The Big Assurance Picture
|
|
- Barbara Rosaline Matthews
- 7 years ago
- Views:
Transcription
1 The Big Assurance Picture Stuart Wooldridge, Partner in Internal Audit Services at PwC, spoke at the joint ACCA/IIA networking forum on 25 October 2011 on The Big Assurance Picture. This is an overview of his talk. The two questions that all Heads of Audit ask are what s on everybody s audit plan and what s everybody doing with integrated assurance. What is it? A single organisation wide view of risk and control derived from assurance activity undertaken across the lines of defence. It is an opinion to the receivers of assurance on the adequacy of the governance risk and control environment. Why do we want it? Integrated Assurance has become a hot topic and indeed is the number one solution that organisations are looking to implement. Some of the drivers for this are: Business Drivers Increasing business complexity Increasing regulatory intervention and oversight in all industry sectors particularly in the financial services sector where the role of the regulator has changed and is continuing to change The need for a better view of the adequacy of governance risk and control is a key issue for the regulator Alongside that we ve seen the development of other assurance activities from non-internal audit parts of our businesses: Lines of defence SOX management assertions Increasing maturity of Enterprise Risk Management (ERM) - a mature risk management function will have some degree of assurance over the adequacy of control. It isn t one that just collates information and reports on the application of a framework. A mature risk management framework is one that undertakes some checking that controls that it is relying on in defining its net risk position are operating the way they expect them to. That can be self assessment or any form of checking but you would expect to see some sort of checking activity Management awareness of audit intervention The need for efficiency and cost saving Reveal the gaps Governance Drivers The need for an opinion on the adequacy of controls across the organisation. Audit Committees start the year by approving a plan of audit
2 activity at the end of the year they have a pile of audit reports and have to take that body of work and draw together the net impact of all that body of work to form their own opinion on the adequacy of the control and risk framework. They rarely have the opportunity to have somebody independent stand back from that pile of reports and help them draw together an opinion. With the increasing complexity of business and increasing regulatory intervention, Audit Committees need more help from audit functions to draw together an opinion and define that opinion Conflicting messages from Risk Management function and Internal Audit function for example, risk management functions producing green risk maps indicating that there are no problems and everything is within risk appetite but then the audit function does an audit and finds that half of the controls in that business unit are not operating the way that they are expected to and some are not even designed to achieve the objective they were trying to achieve. That conflict drives a greater degree of uncertainty for the Audit Committee around what the true story is. Integrated assurance is trying to overcome this by helping the Audit Committee understand what each function is trying to provide in terms of assurance Capital Adequacy based regulation in Financial Services such as Insolvency II. The last 10 years has seen a quantum change in the way that risk affects organisations. Risks have changed in terms of the contagion that they have across organisations. The best example of this at the moment is BP. BP had a very unfortunate and very significant operational failure on a platform something that we have all seen in the news. When you stand back from BP now and look at the impact which that operational failure had it led to regulatory scrutiny, it led to the US Government becoming significantly involved in the business of BP, and it ended up having liquidity and financial impacts on the organisation way and above examples of the same sort of impact that has been seen in the past. If you compare the contagion of that initial risk and impact to BP against something like Exxon Valdez that was 22 years ago a similar sort of operational failure in many ways the speed of contagion and the level of contagion of those two incidents were very different. We are now seeing risks spread far more rapidly across organisations and impact different types of risk categories. That is one of the key drivers for the increasing focus on risk management and for the stepping up of the whole activity of risk. The balance of power has swung from the 3 rd line of defence into the 2 nd line of defence so the challenge to internal auditors is to consider whether they have kept pace with what it is that organisations expect of them and expect from a 3 rd line of defence. Internal Audit has not kept pace with the level of assurance across the organisation that Audit Committees desire, demand and expect - and this is
3 why Audit Committees are looking to other sources of assurance from the organisation and calling for Integrated Assurance. For organisations where compliance with the IIA standards is important, the IIA standards put assurance as the remit of Internal Audit the 3 rd line of defence. That is the key to who has responsibility for providing that opinion on the adequacy of the governance risk and control environment to the Audit Committee and to the organisation and the Board. Integrated Assurance is Internal Audit s opportunity to reclaim the leadership on the provision of assurance in the corporate world. This may have slipped into the 2 nd line of defence but now is the time and this is the topic that allows us to take a little more leadership and a little bit more control of assurance for our organisations. So what is the role of Internal Audit? The role of Internal Audit is to deliver assurance to the Audit Committee to facilitate their evaluation of the adequacy of the Internal Control Framework. Commenting and opining on that Control Framework will involve providing some view on the control activities of the 1 st line of defence how management manage risk and the control monitoring and risk activities of the 2 nd line of defence including their checking activity where they do some. However Internal Audit s key challenge comes back to taking the body of work that they undertake, and taking the body of work that is done by other assurance activities and building that into a framework such that they can provide that overarching opinion on governance risk and control. Integrated Assurance is it inevitable? The journey to Integrated Assurance: Assurance Mapping or Combined Assurance is the starting point of the journey but the challenge for internal audit is actually helping their organisations get to integrated assurance.
