20 Questions. Directors Should Ask about Information Technology Outsourcing

Save this PDF as:

Size: px
Start display at page:

Download "20 Questions. Directors Should Ask about Information Technology Outsourcing"

Transcription

1 20 Questions Directors Should Ask about Information Technology Outsourcing 2005

2 How to use this publication Each 20 Questions briefing is designed to be a concise, easy-to-read introduction to an issue of importance to directors. The question format reflects the oversight role of directors which includes asking management and themselves tough questions. The questions are not intended to be a precise checklist, but rather a way to provide insight and stimulate discussion on important topics. The comments that accompany the question summarize current thinking on the issues of leading organizations and provide directors with a basis for critically assessing the answers they get and digging deeper as necessary. Thus, although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization. The Information Technology Advisory Committee

3 20 Questions Directors Should Ask about Information Technology Outsourcing 2005

4 Library and Archives Canada Cataloguing in Publication 20 questions directors should ask about information technology outsourcing. ISBN Information technology Management. 2. Information resources management. 3. Contracting out. I. Canadian Institute of Chartered Accountants. II. Title: Twenty questions directors should ask about information technology outsourcing. HD2365.T C Copyright 2005 Canadian Institute of Chartered Accountants 277 Wellington Street West Toronto, ON M5V 3H2 Printed in Canada Disponible en français

5 Preface The CICA s Information Technology Advisory Committee developed this brochure to guide the members of boards of directors in evaluating information technology outsourcing issues that might arise while they discharge their board responsibilities. This document might also be of interest and use to members of other governance bodies in particular audit committees and strategic bodies such as IT steering committees. The CICA would like to express its gratitude to the principal author of this brochure, Ray Henrickson, CA CISA, CA IT, a member of the Information Technology Advisory Committee, and to the other members of this Committee for providing advice and comments. Directors of organizations are expected to satisfy themselves that the information technology function is effective, whether it is outsourced or not. This briefing provides suggested questions for boards to ask the Chief Information Officers and others. For each question there is a brief explanatory background. We hope that directors, CEOs and CIOs will find it useful in assessing their approach to the management of risk and internal control. CICA Information Technology Advisory Committee Chair Donald E. Sheehy, CA CISA, Deloitte & Touche LLP, Toronto Committee Gary S. Baker, CA, Deloitte & Touche LLP, Toronto David Chan, CA CISA, Ontario Government Information Protection Centre, Toronto Allan W.K. Cheung, CA IT, CA CISA, The Canadian Depository for Securities Limited, Toronto Henry Grunberg, CA IT, Ernst & Young LLP, Toronto Ray Henrickson, CA CISA, CA IT, Scotiabank, Toronto Carole Le Néal, CISA, CISM, Mouvement des caisses Desjardins, Montreal James R. Murray, CA, CISA, CIA, Grant Thornton LLP, Halifax Erlinda L. Olalia-Carin, CISA, KPMG LLP, Toronto Robert G. Parker, FCA, CA CISA, Deloitte & Touche LLP, Toronto Robert J. Reimer, CA CISA, CA IT, CISM, PricewaterhouseCoopers LLP, Winnipeg Douglas G. Timmins, CA, Office of the Auditor General of Canada, Ottawa Gerald D. Trites, FCA, CA CISA, CA IT, St. Francis Xavier University, Antigonish (also technical consultant for the Committee) Bryan C. Walker, CA, The Canadian Institute of Chartered Accountants, Toronto CICA Staff William J.L. Swirsky, FCA, Vice President, Knowledge Development Andrée Lavigne, CA, Principal, Research Studies 3

6 Board Responsibilities for Information Technology Outsourcing The Board of Directors oversees an organization s overall strategic direction and management. As part of this responsibility, it must keep abreast of issues pertaining to the management and control systems in place to keep the risk of loss arising from fraud and error to an acceptable level. In addition, the Canadian Securities Administrators (CSA), in January 2004, passed new Investor Confidence 1 rules that contain requirements similar to those that flowed from the Sarbanes- Oxley Act in the United States and establish new and important responsibilities for internal control. Of greatest interest from an Information Technology (IT) perspective is rule , which requires the CEO and CFO to certify, among other things, that: they have designed disclosure controls and procedures and internal control over financial reporting (or caused them to be designed under their supervision); they have evaluated the effectiveness of such disclosure controls and procedures and caused their issuers to disclose their conclusions regarding their evaluation; and they have caused their issuers to disclose certain changes in internal control over financial reporting. IT outsourcing is increasingly used by business as a means of reducing costs and for achieving strategic technical and operational objectives. IT outsourcing changes the risk profile of an organization by transferring some of the responsibility for operational management to a third party while simultaneously introducing new risks and responsibilities to management. The issues related to the transfer of risk and management, sometimes on a cross-border basis, challenge the confidence of management that it remains in control of its business risks. This brochure suggests the questions that Board members should ask in exercising their governance responsibilities as they relate to outsourcing. The questions are grouped in five main areas: strategic considerations, risk mitigation, contract management, issues resolution, and performance monitoring. By inference, there would be a responsibility for Board members to monitor the control systems and ask the right questions to ensure that the systems are designed and operating as they should and that there are processes in place to ensure that management s legal requirements are met. 1 The Investor Confidence rules include Multilateral Instruments (Auditor Oversight), (Certification of Disclosure in Issuers Annual and Interim Filings) and (Audit Committees). 4

