One year to go How fit are Swiss companies?*

Size: px
Start display at page:

Download "One year to go How fit are Swiss companies?*"

Transcription

1 Internal Control Systems One year to go How fit are Swiss companies?* Survey (November 2007)

2 Contents Introduction 3 Executive summary 4 How do risk assessment and scoping interlink? 6 How are internal controls effectively identified, documented and implemented? 7 Why is internal control effectiveness testing important for internal reporting on the ICS? 8 What about the people factor? 9 The way forward 10 Your contacts at PricewaterhouseCoopers 11

3 Introduction The amendments to the Swiss Code of Obligations designed to strengthen Internal Control Systems (ICS) over financial reporting became effective on 1 January While the quality of financial reporting and the public s trust in the financial information provided by companies will significantly improve following implementation, the required changes have imposed a substantial burden of time and resources on companies in Switzerland. To prepare for the December 2008 compliance deadline, companies will have to cover considerable ground to ensure that the appropriate controls are documented and in place. Many companies in Switzerland wish to deploy a sustainable, efficient and value-adding compliance process and are now looking for insights into how to do so. Senior managers are intent on reducing the cost of compliance and delivering real benefits from this process. PricewaterhouseCoopers is supporting Swiss companies with projects and knowledge-based activities to help them tackle this challenge. Most recently, in November 2007, it held half-day interactive workshops carried out across Switzerland. The main goal of these workshops was to ensure that ICS project leaders fully understood the requirements and implications of designing and implementing an efficient and effective ICS as well as to address their main challenges and concerns. In addition we wanted to assess their state of readiness to meet the requirements of Section 728a in conjunction with Section 716 of the Swiss Code of Obligations (CO). With one year to the compliance deadline, we wanted to find out whether companies felt confident with the concepts raised by the amendments to the Act that came into force on 1 January 2008 and how sure they are of becoming compliant during During these workshops, we used a survey tool to increase the learning effect and enhance the exchange of experience between participants. The findings and recommendations detailed in this document are the opinions expressed by more than 100 ICS project team leaders who participated in these workshops. Based on its practical experience with ICS projects for many companies, PwC believes these results are representative of the current situation for most Swiss companies. PwC would like to express its sincere thanks to the participants for sharing their knowledge and experience. Rainer van Alphen Leader Internal Control Services November

4 Executive summary The large majority of ICS project team leaders at Swiss companies are confident of becoming compliant with the requirements for an ICS by the end of However, potentially the largest danger is that of having to repeat costs and efforts incurred to achieve year one compliance in the future unless steps are taken now to address a number of key challenges. Overall, the responses obtained were upbeat. An overwhelming majority of 91% of Swiss ICS project leaders who participated said they felt comfortable with the concepts of an ICS, their ICS initiative was well established and they would be compliant with 728a CO by the end of % of the enterprises represented, named the Chief Financial Officers as the sponsor and person with overall responsibility for their ICS initiative. Risk management or internal audit was reportet to be in charge at around 9% of companies represented. Less than 5% had appointed an ICS officer to take overall responsibility for their entire ICS efforts. 64% of those polled indicated that their ICS initiative covered more than just financial accounting and reporting. Instead, it appeared that most enterprises were taking the advantage of the new requirements to address further operational issues, such as business risks and process inefficiencies. There was also a clear concurrence among more than 70% that there were benefits to be gained from adopting a risk-based approach and concentrating on (direct) company level controls as well as on automation and prevention when designing and implementing an ICS. A substantial portion (more that one third of respondents) believed that there were advantages in determining the quality of their ICS through targeted testing to serve as a basis for reporting to Senior Management and Boards of Directors. Some 85% of Swiss ICS leaders surveyed explained that their organisation had goal-directed internal reporting on ICS matters covering the effectiveness, traceability and efficiency of internal controls as well as the reliability of business processes, controls awareness and integration with risk management. Why not look beyond year one? The intense focus on the deadline might prevent businesses from treating Sections 716 and 728 of the Swiss Code of Obligations projects as milestones on the way to the larger goal of sustainable compliance. The legislation 91% of Swiss ICS project leaders who participated said they felt comfortable with the concepts of an ICS... 4

