integrated performance management for sustained growth Integrated performance management for sustained growth Introduction This paper provides Deloitte s insights on Integrated Performance Management (IPM). Organisations that are considering improving, planning,

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Fortune 500 Medical Devices Company Addresses Unique Device Identification Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

Organisational Change Management. Fusing People, Process and Technology www.h3partners.co.uk

Organisational Change Management. Fusing People, Process and Technology www.h3partners.co.uk Organisational Change Management Fusing People, Process and Technology www.h3partners.co.uk 3 OUR CREDENTIALS At H3 Partners, our mission is to provide clients with improved systems and processes to meet

More information

Financial Audit Scoping Tool Blueprint for Oracle GRC Applications

<Insert Picture Here> Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Implement Audit Standard 5 (AS5) scoping to streamline financial reporting compliance Agenda Financial Audit Scoping

More information

Managing global tax reporting challenges

Managing global tax reporting challenges Managing global tax reporting challenges tax & accounting Managing global tax reporting challenges there are many factors challenging the effective operation of today s modern corporate tax function. they

More information

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY 1. POLICY STATEMENT Having regard to AS/NZS ISO 31000 Risk Management, it shall be the Policy of SRW to manage risk to protect public safety, quality

More information

PFMA 2011-12 The drivers of internal control: Audit committees and internal audit

PFMA 2011-12 The drivers of internal control: Audit committees and internal audit 1 PFMA The drivers of internal control: Audit committees and internal audit CONSOLIDATED GENERAL REPORT on NATIONAL and PROVINCIAL audit outcomes Our reputation promise/mission The Auditor-General of South

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

Data analytics Delivering intelligence in the moment

Data analytics Delivering intelligence in the moment www.pwc.co.uk Data analytics Delivering intelligence in the moment January 2014 Our point of view Extracting insight from an organisation s data and applying it to business decisions has long been a necessary

More information

Begin with the end in mind

Begin with the end in mind Begin with the end in mind Is your business vision driving your software purchases? Or is it the other way around? Organisations can be paying 25-35% too much for software, support and maintenance costs.

More information

The Virtual Centre Model

The Virtual Centre Model 1 - Introduction Since the late 1980 s the European ANS system has gradually become unable to cope with growing traffic demand. The Single European Sky initiative of the European Commission is meant to

More information

Report to Parliament No. 4 for 2011 Information systems governance and security. Financial and Assurance audit. Enhancing public sector accountability

Report to Parliament No. 4 for 2011 Information systems governance and security. Financial and Assurance audit. Enhancing public sector accountability Financial and Assurance audit Report to Parliament No. 4 for 2011 Information systems governance and security ISSN 1834-1128 Enhancing public sector accountability RTP No. 4 cover.indd 1 15/06/2011 3:19:31

More information

Insights and Trends: Current Portfolio, Programme and Project Management Practices

Insights and Trends: Current Portfolio, Programme and Project Management Practices www.pwc.com Insights and Trends: Current Portfolio, Programme and Project Management Practices The third global survey on the current state of project management Contents Executive Summary... 3 Special

More information

Application Value Assessment

Application Value Assessment Value Assessment Journey to Realising the Value of an Organisation s Portfolio Fujitsu UK & Ireland - Business & Services By Chris Waite, Fujitsu Businesses today operate in highly competitive environments

More information

Risk management systems of responsible entities

Risk management systems of responsible entities Attachment to CP 263: Draft regulatory guide REGULATORY GUIDE 000 Risk management systems of responsible entities July 2016 About this guide This guide is for Australian financial services (AFS) licensees

More information

Building a framework for operational risk management: the FSA s observations

Building a framework for operational risk management: the FSA s observations Policy Statement Financial Services Authority Building a framework for operational risk management: the FSA s observations Feedback on industry practice as we prepare to implement CP142 July 2003 Contents

More information

MANAGING DIGITAL CONTINUITY

MANAGING DIGITAL CONTINUITY MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance

More information

Outsourcing and the Affiliate Model

Outsourcing and the Affiliate Model Outsourcing and the Affiliate Model Streamlining Processes and Emphasising Strategy REPORT Outsourcing and Consulting Services for Life Sciences www.productlife-group.com Table of Contents Executive Summary...1

More information

Part A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

Part A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES... Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation

More information

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality...