4 Assurance Mapping What is it? A visual representation of the assurance provided across the organisation Covering all (or key) risks / processes Identifying all assurance providers Indicating the extent and effectiveness of assurance provided A stock take of what assurance the organisation is getting, where it is located, and how good it is. Good assurance mapping does not just relate to business process and control activity it also identifies where non-business processbased assurance is also being received. eg. Health & safety audits, quality control reviews, etc Why do it? Provides an overview to the Audit Committee, assurance providers and operational management of: The assurance activity that is being undertaken across the organisation (quantum not quality) Gaps in that assurance (risks and controls not covered) that need to be either filled or accepted Overlaps in assurance; where efficiency gains can be made The map can also be used to adjust the Internal Audit programme to review, where appropriate, assurance providers rather than controls the start of the journey towards Integrated Assurance. Example Assurance Map Continuum: Over-arching requirements Balance conflicting needs for detail and simplicity / sustainability Document the collation process to facilitate review and re-performance Perform a thorough assessment first time to ensure efficiency
5 Example Assurance Map Integrated Assurance What is it? A single organisation wide view of risk and control derived from assurance activity undertaken across the lines of defence. But there are some key questions. Which Stakeholder body is the assurance for? Different stakeholder bodies have different definitions of what assurance is. Management s definition of what assurance is will differ from the definition that the Audit Committee holds and a project board would have a different definition from both of them. A Head of Internal Audit driving integrated assurance will therefore need to work with each Stakeholder body to define what assurance means to them and how much confidence they want from that assurance. One of the biggest challenges for internal audit methodology is the way in which they manage the level of confidence they provide around their outputs. If you are going to do integrated assurance properly, firstly you need a definition of what assurance is and secondly, you need to be able to manage your assurance activities around a level of confidence that you need to satisfy the Stakeholder body that you are reporting to. That will be important in terms of the way in which you evaluate assurance activities from other lines of defence. Understanding the sources of Assurance Most people are familiar with the three lines of defence model: Ist line management control and reporting 2 nd line functional oversight/governance 3 rd line independent review/oversight
6 1 st & 2 nd line are management action whilst the 3 rd line is independent monitoring. There are different levels of assurance resulting from the different lines of defence. The assurance scale is from low assurance at the 1 st line (self assessment, sporadic) to high assurance at the 3 rd (high degree of independence, timely systematic and regular, technical expertise). 1 st line features of assurance activity: Tends to be quality based (how good are things) or more likely performance based (how are we doing against budget). When we are looking at activity that supports integrated assurance, 1 st line of defence assurance activity is rarely evidence based and is rarely risk and control specific. Using activity out of the 1 st line of defence is therefore a challenge. 2 nd line features of assurance activity: There are similar challenges with using activity out of the 2 nd line of defence. Activity is quite often metric or performance based and frequently focused on regulatory rules rather than Shareholder value protection business process controls. And it is compliance with policy based did you do what you were tolds to do? Judgements on controls are often supported by self-assessment processes. 3 rd line features of assurance activity: Activity is independent, evidence based and confidence comes from sample based activity. What is assurance? The first activity in moving towards integrated assurance is to get your organisation to agree upon a definition of assurance. Some definitions include: Objective examination of evidence for the purpose of providing an independent assessment on risk management, control, and governance processes for the organisation. Source: Institute of Internal Auditors Confidence, based on sufficient evidence, that objectives are being achieved, risks are being identified and appropriately managed and that internal controls are in place and operating effectively. Source: Institute of Internal Auditors For assurance to be provided there needs to be a subject matter and criteria against which the subject matter can be evaluated or measured to provide an opinion. Source: ISAE 3000 This last definition tends to work the best for many organisations.