5 ought to be seen as an opportunity to investigate operational processes, which often form the basis of reliable financial reporting, and to review them with a view to eliminating process inefficiencies. The ICS initiative should be seen as more than a standalone project with limited or no integration with other controls and compliance activities. Instead companies should be integrating it with other efforts such as process improvement and risk management. How do companies get the most out of technology? Companies should be taking full advantage of automation utilising both their existing in-house systems and dedicated ICS tools to assist with compliance. There is huge potential in the field of business critical systems where process controls can be automated (almost 30% of respondents had less than 30% of their controls automated and almost 50% did not know how many controls were automated) inherently providing for greater control efficiency; such controls are often preventive in nature thus ensuring early effectiveness in end-to-end processing of information. Why not challenge the status quo? Insights from ICS projects should be used as a powerful catalyst for change. The real rewards now are not just attaining compliance but cost savings, improved control and tangible business benefits through a process of controls optimisation resulting in having the right controls at the right cost for an organisation. In the section The way forward following the detailed survey findings and analysis, we offer some thoughts on how best in class organisations are addressing these challenges. 5

6 How do risk assessment and scoping interlink? The aim of Section 728a CO is to establish an ICS which, as explicitly stated by the Swiss Federal Council (Bundesrat), is aimed at bookkeeping and financial reporting. In other words, Section 728a OR does not focus on operational or compliance processes. Pursuant to this Section, an effective (and efficient) ICS is intended to prevent material misstatements in annual financial statements. Such misstatements can arise when material internal and external risks (e.g. in business operations [i.e. markets, services, products], forms of financing, business and IT processes, etc.) to which an enterprise is subject are not detected and controlled on a timely basis. Risks in reporting and operations can, as a rule, be managed by way of controls. Following a thorough risk assessment process, the next logical step in any top down ICS project would be to determine the scope of entities and processes relevant for an effective controls framework. Of those surveyed, 63% acknowledged that a top-down, risk-based approach is not only acceptable but also a pragmatic starting point when it comes to systematically performing the risk assessment and ultimately scoping for their future ICS. 55% assessed risks by evaluating both the impact and likelihood of a risk materialising and leading to a potential misstatement in their financial statements. 47% of ICS project team leaders also stated that the financial statement items within the scope of the ICS were determined by materiality (which is impacted by risk) and that underlying relevant processes were in turn, determined by the significant financial statement items selected. A number of ICS project team leaders indicated that they would scope their ICS project intuitively. While in a large number of cases this method will result in an ICS of appropriate scope, we suggest ensuring that the thought processes are properly documented. However, to ensure that the scope of the ICS does not unintentionally exceed what is necessary for the organisation, we suggest calibrating the scoping slightly more finely on the basis of quantitative and qualitative measures. 63% acknowledged that a top-down riskbased approach was not only acceptable but also a pragmatic starting point... 6

7 How are internal controls effectively identified, documented and implemented? To efficiently determine what control structures should be designed and put in place, we recommend the concept of direct and precise controls at the entity level, overlaying process and business activities. Effective controls at the entity level potentially require fewer controls at the process levels. However, as business is conducted through business processes, these also need to be supported by effective controls at process level to ensure the orderly processing of transactions. With modern business systems there is great potential for automating controls and preventive measures can be installed at the beginning of transaction processing. 70% of respondents acknowledged that they are already realising or planing to realise synergies by starting to define solid top level management controls as opposed to concentrating on controls at the process level first. 73% of ICS project team leaders stated that when eventually identifying controls on process levels, they would seek to achieve a fine balance between preventive and detective as well as manual and automated controls. However, most agreed they still had quite a long way to go before they had implemented a qualitative and efficient balance of controls. Depending on the size of company represented, the need for and the benefits of using an ICS Management Tool varied considerably. Beyond a certain company size, however, the advantages of using a tool were not questioned. Dedicated ICS Management Tools have functions for graphically depicting process flows, recording and performing risk assessments, supporting the mapping and documenting of processes, risks and controls and probably most importantly supporting consistent (dashboard) reporting on ICS to the Management and Board of Directors. Companies in Switzerland have already realised a number of benefits as a result of using such tools. Among other things, they have been able to streamline the change management process (processes and controls), manage the remediation of issues and control weaknesses, reduce the redundant holding of data, and facilitate version controlling. Almost 65% of company representatives felt that either no dedicated tool for documenting and managing internal controls was required or stated that they had not planned for the use of such a tool. We propose companies define their own criteria for managing a sustainable system of internal controls and investigate the market to establish whether dedicated tools exist that can meet these requirements. 73% stated that they would seek to achieve a fine balance between preventive and detective as well as manual and automated controls... 7

