Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services

Size: px
Start display at page:

Download "Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services"

Transcription

1 Risks are Key, Processes Follow Michiel Schuijt Chief Risk Officer, Mn Services

2 Mn Services & Our Risk Management Philosophy 8 June 2011 ProcessWorld

3 Pension Companies in the Netherlands APG Groep 250 Billion euro PGGM 100 Mn Services 71 Blue Sky 12 SPF 13 BlackRock 20 ING / AZL 25 ) Syntrus Achmea 33 F&C Netherlands 35

4 Company profile Mn Services Mn Services administrates the pension plans for a range of pension funds in the Netherlands Some 1.9 million Dutch people rely on Mn Services for their pensions With assets under management of 71 billion Mn Services is in the top three pension investment managers in the Netherlands 980 fte in two countries (NL / UK) 8 June 2011 ProcessWorld

5 Challenge: Increase Risk Management Maturity Own ambition Mn Services organisation Positioning as a reliable business partner Balance between business and threats (management information) In Control Statement itself is not the objective, but appliances Driven by law and regulation and the supervisors Comply (demonstrable) to law- and regulations Adequate response on (changing) law- and regulations Pension funds are on the radar of Supervisors Driven by client responsibility (outsourcing activities) 8 June 2011 ProcessWorld

6 Risico Risk Management framework Audit Committee Commissie 8 June 2011 ProcessWorld Mn Services: Lines of Defense internal external Toezichthouders Regulator External Extern supervision toezicht Externe External accountant Externe External beoordeling evaluation Derde Third beheersings - line of defence - lijn Tweede Second beheersings - line of defence lijn Internal audit audit Control Risk Compliance Management Reguliere Regular testing toetsing van of framework het framework Coordination Co ö rdinatie Ontwikkeling Development of van policies beleid en and rapportage reporting structuur structure Audit Commissie Eerste First beheersings - line of defence lijn Besturingsprocessen Control processes Primaire Primary processes processen Ondersteunende Supporting processes processen Uitvoering Execution of van policies beleid Dagelijkse verantwoordelijkheid Daily accountability Rapportage Reporting & management info

7 Risks are Key, Processes Follow Analysis Processes consist of lots of controls Not always clear why controls are implemented, to comply to what law & regulation or to mitigate what risk(s) No visible balance between effort and cycle time (costdrivers) versus effectiveness (revenue-driver) Layer of Drivers Layer of Processes New Law Law New Objectives New Risks Risks Decision Objectives and Risk Identification as staring point Processes follow: possibly new/changed/outsourced Risk and Control Assessment results, created issues, are input for (flexible) processes Mn Services uses a top-down Risk based approach, with a flexible Process layer as intermediate. Layer of assessment results Risk Assessments Results (Losses) Control Assessments Results Created Issues Sign-off ISAE,ERM 8 June 2011 ProcessWorld

8 Enterprise Risk Management Implementation enabled by the ARIS Platform 8 June 2011 ProcessWorld

9 8 June 2011 ProcessWorld Enterprise Risk Management ERM ERM ISAE SAS 70 Financiële Financial verantwoording Beheersmaatregelen Controls audited Geaudit ERM covers ISAE and SAS70 as well COSOII ERM Framework is starting point of the program ERM processes are designed in ARIS Mn Services is in the middle of executing them, let s guide you through our ERM process Management assurance Risks Strategic, Tactical & Operational risks Strategisch, Tactisch & Operationele risico s All processes in scope Alle processen in scope Tested, Audited and Reported getest, geaudited& gerapporteerd In Control Statement In controlstatement

10 8 June 2011 ProcessWorld Decide on ERM Ambition Minimum Common Good Best Period of time declaration Ad hoc Year end Whole year Continuous Range F F/O/S/C Integrated F/O/S/C Certainty Limited IAD indirect Monitoring + IAD Risk paragraph Limitative generic list Enumeration Control framework Unstructured Structured Descriptive + impact and vulnerability Materialiteit driven Business control Not described Described Principle based Business-driven F/O/S/C Automated + integrated montoring Scenario s + choices Business-driven Leading cultural assessment Risk assessment BU / Process Ad hoc Incident driven Periodically Yearly (Year planning cycle) Integrated part of decision making Framework Unstructured Individual Structured Bottom up No Materialiteit Structured Top down Materialiteit Systematic Business-driven Governance Not described Unclear Described Silos Alignment Strengthening Awareness Limited Control Management Integrated part of business