7 The Integrated Assurance Framework Blending Assurance Activity When you are trying to blend assurance activities - which is what you ll get to when you have evaluated your assurance activities - the first step is confidence. Define the nature and level of assurance required if you cannot define that from the activity then it is hard to define the level of confidence that you need from it. Try and define what type of activity it is supporting is it testing operating effectiveness or is it looking at the design of controls. Then you need to test the way in which the activity is undertaken - assess the activity against the Assurance Framework - and contemplate the nature of gaps and other sources of assurance. If you are able to use that sort of evaluation technique on a piece of assurance activity, then upon completion you should have a good view of where you are getting your compliance assurance from, where you are getting your control assurance from and where you are getting your risk management assurance from. Who manages the delivery of integrated assurance? The IIA has defined this for us - the natural home for assurance is the 3 rd Line of defence. But the question for me is - is Integrated Assurance the answer to the delivery of an audit opinion? My view would be that it is an extremely good step towards it it doesn t necessarily take away the challenge of providing an overall opinion but our Audit Committees think that this is part of the journey. So integrated assurance is probably part of the answer for internal
8 audit functions providing an overall opinion on the adequacy of governance risk and control. What does the future hold around assurance? PwC did some work 12 months ago looking at Key Control Indicators (KCI). We worked with some insurance companies looking at how they could use performance-based transaction information to demonstrate the operation of a control. The output of that work was quite interesting in terms of allowing an organisation to use the performance data that it has around transactions going through systems to help evidence the operation of control. When I think about what the future might look like and what world class integrated assurance might look like, I think there is a challenge for us that a lot of it needs to be automated in one way or another and I expect that we are going to see organisations looking for ways to identify features of transactions that enable them to demonstrate that controls have operated. So 1 st and 2 nd line of defence assurance activity will potentially be automated. In summary, the future around assurance could see: The identification of Key Control Indicators (KCI) across all business risks Ongoing monitoring of KCIs automated data collection and threshold based reporting A greater focus on the adequacy of risk management and risk identification Dynamic risk monitoring how are risks and risk drivers moving. Recap The further development of Integrated Assurance is inevitable. It is inevitable because our Audit Committees are struggling to put together their opinions on the adequacy of the control environment and they are looking towards integrated assurance to help them do that. This is Internal Audit s opportunity to take back the lead on who provides assurance in our organisations, to rebalance the provision of assurance across the 3 lines of defence, and to use integrated assurance frameworks as a toolkit to help us help our Audit Committees understand the output from the body of work that we generate.
Internal Audit and supervisory expectations building on progress
1 Internal Audit and supervisory expectations building on progress Speech given by Sasha Mills, Director, Cross Cutting Policy, Bank of England Ernst & Young, London 3 February 2016 2 Introductions Hello,
More informationTest your talent How does your approach to talent strategy measure up?
