The Big Assurance Picture

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The Big Assurance Picture"

Transcription

1 The Big Assurance Picture Stuart Wooldridge, Partner in Internal Audit Services at PwC, spoke at the joint ACCA/IIA networking forum on 25 October 2011 on The Big Assurance Picture. This is an overview of his talk. The two questions that all Heads of Audit ask are what s on everybody s audit plan and what s everybody doing with integrated assurance. What is it? A single organisation wide view of risk and control derived from assurance activity undertaken across the lines of defence. It is an opinion to the receivers of assurance on the adequacy of the governance risk and control environment. Why do we want it? Integrated Assurance has become a hot topic and indeed is the number one solution that organisations are looking to implement. Some of the drivers for this are: Business Drivers Increasing business complexity Increasing regulatory intervention and oversight in all industry sectors particularly in the financial services sector where the role of the regulator has changed and is continuing to change The need for a better view of the adequacy of governance risk and control is a key issue for the regulator Alongside that we ve seen the development of other assurance activities from non-internal audit parts of our businesses: Lines of defence SOX management assertions Increasing maturity of Enterprise Risk Management (ERM) - a mature risk management function will have some degree of assurance over the adequacy of control. It isn t one that just collates information and reports on the application of a framework. A mature risk management framework is one that undertakes some checking that controls that it is relying on in defining its net risk position are operating the way they expect them to. That can be self assessment or any form of checking but you would expect to see some sort of checking activity Management awareness of audit intervention The need for efficiency and cost saving Reveal the gaps Governance Drivers The need for an opinion on the adequacy of controls across the organisation. Audit Committees start the year by approving a plan of audit

2 activity at the end of the year they have a pile of audit reports and have to take that body of work and draw together the net impact of all that body of work to form their own opinion on the adequacy of the control and risk framework. They rarely have the opportunity to have somebody independent stand back from that pile of reports and help them draw together an opinion. With the increasing complexity of business and increasing regulatory intervention, Audit Committees need more help from audit functions to draw together an opinion and define that opinion Conflicting messages from Risk Management function and Internal Audit function for example, risk management functions producing green risk maps indicating that there are no problems and everything is within risk appetite but then the audit function does an audit and finds that half of the controls in that business unit are not operating the way that they are expected to and some are not even designed to achieve the objective they were trying to achieve. That conflict drives a greater degree of uncertainty for the Audit Committee around what the true story is. Integrated assurance is trying to overcome this by helping the Audit Committee understand what each function is trying to provide in terms of assurance Capital Adequacy based regulation in Financial Services such as Insolvency II. The last 10 years has seen a quantum change in the way that risk affects organisations. Risks have changed in terms of the contagion that they have across organisations. The best example of this at the moment is BP. BP had a very unfortunate and very significant operational failure on a platform something that we have all seen in the news. When you stand back from BP now and look at the impact which that operational failure had it led to regulatory scrutiny, it led to the US Government becoming significantly involved in the business of BP, and it ended up having liquidity and financial impacts on the organisation way and above examples of the same sort of impact that has been seen in the past. If you compare the contagion of that initial risk and impact to BP against something like Exxon Valdez that was 22 years ago a similar sort of operational failure in many ways the speed of contagion and the level of contagion of those two incidents were very different. We are now seeing risks spread far more rapidly across organisations and impact different types of risk categories. That is one of the key drivers for the increasing focus on risk management and for the stepping up of the whole activity of risk. The balance of power has swung from the 3 rd line of defence into the 2 nd line of defence so the challenge to internal auditors is to consider whether they have kept pace with what it is that organisations expect of them and expect from a 3 rd line of defence. Internal Audit has not kept pace with the level of assurance across the organisation that Audit Committees desire, demand and expect - and this is

3 why Audit Committees are looking to other sources of assurance from the organisation and calling for Integrated Assurance. For organisations where compliance with the IIA standards is important, the IIA standards put assurance as the remit of Internal Audit the 3 rd line of defence. That is the key to who has responsibility for providing that opinion on the adequacy of the governance risk and control environment to the Audit Committee and to the organisation and the Board. Integrated Assurance is Internal Audit s opportunity to reclaim the leadership on the provision of assurance in the corporate world. This may have slipped into the 2 nd line of defence but now is the time and this is the topic that allows us to take a little more leadership and a little bit more control of assurance for our organisations. So what is the role of Internal Audit? The role of Internal Audit is to deliver assurance to the Audit Committee to facilitate their evaluation of the adequacy of the Internal Control Framework. Commenting and opining on that Control Framework will involve providing some view on the control activities of the 1 st line of defence how management manage risk and the control monitoring and risk activities of the 2 nd line of defence including their checking activity where they do some. However Internal Audit s key challenge comes back to taking the body of work that they undertake, and taking the body of work that is done by other assurance activities and building that into a framework such that they can provide that overarching opinion on governance risk and control. Integrated Assurance is it inevitable? The journey to Integrated Assurance: Assurance Mapping or Combined Assurance is the starting point of the journey but the challenge for internal audit is actually helping their organisations get to integrated assurance.