7 Strategic Considerations Just as there are many variations to what is outsourced, there are many reasons why an organization would opt for outsourcing. Chief among them are the operational, technological and financial benefits to be gained. Regardless of the motives, it is important to acknowledge that outsourcing is more than a simple purchase decision based upon economic or financial criteria. It is a strategic decision that can have significant, long lasting influence on the reputation and the performance of an organization. It is a decision that results in management relinquishing ownership and control of the outsourced processes to a third party service provider. In exchange, management takes on added responsibility for defining, in advance, the results of the process and for holding the service provider accountable for the provision of those results. Key, therefore, to the understanding of outsourcing is that while service delivery has been transferred, accountability has not. Accordingly, from the outset, an IT outsourcing strategy should be developed as an integral part of the overall business strategy. An organization seeking to outsource activities or to continue in an outsourcing relationship should define specific criteria for making decisions about outsourcing that will ensure the continued alignment with the overall business strategy. These should include a risk-based due diligence evaluation of the extent to which processes are, or remain, appropriate for outsourcing as well as an assessment of the service provider s ability to supply the desired results. This analysis requires a thorough assessment of the organization s strategies, its core competencies, managerial strengths and weaknesses, and impact on its customers and other stakeholders. The organization s Board of Directors has overall responsibility for ensuring that all outsourcing decisions taken by management are in keeping with the organization s policies and risk management practices. To execute this responsibility, the Board should seek answers to the following questions: 1. Has management clearly defined its operational, technical and financial objectives, the service levels and the desired outcomes to be achieved for processes that are to be outsourced? 2. Has management considered how the organization will be affected by the loss of skills or intellectual capital that the company is giving up by outsourcing? 3. Does management monitor the service provider s expertise, size, financial health, culture, operational capability and experience levels to ensure the service provider can meet the organization s service requirements over the duration of the contract? 4. Does the organization have the core competency, capacity, tools and policies to evaluate and manage the quality of service delivered by the service provider, to keep abreast of changing business needs and new technology and to ensure changing business needs, regulations, policies, standards, and priorities are effectively communicated to the service provider? 5

8 Risk Mitigation A key component of an organization s governance framework is the establishment of effective management practices and internal controls to mitigate outsourcing risk. There is a wide range of risks that need to be managed, which include strategic risk, reputation risk, operational risk, country risk, and contractual risk. The assessment of outsourcing risk at an organization will depend on several factors including: the impact outsourcing may have on the satisfaction of strategic goals, objectives, and business needs of the organization; the importance of the IT service to the organization and the financial, reputational and operational consequences of failure of the service provider to adequately perform the activity; the complexity, size, and interdependence of the activities to be outsourced; the legal and regulatory requirements; the political, legal and societal implications of the specific geographical location of an outsourcing service provider; the service provider s reputation and credentials, its experience, expertise, size, financial health, and its own use of downstream partners to support the delivery of the outsourced services; the availability of alternative service providers; and the implications of terminating the agreement by changing service providers or reverting to an in-house solution. The organization should establish governance policies and relevant risk management practices that guide the outsourcing decisions. These risk management practices should be embedded in the ongoing monitoring and controlling of all relevant aspects of the outsourcing arrangements as well as being used to decide the corrective actions to be taken when unintended or undesirable events occur. Equally important, the organization requires ongoing assurance that its own internal control framework and that of the service provider operate continuously and effectively to protect its reputation and IT assets. This assurance needs to extend beyond the routine processes to include special risk situations such as material changes in the structure or management of the service provider or to deal with foreign-based service delivery. 6

9 The following questions should be asked: 5. Is management confident in the effectiveness of the service provider s internal controls over the systems, data and software to ensure their integrity, security and availability as well as compliance with laws and regulations? 6. Is management satisfied that effective risk mitigation mechanisms related to information protection, business continuity, change control and regulatory compliance exist to govern the processes and controls that have been relinquished or transferred to the service provider? 8. Are actual and attempted security violations, operations problems and control breakdowns promptly recorded and reported to the organization by the service provider? 9. Does the service provider maintain adequate business continuity and disaster recovery plans to mitigate the effects of a processing interruption? 10. Do effective contingency plans exist should the service provider fail temporarily or permanently to continue providing service? 7. If the outsourcing services are provided by a supplier that is located in or subject to the laws of a foreign jurisdiction, has management effectively mitigated the risks related to the economic, cultural and political backdrop, the technological sophistication, and the legal and regulatory profile of the foreign jurisdiction? 7