11 Perspective Perspective Perspective Perspective Strategy Top Management identifies Objectives & Strategic Risks Workshops with: Top management identifying Strategic Risks Middle management identifying Tactical Risks Alignment of all Risks and their relation to Objectives and Processes Rel. perspectives Cause-and-effect Cause-and-effect Cause-and-effect CEO, Ruud Hagendijk (middle) Waarde voor aandeelhouders op lange termijn Realisatie rendement van 15% van de verwachte omzet in 2012 Bijdrage aan strategische ambities opdrachtgevers dmv een optimale integrale dienstverlening Realisatie financieel resultaat Groei in UK Verstevigen fundament Financieel Professionele dienstverlening Verhogen klanttevredenheid Behoud klantenbestand vermogensbeheer Besturing klantrelatie Klanten Versterken propositie processen en organisatie Succesvolle bediening nieuwe opdrachtgevers Organisatie inrichting Realisatie projectenportfolio (IPP) Verstevigen fundament Compliancy en invoeren risk management Interne Processen Leren en groeien Optimale inzet medewerkers Ontwikkeling medewerkers Formatie Innovatieve processen en systemen Huisvesting CFO, Kor Bosscher (right) 8 June 2011 ProcessWorld

12 8 June 2011 ProcessWorld Perform Risk Assessments Define Key Risks Planning assessments Execute Assessments and Reviews Decide on Risk response Reports

13 8 June 2011 ProcessWorld Implement and Monitor Control Activities Controls implementation & testing Issue solving Monitoring results Information and Communication

14 8 June 2011 ProcessWorld Compliance Management Compliance is integrated in ERM approach: same control to mitigate a risk and to comply to regulation Electronic Publisher provides relevant law & regulations (towards ARIS) Impact Analysis in ARIS to decide on actions

15 Business Benefits & Lessons Learned 8 June 2011 ProcessWorld

16 8 June 2011 ProcessWorld Benefits ERM within Mn Services ERM gives more insight than only Financial Risks Increased efficiency,by integration controls for SAS70 / ISAE and ERM and by that a decrease of test effort and number of issues Process improvement, processes became more lean: many controls from the past are abolished, because they simply added no value; new process controls are implemented, mitigating several risks and complying to multiple articles at once More risk awareness and better alignment of Risk Framework Mn Services with those of customers Keep competitors ahead by demonstrable In Control and better protection of the image of Mn Services

17 8 June 2011 ProcessWorld Risks are Key (to success), Thanks for Your Attention! Michiel Schuijt, CRO Processes Follow

ICAAP of SNS Bank. Arno van Eekelen Senior Consultant SNS Bank Global Association of Risk Professionals. June 2014

ICAAP of SNS Bank. Arno van Eekelen Senior Consultant SNS Bank Global Association of Risk Professionals. June 2014 ICAAP of SNS Bank Arno van Eekelen Senior Consultant SNS Bank Global Association of Risk Professionals June 2014 Table of contents 1. SNS REAAL 2. ICAAP a) Basic elements and environment b) ICAAP stages

More information

Information Security Governance

Information Security Governance Information Security Governance Aart Bitter Aart.Bitter@information-security-governance.com Agenda Governance & Compliance Information Security Governance Aanpak om information security governance in organisaties

More information

Het Secure Datacenter

Het Secure Datacenter Het Secure Datacenter If trust and reliability matters Michiel Steltman CTO Siennax Drivers voor IT Security Financiële aansprakelijkheid Sox, Basel II Persoonlijke aansprakelijkheid van managers Operationele

More information

UvA college Governance and Portfolio Management

UvA college Governance and Portfolio Management UvA college Han Verniers Principal Consultant Han.Verniers@LogicaCMG.com Programma Governance IT Governance, wat is dat? Governance: structuren, processen, instrumenten Portfolio Management Portfolio Management,

More information

Requirements Lifecycle Management succes in de breedte. Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop

Requirements Lifecycle Management succes in de breedte. Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop Requirements Lifecycle Management succes in de breedte Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop Focus op de breedte Samenwerking business en IT Deelnemers development RLcM en het voortbrengingsproces

More information

It s all about relevance! De financiële professional als hoeder van waarde

It s all about relevance! De financiële professional als hoeder van waarde www.pwc.nl De financiële professional als hoeder van waarde Robert van der Laan 31 oktober 2012 NBA-VRC Jaarcongres Headlines Integrated Reporting 2 Nothing in the world is so powerful as an idea whose