8 Why is internal control effectiveness testing important for internal reporting on the ICS? The following diagram illustrates how the quality and operative effectiveness of internal controls typically deteriorate over time where there is no regular testing of such controls. Conversely, where regular and continuous assessment takes place, the quality of controls is often maintained in the bandwidth defined by the Board of Directors. While 35% of ICS project leaders stated that they had already tested and/or planned to test internal controls for effectiveness, about one quarter did not know whether they would embark on an internal self-testing programme. Goal-directed reporting depends on the concrete requirements specified, including the degree of controls maturity to be achieved. Matters of interest to the Management and Boards are typically: Risk environment, appetite and coverage Quality of enterprise-wide controls (e.g. control environment) Effective and efficient controls at the process level: Weaknesses and corrective measures that have been identified Costs and benefits Further need for optimisation. The vast majority of respondents, 79%, confirmed that internal reporting to Senior Management and the Board of Directors covered areas ranging from the effectiveness, traceability and efficiency of internal controls to the reliability of business processes, controls awareness and integration with risk management. Quality Optimised Level 5 Monitored Level 4 A Standardised Level 3 B Informal Level 2 Not very reliable Level 1 C Legend: A B C ICS quality requirement defined by the Board process with continuous assessment of control quality sporadic checks (improvement process not integrated) normal deterioration in control quality over time Time 8

9 What about the people factor? Probably the single most important factor for successful ICS projects is people. Manual controls and other monitoring functions are executed day-in, day-out by people. The sustainable and effective operation of internal controls depends on well trained employees who are fully aware of the need for internal controls and are conversant with the goals of their Board and Management in terms of the effective operation of the ICS. Training is paramount in running successful projects and knowledge sharing and transfer are key to a sustainable system of internal controls. Only some 25% of respondents stated that they had conducted training on matters relating to ICS and/or had a continuous training programme in place. A concerted effort should be made to transfer knowledge to educate the business about good internal control. Almost 75% of respondents said that internal training was not considered important and/or had not yet been planned. This could stand in the way of cost savings and the delivery of efficiencies going forward. To enable ICS projects to be executed more smoothly and efficiently, we recommend that ICS leaders promote this topic and ensure that it is addressed in a manner appropriate to their organisation. 25% of respondents stated that they had conducted training on matters relating to ICS and/or had a continuous training programme in place... 9