4 Assurance Mapping What is it? A visual representation of the assurance provided across the organisation Covering all (or key) risks / processes Identifying all assurance providers Indicating the extent and effectiveness of assurance provided A stock take of what assurance the organisation is getting, where it is located, and how good it is. Good assurance mapping does not just relate to business process and control activity it also identifies where non-business processbased assurance is also being received. eg. Health & safety audits, quality control reviews, etc Why do it? Provides an overview to the Audit Committee, assurance providers and operational management of: The assurance activity that is being undertaken across the organisation (quantum not quality) Gaps in that assurance (risks and controls not covered) that need to be either filled or accepted Overlaps in assurance; where efficiency gains can be made The map can also be used to adjust the Internal Audit programme to review, where appropriate, assurance providers rather than controls the start of the journey towards Integrated Assurance. Example Assurance Map Continuum: Over-arching requirements Balance conflicting needs for detail and simplicity / sustainability Document the collation process to facilitate review and re-performance Perform a thorough assessment first time to ensure efficiency

5 Example Assurance Map Integrated Assurance What is it? A single organisation wide view of risk and control derived from assurance activity undertaken across the lines of defence. But there are some key questions. Which Stakeholder body is the assurance for? Different stakeholder bodies have different definitions of what assurance is. Management s definition of what assurance is will differ from the definition that the Audit Committee holds and a project board would have a different definition from both of them. A Head of Internal Audit driving integrated assurance will therefore need to work with each Stakeholder body to define what assurance means to them and how much confidence they want from that assurance. One of the biggest challenges for internal audit methodology is the way in which they manage the level of confidence they provide around their outputs. If you are going to do integrated assurance properly, firstly you need a definition of what assurance is and secondly, you need to be able to manage your assurance activities around a level of confidence that you need to satisfy the Stakeholder body that you are reporting to. That will be important in terms of the way in which you evaluate assurance activities from other lines of defence. Understanding the sources of Assurance Most people are familiar with the three lines of defence model: Ist line management control and reporting 2 nd line functional oversight/governance 3 rd line independent review/oversight

6 1 st & 2 nd line are management action whilst the 3 rd line is independent monitoring. There are different levels of assurance resulting from the different lines of defence. The assurance scale is from low assurance at the 1 st line (self assessment, sporadic) to high assurance at the 3 rd (high degree of independence, timely systematic and regular, technical expertise). 1 st line features of assurance activity: Tends to be quality based (how good are things) or more likely performance based (how are we doing against budget). When we are looking at activity that supports integrated assurance, 1 st line of defence assurance activity is rarely evidence based and is rarely risk and control specific. Using activity out of the 1 st line of defence is therefore a challenge. 2 nd line features of assurance activity: There are similar challenges with using activity out of the 2 nd line of defence. Activity is quite often metric or performance based and frequently focused on regulatory rules rather than Shareholder value protection business process controls. And it is compliance with policy based did you do what you were tolds to do? Judgements on controls are often supported by self-assessment processes. 3 rd line features of assurance activity: Activity is independent, evidence based and confidence comes from sample based activity. What is assurance? The first activity in moving towards integrated assurance is to get your organisation to agree upon a definition of assurance. Some definitions include: Objective examination of evidence for the purpose of providing an independent assessment on risk management, control, and governance processes for the organisation. Source: Institute of Internal Auditors Confidence, based on sufficient evidence, that objectives are being achieved, risks are being identified and appropriately managed and that internal controls are in place and operating effectively. Source: Institute of Internal Auditors For assurance to be provided there needs to be a subject matter and criteria against which the subject matter can be evaluated or measured to provide an opinion. Source: ISAE 3000 This last definition tends to work the best for many organisations.