10 Contract Management Through outsourcing, an organization replaces operational responsibilities for the day-to-day management of a process with strategic responsibilities for managing a business relationship with a third party service provider. The competencies required for managing the new responsibilities are not always readily available. Problems can occur in the new relationship if the organization continues to try to manage the outsourced processes or be involved in the detailed process events rather than focusing on the achievement of overall service results that drive the outsourcing decision. To effectively govern an outsourced IT process requires a significant change in management activity and skill. In managing the contractual relationship it is important to note that some service requirements cannot be defined until after the contract is implemented and others should be improved over the life of the contract. Underpinning successful management of an outsourced IT process is the requirement that the respective roles and responsibilities for both parties to the outsourcing be defined and understood. Responsibility should be formally assigned for the management of all aspects of the outsourcing arrangement, from service level monitoring, to problem resolution, to executive level steering committees. For clarity, these should be documented in the outsourcing contract that defines all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of all parties. The following questions should be addressed: 11. Does the outsourcing contract describe the significant terms of the outsourcing arrangement including the level of service to be provided by the service provider, all regulatory obligations, the rights and responsibilities of both parties, and the provisions for terminating the contract should the need arise? 12. Are the respective roles and responsibilities defined and understood by both the organization and the service provider? 13. Does the organization have rights to audit the service provider s internal controls, records and audit trails or to obtain independent audit reports on the existence and the effectiveness of the service provider s internal controls? 14. Is management able to impose control requirements in the event that the service provider offers services to a competitor, changes key personnel, or engages third party subcontractors to help deliver the services? 8

11 Issues Resolution An outsourcing arrangement brings two separate organizations together in a relationship that acts for their mutual benefit. It is important to realize that while the parties to the arrangement share many common interests, as separate and distinct enterprises they have different strategic motives, different corporate cultures, and different ideas of how common objectives can be achieved. It is inevitable that the differences that exist between parties to the outsourcing will, from time to time, result in tension or, if not effectively resolved, dispute. An organization s failure to recognize and respond to these differences can undermine the value of the outsourcing. The questions to address are: 15. Do effective accountabilities and processes exist to monitor and manage the relationship with the service provider, to maintain good communication between the parties, to ensure mutual understanding of business needs and service quality, and to resolve issues that may arise from time to time? 16. Has management considered the issues or disputes that remain unresolved with the service provider and the impediments to their resolution? A balance must be achieved that enables both parties to meet common service level objectives while, at the same time, satisfying their unique business objectives. The organization needs to establish a framework that facilitates the business relationship between the outsourcing partners and ensures effective communication of priorities and service requirements as well as resolving any issues that may arise. 9

12 Performance Monitoring A commonly held business sentiment is that you cannot manage what you do not measure. In outsourcing, the ownership and the execution of the process belong to the service provider. Performance metrics that were formerly used to manage and control the process prior to outsourcing may no longer be appropriate or sufficient. It is important, therefore, to define relevant performance and control measures that enable the organization to benchmark the service provider s performance and to assess the quality of the service delivered. The agreement should provide for the continuous monitoring and assessment by the organization of the service provider so that any necessary corrective measures can be taken immediately. The development of useful performance metrics is not a simple task. Effective reporting of performance results should be a mix of pointin-time and period-of-time metrics that demonstrate task performance and strategic achievement. Care should be taken not to introduce an excessive number and type of measures that consume a large amount of management and service provider resources to collect and analyse. However, not having sufficient appropriate measures of performance can leave the organization in doubt as to whether or not it is receiving the value it expects from the arrangement. The definition of relevant service level metrics can be further complicated by the need to monitor multiple performance characteristics in order to develop an end-to-end perspective of performance. For example, in a call centre operation, service adequacy may be based upon a composite measurement of specific performance criteria such as the length of time it takes to answer calls, the number of calls that hang up before being satisfactorily dealt with, the call duration, and the number of transfers before the call is completed. Metrics should also be defined to address the qualitative or intangible aspects of the service, for example accuracy of information provided and customer satisfaction. The frequency at which the metrics will be applied depends on the nature and the significance of process that is outsourced and the consequences to the organization of performance failure. Some aspects of IT service are more important to business reputation and customer service than others and will require more frequent measurements of performance, for example data security or Internet availability. Each organization has unique service priorities that must be reflected in the nature, timing and extent of its performance measures. 10

13 A final and vitally important aspect of performance measurement relates to the cost of the performance being provided by the service provider. Pricing of outsourcing services can be or become complex over time as changes are introduced into the outsourcing agreement. Existing services may be extended or curtailed, new services or processes may be implemented, and technology developments may improve productivity. An organization must understand what it is paying for in order to be able to ascertain the value it is receiving. Special processes may need to be enacted within the organization to satisfy management of the correctness of the service provider s billings. These measures not only assure the organization it is getting the service that it is paying for, they also establish the rules of the game, so to speak, and reduce the need for managing through continual reference to the provisions of the outsourcing contract. They reinforce to the service provider the organization s priorities and, in doing so, enable the service provider to identify where process improvements are needed. The Board should seek answers to the following questions: 17. Are clear, objective and reliable measures of performance defined and operating to benchmark the service provider s performance and assess the quality and cost of the service delivered? 18. Has the service provider been able to consistently meet or exceed service delivery expectations? 19. Is management able to respond to situations where the service provider fails to meet service delivery expectations? 20. Does management ensure the correctness of billings under the agreement? 11