10 The way forward The survey findings reinforce the view that businesses have been taking a project-based approach to compliance. They also highlight tantalising opportunities to add value in the future by reducing the cost of compliance and enhancing finance function efficiency. Companies should be following the lead of best in class organisations by standing back and reviewing their financial reporting processes and controls environment with a view to ensuring that the costs and efforts associated with year one are not repeated. Key areas to focus on are as follows: Gradually broadening the scope beyond the financial accounting and reporting functions by assessing business risks in operational processes, increasing process efficiencies and implementing business controls which mitigate those risks and ensure process stability and reliability. Removing the burden of unnecessary complexity by reducing the number of key controls, prioritising remediation efforts, eliminating duplication and automating processes and controls. Enterprises that have embarked on programmes to centralise and standardise processes and controls typically realise the following benefits: Improved monitoring of business operations and clear organisation and ownership, roles and responsibilities Harmonised and integrated systems, processes and streamlined controls Robust controls environment with the focus on prevention and automation Improved data quality and data integrity fewer errors and reduced fraud risk Robust and reliable financial reporting, also for decision making Trust in financial reporting Reduced cost through elimination of redundant and ineffective/inefficient controls High degree of assurance that no revenues are lost as a result of ineffective process activities Heightened awareness of controls and better co-operation between functions Integration with risk management. Standardising systems, processes and controls by undertaking a structured programme to support the implementation of a one process and one set of controls approach. Centralising key processes and controls by evaluating the business case for centralising or outsourcing key back office processes across the organisation to support a homogenous control environment. 10

11 Your contacts at PricewaterhouseCoopers: Leader Internal Control Services Rainer van Alphen, Partner, Basel Tel , for Banks Martin Schmidt, Director, Zurich Tel , for Industrial Enterprises Cornelia Ritz Bossicard, Senior Manager, Zurich Tel , Dominique Perron, Senior Manager, Geneva Tel , Matthias Rist, Senior Manager, Basel Tel , for Insurances Alex Hofmann, Manager, Zurich Tel , PricewaterhouseCoopers. All rights reserved. PricewaterhouseCoopers refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.

12

Understanding and articulating risk appetite

Understanding and articulating risk appetite Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,

More information

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive

More information

Solutions and contact guide

Solutions and contact guide Financial Services Actuarial and Risk Services Solutions and contact guide pwc Introduction We help clients by developing a better understanding of the intersection of risk, reward, control and growth

More information

Internal Audit Practice Guide

Internal Audit Practice Guide Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional

More information

SAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance.

SAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. SAP Overview Brochure Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. Table of Contents 3) Build trust to achieve business results Introduction 4-5) Gain clarity from greater

More information

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory

More information

MAGENTA KEYLINE IS A CUTTER GUIDE, DO NOT PRINT. PLEASE SET TRAPPING THROUGHOUT

MAGENTA KEYLINE IS A CUTTER GUIDE, DO NOT PRINT. PLEASE SET TRAPPING THROUGHOUT Risk & Assurance Integrated software solution Managing risks and providing assurance that the process is working is a key requirement for any organisation, as is having an effective and efficient software

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

Process Control Optimisation with SAP

Process Control Optimisation with SAP Process Control Optimisation with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process.

More information

ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls

ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 defined Overview of service organisation control reports Service organisation

More information

Enterprise Security Architecture

Enterprise Security Architecture Enterprise Architecture -driven security April 2012 Agenda Facilities and safety information Introduction Overview of the problem Introducing security architecture The SABSA approach A worked example architecture

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

Financial Audit Scoping Tool Blueprint for Oracle GRC Applications

<Insert Picture Here> Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Implement Audit Standard 5 (AS5) scoping to streamline financial reporting compliance Agenda Financial Audit Scoping

More information

Aberdeen City Council IT Asset Management

Aberdeen City Council IT Asset Management Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

White paper: Information Management. Information is a strategic business asset are you managing it as such?

White paper: Information Management. Information is a strategic business asset are you managing it as such? White paper: Management Tieto 2013 is a strategic business asset are you managing it as such? White paper: Management Tieto 2013 Management the right decisions and actions at the right time based on correct

More information

OVERBERG DISTRICT MUNICIPALITY

OVERBERG DISTRICT MUNICIPALITY OVERBERG DISTRICT MUNICIPALITY ENTERPRISE RISK MANAGEMENT STRATEGY Contents 1. Introduction.2 2. Legislative mandate... 2 3. Background... 3 3.1 What is risk?... 3 3.2 Enterprise-wide Risk Management...