7 The Integrated Assurance Framework Blending Assurance Activity When you are trying to blend assurance activities - which is what you ll get to when you have evaluated your assurance activities - the first step is confidence. Define the nature and level of assurance required if you cannot define that from the activity then it is hard to define the level of confidence that you need from it. Try and define what type of activity it is supporting is it testing operating effectiveness or is it looking at the design of controls. Then you need to test the way in which the activity is undertaken - assess the activity against the Assurance Framework - and contemplate the nature of gaps and other sources of assurance. If you are able to use that sort of evaluation technique on a piece of assurance activity, then upon completion you should have a good view of where you are getting your compliance assurance from, where you are getting your control assurance from and where you are getting your risk management assurance from. Who manages the delivery of integrated assurance? The IIA has defined this for us - the natural home for assurance is the 3 rd Line of defence. But the question for me is - is Integrated Assurance the answer to the delivery of an audit opinion? My view would be that it is an extremely good step towards it it doesn t necessarily take away the challenge of providing an overall opinion but our Audit Committees think that this is part of the journey. So integrated assurance is probably part of the answer for internal

8 audit functions providing an overall opinion on the adequacy of governance risk and control. What does the future hold around assurance? PwC did some work 12 months ago looking at Key Control Indicators (KCI). We worked with some insurance companies looking at how they could use performance-based transaction information to demonstrate the operation of a control. The output of that work was quite interesting in terms of allowing an organisation to use the performance data that it has around transactions going through systems to help evidence the operation of control. When I think about what the future might look like and what world class integrated assurance might look like, I think there is a challenge for us that a lot of it needs to be automated in one way or another and I expect that we are going to see organisations looking for ways to identify features of transactions that enable them to demonstrate that controls have operated. So 1 st and 2 nd line of defence assurance activity will potentially be automated. In summary, the future around assurance could see: The identification of Key Control Indicators (KCI) across all business risks Ongoing monitoring of KCIs automated data collection and threshold based reporting A greater focus on the adequacy of risk management and risk identification Dynamic risk monitoring how are risks and risk drivers moving. Recap The further development of Integrated Assurance is inevitable. It is inevitable because our Audit Committees are struggling to put together their opinions on the adequacy of the control environment and they are looking towards integrated assurance to help them do that. This is Internal Audit s opportunity to take back the lead on who provides assurance in our organisations, to rebalance the provision of assurance across the 3 lines of defence, and to use integrated assurance frameworks as a toolkit to help us help our Audit Committees understand the output from the body of work that we generate.

Internal Audit and supervisory expectations building on progress

Internal Audit and supervisory expectations building on progress 1 Internal Audit and supervisory expectations building on progress Speech given by Sasha Mills, Director, Cross Cutting Policy, Bank of England Ernst & Young, London 3 February 2016 2 Introductions Hello,

More information

Test your talent How does your approach to talent strategy measure up?

Test your talent How does your approach to talent strategy measure up? 1 Test your talent How does your approach to talent strategy measure up? Talent strategy or struggle? Each year at Head Heart + Brain we carry out research projects to help understand best practice in

More information

Audit, Risk Management and Compliance Committee Charter

Audit, Risk Management and Compliance Committee Charter Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition

More information

Audit Committee self-assessment

Audit Committee self-assessment Audit Committee Institute Sponsored by KPMG Audit Committee self-assessment The results of the self assessment and any action plans should be reported to the board after discussion with the chairman of

More information

UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply

UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply www.pwc.co.uk/riskassurance UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply September 2014 The FRC s amendments to the

More information

How to gather and evaluate information

How to gather and evaluate information 09 May 2016 How to gather and evaluate information Chartered Institute of Internal Auditors Information is central to the role of an internal auditor. Gathering and evaluating information is the basic

More information

Audit Committee Institute Assessment of audit committees

Audit Committee Institute Assessment of audit committees Audit Committee Institute Assessment of audit committees KPMG s AUDIT COMMITTEE INSTITUTE In addition to reviewing its terms of reference, audit committee members should also review the effectiveness of

More information

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT 1 Scope of Internal Audit 1.1 Terms of Reference 1.1.1 Do terms of reference: (a) establish the responsibilities and objectives

More information

Security Management. Security is taken for granted until something goes wrong.

Security Management. Security is taken for granted until something goes wrong. Security Management Security Management Security is taken for granted until something goes wrong. Concerns about security have existed for as long as has mankind. The most obvious manifestation of this

More information

External Audit BV Performance Report: Delivering Change Management and Financial Sustainability

External Audit BV Performance Report: Delivering Change Management and Financial Sustainability CLACKMANNANSHIRE COUNCIL THIS PAPER RELATES TO ITEM 05 ON THE AGENDA Report to: Resources and Audit Committee Date of Meeting: 24 September 2015 Subject: External Audit BV Performance Report: Delivering

More information

Participants Manual Video Seven The OSCAR Coaching Model

Participants Manual Video Seven The OSCAR Coaching Model Coaching Skills for Managers Online Training Programme Part One Fundamentals of Coaching Participants Manual Video Seven The OSCAR Coaching Model Developed by Phone: 01600 715517 Email: info@worthconsulting.co.uk

More information

Sample interview question list

Sample interview question list Sample interview question list Category A Introductory questions 1. Tell me about yourself. 2. Why would you like to work for this organisation? 3. So what attracts you to this particular opportunity?