14 Conclusion IT outsourcing is a strategic component of many leading businesses and is increasingly becoming a pervasive management solution to the IT-related challenges of competing in today s marketplace. A failure to achieve the sought after benefits of outsourcing can be expensive and highly disruptive to the operations of both the organization and the service provider. The oversight the Board of Directors provides and the responsibility it assumes for the success of the outsourcing arrangement is extensive and onerous. All Board members share this responsibility. This responsibility includes a duty to pursue the answers to these questions. 12

15 Appendix Summary of Questions Strategic Considerations 1. Has management clearly defined its operational, technical and financial objectives, the service levels and the desired outcomes to be achieved for processes that are to be outsourced? 2. Has management considered how the organization will be affected by the loss of skills or intellectual capital that the company is giving up by outsourcing? 3. Does management monitor the service provider s expertise, size, financial health, culture, operational capability and experience levels to ensure the service provider can meet the organization s service requirements over the duration of the contract? 4. Does the organization have the core competency, capacity, tools and policies to evaluate and manage the quality of service delivered by the service provider, to keep abreast of changing business needs and new technology and to ensure changing business needs, regulations, policies, standards, and priorities are effectively communicated to the service provider? Risk Mitigation 5. Is management confident in the effectiveness of the service provider s internal controls over the systems, data and software to ensure their integrity, security and availability as well as compliance with laws and regulations? 6. Is management satisfied that effective risk mitigation mechanisms related to information protection, business continuity, change control and regulatory compliance exist to govern the processes and controls that have been relinquished or transferred to the service provider? 7. If the outsourcing services are provided by a supplier that is located in or subject to the laws of a foreign jurisdiction, has management effectively mitigated the risks related to the economic, cultural and political backdrop, the technological sophistication, and the legal and regulatory profile of the foreign jurisdiction? 8. Are actual and attempted security violations, operations problems and control breakdowns promptly recorded and reported to the organization by the service provider? 9. Does the service provider maintain adequate business continuity and disaster recovery plans to mitigate the effects of a processing interruption? 10. Do effective contingency plans exist should the service provider fail temporarily or permanently to continue providing service? 13

16 Contract Management 11. Does the outsourcing contract describe the significant terms of the outsourcing arrangement including the level of service to be provided by the service provider, all regulatory obligations, the rights and responsibilities of both parties, and the provisions for terminating the contract should the need arise? 12. Are the respective roles and responsibilities defined and understood by both the organization and the service provider? 13. Does the organization have rights to audit the service provider s internal controls, records and audit trails or to obtain independent audit reports on the existence and the effectiveness of the service provider s internal controls? 14. Is management able to impose control requirements in the event that the service provider offers services to a competitor, changes key personnel, or engages third party subcontractors to help deliver the services? Issues Resolution 15. Do effective accountabilities and processes exist to monitor and manage the relationship with the service provider, to maintain good communication between the parties, to ensure mutual understanding of business needs and service quality, and to resolve issues that may arise from time to time? 16. Has management considered the issues or disputes that remain unresolved with the service provider and the impediments to their resolution? Performance Monitoring 17. Are clear, objective and reliable measures of performance defined and operating to benchmark the service provider s performance and assess the quality and cost of the service delivered? 18. Has the service provider been able to consistently meet or exceed service delivery expectations? 19. Is management able to respond to situations where the service provider fails to meet service delivery expectations? 20. Does management ensure the correctness of billings under the agreement? 14

17 Notes 15

18 16 Notes

19 About the authors The Information Technology Advisory Committee (ITAC) is part of the Knowledge Development Group at the CICA. Its role is to provide support and advice on IT matters to the CA profession and the business community. CICA Information Technology Advisory Committee Chair Donald E. Sheehy, CA CISA, Deloitte & Touche LLP, Toronto Committee Gary S. Baker, CA, Deloitte & Touche LLP, Toronto David Chan, CA CISA, Ontario Government Information Protection Centre, Toronto Allan W.K. Cheung, CA IT, CA CISA, The Canadian Depository for Securities Limited, Toronto Henry Grunberg, CA IT, Ernst & Young LLP, Toronto Ray Henrickson, CA CISA, CA IT, Scotiabank, Toronto Carole Le Néal, CISA, CISM, Mouvement des caisses Desjardins, Montreal James R. Murray, CA, CISA, CIA, Grant Thornton LLP, Halifax Erlinda L. Olalia-Carin, CISA, KPMG LLP, Toronto Robert G. Parker, FCA, CA CISA, Deloitte & Touche LLP, Toronto Robert J. Reimer, CA CISA, CA IT, CISM, PricewaterhouseCoopers LLP, Winnipeg Douglas G. Timmins, CA, Office of the Auditor General of Canada, Ottawa Gerald D. Trites, FCA, CA CISA, CA IT, St. Francis Xavier University, Antigonish (also technical consultant for the Committee) Bryan C. Walker, CA, The Canadian Institute of Chartered Accountants, Toronto CICA Staff William J.L. Swirsky, FCA, Vice President, Knowledge Development Andrée Lavigne, CA, Principal, Research Studies 3