More information

An Introduction to Continuous Controls Monitoring

An Introduction to Continuous Controls Monitoring An Introduction to Continuous Controls Monitoring Reduce compliance costs, strengthen the control environment and lessen the risk of unintentional errors and fraud Richard Hunt, Managing Director Marc

More information

Access Governance. Delivering value. What you gain. Putting a project back on track for success

Access Governance. Delivering value. What you gain. Putting a project back on track for success What you gain Risk-managed access Having a second line of defence to identify what needs to be controlled and who owns it lowers your operational costs, while taking a risk-based approach ensures greater

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

Navigate the regulatory maze

Navigate the regulatory maze www.pwc.com.cy Navigate the regulatory maze Delivering Regulatory Compliance services to the Financial Services industry September 2014 As at July 2014 there were more than 40 licensed banking institutions

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

White Paper Governance, Risk Management and Compliance: Sustainability and Integration supported by Technology

White Paper Governance, Risk Management and Compliance: Sustainability and Integration supported by Technology White Paper Governance, Risk Management and Compliance: White Paper Governance, Risk Management and Compliance: Published by PricewaterhouseCoopers AG by: Christof Menzies Alan Martin Michael Koch Carsten

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have

More information

Data analytics Delivering intelligence in the moment

Data analytics Delivering intelligence in the moment www.pwc.co.uk Data analytics Delivering intelligence in the moment January 2014 Our point of view Extracting insight from an organisation s data and applying it to business decisions has long been a necessary

More information

Balance collections with retention for each customer. Decision Analytics for debt management in telecommunications

Balance collections with retention for each customer. Decision Analytics for debt management in telecommunications Balance collections with retention for each customer Decision Analytics for debt management in telecommunications Debt management for telecommunications The dynamic telecommunications market is seeing

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

Risk management systems of responsible entities

Risk management systems of responsible entities Attachment to CP 263: Draft regulatory guide REGULATORY GUIDE 000 Risk management systems of responsible entities July 2016 About this guide This guide is for Australian financial services (AFS) licensees

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Successfully identifying, assessing and managing risks for stakeholders

Successfully identifying, assessing and managing risks for stakeholders Introduction Names like Enron, Worldcom, Barings Bank and Menu Foods are household names but unfortunately as examples of what can go wrong. With these recent high profile business failures, people have

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

building a business case for governance, risk and compliance

building a business case for governance, risk and compliance building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building

More information

MANAGING DIGITAL CONTINUITY

MANAGING DIGITAL CONTINUITY MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance

More information

Project organisation and establishing a programme management office

Project organisation and establishing a programme management office PROJECT ADVISORY Project organisation and establishing a programme office Leadership Series 1 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of major capital

More information

Organisational Change Management. Fusing People, Process and Technology www.h3partners.co.uk

Organisational Change Management. Fusing People, Process and Technology www.h3partners.co.uk Organisational Change Management Fusing People, Process and Technology www.h3partners.co.uk 3 OUR CREDENTIALS At H3 Partners, our mission is to provide clients with improved systems and processes to meet

More information

Managing the Cost of Compliance in Pharmaceutical Operations 1

Managing the Cost of Compliance in Pharmaceutical Operations 1 Frances Bruttin and Dr. Doug Dean IBM Business Consulting Services Pharmaceutical Sector Aeschenplatz 2 CH-4002 Basel Switzerland +41-58-333-7687 (tel) +41-58-333-8117 (fax) Managing the Cost of Compliance

More information

Building a Strategic Internal Audit Function

Building a Strategic Internal Audit Function Internal Audit Building a Strategic Internal Audit Function Ten steps to a strategically focused internal audit function With the passage of internal control related rules and regulations in countries

More information

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES Level 37, 2 Lonsdale Street Melbourne 3000, Australia Telephone.+61 3 9302 1300 +61 1300 664 969 Facsimile +61 3 9302 1303 GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES ENERGY INDUSTRIES JANUARY

More information

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY 1. POLICY STATEMENT Having regard to AS/NZS ISO 31000 Risk Management, it shall be the Policy of SRW to manage risk to protect public safety, quality