More information

the role of the head of internal audit in public service organisations 2010

the role of the head of internal audit in public service organisations 2010 the role of the head of internal audit in public service organisations 2010 CIPFA Statement on the role of the Head of Internal Audit in public service organisations The Head of Internal Audit in a public

More information

ISO 9001:2015 Your implementation guide

ISO 9001:2015 Your implementation guide ISO 9001:2015 Your implementation guide ISO 9001 is the world s most popular management system standard Updated in 2015 to make sure it reflects the needs of modern-day business, ISO 9001 is the world

More information

Guidance for audit committees. The internal audit function

Guidance for audit committees. The internal audit function Guidance for audit committees The internal audit function March 2004 The Combined Code on Corporate Governance July 2003 C.3 Audit Committee and Auditors Main Principle: The board should establish formal

More information

Developing an effective internal audit plan profiling our experiences 10 December 2015

Developing an effective internal audit plan profiling our experiences 10 December 2015 Developing an effective internal audit plan profiling our experiences 10 December 2015 David Simpson, Head of Internal Audit, Ageas UK Michel Schurer, Ex Director Internal Audit EMEA AP, Crawford & Co

More information

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand Integration of Risk Management and Internal Audit Chartered Institute of Management Accountants, New Zealand Contents Understanding the three lines of defense governance model What is Risk? Risk Management

More information

Developing a Project. Management System. Using Project Agency Template. Approach. - the Process and the Benefits

Developing a Project. Management System. Using Project Agency Template. Approach. - the Process and the Benefits Developing a Project Management System Using Project Agency Template Approach - the Process and the Benefits Project Agency June 2008 Developing your own Project Management System. Project Agency has worked

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

INVESTING IN REFORM INVESTING IN STOCKPORT DRAFT BUSINESS CASE

INVESTING IN REFORM INVESTING IN STOCKPORT DRAFT BUSINESS CASE INVESTING IN STOCKPORT DRAFT BUSINESS CASE INVESTING IN REFORM IIS Programme/Project Name: Project Name: Portfolio: IIS Outcome: IIS Board SRO: IIS Project Lead: Public Realm and Solutions SK Communities

More information

Appendix 1: Performance Management Guidance

Appendix 1: Performance Management Guidance Appendix 1: Performance Management Guidance The approach to Performance Management as outlined in the Strategy is to be rolled out principally by Heads of Service as part of mainstream service management.

More information

Must have law firm experience. Where are the new ideas coming from?

Must have law firm experience. Where are the new ideas coming from? Must have law firm experience. Where are the new ideas coming from? Same old same old. Must have previous law firm experience. This has to be the most common phrase to appear on job descriptions for marketing

More information

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report A&CS Assurance Review Accounting Policy Division Rule Making Participation in Standard Setting Report April 2010 Table of Contents Background... 1 Engagement Objectives, Scope and Approach... 1 Overall

More information

Key functions in the system of governance Responsibilities, interfaces and outsourcing under Solvency II

Key functions in the system of governance Responsibilities, interfaces and outsourcing under Solvency II Responsibilities, interfaces and outsourcing under Solvency II Author Lars Moormann Contact solvency solutions@munichre.com January 2013 2013 Münchener Rückversicherungs Gesellschaft Königinstrasse 107,

More information

Transforming risk management into a competitive advantage kpmg.com

Transforming risk management into a competitive advantage kpmg.com INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the

More information

STAGE 6 MONITORING AND EVALUATING CHILD PROTECTION POLICIES AND PROCEDURES

STAGE 6 MONITORING AND EVALUATING CHILD PROTECTION POLICIES AND PROCEDURES STAGE MONITORING AND EVALUATING CHILD PROTECTION POLICIES AND PROCEDURES Overview In stages - we have learnt how to introduce, develop and implement child protection policies and procedures and to confront

More information

Technology and Cyber Resilience Benchmarking Report 2012. December 2013

Technology and Cyber Resilience Benchmarking Report 2012. December 2013 Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities

More information

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012.