More information

th European Pension Funds Congress Introducing an overview of accumulated pension entitlements will help increase the mobility of European citizens 1

th European Pension Funds Congress Introducing an overview of accumulated pension entitlements will help increase the mobility of European citizens 1 8 th th European Pension Funds Congress Frankfurt 19th of November 2013 Titus Sips (APG) Introducing an overview of accumulated pension entitlements will help increase the mobility of European citizens

More information

IPW Smart Delivery Management

IPW Smart Delivery Management IPW Smart Delivery SPIder 10 juni 2003 Mark van der Velden +31 6 54 68 21 22, m.van.der.velden@quintgroup.com Outline! Introduction! The model! Examples! Other models! Final words Software Engineering

More information

www.pwc.nl Procurement Transformation: Towards Sourcing & Procurement Excellence

www.pwc.nl Procurement Transformation: Towards Sourcing & Procurement Excellence www.pwc.nl Procurement Transformation: Towards Sourcing & Procurement Excellence PwC firms provide Industry-focused Assurance, Tax and Advisory services to enhance value for their clients. More than 161.000

More information

From QMS to IMS. Name: Arie Boer Function Risk Manager Date: 19 december 2014

From QMS to IMS. Name: Arie Boer Function Risk Manager Date: 19 december 2014 Name: Arie Boer Function Risk Manager Date: 19 december 2014 Introduction EPZ is located in the south west of the Netherlands Vlissingen Borssele 2 Introduction EPZ has a coal fired plant, windmills and

More information

Managing Monopolies and Single Source Suppliers

Managing Monopolies and Single Source Suppliers Managing Monopolies and Single Source Suppliers Associate Trainer Anil Joshi Director NEVI Purspective www.purspective.com ITIDA International www.itida.nl aniljoshi@itida.nl 0651150293 Ok, who is NEVI

More information

Netherlands National Contact Point OECD Guidelines for Multinational Enterprises. Lodewijk de Waal 23 October 2015

Netherlands National Contact Point OECD Guidelines for Multinational Enterprises. Lodewijk de Waal 23 October 2015 Netherlands National Contact Point OECD Guidelines for Multinational Enterprises Lodewijk de Waal 23 October 2015 De ondernemingsraad en MVO MVO moet geintegreerd onderdeel zijn van bedrijfsbeleid, het

More information

Unofficial translation

Unofficial translation Unofficial translation Policy Rule of De Nederlandsche Bank N.V. on Integrity Policy Regarding Commercial Real Estate Activities (Policy Rule on Integrity Policy Regarding Commercial Real Estate Activities)

More information

Greening of and greening by IT

Greening of and greening by IT Greening of and greening by IT introduction John Post Managing director Green IT Amsterdam region Board TKI SWITCH2SmartGrids 1 Agenda Power and pollution, the bad and the ugly European ambitions & reality

More information

Duurzaam Supply Management

Duurzaam Supply Management Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Asset Management in praktijk AMC Seminar 8 november Bertrand van Leersum, ATO

Asset Management in praktijk AMC Seminar 8 november Bertrand van Leersum, ATO Asset Management in praktijk AMC Seminar 8 november Bertrand van Leersum, ATO Europa investeert in uw toekomst uit het Europese fonds voor regionale ontwikkeling Over ATO Wind Energy Link B.V. Project

More information

Anglo-saksisch en Rijnlands

Anglo-saksisch en Rijnlands CMMI en Agile Anglo-saksisch en Rijnlands Agenda Inleiding CMMI versus Agile Rijnlands versus Angelsaksisch denken Conclusies Agenda Inleiding CMMI versus Agile Rijnlands versus Angelsaksisch denken Conclusies

More information

Duurzaam Supply Management

Duurzaam Supply Management Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie

More information

Developments in International IT-Supervision

Developments in International IT-Supervision Developments in International IT-Supervision CBCS: Information Technology Service Management Seminar Evert Koning, 18 November 2014 Agenda 1.Europe: ECB: SSM 2.World: ITSG 3.Other Supervisors 2 Banking

More information

Evaluatie QIS5 16 december 2010. Out of the box actuaries and risk professionals

Evaluatie QIS5 16 december 2010. Out of the box actuaries and risk professionals Evaluatie 16 december 2010 Out of the box actuaries and risk professionals Agenda Introduction results Demo: manage process using E2S Appendix 1: detailed results non-life 2 Introduction Planning and participation

More information

FINANCIAL SHARED SERVICES

FINANCIAL SHARED SERVICES FINANCIAL SHARED SERVICES Arie Geneugelijk, John Vervloet & Djimmy Zeijpveld 9-3-2016 Agenda Waarom bent u hier? Praktijkvoorbeeld Exact: Transitie naar shared service center Demonstratie Vragen? Waarom