20 20 Questions Directors Should Ask about Information Technology Outsourcing Wellington Street West Toronto, ON Canada M5V 3H2 Tel: Fax:

Using an Ethical Hacking Technique to Assess Information Security Risk

Using an Ethical Hacking Technique to Assess Information Security Risk The Canadian Institute of Chartered Accountants Information Technology Advisory Committee Using an Ethical Hacking Technique to Assess Information Security Risk Insights for a changing world Notice to

More information

ITAC Brief IFRS and Spreadsheets: A High-Risk Combination

ITAC Brief IFRS and Spreadsheets: A High-Risk Combination ITAC Brief IFRS and Spreadsheets: A High-Risk Combination Chris Anderson ca (nz), cisa, cmc, cissp, pci qsa Richard Livesley Robert J. Reimer, ca it, ca cisa, cism, cgeit THIS DOCUMENT WAS ORIGINALLY ISSUED

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes

More information

COSO Internal Control Integrated Framework (2013)

COSO Internal Control Integrated Framework (2013) COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)

More information

Guideline. Outsourcing of Business Activities, Functions and Processes. Category: Sound Business and Financial Practices

Guideline. Outsourcing of Business Activities, Functions and Processes. Category: Sound Business and Financial Practices Guideline Subject: Category: Sound Business and Financial Practices No: B-10 Date: May 2001 Revised: December 2003 Revised: 1 1. Introduction Financial institutions outsource business activities, functions

More information

PwC. Bill 198 Overview September 2004

PwC. Bill 198 Overview September 2004 PwC Bill 198 Overview September 2004 Agenda Welcome and overview Regulatory environment and background Three rules: 52-109 Strategies for implementing the CEO/CFO certification process 52-110 Requirements

More information

20 Questions Directors Should Ask about Internal Audit

20 Questions Directors Should Ask about Internal Audit 20 Questions Directors Should Ask about Internal Audit Second Edition John Fraser, CA, CIA, CISA Hugh Lindsay, FCA, CIP How to use this publication Each 20 Questions briefing is designed to be a concise,

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

IT Strategic Planning for SMEs White Paper

IT Strategic Planning for SMEs White Paper IT Strategic Planning for SMEs White Paper Carole Le Néal, CISA, CISSP, CIA THIS DOCUMENT WAS ORIGINALLY ISSUED BY A CPA CANADA LEGACY BODY. IT Strategic Planning for SMEs White Paper Carole Le Néal, CISA,

More information

Annual Assessment of the External Auditor

Annual Assessment of the External Auditor Annual Assessment of the External Auditor TOOL FOR AUDIT COMMITTEES January 2014 ENHANCING AUDIT QUALITY AUDIT COMMITTEES iii Table of Contents Introduction 1 1. Determine the scope, timing and process

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

NamCode. The Corporate Governance Code for Namibia

NamCode. The Corporate Governance Code for Namibia NamCode The Corporate Governance Code for Namibia An Overview July 2014 Overview Introduction Boards of directors are confronted with many difficult decisions on a regular basis. The right choice is not

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

International Forum of Independent Audit Regulators Report on 2014 Survey of Inspection Findings March 3, 2015

International Forum of Independent Audit Regulators Report on 2014 Survey of Inspection Findings March 3, 2015 International Forum of Independent Audit Regulators Report on 2014 Survey of Inspection Findings March 3, 2015 Executive Summary In 2014, the International Forum of Independent Audit Regulators (IFIAR)

More information

Generally Accepted Privacy Principles. August 2009

Generally Accepted Privacy Principles. August 2009 Generally Accepted Privacy Principles August 2009 Acknowledgments The AICPA and Canadian Institute of Chartered Accountants (CICA) appreciate the contribution of the volunteers who devoted significant

More information

Statement of Guidance: Outsourcing All Regulated Entities

Statement of Guidance: Outsourcing All Regulated Entities Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on

More information

Managing Outsourcing Arrangements

Managing Outsourcing Arrangements Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS

More information

To: Our Clients and Friends March 25, 2014

To: Our Clients and Friends March 25, 2014 Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors

More information

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION

More information

Privacy and Security Framework, February 2010

Privacy and Security Framework, February 2010 Privacy and Security Framework, February 2010 Updated April 2014 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and

More information

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404 INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404 OF THE U.S. SARBANES-OXLEY ACT OF 2002 May 26, 2004 Copyright 2004 by, 247 Maitland Avenue, Altamonte Springs, Florida, 32701-4201, USA Internal Auditing

More information

February 2015. Audit committee performance evaluation

February 2015. Audit committee performance evaluation February 2015 Audit committee performance evaluation Audit committee performance evaluation The following questionnaire is based on emerging and leading practices to assist in the self-assessment of an