1 Test your talent How does your approach to talent strategy measure up? Talent strategy or struggle? Each year at Head Heart + Brain we carry out research projects to help understand best practice in
More informationAudit, Risk Management and Compliance Committee Charter
Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition
More informationAudit Committee self-assessment
Audit Committee Institute Sponsored by KPMG Audit Committee self-assessment The results of the self assessment and any action plans should be reported to the board after discussion with the chairman of
More informationUK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply
www.pwc.co.uk/riskassurance UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply September 2014 The FRC s amendments to the
More informationHow to gather and evaluate information
09 May 2016 How to gather and evaluate information Chartered Institute of Internal Auditors Information is central to the role of an internal auditor. Gathering and evaluating information is the basic
More informationAudit Committee Institute Assessment of audit committees
Audit Committee Institute Assessment of audit committees KPMG s AUDIT COMMITTEE INSTITUTE In addition to reviewing its terms of reference, audit committee members should also review the effectiveness of
More informationCHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT
CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT 1 Scope of Internal Audit 1.1 Terms of Reference 1.1.1 Do terms of reference: (a) establish the responsibilities and objectives
More informationSecurity Management. Security is taken for granted until something goes wrong.
Security Management Security Management Security is taken for granted until something goes wrong. Concerns about security have existed for as long as has mankind. The most obvious manifestation of this
More informationExternal Audit BV Performance Report: Delivering Change Management and Financial Sustainability
CLACKMANNANSHIRE COUNCIL THIS PAPER RELATES TO ITEM 05 ON THE AGENDA Report to: Resources and Audit Committee Date of Meeting: 24 September 2015 Subject: External Audit BV Performance Report: Delivering
More informationParticipants Manual Video Seven The OSCAR Coaching Model
Coaching Skills for Managers Online Training Programme Part One Fundamentals of Coaching Participants Manual Video Seven The OSCAR Coaching Model Developed by Phone: 01600 715517 Email: info@worthconsulting.co.uk
More informationSample interview question list
Sample interview question list Category A Introductory questions 1. Tell me about yourself. 2. Why would you like to work for this organisation? 3. So what attracts you to this particular opportunity?
More informationthe role of the head of internal audit in public service organisations 2010
the role of the head of internal audit in public service organisations 2010 CIPFA Statement on the role of the Head of Internal Audit in public service organisations The Head of Internal Audit in a public
More informationISO 9001:2015 Your implementation guide
ISO 9001:2015 Your implementation guide ISO 9001 is the world s most popular management system standard Updated in 2015 to make sure it reflects the needs of modern-day business, ISO 9001 is the world
More informationGuidance for audit committees. The internal audit function
Guidance for audit committees The internal audit function March 2004 The Combined Code on Corporate Governance July 2003 C.3 Audit Committee and Auditors Main Principle: The board should establish formal
More informationDeveloping an effective internal audit plan profiling our experiences 10 December 2015
Developing an effective internal audit plan profiling our experiences 10 December 2015 David Simpson, Head of Internal Audit, Ageas UK Michel Schurer, Ex Director Internal Audit EMEA AP, Crawford & Co
More informationIntegration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand
Integration of Risk Management and Internal Audit Chartered Institute of Management Accountants, New Zealand Contents Understanding the three lines of defense governance model What is Risk? Risk Management
More informationDeveloping a Project. Management System. Using Project Agency Template. Approach. - the Process and the Benefits
Developing a Project Management System Using Project Agency Template Approach - the Process and the Benefits Project Agency June 2008 Developing your own Project Management System. Project Agency has worked
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationINVESTING IN REFORM INVESTING IN STOCKPORT DRAFT BUSINESS CASE
INVESTING IN STOCKPORT DRAFT BUSINESS CASE INVESTING IN REFORM IIS Programme/Project Name: Project Name: Portfolio: IIS Outcome: IIS Board SRO: IIS Project Lead: Public Realm and Solutions SK Communities
More informationAppendix 1: Performance Management Guidance
Appendix 1: Performance Management Guidance The approach to Performance Management as outlined in the Strategy is to be rolled out principally by Heads of Service as part of mainstream service management.
More informationMust have law firm experience. Where are the new ideas coming from?