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012. CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value May 2012 May 2012 1 1. Introduction 1.1. Purpose of the paper In this discussion paper

More information

Top Ten Issues facing Internal Auditing in the Future

Top Ten Issues facing Internal Auditing in the Future Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1

More information

Virtual Programme for HR Business Partners

Virtual Programme for HR Business Partners Virtual Programme for HR Business Partners Why virtual? Many of our clients want to attend HR Business Partner workshops but are based across the country or have global Business Partner teams. So we created

More information

Getting Started with Enterprise Risk Management

Getting Started with Enterprise Risk Management Getting Started with Enterprise Risk Management Session 2: GPGFOA Fall Conference Friday 05 October 2012 Andrew Bent Integrated Risk Management Branch Edmonton Police Service Overview What is ERM and why

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Learning Together from Practice Multi-Agency Audit Overview Report

Learning Together from Practice Multi-Agency Audit Overview Report Learning Together from Practice Multi-Agency Audit Overview Report April 2013 1 Contents Page number Introduction 3 Terms of Reference 4 Methodology 5 Section 1 - Learning about process 7 Section 2 - Learning

More information

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

Hertsmere Borough Council. Data Quality Strategy. December 2009 1

Hertsmere Borough Council. Data Quality Strategy. December 2009 1 Hertsmere Borough Council Data Quality Strategy December 2009 1 INTRODUCTION Public services need reliable, accurate and timely information with which to manage services, inform users and account for performance.

More information

IMPLEMENTING BUSINESS CONTINUITY MANAGEMENT IN A DISTRIBUTED ORGANISATION: A CASE STUDY

IMPLEMENTING BUSINESS CONTINUITY MANAGEMENT IN A DISTRIBUTED ORGANISATION: A CASE STUDY IMPLEMENTING BUSINESS CONTINUITY MANAGEMENT IN A DISTRIBUTED ORGANISATION: A CASE STUDY AUTHORS: Patrick Roberts (left) and Mike Stephens (right). Patrick Roberts: Following early experience in the British

More information

Management Information & KPIs: How and why to use information effectively in the Financial Services sector. Research White Paper

Management Information & KPIs: How and why to use information effectively in the Financial Services sector. Research White Paper Management Information & KPIs: How and why to use information effectively in the Financial Services sector Research White Paper Index 1 3 4 5 6 7 8 9 10 Introduction The commercial importance of Management

More information

CHAPTER 3 - CUSTOMER RELATIONSHIP MANAGEMENT (CRM)

CHAPTER 3 - CUSTOMER RELATIONSHIP MANAGEMENT (CRM) CHAPTER 3 - CUSTOMER RELATIONSHIP MANAGEMENT (CRM) 3.1 INTRODUCTION The most important purpose of any service orientated organisation is to retain customers. It is critical for any organization to keep

More information

The Consultants Guide to. Successfully Implementing 5S

The Consultants Guide to. Successfully Implementing 5S The Consultants Guide to Successfully Implementing 5S Norm Bain NBI Email: nb@leanjourney.ca January 2010 Preface When I was first introduced to the 5S system, I thought this is pretty lame. What a convoluted

More information

Change Management Office Benefits and Structure

Change Management Office Benefits and Structure Change Management Office Benefits and Structure Author Melanie Franklin Director Agile Change Management Limited Contents Introduction 3 The Purpose of a Change Management Office 3 The Authority of a Change

More information

Towards Excellence in Adult Social Care. Statement of purpose. Sector-led improvement

Towards Excellence in Adult Social Care. Statement of purpose. Sector-led improvement Towards Excellence in Adult Social Care Statement of purpose Sector-led improvement The Towards Excellence in Adult Social Care (TEASC) programme brings together partners at a local, regional and national

More information

VOCATIONAL EDUCATION & TRAINING ASSESSMENT VALIDATION GUIDELINES

VOCATIONAL EDUCATION & TRAINING ASSESSMENT VALIDATION GUIDELINES VOCATIONAL EDUCATION & TRAINING ASSESSMENT VALIDATION GUIDELINES CONTENTS Rationale... 3 Why Is An Assessment Validation Policy Necessary?... 4 What Does Assessment Validation Involve?... 4 Examples of

More information

Coaching the team at Work

Coaching the team at Work Coaching the team at Work Introduction While a great deal has been written about coaching individuals, there has been relatively little investigation of coaching teams at work. Yet in discussions with

More information

V1.0 - Eurojuris ISO 9001:2008 Certified

V1.0 - Eurojuris ISO 9001:2008 Certified Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation