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005 Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

EXTERNAL AUDITOR ASSESSMENT TOOL

EXTERNAL AUDITOR ASSESSMENT TOOL EXTERNAL AUDITOR ASSESSMENT TOOL A REFERENCE FOR AUDIT COMMITTEES WORLDWIDE INTRODUCTION Among other important duties, audit committees of publicly listed companies generally have responsibility for overseeing

More information

RISK ADVISORY SERVICES CONSTRUCTION AUDIT SERVICES

RISK ADVISORY SERVICES CONSTRUCTION AUDIT SERVICES RISK ADVISORY SERVICES CONSTRUCTION AUDIT SERVICES AS ECONOMIC AND FINANCIAL CHALLENGES WEIGH ON, ORGANIZATIONS FIND IT INCREASINGLY DIFFICULT TO LOCATE ENOUGH MONETARY SUPPORT TO HELP FACILITATE THE CONSTRUCTION

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,

More information

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Vendor Risk Management in the New Regulatory Environment. kpmg.com Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators

More information

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply

More information

How quality assurance reviews can strengthen the strategic value of internal auditing*

How quality assurance reviews can strengthen the strategic value of internal auditing* How quality assurance reviews can strengthen the strategic value of internal auditing* PwC Advisory Internal Audit Table of Contents Situation Pg. 02 In response to an increased focus on effective governance,

More information

Effective Internal Audit in the Financial Services Sector

Effective Internal Audit in the Financial Services Sector Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors

More information

Vendor Management Best Practices

Vendor Management Best Practices 23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion

More information

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Capital Requirements Directive Pillar 3 Disclosure. December 2015 Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay

More information

EXTERNAL AUDITOR ASSESSMENT TOOL

EXTERNAL AUDITOR ASSESSMENT TOOL EXTERNAL AUDITOR ASSESSMENT TOOL A REFERENCE FOR U.S. AUDIT COMMITTEES INTRODUCTION Among other important duties, audit committees of U.S. public companies and registered investment companies have direct

More information

Financial Services Guidance Note Outsourcing

Financial Services Guidance Note Outsourcing Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14

More information

GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987

GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 CONTENTS Page 1. Introduction 3-4 2. The Commission s Policy 5 3. Outsourcing

More information

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers Table of Contents Requirements of the Act.............................................................. 1 Accelerated Filer s...........................................................

More information

GUIDANCE NOTE ON OUTSOURCING

GUIDANCE NOTE ON OUTSOURCING GN 14 GUIDANCE NOTE ON OUTSOURCING Office of the Commissioner of Insurance Contents Page I. Introduction.. 1 II. Application...... 1 III. Interpretation.... 2 IV. Legal and Regulatory Obligations... 3

More information

CORPORATE GOVERNANCE FRAMEWORK

CORPORATE GOVERNANCE FRAMEWORK CORPORATE GOVERNANCE FRAMEWORK January 2015 TABLE OF CONTENTS 1. INTRODUCTION... 3 2. CORPORATE GOVERNANCE PRINCIPLES... 4 3. GOVERNANCE STRUCTURE... 5 4. THE BOARD S ROLE... 5 5. COMMITTEES OF THE BOARD...

More information

Guide to Pcaob Inspections

Guide to Pcaob Inspections Guide to Pcaob Inspections october 2012 Since 2002, a new regulator, the Public Company Accounting Oversight Board (PCAOB), has had responsibility for overseeing auditors of public companies. Regular inspections

More information

U & D COAL LIMITED A.C.N. 165 894 806 BOARD CHARTER

U & D COAL LIMITED A.C.N. 165 894 806 BOARD CHARTER U & D COAL LIMITED A.C.N. 165 894 806 BOARD CHARTER As at 31 March 2014 BOARD CHARTER Contents 1. Role of the Board... 4 2. Responsibilities of the Board... 4 2.1 Board responsibilities... 4 2.2 Executive

More information

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper august09 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper Preface Corporate governance - which refers broadly to the processes

More information

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS Introduction As part of the corporate governance policies, processes and procedures of ImmunoGen, Inc. ( ImmunoGen or the Company

More information

Managing General Agents (MGAs) Guideline

Managing General Agents (MGAs) Guideline Managing General Agents (MGAs) Guideline JUNE 2013 DRAFT FOR COMMENT BC AUTHORIZED LIFE INSURERS www.fic.gov.bc.ca PURPOSE This draft guideline outlines best practices that the Financial Institutions Commission

More information

Appendix 15 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT

Appendix 15 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT Appendix 15 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT The Code This Code sets out the principles of good corporate governance, and two levels of recommendations: code provisions; and recommended

More information

RISK AdvISoRy SeRvIceS MINING CREDENTIALS

RISK AdvISoRy SeRvIceS MINING CREDENTIALS RISK Advisory Services MINING CREDENTIALS 2 Mining credentials BDO THERE IS AN INCREASING NUMBER OF MINING COMPANIES EXPLORING INVESTMENTS IN LOCAL AND EMERGING MARKETS TODAY, ATTRACTED BY QUALITY UNMINED