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality... Data Quality Policy Appendix A Updated August 2011 Contents 1. Why do we need a Data Quality Policy?... 2 2 Scope of this Policy... 2 3 Principles of data quality... 3 4 Applying the policy... 4 5. Roles

More information

OSFI Updates Guidance on Regulatory Compliance Management. By Carol Lyons and Jared Grossman

OSFI Updates Guidance on Regulatory Compliance Management. By Carol Lyons and Jared Grossman Introduction OSFI Updates Guidance on Regulatory Compliance Management By Carol Lyons and Jared Grossman More than 10 years have passed since OSFI 1 first issued Guideline E-13 entitled Legislative Compliance

More information

Risk Management Strategy & Implementation Plan 2014 2016

Risk Management Strategy & Implementation Plan 2014 2016 St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014

ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014 ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014 Dear Chairperson, I would like to thank you for the opportunity to provide management

More information

Successfully identifying, assessing and managing risks for stakeholders

Successfully identifying, assessing and managing risks for stakeholders Introduction Names like Enron, Worldcom, Barings Bank and Menu Foods are household names but unfortunately as examples of what can go wrong. With these recent high profile business failures, people have

More information

Framework: Supporting transformation of government financial

Framework: Supporting transformation of government financial Performance Improvement Framework: Supporting transformation of government financial management services: Background DECK for workshop attendees State Services Commission, Room 10.3, No 2 The Terrace,

More information

Risk Management Framework

Risk Management Framework Risk Management Framework THIS PAGE INTENTIONALLY LEFT BLANK Foreword The South Australian Government Risk Management Policy Statement 2009 advocates that consistent and systematic application of risk

More information

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll Request for Proposal Supporting Document 3 of 4 Contract and Relationship December 2007 Table of Contents 1 Introduction 3 2 Governance 4 2.1 Education Governance Board 4 2.2 Education Capability Board

More information

Planning, Budgeting and Forecasting

Planning, Budgeting and Forecasting MANAGEMENT CONSULTING Planning, Budgeting and Forecasting How is your planning process helping you identify and unlock value? kpmg.co.uk Key considerations How effective and efficient is your organisation

More information

Railway Management Maturity Model (RM 3 )

Railway Management Maturity Model (RM 3 ) Railway Management Maturity Model (RM 3 ) (Version 1.02) March 2011 Published by the Office of Rail Regulation 1 Contents Introduction... 1 Excellence in safety management systems... 3 Governance, policy

More information

Value of a Purpose-Built Third-Party Compliance Solution

Value of a Purpose-Built Third-Party Compliance Solution Value of a Purpose-Built Third-Party Compliance Solution Introduction Multinational corporations routinely engage third parties such as sales agents, consultants, brokers, distributors, resellers, suppliers,

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES Level 37, 2 Lonsdale Street Melbourne 3000, Australia Telephone.+61 3 9302 1300 +61 1300 664 969 Facsimile +61 3 9302 1303 GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES ENERGY INDUSTRIES JANUARY

More information

RISK MANAGEMENT AND COMPLIANCE

RISK MANAGEMENT AND COMPLIANCE RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6

More information

The Compliance Journey

The Compliance Journey The Compliance Journey Balancing Risk and Controls with Business Improvement ADVISORY Contents 2 Introduction 4 Balancing Risk and Controls with Business Improvement 6 Using Controls as a New Lens 10 Getting

More information

Shepway District Council Risk Management Policy

Shepway District Council Risk Management Policy Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk

More information

Internal Audit Framework

Internal Audit Framework Internal Audit Framework Internal Audit Framework National Treasury Republic of South Africa March 2009 (2 nd Edition) The Internal Audit Framework is being provided as a service to the Public Service.