More information

Risk & Assurance. Tailored to your needs. Internal audit solutions

Risk & Assurance. Tailored to your needs. Internal audit solutions Risk & Assurance Tailored to your needs Internal audit solutions Internal audit solutions The need for internal audit has never been as urgent as it is today. Unmanaged risks can literally cause the demise

More information

Social media governance

Social media governance www.pwchk.com Social media governance Harnessing your social media opportunity Social media allows organisations to engage with people directly, express their corporate personality and gain insight into

More information

BBC Learning English Talk about English Business Language To Go Part 2 - Induction

BBC Learning English Talk about English Business Language To Go Part 2 - Induction BBC Learning English Business Language To Go Part 2 - Induction This programme was first broadcast in 2001. This is not a word for word transcript of the programme Forget about struggling with dictionaries

More information

Final Draft Guidance on Audit Committees

Final Draft Guidance on Audit Committees Guidance Corporate Governance April 2016 Final Draft Guidance on Audit Committees The FRC is responsible for promoting high quality corporate governance and reporting to foster investment. We set the UK

More information

treasury risk management

treasury risk management Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners

More information

Workshop materials Completed templates and forms

Workshop materials Completed templates and forms Workshop materials Completed templates and forms Contents The forms and templates attached are examples of how a nurse or midwife may record how they meet the requirements of revalidation. Mandatory forms

More information

Visual design and UX services for cloud based applications, services and sites

Visual design and UX services for cloud based applications, services and sites G- Cloud service Visual design and UX services for cloud based applications, services and sites 2013 Page 1 Table of contents 1. About us... 3 2. Overview of G- Cloud Service... 3 If it looks good, you

More information

Framework for Enterprise Risk Management

Framework for Enterprise Risk Management Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach

More information

INTERNAL AUDIT FRAMEWORK

INTERNAL AUDIT FRAMEWORK INTERNAL AUDIT FRAMEWORK April 2007 Contents 1. Introduction... 3 2. Internal Audit Definition... 4 3. Structure... 5 3.1. Roles, Responsibilities and Accountabilities... 5 3.2. Authority... 11 3.3. Composition...

More information

Quality Thinking in other Industries. Dominic Parry Inspired Pharma Training. WEB www.inspiredpharma.com GMP BLOG inspiredpharmablog.

Quality Thinking in other Industries. Dominic Parry Inspired Pharma Training. WEB www.inspiredpharma.com GMP BLOG inspiredpharmablog. Quality Thinking in other Industries Dominic Parry Inspired Pharma Training WEB www.inspiredpharma.com GMP BLOG inspiredpharmablog.com Welcome The traditional focus on quality Quality in the eyes of GMP

More information

IT strategy. What is an IT strategy? 3. Why do you need an IT strategy? 5. How do you write an IT strategy? 6. Conclusion 12. Further information 13

IT strategy. What is an IT strategy? 3. Why do you need an IT strategy? 5. How do you write an IT strategy? 6. Conclusion 12. Further information 13 IT strategy made simple What is an IT strategy? 3 Why do you need an IT strategy? 5 How do you write an IT strategy? 6 step 1 Planning and preparation 7 step 2 Understanding your organisation s IT needs

More information

From ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca

From ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca From ICAAP/ORSA to ERM: Board and Senior Management Oversight Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca Agenda Basel II ICAAP Solvency II ORSA ERM From ICAAP/ORSA to ERM: Governance

More information

Role Description Metro Operations, Data Analyst

Role Description Metro Operations, Data Analyst Role Description Metro Operations, Data Analyst Cluster Agency Division/Branch/Unit Location Transport Transport for NSW Infrastructure & Services / Service Delivery & Performance / Metro Service Delivery

More information

Effective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk

Effective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk Consultation document Effective Internal Audit in the Financial A survey of heads of internal audit Services Sector Non Executive Directors (NEDs) and the Management of Risk Draft recommendations to the

More information

Post-accreditation monitoring report: The Chartered Institute of Personnel and Development. June 2007 QCA/07/3407

Post-accreditation monitoring report: The Chartered Institute of Personnel and Development. June 2007 QCA/07/3407 Post-accreditation monitoring report: The Chartered Institute of Personnel and Development June 2007 QCA/07/3407 Contents Executive summary... 4 Accreditation conditions... 4 Observations... 5 Introduction...