More information

Platform voor Informatiebeveiliging IB Governance en management dashboards

Platform voor Informatiebeveiliging IB Governance en management dashboards Platform voor Informatiebeveiliging IB Governance en management dashboards Johan Bakker MSc CISSP ISSAP Principal Policy Advisor KPN Corporate Center Information Security Governance Agenda Drivers voor

More information

3PM²: an integrated approach to enable the execution of organisational strategy. 3PM² - 16 november 2012 Stanwick Management Consultants

3PM²: an integrated approach to enable the execution of organisational strategy. 3PM² - 16 november 2012 Stanwick Management Consultants 3PM²: an integrated approach to enable the execution of organisational strategy 3PM² - 16 november 2012 1 13u30 Welkom Agenda Afspraken 13u40 3PM²: Kader 14u15 Parallelle workshops 15u00 Break 15u15 Parallelle

More information

Supervisory framework for assessing conduct and culture in the financial sector

Supervisory framework for assessing conduct and culture in the financial sector Supervisory framework for assessing conduct and culture in the financial sector Femke de Vries De Nederlandsche Bank June 17th, 2014 The Asch Experiment 2 Pre-crisis supervision 3 Post-crisis supervision

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Accenture Risk Management. Industry Report. Life Sciences

Accenture Risk Management. Industry Report. Life Sciences Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive

More information

Veilige software. Wie voelt zich verantwoordelijk?

Veilige software. Wie voelt zich verantwoordelijk? Veilige software Wie voelt zich verantwoordelijk? Praktijkvoorbeeld (1/3) Een willekeurige Directeur ICT Zijn er incidenten? Wat is de omvang? De beheerorganisatie spreekt over een web application firewall?

More information

Principles of Fund Governance BNP Paribas Investment Partners Funds (Nederland) N.V.

Principles of Fund Governance BNP Paribas Investment Partners Funds (Nederland) N.V. Principles of Fund Governance BNP Paribas Investment Partners Funds (Nederland) N.V. Versie november 2012 Inleiding Het doel van de Principles of Fund Governance (verder Principles ) is het geven van nadere

More information

Sander van Geest. Today s speaker

Sander van Geest. Today s speaker IT Business cases Guest Lecture Hogeschool Rotterdam Sander van Geest 16 February 2015 1 Today s speaker Sander van Geest Sander.vanGeest@vka.nl +31 79 368 1000 Senior Consultant in the area of Finance

More information

Frameworks for IT Management

Frameworks for IT Management Frameworks for IT ment 14 BiSL Business Information Services Library The Business Information Services Library (BiSL) has a focus on how business organizations can improve control over their information

More information

Cloud. Regie. Cases.

Cloud. Regie. Cases. Cloud. Regie. Cases. Agile SIAM Dave van Herpen Consultant Cloud Cases Regie 2 Grip op de cloud Hoe word ik een wendbare service broker? Cloud Cases Regie 3 Waarom cloud? innovation maintenance Private?

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

European Securities Markets Authority 103 Rue de Grenelle 75007 PARIS FRANCE. Investment Fund Managers Directive and types of AIFM.

European Securities Markets Authority 103 Rue de Grenelle 75007 PARIS FRANCE. Investment Fund Managers Directive and types of AIFM. European Securities Markets Authority 103 Rue de Grenelle 75007 PARIS FRANCE Federation of the Dutch Pension Funds Prinses Margrietplantsoen 90 2595 BR The Hague PO Box 93158 2509 AD The Hague The Netherlands

More information

Quality Assurance Checklist

Quality Assurance Checklist Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The

More information

www.pwc.com Developing a robust cyber security governance framework 16 April 2015

www.pwc.com Developing a robust cyber security governance framework 16 April 2015 www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October

More information

Leiders in cultuurverandering

Leiders in cultuurverandering Leiders in cultuurverandering Een praktische gids voor strategische en culturele veranderingen in organisaties Jaap Boonstra Deze studie is eerder financieel mogelijk gemaakt en begeleid door de Stichting

More information

HSMS. Group Health AND Safety Management System

HSMS. Group Health AND Safety Management System 3 2 CONSULTATION AND EMPOWERMENT 4 RISK MANAGEMENT 1 AMBITION, POLICY AND RULES LEADERSHIP, ACCOUNTABILITY AND ORGANISATION PLAN AND COMMIT 5 EMERGENCY PREPAREDNESS 10 AUDIT AND MATURITY PATH 9 LEARN AND