Must have law firm experience. Where are the new ideas coming from? Same old same old. Must have previous law firm experience. This has to be the most common phrase to appear on job descriptions for marketing
More informationA&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report
A&CS Assurance Review Accounting Policy Division Rule Making Participation in Standard Setting Report April 2010 Table of Contents Background... 1 Engagement Objectives, Scope and Approach... 1 Overall
More informationKey functions in the system of governance Responsibilities, interfaces and outsourcing under Solvency II
Responsibilities, interfaces and outsourcing under Solvency II Author Lars Moormann Contact solvency solutions@munichre.com January 2013 2013 Münchener Rückversicherungs Gesellschaft Königinstrasse 107,
More informationTransforming risk management into a competitive advantage kpmg.com
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the
More informationSTAGE 6 MONITORING AND EVALUATING CHILD PROTECTION POLICIES AND PROCEDURES
STAGE MONITORING AND EVALUATING CHILD PROTECTION POLICIES AND PROCEDURES Overview In stages - we have learnt how to introduce, develop and implement child protection policies and procedures and to confront
More informationTechnology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
More informationCRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012.
CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value May 2012 May 2012 1 1. Introduction 1.1. Purpose of the paper In this discussion paper
More informationHow To Understand The Role Of An Internal Audit
Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1
More informationVirtual Programme for HR Business Partners
Virtual Programme for HR Business Partners Why virtual? Many of our clients want to attend HR Business Partner workshops but are based across the country or have global Business Partner teams. So we created
More informationGetting Started with Enterprise Risk Management
Getting Started with Enterprise Risk Management Session 2: GPGFOA Fall Conference Friday 05 October 2012 Andrew Bent Integrated Risk Management Branch Edmonton Police Service Overview What is ERM and why
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationLearning Together from Practice Multi-Agency Audit Overview Report
Learning Together from Practice Multi-Agency Audit Overview Report April 2013 1 Contents Page number Introduction 3 Terms of Reference 4 Methodology 5 Section 1 - Learning about process 7 Section 2 - Learning
More informationOWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT
OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an
More informationRSA ARCHER AUDIT MANAGEMENT
RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures
More informationHertsmere Borough Council. Data Quality Strategy. December 2009 1
Hertsmere Borough Council Data Quality Strategy December 2009 1 INTRODUCTION Public services need reliable, accurate and timely information with which to manage services, inform users and account for performance.
More informationIMPLEMENTING BUSINESS CONTINUITY MANAGEMENT IN A DISTRIBUTED ORGANISATION: A CASE STUDY
IMPLEMENTING BUSINESS CONTINUITY MANAGEMENT IN A DISTRIBUTED ORGANISATION: A CASE STUDY AUTHORS: Patrick Roberts (left) and Mike Stephens (right). Patrick Roberts: Following early experience in the British
More informationManagement Information & KPIs: How and why to use information effectively in the Financial Services sector. Research White Paper
Management Information & KPIs: How and why to use information effectively in the Financial Services sector Research White Paper Index 1 3 4 5 6 7 8 9 10 Introduction The commercial importance of Management
More informationCHAPTER 3 - CUSTOMER RELATIONSHIP MANAGEMENT (CRM)
CHAPTER 3 - CUSTOMER RELATIONSHIP MANAGEMENT (CRM) 3.1 INTRODUCTION The most important purpose of any service orientated organisation is to retain customers. It is critical for any organization to keep
More informationThe Consultants Guide to. Successfully Implementing 5S
The Consultants Guide to Successfully Implementing 5S Norm Bain NBI Email: nb@leanjourney.ca January 2010 Preface When I was first introduced to the 5S system, I thought this is pretty lame. What a convoluted
More informationChange Management Office Benefits and Structure
Change Management Office Benefits and Structure Author Melanie Franklin Director Agile Change Management Limited Contents Introduction 3 The Purpose of a Change Management Office 3 The Authority of a Change
More informationTowards Excellence in Adult Social Care. Statement of purpose. Sector-led improvement
Towards Excellence in Adult Social Care Statement of purpose Sector-led improvement The Towards Excellence in Adult Social Care (TEASC) programme brings together partners at a local, regional and national