More information

Building a framework for operational risk management: the FSA s observations

Building a framework for operational risk management: the FSA s observations Policy Statement Financial Services Authority Building a framework for operational risk management: the FSA s observations Feedback on industry practice as we prepare to implement CP142 July 2003 Contents

More information

SEPT EVIDENCE PRODUCT CHECKLIST For ISO Standard 9004:2009 Managing for the sustained success of an organization A quality management approach

SEPT EVIDENCE PRODUCT CHECKLIST For ISO Standard 9004:2009 Managing for the sustained success of an organization A quality management approach SEPT EVIDENCE PRODUCT CHECKLIST For ISO Standard 9004:2009 Managing for the sustained success of an organization A quality management approach 2009 Version ISBN 978-0-9819522-6-0 ISBN 0-9819522-6-7 11/10/2010

More information

A Changing Commission: How it affects you - Issue 1

A Changing Commission: How it affects you - Issue 1 A Changing Commission: How it affects you - Issue 1 Contents Overview... 3 Change Programme... 4 Introduction... 4 Reviewing how we regulate and engage... 4 What are the key changes... 5 What does it mean

More information

Families First: Approach & Development Plan September 2013

Families First: Approach & Development Plan September 2013 Annexe 2 Families First: Approach & Development Plan September 2013 Background Harrow Council signed up to the government s Troubled Families initiative on 30 April 2012. The council has committed to work

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE

More information

Social Return on Investment

Social Return on Investment Social Return on Investment Valuing what you do Guidance on understanding and completing the Social Return on Investment toolkit for your organisation 60838 SROI v2.indd 1 07/03/2013 16:50 60838 SROI v2.indd

More information

Audit and risk assurance committee handbook

Audit and risk assurance committee handbook Audit and risk assurance committee handbook March 2016 Audit and risk assurance committee handbook March 2016 Crown copyright 2016 This publication is licensed under the terms of the Open Government Licence

More information

Terms of Reference - Board Risk Committee

Terms of Reference - Board Risk Committee Terms of Reference - Board Risk Committee The Board Risk Committee is authorised by the Board to oversee the Group s risk management arrangements. It ensures that the overarching risk appetite is appropriate

More information

The Compliance Universe

The Compliance Universe The Compliance Universe Principle 6.1 The board should ensure that the company complies with applicable laws and considers adherence to non-binding rules, codes and standards This practice note is intended

More information

Business-critical Insurance

Business-critical Insurance Business-critical Insurance Identifying those insurances that support the business and its strategy Guide 2015 Contents Introduction... 4 Categories of insurance... 5 Determining which insurance covers

More information

Information Security Governance:

Information Security Governance: Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens

More information

Ealing, Hammersmith and West London College

Ealing, Hammersmith and West London College FURTHER EDUCATION COMMISSIONER ASSESSMENT SUMMARY Ealing, Hammersmith and West London College JANUARY 2016 Contents Assessment... 3 Background... 3 Assessment Methodology... 3 The Role, Composition and

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards. Aurora Energy Risk Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 0 19/11/98 Risk Management Policy Prepared by: Manager Internal Audit 1 March 2007 Risk Management Policy

More information

Manage Compliance with External Requirements

Manage Compliance with External Requirements Manage Compliance with External Requirements Description IT is subject to requirements that are highly complex and constantly changing. The school jurisdiction s senior leadership is ultimately accountable

More information

2.2 Reviewing the company s internal financial controls and the company s internal control and risk management systems;

2.2 Reviewing the company s internal financial controls and the company s internal control and risk management systems; Beazley plc Audit and Terms of reference Approved by board resolution dated 23 July 2015 1. Objectives To assist the board of directors in fulfilling its oversight responsibilities for the financial reporting

More information

Quality Manual ISO 9001:2015 Quality Management System

Quality Manual ISO 9001:2015 Quality Management System Quality management input comprises the standard requirements from ISO 9001:2015 which are deployed by our organization to achieve customer satisfaction through process control. Quality Manual ISO 9001:2015

More information

a guide to producing your video

a guide to producing your video a guide to producing your video 2016 edition 01:01 01:02 01:03 01:04 01:05 01:06 01:07 01:08 Thinking about video? I m delighted that you are thinking about having a video professionally produced. A well

More information

Organisational Change Management

Organisational Change Management Organisational Change Management The only thing that is constant is change in your business, your market, your competitors, and your technology. Remaining competitive and responsive to your customers and

More information

Infra -News Global PPP/ Infrastructure Yearbook 2005

Infra -News Global PPP/ Infrastructure Yearbook 2005 Global PPP/ Infrastructure Yearbook 2005 Global PPP/ Infrastructure Yearbook 2005 Developing Public Private Partnerships in New Europe Charles Lloyd, Partner and Adrian Howcroft, Assistant Director, PricewaterhouseCoopers