More information

ESKISP6056.01 Direct security testing

ESKISP6056.01 Direct security testing Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being

More information

Company Update. Credit Suisse Capital Goods Conference September 14 th, 2011. Ron Wirahadiraksa CFO Royal Philips Electronics

Company Update. Credit Suisse Capital Goods Conference September 14 th, 2011. Ron Wirahadiraksa CFO Royal Philips Electronics Company Update Credit Suisse Capital Goods Conference September 14 th, 2011 Ron Wirahadiraksa CFO Royal Philips Electronics 1 Important information Forward-looking statements This document and the related

More information

Fiduciary Management. What it should deliver to your fund

Fiduciary Management. What it should deliver to your fund Fiduciary Management What it should deliver to your fund The Concept Fiduciary Management is a comprehensive investment management service which enables institutional investors to realise their strategic

More information

Sales Consultant BI&W. Sales Consultant BI&W. Fabian Janssen. Bas Roelands

Sales Consultant BI&W. Sales Consultant BI&W. Fabian Janssen. Bas Roelands Fabian Janssen Sales Consultant BI&W Bas Roelands Sales Consultant BI&W Analytical Database: RDBMS of MDDS? Agenda Inleiding: Definities & Speelveld 19:00 19:45 Analytische Mogelijkheden RDBMS 19:45 20:00

More information

Oversight Management: een zinvolle aanvulling!

Oversight Management: een zinvolle aanvulling! Oversight Management: een zinvolle aanvulling! Houfhoff Pension Fund Academy Christiaan Tromp info@fiduciaryservices.eu April 2012 1 Agenda The Fiduciary Management promise The evolution of Pension Fund

More information

INSPIRE CHANGE ACT ON RESULTS MARKETING SCRUM 2 CASE STUDIES WHO NOW ACT FIRST APOLOGIZE LATER

INSPIRE CHANGE ACT ON RESULTS MARKETING SCRUM 2 CASE STUDIES WHO NOW ACT FIRST APOLOGIZE LATER INSPIRE CHANGE ACT ON RESULTS MARKETING SCRUM 2 CASE STUDIES WHO NOW ACT FIRST APOLOGIZE LATER Jeroen Molenaar Agile 2014 Orlando - 29th June 2014 1 2 Rev. 2013 02 16 June 2013 CONTACT INFO Jeroen Molenaar!!

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

Cloud. Transformatie. Cases.

Cloud. Transformatie. Cases. Cloud. Transformatie. Cases. Dé cloud bestaat niet. maakt cloud concreet 2 IT Transformatie. Cloud? De vraag is niet of we gaan, maar wanneer en hoe #sogetidoethet Matthias Radder Cloud Consultant 3 In

More information

+ Even voorstellen Barry Derksen, Directeur BITTI B.V., Bedrijf met 10 toppers op : benchmark, advies, audit en interim/ project management

+ Even voorstellen Barry Derksen, Directeur BITTI B.V., Bedrijf met 10 toppers op : benchmark, advies, audit en interim/ project management Business & IT alignment ABC...van WORST practices! Barry Derksen + Even voorstellen Barry Derksen, Directeur BITTI B.V., Bedrijf met 10 toppers op : benchmark, advies, audit en interim/ project management

More information

CSRQ Center Rapport over schoolhervormingsmodellen voor basisscholen Samenvatting voor onderwijsgevenden

CSRQ Center Rapport over schoolhervormingsmodellen voor basisscholen Samenvatting voor onderwijsgevenden CSRQ Center Rapport over schoolhervormingsmodellen voor basisscholen Samenvatting voor onderwijsgevenden Laatst bijgewerkt op 25 november 2008 Nederlandse samenvatting door TIER op 29 juni 2011 Welke schoolverbeteringsprogramma

More information

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer

More information

2011 Forrester Research, Inc. Reproduction Prohibited

2011 Forrester Research, Inc. Reproduction Prohibited 1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester

More information

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the Remarks by Carolyn G. DuChene Deputy Comptroller Operational Risk at the Bank Safety and Soundness Advisor Community Bank Enterprise Risk Management Seminar Washington, D.C. October 22, 2012 Good afternoon,

More information

Governance, Risk & Compliance

Governance, Risk & Compliance Governance, Risk & Compliance ERM enabled by ARIS Workshop Sistemi IT per la Compliance 30 giugno 2011 Lorenzo Fornai Lorenzo Capozza Software AG at a glance Revenue over 1 billion Global Leader for Process