More informationVOCATIONAL EDUCATION & TRAINING ASSESSMENT VALIDATION GUIDELINES
VOCATIONAL EDUCATION & TRAINING ASSESSMENT VALIDATION GUIDELINES CONTENTS Rationale... 3 Why Is An Assessment Validation Policy Necessary?... 4 What Does Assessment Validation Involve?... 4 Examples of
More informationCoaching the team at Work
Coaching the team at Work Introduction While a great deal has been written about coaching individuals, there has been relatively little investigation of coaching teams at work. Yet in discussions with
More informationV1.0 - Eurojuris ISO 9001:2008 Certified
Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation
More informationRisk & Assurance. Tailored to your needs. Internal audit solutions
Risk & Assurance Tailored to your needs Internal audit solutions Internal audit solutions The need for internal audit has never been as urgent as it is today. Unmanaged risks can literally cause the demise
More informationSocial media governance
www.pwchk.com Social media governance Harnessing your social media opportunity Social media allows organisations to engage with people directly, express their corporate personality and gain insight into
More informationBBC Learning English Talk about English Business Language To Go Part 2 - Induction
BBC Learning English Business Language To Go Part 2 - Induction This programme was first broadcast in 2001. This is not a word for word transcript of the programme Forget about struggling with dictionaries
More informationFinal Draft Guidance on Audit Committees
Guidance Corporate Governance April 2016 Final Draft Guidance on Audit Committees The FRC is responsible for promoting high quality corporate governance and reporting to foster investment. We set the UK
More informationtreasury risk management
Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners
More informationWorkshop materials Completed templates and forms
Workshop materials Completed templates and forms Contents The forms and templates attached are examples of how a nurse or midwife may record how they meet the requirements of revalidation. Mandatory forms
More informationVisual design and UX services for cloud based applications, services and sites
G- Cloud service Visual design and UX services for cloud based applications, services and sites 2013 Page 1 Table of contents 1. About us... 3 2. Overview of G- Cloud Service... 3 If it looks good, you
More informationFramework for Enterprise Risk Management
Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach
More informationINTERNAL AUDIT FRAMEWORK
INTERNAL AUDIT FRAMEWORK April 2007 Contents 1. Introduction... 3 2. Internal Audit Definition... 4 3. Structure... 5 3.1. Roles, Responsibilities and Accountabilities... 5 3.2. Authority... 11 3.3. Composition...
More informationQuality Thinking in other Industries. Dominic Parry Inspired Pharma Training. WEB www.inspiredpharma.com GMP BLOG inspiredpharmablog.
Quality Thinking in other Industries Dominic Parry Inspired Pharma Training WEB www.inspiredpharma.com GMP BLOG inspiredpharmablog.com Welcome The traditional focus on quality Quality in the eyes of GMP
More informationIT strategy. What is an IT strategy? 3. Why do you need an IT strategy? 5. How do you write an IT strategy? 6. Conclusion 12. Further information 13
IT strategy made simple What is an IT strategy? 3 Why do you need an IT strategy? 5 How do you write an IT strategy? 6 step 1 Planning and preparation 7 step 2 Understanding your organisation s IT needs
More informationFrom ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca
From ICAAP/ORSA to ERM: Board and Senior Management Oversight Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca Agenda Basel II ICAAP Solvency II ORSA ERM From ICAAP/ORSA to ERM: Governance
More informationRole Description Metro Operations, Data Analyst
Role Description Metro Operations, Data Analyst Cluster Agency Division/Branch/Unit Location Transport Transport for NSW Infrastructure & Services / Service Delivery & Performance / Metro Service Delivery
More informationEffective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk
Consultation document Effective Internal Audit in the Financial A survey of heads of internal audit Services Sector Non Executive Directors (NEDs) and the Management of Risk Draft recommendations to the
More informationPost-accreditation monitoring report: The Chartered Institute of Personnel and Development. June 2007 QCA/07/3407
Post-accreditation monitoring report: The Chartered Institute of Personnel and Development June 2007 QCA/07/3407 Contents Executive summary... 4 Accreditation conditions... 4 Observations... 5 Introduction...