More information

Managing global tax reporting challenges

Managing global tax reporting challenges Managing global tax reporting challenges tax & accounting Managing global tax reporting challenges there are many factors challenging the effective operation of today s modern corporate tax function. they

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Fortune 500 Medical Devices Company Addresses Unique Device Identification Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit

More information

Royal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information

Royal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information Royal Borough of Kensington and Chelsea Data Quality Framework ACE: A Framework for better quality data and performance information March 2010 CONTENTS FOREWORD 2 A CORPORATE FRAMEWORK FOR DATA QUALITY

More information

Auditing Standard 5- Effective and Efficient SOX Compliance

Auditing Standard 5- Effective and Efficient SOX Compliance Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the

More information

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework September 2011 Notice This document is intended as a reference tool to assist Ontario credit unions to develop an

More information

Reporting on Control Procedures at Outsourcing Entities

Reporting on Control Procedures at Outsourcing Entities Auditing Guidance Statement AGS 1042 (July 2002) Reporting on Control Procedures at Outsourcing Entities Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

Financial services. Julie Chaidron Manager Advisory & Consulting Deloitte. Elias Pankert Analyst Advisory & Consulting Deloitte

Financial services. Julie Chaidron Manager Advisory & Consulting Deloitte. Elias Pankert Analyst Advisory & Consulting Deloitte Banking and asset players are increasingly considering electronic data to be a strategic activity requiring operational efficiency Financial services Pascal Martino Directeur Advisory & Consulting Deloitte

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

PFMA 2011-12 The drivers of internal control: Audit committees and internal audit

PFMA 2011-12 The drivers of internal control: Audit committees and internal audit 1 PFMA The drivers of internal control: Audit committees and internal audit CONSOLIDATED GENERAL REPORT on NATIONAL and PROVINCIAL audit outcomes Our reputation promise/mission The Auditor-General of South

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Integrated performance management for sustained growth

Integrated performance management for sustained growth Integrated performance management for sustained growth Introduction This paper provides Deloitte s insights on Integrated Performance Management (IPM). Organisations that are considering improving, planning,

More information

COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY

COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY 1. INTRODUCTION The effective management of risk is central to the ongoing success and resilience of Coca-Cola Hellenic Bottling Company (CCHBC).

More information

Building a Strategic Internal Audit Function. A 10-Step Framework

Building a Strategic Internal Audit Function. A 10-Step Framework Building a Strategic Internal Audit Function A 10-Step Framework Ten steps to a strategically focused internal audit function With passage of the Sarbanes-Oxley Act and the push for exchange-listed companies

More information

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll Request for Proposal Supporting Document 3 of 4 Contract and Relationship December 2007 Table of Contents 1 Introduction 3 2 Governance 4 2.1 Education Governance Board 4 2.2 Education Capability Board

More information

Internal Audit Framework

Internal Audit Framework Internal Audit Framework Internal Audit Framework National Treasury Republic of South Africa March 2009 (2 nd Edition) The Internal Audit Framework is being provided as a service to the Public Service.

More information

Board oversight of risk: Defining risk appetite in plain English

Board oversight of risk: Defining risk appetite in plain English www.pwc.com/us/centerforboardgovernance Board oversight of risk: Defining risk appetite in plain English May 2014 Defining risk appetite in plain English Risk oversight continues to be top-of-mind for

More information

Principles for An. Effective Risk Appetite Framework

Principles for An. Effective Risk Appetite Framework Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective

More information

South Northamptonshire Council Contract Assurance: Leisure Contract

South Northamptonshire Council Contract Assurance: Leisure Contract South Northamptonshire Council Contract Assurance: Leisure Contract FINAL Internal Audit Report 2012/2013 January 2013 Contents 1. Executive summary 4 2. Background and scope 5 3. Detailed current year

More information

Report to Parliament No. 4 for 2011 Information systems governance and security. Financial and Assurance audit. Enhancing public sector accountability

Report to Parliament No. 4 for 2011 Information systems governance and security. Financial and Assurance audit. Enhancing public sector accountability Financial and Assurance audit Report to Parliament No. 4 for 2011 Information systems governance and security ISSN 1834-1128 Enhancing public sector accountability RTP No. 4 cover.indd 1 15/06/2011 3:19:31

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

Begin with the end in mind

Begin with the end in mind Begin with the end in mind Is your business vision driving your software purchases? Or is it the other way around? Organisations can be paying 25-35% too much for software, support and maintenance costs.