More information

ESKISP6064.03 Conducts vulnerability assessment under supervision

ESKISP6064.03 Conducts vulnerability assessment under supervision Conducts vulnerability assessment under supervision Overview This standard covers the competencies required to conduct vulnerability assessments under supervision. This includes following processes for

More information

Industrial Managed Services

Industrial Managed Services Industrial Managed Services M2M Summit 2012 Roland Schneiders Business Consultant Düsseldorf, 5th September 2012 Cofely Zuid Nederland BV Amerikalaan 35 6199 AE MAASTRICHT-AIRPORT Application Engineer

More information

mr. M.G.F.M.V. Janssen Secretary to the Managing Board T: +31 20 557 52 30 I: www.kasbank.com

mr. M.G.F.M.V. Janssen Secretary to the Managing Board T: +31 20 557 52 30 I: www.kasbank.com Date: 27 August 2015 For information: mr. M.G.F.M.V. Janssen Secretary to the Managing Board T: +31 20 557 52 30 I: www.kasbank.com Growth of 20% in net result, excluding non-recurring items, to EUR 8.3

More information

A best practice case implementing Role Based Access Control at ABN AMRO A long and winding road

A best practice case implementing Role Based Access Control at ABN AMRO A long and winding road A best practice case implementing Role Based Access Control at ABN AMRO A long and winding road Agenda 1. Introduction 2. Reasons for the RBAC project 3. Background 4. Concept 5. A slow start 6. Soll versus

More information

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand Integration of Risk Management and Internal Audit Chartered Institute of Management Accountants, New Zealand Contents Understanding the three lines of defense governance model What is Risk? Risk Management

More information

Risk management and internal control systems

Risk management and internal control systems Discussion Paper Risk management and internal control systems NIVRA taskforce on Internal Control Royal NIVRA ISBN-13: 978-90-75103-46-5... 2007 Koninklijk NIVRA, Amsterdam. Alle rechten voorbehouden.

More information

CLICK TO OPEN FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD

CLICK TO OPEN FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD CLICK TO OPEN FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD Click on tabs below FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD Food and drink manufacturers

More information

CLOUD COMPUTING LESSONS LEARNED. Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015

CLOUD COMPUTING LESSONS LEARNED. Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015 CLOUD COMPUTING LESSONS LEARNED Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015 WHEN WAS THE TERM USED FOR THE FIRST TIME? 26 th of October 1997 WHO HYPED ALL THIS? What's

More information

IT Risk Management Life Cycle and enabling it with GRC Technology

IT Risk Management Life Cycle and enabling it with GRC Technology IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?

More information

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool IC Rating NPSP Composieten BV 9 juni 2010 Variopool AGENDA: The future of NPSP Future IC Rating TM NPSP Composieten BV 2 Bottom line 3 Bottom line 4 Definition of Intangibles The factors not shown in the

More information

Metrics that Matter Security Risk Analytics

Metrics that Matter Security Risk Analytics Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk

More information

Security Organization & Awareness. Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke

Security Organization & Awareness. Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke Security Organization & Awareness Januari, 28/29th 2014 6th CENTR Security Workshop Brussels Bert ten Brinke Goals Creating a awareness plan Describing the security organization What is necessary regarding

More information

Enterprise Risk Management: Concepts & Issues

Enterprise Risk Management: Concepts & Issues Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1 The Basic Concept of Risk Management The active process of identifying risks,

More information

Solvency II. PwC. *connected thinking. Solvency II GAP-analysis: practical experience (life and non-life business)

Solvency II. PwC. *connected thinking. Solvency II GAP-analysis: practical experience (life and non-life business) Solvency II Solvency II GAP-analysis: practical experience (life and non-life business) *connected thinking PwC Decide ambition level for Solvency II Business use Standard model, Total eller partiel Optimizing

More information

PACB One-Day Cybersecurity Workshop

PACB One-Day Cybersecurity Workshop PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance

More information

Information Security is not an IT problem! Enterprise Risk & Security Management

Information Security is not an IT problem! Enterprise Risk & Security Management Information Security is not an IT problem! Enterprise Risk & Security Management Raymond Slot Security Seminar 20 maart 2015 Some Security Incidents in 2014 Anthem 80 million customer records exposed JPMorgan

More information

BEING A TUNNEL SYSTEM ASSET MANAGER

BEING A TUNNEL SYSTEM ASSET MANAGER BEING A TUNNEL SYSTEM ASSET MANAGER Presentation Versie 1.0 Jonas Kramer, Delft, Assetmanagement symposium, CME Dispuut 25-09- 15 1 Program Introduction NedMobiel Our perspective on Assetmanagement and