More informationBuilding a framework for operational risk management: the FSA s observations
Policy Statement Financial Services Authority Building a framework for operational risk management: the FSA s observations Feedback on industry practice as we prepare to implement CP142 July 2003 Contents
More informationSEPT EVIDENCE PRODUCT CHECKLIST For ISO Standard 9004:2009 Managing for the sustained success of an organization A quality management approach
SEPT EVIDENCE PRODUCT CHECKLIST For ISO Standard 9004:2009 Managing for the sustained success of an organization A quality management approach 2009 Version ISBN 978-0-9819522-6-0 ISBN 0-9819522-6-7 11/10/2010
More informationA Changing Commission: How it affects you - Issue 1
A Changing Commission: How it affects you - Issue 1 Contents Overview... 3 Change Programme... 4 Introduction... 4 Reviewing how we regulate and engage... 4 What are the key changes... 5 What does it mean
More informationFamilies First: Approach & Development Plan September 2013
Annexe 2 Families First: Approach & Development Plan September 2013 Background Harrow Council signed up to the government s Troubled Families initiative on 30 April 2012. The council has committed to work
More informationPractice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE
Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...
More informationRisk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC
Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE
More informationSocial Return on Investment
Social Return on Investment Valuing what you do Guidance on understanding and completing the Social Return on Investment toolkit for your organisation 60838 SROI v2.indd 1 07/03/2013 16:50 60838 SROI v2.indd
More informationAudit and risk assurance committee handbook
Audit and risk assurance committee handbook March 2016 Audit and risk assurance committee handbook March 2016 Crown copyright 2016 This publication is licensed under the terms of the Open Government Licence
More informationTerms of Reference - Board Risk Committee
Terms of Reference - Board Risk Committee The Board Risk Committee is authorised by the Board to oversee the Group s risk management arrangements. It ensures that the overarching risk appetite is appropriate
More informationThe Compliance Universe
The Compliance Universe Principle 6.1 The board should ensure that the company complies with applicable laws and considers adherence to non-binding rules, codes and standards This practice note is intended
More informationBusiness-critical Insurance
Business-critical Insurance Identifying those insurances that support the business and its strategy Guide 2015 Contents Introduction... 4 Categories of insurance... 5 Determining which insurance covers
More informationInformation Security Governance:
Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens
More informationEaling, Hammersmith and West London College
FURTHER EDUCATION COMMISSIONER ASSESSMENT SUMMARY Ealing, Hammersmith and West London College JANUARY 2016 Contents Assessment... 3 Background... 3 Assessment Methodology... 3 The Role, Composition and
More informationThe Lowitja Institute Risk Management Plan
The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute
More information3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.
Aurora Energy Risk Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 0 19/11/98 Risk Management Policy Prepared by: Manager Internal Audit 1 March 2007 Risk Management Policy
More informationManage Compliance with External Requirements
Manage Compliance with External Requirements Description IT is subject to requirements that are highly complex and constantly changing. The school jurisdiction s senior leadership is ultimately accountable
More information2.2 Reviewing the company s internal financial controls and the company s internal control and risk management systems;
Beazley plc Audit and Terms of reference Approved by board resolution dated 23 July 2015 1. Objectives To assist the board of directors in fulfilling its oversight responsibilities for the financial reporting
More informationQuality Manual ISO 9001:2015 Quality Management System
Quality management input comprises the standard requirements from ISO 9001:2015 which are deployed by our organization to achieve customer satisfaction through process control. Quality Manual ISO 9001:2015
More informationa guide to producing your video
a guide to producing your video 2016 edition 01:01 01:02 01:03 01:04 01:05 01:06 01:07 01:08 Thinking about video? I m delighted that you are thinking about having a video professionally produced. A well
More informationOrganisational Change Management
Organisational Change Management The only thing that is constant is change in your business, your market, your competitors, and your technology. Remaining competitive and responsive to your customers and
More informationInfra -News Global PPP/ Infrastructure Yearbook 2005