More information

ISO 14001:2015 How your ISO 14001 audit will be different. Whitepaper

ISO 14001:2015 How your ISO 14001 audit will be different. Whitepaper ISO 14001:2015 How your ISO 14001 audit will be different Whitepaper Introduction The new revision of ISO 14001 introduces some key changes which could impact how your environmental management system (EMS)

More information

Solvency II Data audit report guidance. March 2012

Solvency II Data audit report guidance. March 2012 Solvency II Data audit report guidance March 2012 Contents Page Introduction Purpose of the Data Audit Report 3 Report Format and Submission 3 Ownership and Independence 4 Scope and Content Scope of the

More information

Audit Committee Self-Assessement

Audit Committee Self-Assessement Audit Committee Institute Sponsored by KPMG Audit Committee Self-Assessement It is intended that each audit committee member will complete this self-assessment questionnaire independently. The audit committee

More information

How quality assurance reviews can strengthen the strategic value of internal auditing*

How quality assurance reviews can strengthen the strategic value of internal auditing* How quality assurance reviews can strengthen the strategic value of internal auditing* PwC Advisory Internal Audit Table of Contents Situation Pg. 02 In response to an increased focus on effective governance,

More information

The ILM Level 3 Diploma Programme in Leadership & Management consists of the following units, ILM credit values and guided learning hours.

The ILM Level 3 Diploma Programme in Leadership & Management consists of the following units, ILM credit values and guided learning hours. The ILM Level 3 Diploma programme is to give new or potential first line managers the foundation for their formal development in this role. In addition it provides the student with a solid foundation which

More information

Point of View. Planning for success after a merger or acquisition. Danny A Davis, Programme Director, Mergers & Acquisitions

Point of View. Planning for success after a merger or acquisition. Danny A Davis, Programme Director, Mergers & Acquisitions Point of View Planning for success after a merger or acquisition Danny A Davis, Programme Director, Mergers & Acquisitions Without understanding the motive behind the deal, a clear link to postdeal activity

More information

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have

More information

Project Risk Analysis toolkit

Project Risk Analysis toolkit Risk Analysis toolkit MMU has a corporate Risk Management framework that describes the standard for risk management within the university. However projects are different from business as usual activities,

More information

P3M3 Portfolio Management Self-Assessment

P3M3 Portfolio Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction

More information

Newman Students Union. Recruitment Pack. Development Manager. October 2015

Newman Students Union. Recruitment Pack. Development Manager. October 2015 Newman Students Union Recruitment Pack Development Manager October 2015 Welcome to Newman SU! Newman SU is a very special students union. We ve the very best attributes of a small and specialist students

More information

Business Solutions Manager Self and contribution to Team. Information Services

Business Solutions Manager Self and contribution to Team. Information Services POSITION DESCRIPTION Position Title: Responsible To: Responsible For Agile Test Analyst Business Solutions Manager Self and contribution to Team Position Purpose: The Agile Test Analyst is responsible

More information

(Article 131(2) of the Financial Rules of the Innovative Medicines Initiative Joint Undertaking)

(Article 131(2) of the Financial Rules of the Innovative Medicines Initiative Joint Undertaking) Annual report of the Executive Director to the Discharge on measures taken in the light of the Discharge s recommendations of 2012 in respect of the implementation of the budget of 2010 (Article 131(2)

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company)

Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company) Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company) ACN 145 989 644 Committee Charter 1 MEMBERSHIP OF THE COMMITTEE The Committee must consist of: only non-executive

More information

Defining and Assessing Regulatory Excellence

Defining and Assessing Regulatory Excellence Defining and Assessing Regulatory Excellence Cary Coglianese University of Pennsylvania Law School Discussion Paper for the Penn Program on Regulation s International Expert Dialogue on Defining and Measuring

More information

Key Steps to a Management Skills Audit

Key Steps to a Management Skills Audit Key Steps to a Management Skills Audit COPYRIGHT NOTICE PPA Consulting Pty Ltd (ACN 079 090 547) 2005-2013 You may only use this document for your own personal use or the internal use of your employer.

More information

Performance Management Rating Scales

Performance Management Rating Scales Performance Management Rating Scales When looking at Performance Management, a 5 point rating scale is the most common. A CIPD report suggests that: 47% of companies use 5 point scale 28% of companies

More information

Cyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM

Cyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM IIA South Event 16 th June 2015 Cyber, Social Media and IT Risks 1 st and 2 nd Line Perspective David Canham (BA) Hons, MIRM Agenda This evening we ll cover the following: Who, why and what? Traditional

More information