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

AND International Publishers NV. Interim financial report

AND International Publishers NV. Interim financial report AND International Publishers NV Interim financial report 30 June 2015 Contents Report on the first six months of 2015... 3 Consolidated profit and loss account... 6 Consolidated statement of recognised

More information

The vision of DNB on the supervision of cloud-computing

The vision of DNB on the supervision of cloud-computing The vision of DNB on the supervision of cloud-computing CBCS: Information Technology Service Management Seminar Evert Koning, 18 November 2014 Financial industry in the Netherlands Institution type Number

More information

Information Security Managing The Risk

Information Security Managing The Risk Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the

More information

How to deliver Self Service IT Automation

How to deliver Self Service IT Automation How to deliver Self IT Automation Roeland Verhoeven, Manager Cloud Supply Chain Simac ICT Rien du Pre, HP Cloud Solution Architect Datum: 17-06-2014 Hoe te komen tot een Self Customer Centric Portal Er

More information

THE ANALYTICS HUB LEVERAGING A SHARED SERVICES MODEL TO UNLOCK BIG DATA. Thomas Roland Managing Director. David Roggen Director CONTENTS

THE ANALYTICS HUB LEVERAGING A SHARED SERVICES MODEL TO UNLOCK BIG DATA. Thomas Roland Managing Director. David Roggen Director CONTENTS THE ANALYTICS HUB LEVERAGING A SHARED SERVICES MODEL TO UNLOCK BIG DATA David Roggen Director Thomas Roland Managing Director CONTENTS Shared Services Today 2 What Is an Analytics Hub? 3 Analytics Hub

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

SUBJECT LINES DONE RIGHT (ENGELSTALIG)

SUBJECT LINES DONE RIGHT (ENGELSTALIG) SUBJECT LINES DONE RIGHT (ENGELSTALIG) Pagina 1 van 6 An email s subject line is like a first impression. It is one of the first things a recipiënt sees when they glance at their inbox and a determining

More information

Using MSBA as the Foundation for SOA

Using MSBA as the Foundation for SOA SOA Challenges Why is Business Architecture Important What is MSBA Using MSBA as the Foundation for SOA SOA in context 1 SOA holds out enormous promise to revitalise the business value of IT... but early

More information

Public Sector Pension Investment Board

Public Sector Pension Investment Board Public Sector Pension Investment Board Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Her Majesty the Queen in Right of Canada,

More information

Company Presentation

Company Presentation 0 International Assurance Providers PO Box 117 4000 AC Tiel The Netherlands +31 (0) 6 149 68 048 enquiries@assuranceproviders.eu IAP IN BRIEF... International Assurance Providers (IAP) is a Qualified Security

More information

Data Driven Strategy. BlinkLane Consul.ng Amsterdam, 10 december 2013. Ralph Hofman Arent van t Spijker

Data Driven Strategy. BlinkLane Consul.ng Amsterdam, 10 december 2013. Ralph Hofman Arent van t Spijker Data Driven Strategy BlinkLane Consul.ng Amsterdam, 10 december 2013 Ralph Hofman Arent van t Spijker 1 Data Driven Strategy 08.00 08.05 Welkom 08:05 08.20 Data Driven Strategy 08.20 08.30 Het Business

More information

Take the right steps 9 principles for building the Risk Intelligent Enterprise

Take the right steps 9 principles for building the Risk Intelligent Enterprise Take the right steps 9 principles for building the Risk Intelligent Enterprise Contents 9 principles for building a Risk Intelligent Enterprise 2 The Risk Intelligent Framework 4 1. Is risk a threat or

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

2. For the purposes of this submission RAAI will mean RAA Insurance Limited and RAA Insurance Holdings Limited

2. For the purposes of this submission RAAI will mean RAA Insurance Limited and RAA Insurance Holdings Limited Background 1. The Royal Automobile Association of South Australia Incorporated (RAA) is the ultimate, unregulated (APRA), parent of a corporate group that includes two APRA regulated entities: RAA Insurance

More information

Dominant underlying factors of work related accidents

Dominant underlying factors of work related accidents Dominant underlying factors of work related accidents 3 rd International Conference Working on Safety September 2006 workingonsafety.net C.M. Pietersen Msc TNO Safety Solutions Consultants BV 1 General

More information

Flemish Action on Resource Efficiency and Sustainable Materials Management. Oikos Congres AARDE 09/12/2011 Ive Vanderreydt, VITO