Global PPP/ Infrastructure Yearbook 2005 Global PPP/ Infrastructure Yearbook 2005 Developing Public Private Partnerships in New Europe Charles Lloyd, Partner and Adrian Howcroft, Assistant Director, PricewaterhouseCoopers
More informationISO 14001:2015 How your ISO 14001 audit will be different. Whitepaper
ISO 14001:2015 How your ISO 14001 audit will be different Whitepaper Introduction The new revision of ISO 14001 introduces some key changes which could impact how your environmental management system (EMS)
More informationSolvency II Data audit report guidance. March 2012
Solvency II Data audit report guidance March 2012 Contents Page Introduction Purpose of the Data Audit Report 3 Report Format and Submission 3 Ownership and Independence 4 Scope and Content Scope of the
More informationAudit Committee Self-Assessement
Audit Committee Institute Sponsored by KPMG Audit Committee Self-Assessement It is intended that each audit committee member will complete this self-assessment questionnaire independently. The audit committee
More informationHow quality assurance reviews can strengthen the strategic value of internal auditing*
How quality assurance reviews can strengthen the strategic value of internal auditing* PwC Advisory Internal Audit Table of Contents Situation Pg. 02 In response to an increased focus on effective governance,
More informationThe ILM Level 3 Diploma Programme in Leadership & Management consists of the following units, ILM credit values and guided learning hours.
The ILM Level 3 Diploma programme is to give new or potential first line managers the foundation for their formal development in this role. In addition it provides the student with a solid foundation which
More informationPoint of View. Planning for success after a merger or acquisition. Danny A Davis, Programme Director, Mergers & Acquisitions
Point of View Planning for success after a merger or acquisition Danny A Davis, Programme Director, Mergers & Acquisitions Without understanding the motive behind the deal, a clear link to postdeal activity
More informationAudit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee
Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have
More informationProject Risk Analysis toolkit
Risk Analysis toolkit MMU has a corporate Risk Management framework that describes the standard for risk management within the university. However projects are different from business as usual activities,
More informationP3M3 Portfolio Management Self-Assessment
Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction
More informationNewman Students Union. Recruitment Pack. Development Manager. October 2015
Newman Students Union Recruitment Pack Development Manager October 2015 Welcome to Newman SU! Newman SU is a very special students union. We ve the very best attributes of a small and specialist students
More informationBusiness Solutions Manager Self and contribution to Team. Information Services
POSITION DESCRIPTION Position Title: Responsible To: Responsible For Agile Test Analyst Business Solutions Manager Self and contribution to Team Position Purpose: The Agile Test Analyst is responsible
More information(Article 131(2) of the Financial Rules of the Innovative Medicines Initiative Joint Undertaking)
Annual report of the Executive Director to the Discharge on measures taken in the light of the Discharge s recommendations of 2012 in respect of the implementation of the budget of 2010 (Article 131(2)
More informationCompliance. Group Standard
Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public
More informationAudit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company)
Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company) ACN 145 989 644 Committee Charter 1 MEMBERSHIP OF THE COMMITTEE The Committee must consist of: only non-executive
More informationDefining and Assessing Regulatory Excellence
Defining and Assessing Regulatory Excellence Cary Coglianese University of Pennsylvania Law School Discussion Paper for the Penn Program on Regulation s International Expert Dialogue on Defining and Measuring
More informationKey Steps to a Management Skills Audit
Key Steps to a Management Skills Audit COPYRIGHT NOTICE PPA Consulting Pty Ltd (ACN 079 090 547) 2005-2013 You may only use this document for your own personal use or the internal use of your employer.
More informationPerformance Management Rating Scales
Performance Management Rating Scales When looking at Performance Management, a 5 point rating scale is the most common. A CIPD report suggests that: 47% of companies use 5 point scale 28% of companies
More informationCyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM
IIA South Event 16 th June 2015 Cyber, Social Media and IT Risks 1 st and 2 nd Line Perspective David Canham (BA) Hons, MIRM Agenda This evening we ll cover the following: Who, why and what? Traditional
More information