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Audit Committee Institute Assessment of audit committees

Audit Committee Institute Assessment of audit committees Audit Committee Institute Assessment of audit committees KPMG s AUDIT COMMITTEE INSTITUTE In addition to reviewing its terms of reference, audit committee members should also review the effectiveness of

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship

More information

A Guide to Corporate Governance for QFC Authorised Firms

A Guide to Corporate Governance for QFC Authorised Firms A Guide to Corporate Governance for QFC Authorised Firms January 2012 Disclaimer The goal of the Qatar Financial Centre Regulatory Authority ( Regulatory Authority ) in producing this document is to provide

More information

Internal Audit Standards

Internal Audit Standards Internal Audit Standards Department of Public Expenditure & Reform November 2012 Copyright in material supplied by third parties remains with the authors. This includes: - the Definition of Internal Auditing

More information

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER KING III CORPORATE GOVERNANCE REGISTER CHAPTER 1: ETHICAL LEADERSHIP AND CORPORATE CITIZENSHIP NON 1.1. The board should provide effective leadership based on an ethical foundation 1.2. The board should

More information

Audit Committee Oversight of Foreign Operations. November 2014

Audit Committee Oversight of Foreign Operations. November 2014 Audit Committee Oversight of Foreign Operations November 2014 The Issue External auditor oversight can be a challenge for audit committees of reporting issuers with operations in foreign jurisdictions.

More information

Information Security: Business Assurance Guidelines

Information Security: Business Assurance Guidelines Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

Insurance Industry Expertise

Insurance Industry Expertise Insurance Industry Expertise Delivered With High-Level Attention and Service Audit Tax Advisory Risk Performance The Unique Alternative to the Big Four For more than 50 years, clients in all sectors of

More information

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction

More information

CLASSIFICATION SPECIFICATION FORM

CLASSIFICATION SPECIFICATION FORM www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information

More information

Mapping of outsourcing requirements

Mapping of outsourcing requirements Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

Inspection Observations Related to PCAOB Rules and Auditing Standards on Communications with Audit Committees

Inspection Observations Related to PCAOB Rules and Auditing Standards on Communications with Audit Committees 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org Inspection Observations Related to PCAOB Rules and Auditing Standards on Communications with

More information

Final Draft Guidance on Audit Committees

Final Draft Guidance on Audit Committees Guidance Corporate Governance April 2016 Final Draft Guidance on Audit Committees The FRC is responsible for promoting high quality corporate governance and reporting to foster investment. We set the UK

More information

Privacy Maturity Model

Privacy Maturity Model AICPA/CICA Privacy Maturity Model March 2011 Notice to Reader DISCLAIMER: This document has not been approved, disapproved, or otherwise acted upon by any senior technical committees of, and does not represent

More information

Risk committee performance evaluation

Risk committee performance evaluation Risk committee performance evaluation While there is currently not a legal or regulatory requirement for board risk committees to complete a performance evaluation, King III recommends regular performance

More information

Managing Risk at Bank of America Corporation. Overview

Managing Risk at Bank of America Corporation. Overview Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,

More information

BOARD OF DIRECTORS MANDATE

BOARD OF DIRECTORS MANDATE BOARD OF DIRECTORS MANDATE Board approved: May 7, 2014 This mandate provides the terms of reference for the Boards of Directors (each a Board ) of each of Economical Mutual Insurance Company ( Economical

More information

THE BANK OF NOVA SCOTIA. Corporate Governance Policies

THE BANK OF NOVA SCOTIA. Corporate Governance Policies Corporate Governance Policies June 2015 PAGE 1 Introduction Corporate governance refers to the oversight mechanisms and the way in which The Bank of Nova Scotia (the Bank ) is governed. The Board of Directors

More information

the role of the head of internal audit in public service organisations 2010

the role of the head of internal audit in public service organisations 2010 the role of the head of internal audit in public service organisations 2010 CIPFA Statement on the role of the Head of Internal Audit in public service organisations The Head of Internal Audit in a public

More information

Inspection of Fazzari + Partners LLP Chartered Accountants (Headquartered in Vaughan, Canada) Public Company Accounting Oversight Board

Inspection of Fazzari + Partners LLP Chartered Accountants (Headquartered in Vaughan, Canada) Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Inspection of Fazzari + Partners LLP (Headquartered in Vaughan, Canada) Issued by the Public

More information

Public Sector Pension Investment Board

Public Sector Pension Investment Board Public Sector Pension Investment Board Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Her Majesty the Queen in Right of Canada,

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS

SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 ISSUED: 4 th May 2004 REVISED: 27 th August 2009 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS I. INTRODUCTION The Central Bank

More information

Effective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk

Effective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk Consultation document Effective Internal Audit in the Financial A survey of heads of internal audit Services Sector Non Executive Directors (NEDs) and the Management of Risk Draft recommendations to the

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

G11 EFFECT OF PERVASIVE IS CONTROLS

G11 EFFECT OF PERVASIVE IS CONTROLS IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

PRACTICE ADVISORIES FOR INTERNAL AUDIT

PRACTICE ADVISORIES FOR INTERNAL AUDIT Société Française de Réalisation, d'etudes et de Conseil Economics and Public Management Department PRACTICE ADVISORIES FOR INTERNAL AUDIT Tehnical Assistance to the Ministry of Finance for Development

More information

Guide to Internal Control Over Financial Reporting

Guide to Internal Control Over Financial Reporting Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).