Flemish Action on Resource Efficiency and Sustainable Materials Management. Oikos Congres AARDE 09/12/2011 Ive Vanderreydt, VITO Flemish Action on Resource Efficiency and Sustainable Materials Management Oikos Congres AARDE 09/12/2011 Ive Vanderreydt, VITO Ostend Antwerp Mol VITO in a nutshell VITO is a leading independent European

More information

Gepersonaliseerd leren op de ipad Kees Versteeg

Gepersonaliseerd leren op de ipad Kees Versteeg Gepersonaliseerd leren op de ipad Kees Versteeg Keynote: http://content.hondsrugcollege.nl/kees/learntoo-3-2015.key Een museum bezocht met fototoestel en video tas om de schouder? Een reis boekte bij een

More information

Is het nodig risico s te beheersen op basis van een aanname..

Is het nodig risico s te beheersen op basis van een aanname.. Is het nodig risico s te beheersen op basis van een aanname.. De mens en IT in de Zorg Ngi 19 april 2011 René van Koppen Agenda Er zijn geen feiten, slechts interpretaties. Nietzsche Geen enkele interpretatie

More information

Annual General Meeting of Shareholders 2010 Welcome

Annual General Meeting of Shareholders 2010 Welcome Annual General Meeting of Shareholders 2010 Welcome Agendapunt 1 / Agenda item 1 1. Opening Agendapunt 2 / Agenda item 2 2. Verslag van de Raad van Bestuur over het boekjaar 2009 2. Report of the Corporate

More information

Enterprise Risk Management Program

Enterprise Risk Management Program Enterprise Risk Management Program APPA s Risk Management & Insurance Meeting Austin, Texas March 29, 2007 Presented by: L.D. Hollingsworth Agenda Introduction - Why ERM? Governance & Reporting Structure

More information

OUTSOURCING AND SERVICE AUDITOR S REPORTS

OUTSOURCING AND SERVICE AUDITOR S REPORTS OUTSOURCING AND SERVICE AUDITOR S REPORTS FREEDOM TO DO BUSINESS Outsourcing and service Auditor s Reports 3 OUTSOURCING AND SERVICE AUDITOR S REPORTS SERVICE AUDITOR S REPORTS ARE GROWING IN IMPORTANCE,

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

Aalberts Industries Net profit and earnings per share +15%

Aalberts Industries Net profit and earnings per share +15% PRESS RELEASE 1 ST HALF YEAR 2015 Aalberts Industries Net profit and earnings per share +15% Langbroek, 13 August 2015 Highlights o Revenue EUR 1,244 million, increase +18% (organic +2%). o Operating profit

More information

Career development supporting staff (SUPST) Recognise and make use of talent

Career development supporting staff (SUPST) Recognise and make use of talent Career development supporting staff (SUPST) Recognise and make use of talent Background TU/e Strategy 2020 asks for a serious contribution of SUPST: Professionalism Result focused Efficiency Cohesion 1/3

More information

1 Introduction. 2 Applicability Standaard 600

1 Introduction. 2 Applicability Standaard 600 Unofficial translation Practice Note Audit of (intermediate) holding 1 December 2015 1 Introduction Compared to some other countries, The Netherlands has a relatively large number of intermediate and top

More information

Lean in het digitale tijdperk. Hans Toebak, Arjen Markus, 13 november 2013

Lean in het digitale tijdperk. Hans Toebak, Arjen Markus, 13 november 2013 Lean in het digitale tijdperk Hans Toebak, Arjen Markus, 13 november 2013 Back to the future 2 2054 lijkt in 2013 toch al erg dichtbij 3 Klanten passen zich sneller aan dan ooit. 4 5 6 De hedendaagse consument

More information

Internal Audit Ambition Model

Internal Audit Ambition Model Internal Audit Ambition Model Agenda Achtergrond Aanpak Het IA AM Doelstelling De tool Self-assessment Toepassing Een voorbeeld Vervolgstappen Vragen Achtergrond Aanleiding Opdracht Commissie Professional

More information

Technology and Cyber Resilience Benchmarking Report 2012. December 2013

Technology and Cyber Resilience Benchmarking Report 2012. December 2013 Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities

More information

FIVE PRACTICAL STEPS

FIVE PRACTICAL STEPS WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND

More information

This list has been updated up to and including 1 June 2009.

This list has been updated up to and including 1 June 2009. Disclaimer The following list of conditions of general good for life and non-life insurers is neither complete nor exhaustive. On entering the Dutch financial markets and during their pursuit of business

More information