More information

The National Commission of Audit

The National Commission of Audit CA Technologies submission to The National Commission of Audit November, 2013 Kristen Bresch CA Technologies Executive Summary CA Technologies is pleased to present the National Commission of Audit the

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY 2014-15 April 2014 Page 1 of 17 CONTENTS 1. Introduction 2. What is risk management? 3. Risk Management Policy Statement 4. Risk Management process 5. Roles and responsibilities

More information

Good Practice Guide: audit strategy

Good Practice Guide: audit strategy Good Practice Guide: audit strategy July 2010 Good Practice Guide: audit strategy July 2010 Official versions of this document are printed on 100% recycled paper. When you have finished with it please

More information

How to gather and evaluate information

How to gather and evaluate information 09 May 2016 How to gather and evaluate information Chartered Institute of Internal Auditors Information is central to the role of an internal auditor. Gathering and evaluating information is the basic

More information

Allerdale Borough Council Internal Audit Charter

Allerdale Borough Council Internal Audit Charter Allerdale Borough Council Internal Audit Charter Appendix A Document prepared by Document reviewed by Document replaces Document approved by Document due for annual review Internal Audit Manager Date July

More information

Streamlining the Annual Risk Assessment Process

Streamlining the Annual Risk Assessment Process Streamlining the Annual Risk Assessment Process Presenter: Gregory Jordan, CPA, CIA, CRMA, FLMI Senior Vice President, Chief Audit Executive Nationwide Insurance Gregory Jordan, CPA, CIA, CRMA, FLMI Chief

More information

Shared Services Optimisation proposition

Shared Services Optimisation proposition Shared Services Optimisation proposition The concept of Shared Services started in the early 1990 s in the US, when large corporates were seeking a new, more cost efficient model for running back office

More information

Clarius Group Risk Management Policy and Framework

Clarius Group Risk Management Policy and Framework 1. Introduction Clarius Group Risk Management Policy and Framework 1.1 Definition Risk is the chance of something happening that will have an impact on objectives. Risk provides the opportunity (upside)

More information

Railway Management Maturity Model (RM 3 )

Railway Management Maturity Model (RM 3 ) Railway Management Maturity Model (RM 3 ) (Version 1.02) March 2011 Published by the Office of Rail Regulation 1 Contents Introduction... 1 Excellence in safety management systems... 3 Governance, policy

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

Managing Risk at Bank of America Corporation. Overview

Managing Risk at Bank of America Corporation. Overview Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,

More information

Planning, Budgeting and Forecasting

Planning, Budgeting and Forecasting MANAGEMENT CONSULTING Planning, Budgeting and Forecasting How is your planning process helping you identify and unlock value? kpmg.co.uk Key considerations How effective and efficient is your organisation

More information

Review of Risk Management and Insurance. Public Accounts Committee

Review of Risk Management and Insurance. Public Accounts Committee Review of Risk Management and Insurance Public Accounts Committee April 2012 Contents Executive Summary 1 Maturity Model 6 Understanding the Causes and the Way Forward 7 Risk Management Recommendations

More information

PROJECT MANAGEMENT SURVEY

PROJECT MANAGEMENT SURVEY INDUSTRY TRENDS PROJECT MANAGEMENT SURVEY JANUARY 2015 Introduction 2015 will continue to see organisations across all sectors facing one of the most competitive, challenging and changing corporate environments

More information

Performance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08

Performance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08 Performance Detailed Report May 2008 Review of Performance Management Audit 2007/08 External audit is an essential element in the process of accountability for public money and makes an important contribution

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Risk Management Strategy & Implementation Plan 2014 2016

Risk Management Strategy & Implementation Plan 2014 2016 St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received

More information

Framework: Supporting transformation of government financial

Framework: Supporting transformation of government financial Performance Improvement Framework: Supporting transformation of government financial management services: Background DECK for workshop attendees State Services Commission, Room 10.3, No 2 The Terrace,

More information

treasury risk management

treasury risk management Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners

More information

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality...