More information

How to gather and evaluate information

How to gather and evaluate information 09 May 2016 How to gather and evaluate information Chartered Institute of Internal Auditors Information is central to the role of an internal auditor. Gathering and evaluating information is the basic

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

A Final Report for City of Chandler Strategic IT Plan Executive Summary

A Final Report for City of Chandler Strategic IT Plan Executive Summary A Final Report for City of Chandler 6 January 2004 Table of Contents 1. Executive Summary... 1 1.1 Background... 2 1.2 Chandler Business and IT Context... 3 1.3 Chandler s IT Strategic Direction... 5 1.4

More information

Administration and General Order No. AD/1/TBC

Administration and General Order No. AD/1/TBC COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority

More information

Following up recommendations/management actions

Following up recommendations/management actions 09 May 2016 Following up recommendations/management actions Chartered Institute of Internal Auditors At the conclusion of an audit, findings and proposed recommendations are discussed with management and

More information

Finding your balance Top tips for successful HR delivery in multiple countries across Europe

Finding your balance Top tips for successful HR delivery in multiple countries across Europe Perspectives Finding your balance Top tips for successful HR delivery in multiple countries across Europe ...organisations are striving for a more standardised approach across all their business locations

More information

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY Page 1 CONTENTS 1. Foreword by the Mayor... 3 2. Background... 4 2.1 Introduction... 4 2.2 Overall purpose of the Enterprise Risk Management

More information

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

Empowering you to outperform

Empowering you to outperform HR Outsourcing Empowering you to outperform Sharing HR expertise and helping you to do what you do best. Contents 4 Award-Winning HR Services Who are we? 6 Why outsource your HR and payroll? Add real value

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

Finance Effectiveness Efficiency

Finance Effectiveness Efficiency Business Unit Finance Effectiveness Efficiency An overview Agenda Page 1 Efficiency - An overview 1 2 Our services 7 3 Case study 14 Section 1 Efficiency - An overview 1 Section 1 Efficiency - An overview

More information

Technical Journal. Paper 142

Technical Journal. Paper 142 Technical Journal 09 Paper 142 142 Kevin Balaam Programme Manager Highways & Transportation Atkins The Area 6 MAC approach to planning and programme management Introduction Steve Dickinson Schemes Manager

More information

Internal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014

Internal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014 Internal Audit Testing and Sampling Techniques Chartered Institute of Internal Auditors May 2014 Controls Testing Slide 1 Testing Priorities Risk B1 Risk A1 Risk B2 Risk A2 Risk C2 Risk C1 Controls testing

More information

Title: Rio Tinto management system

Title: Rio Tinto management system Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23

More information

APPENDIX A (CFO/263/09) Merseyside Fire & Rescue Service ICT Outsourcing Procurement Support. Final Report

APPENDIX A (CFO/263/09) Merseyside Fire & Rescue Service ICT Outsourcing Procurement Support. Final Report Merseyside Fire & Rescue Service ICT Outsourcing Procurement Support Final Report Version 1.1 Oct 2009 Contents 1. Executive Summary...3 2. Context and Background...3 3. Deliverables and Value Added...

More information

Digital Asset Management. Delivering greater value from your assets by using better asset information to improve investment decisions

Digital Asset Management. Delivering greater value from your assets by using better asset information to improve investment decisions Digital Asset the way we see it Digital Asset Delivering greater value from your assets by using better asset information to improve investment decisions In its recent survey on the UK economy, the OECD

More information

COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY

COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY 1. INTRODUCTION The effective management of risk is central to the ongoing success and resilience of Coca-Cola Hellenic Bottling Company (CCHBC).

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information