More information

APES GN 30 Outsourced Services

APES GN 30 Outsourced Services APES GN 30 Outsourced Services Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: [DATE] Copyright 2012 Accounting Professional & Ethical Standards Board Limited (

More information

Outsourcing Risk Guidance Note for Banks

Outsourcing Risk Guidance Note for Banks Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

IFIAR 2015 Member Profile - PCAOB

IFIAR 2015 Member Profile - PCAOB Jurisdiction United States of America (USA) 1. Organization Insert the name of the Organization, both in the local language and in English: Public Company Accounting Oversight Board ( PCAOB ) Include relevant

More information

TO ALL CHIEF EXECUTIVE OFFICERS OF BANKS, BRANCHES OF FOREIGN BANKS AND MUTUAL BANKS

TO ALL CHIEF EXECUTIVE OFFICERS OF BANKS, BRANCHES OF FOREIGN BANKS AND MUTUAL BANKS 2004-09-20 BANKS ACT CIRCULAR 14/2004 TO ALL CHIEF EXECUTIVE OFFICERS OF BANKS, BRANCHES OF FOREIGN BANKS AND MUTUAL BANKS OUTSOURCING OF FUNCTIONS WITHIN BANKS This Office has received several approaches

More information

RE: PCAOB Rulemaking Docket Matter No. 041: Concept Release on Audit Quality Indicators

RE: PCAOB Rulemaking Docket Matter No. 041: Concept Release on Audit Quality Indicators Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006-2803 September 29, 2015 RE: PCAOB Rulemaking Docket Matter No. 041: Concept Release on Audit Quality

More information

3 rd Party Vendor Risk Management

3 rd Party Vendor Risk Management 3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced

More information

Creating an effective audit committee

Creating an effective audit committee Audit Committee Creating an effective audit Institute committee 1 Sponsored by KPMG Creating an effective audit committee A corporate board of directors establishes an audit committee to assist in discharging

More information

POLICY STATEMENT AND GUIDANCE NOTES ON: (1) OUTSOURCING; AND

POLICY STATEMENT AND GUIDANCE NOTES ON: (1) OUTSOURCING; AND POLICY STATEMENT AND GUIDANCE NOTES ON: (1) OUTSOURCING; AND (2) DELEGATION BY JERSEY CERTIFIED FUNDS AND FUND SERVICES BUSINESSES Issued: May 2011 Contents CONTENTS Contents...3 Background...4 1 Scope...

More information

Credit Unions RISK ADVISORY SERVICES. Enterprise Risk Management, Internal Audit and Complex Accounting Services

Credit Unions RISK ADVISORY SERVICES. Enterprise Risk Management, Internal Audit and Complex Accounting Services Credit Unions RISK ADVISORY SERVICES Enterprise Risk Management, Internal Audit and Complex Accounting Services Credit unions care about personal service. So do we. How BDO works with credit unions Credit

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide PPG 231 Outsourcing October 2006 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal advice and users

More information

Third party assurance services

Third party assurance services TECHNOLOGY RISK SERVICES Third party assurance services Delivering assurance over your service providers The current third party service provider environment Corporate UK has been transformed in recent

More information

Audit Committee Charter

Audit Committee Charter Audit Committee Charter PURPOSE The Audit Committee (the Committee ) is a committee appointed by the Board of Directors (the Board ) of Tahoe Resources Inc. ( Tahoe ). The Committee is established to fulfill

More information

Internal Audit Manual

Internal Audit Manual Internal Audit Manual Version 1.0 AUDIT AND EVALUATION SECTOR AUDIT AND ASSURANCE SERVICES BRANCH INDIAN AND NORTHERN AFFAIRS CANADA April 25, 2008 #933907 Acknowledgements The Institute of Internal Auditors

More information

VIEWPOINTS: Applying IFRSs in the Oil and Gas Industry

VIEWPOINTS: Applying IFRSs in the Oil and Gas Industry VIEWPOINTS: Applying IFRSs in the Oil and Gas Industry COMMODITY PRICES AND IMPAIRMENT JUNE 2015 Background Oil and gas assets and goodwill are tested for impairment whenever indicators of impairment exist

More information

20 Questions Directors of Not-for-Profit Organizations Should Ask about Strategy and Planning

20 Questions Directors of Not-for-Profit Organizations Should Ask about Strategy and Planning 20 Questions Directors of Not-for-Profit Organizations Should Ask about Strategy and Planning Introduction Gigi Dawe Principal, Risk Management and Governance Canadian Institute of Chartered Accountants

More information