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality... Data Quality Policy Appendix A Updated August 2011 Contents 1. Why do we need a Data Quality Policy?... 2 2 Scope of this Policy... 2 3 Principles of data quality... 3 4 Applying the policy... 4 5. Roles

More information

MARKET CONDUCT ASSESSMENT REPORT

MARKET CONDUCT ASSESSMENT REPORT MARKET CONDUCT ASSESSMENT REPORT PART 1 STATUTORY ACCIDENT BENEFITS SCHEDULE (SABS) PART 2 RATE VERIFICATION PROCESS Phase 1 (2012) Financial Services Commission of Ontario (FSCO) Market Regulation Branch

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER INTERNAL AUDIT CHARTER Version Control Version No Author Date 1.1 Anna Wright Shared Services Senior Auditor September 2013 Contents 1 Introduction 1 2 Definitions 1 3 Purpose of Internal Audit 1 4 Scope

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

Project Governance a board responsibility. Corporate Governance Network

Project Governance a board responsibility. Corporate Governance Network Project Governance a board responsibility Corporate Governance Network November 2015 1 Contents Page Introduction 3 Board responsibilities 3 What is project governance? 4 The boards duties in respect of

More information

ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014

ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014 ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014 Dear Chairperson, I would like to thank you for the opportunity to provide management

More information

UK HR & Payroll Compliance in SAP

UK HR & Payroll Compliance in SAP UK HR & Payroll Compliance in SAP Business challenges Today s human resources and payroll departments are facing a compliance crunch. Continual legislative changes and new requirements are being introduced,

More information

RISK MANAGEMENT AND COMPLIANCE

RISK MANAGEMENT AND COMPLIANCE RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6

More information

Part A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

Part A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES... Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

Insights and Trends: Current Portfolio, Programme and Project Management Practices

Insights and Trends: Current Portfolio, Programme and Project Management Practices www.pwc.com Insights and Trends: Current Portfolio, Programme and Project Management Practices The third global survey on the current state of project management Contents Executive Summary... 3 Special

More information

Internal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014

Internal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014 Internal Audit Testing and Sampling Techniques Chartered Institute of Internal Auditors May 2014 Controls Testing Slide 1 Testing Priorities Risk B1 Risk A1 Risk B2 Risk A2 Risk C2 Risk C1 Controls testing

More information

Balance collections with retention for each customer. Decision Analytics for debt management in retail banking

Balance collections with retention for each customer. Decision Analytics for debt management in retail banking Balance collections with retention for each customer Decision Analytics for debt management in retail banking Debt management for retail banking In the highly competitive retail banking environment, banks

More information

The following criteria have been used to assess each of the options to ensure consistency and clarity:

The following criteria have been used to assess each of the options to ensure consistency and clarity: 4 Options appraisal 4.1 Overview We have appraised each of the options identified in section 3: Maintain the status quo Implement organisational change and service improvement Partner / collaborate with

More information

EMEA TMC client conference Using global tax management systems to improve visibility and enhance control. The Crystal, London 9-10 June 2015

EMEA TMC client conference Using global tax management systems to improve visibility and enhance control. The Crystal, London 9-10 June 2015 EMEA TMC client conference Using global tax management systems to improve visibility and enhance control The Crystal, London 9-10 June 2015 1 Agenda Managing global compliance and reporting Why are people

More information

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an

More information

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY Page 1 CONTENTS 1. Foreword by the Mayor... 3 2. Background... 4 2.1 Introduction... 4 2.2 Overall purpose of the Enterprise Risk Management

More information