Compliance. Group Standard

Size: px
Start display at page:

Download "Compliance. Group Standard"

Transcription

1 Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

2 Document Details Document Details erence SMS GS-G2: Compliance Approval Date July 2014 Serco Public Version 1 Date for next review July 2016 Applicability Serco Group covering all business regions, operating companies and business units throughout the world 1 Authority Chief Executive, Serco Group plc Accountable Policy Owner (Group) Chief Operating Officer Additional Information Supporting standards, standard operating procedures and guidance relating to this Group Standard are available on Our World under Serco Management System Governance Our policies and standards, together with any regional or market requirements and enhancements to them, are authorised through a robust governance process. The SMS Quality Manual describes this process and is available on Our World under Serco Management System Consequence Management As a Group Standard the requirements detailed in this document are mandated and must be adhered to. Non-compliance will have consequences which may include disciplinary action. The Consequence Management Group Standard (SMS-GS-G1) details how instances of non-compliance will be dealt with 1 As used herein, Serco Group and its affiliates, subsidiaries and operating companies are referred to as Serco, the Company or company, or we, us or our. Contents 1 Objectives Compliance Structure Policy Standards Compliance programme Input identification Compliance mapping Scope and testing of compliance activity Delivery of compliance reviews Planning and scoping Conducting fieldwork Closing meeting Draft reporting Management response Issuing the final report Follow up Resource management Review and monitoring Responsibilities & Accountabilities Processes and Controls Governance processes and controls Key processes and controls Supporting documentation and guidance Definitions Further information and support SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

3 1 Objectives Serco is committed to good governance practices and the management of risks supported by a robust business compliance process. Management is responsible for maintaining adequate internal controls to manage risks and ensure compliance with local laws and regulations, contractual obligations and the Serco Management System (SMS). Each is responsible for establishing a robust compliance process, including the identification and management of compliance obligations, and an effective compliance programme. Compliance management is a critical part of the business compliance process. It enables management to satisfy themselves that key risks are being managed effectively and that a robust control environment is in place. Compliance management will be based on a structured approach, independent of operational reporting lines, to obtain evidence-based information on the current state of process compliance and control effectiveness to: ensure compliance with the Serco Management System (SMS) and specific regulatory and customer requirements promote proactive identification of control deficiencies so that control effectiveness can be strengthened in a timely manner and through a structured process that drives accountability for control improvement provide information on systemic control weaknesses that may require strategic control solutions to be implemented which span more than one business area within a, thereby avoiding duplication of effort and/or inconsistent solution development improve visibility of process compliance and control effectiveness, thereby providing evidence-based inputs into the current risk exposure held across the improve the effectiveness of processes and controls, thereby helping to ensure that they are cost effective and delivering business performance value 2 Compliance Structure Compliance is concerned with providing the confidence that internal procedures and controls are in place and that risks are being identified and managed appropriately, with the focus of effective compliance being on managers managing the business in real time and being able to demonstrate that risks are being mitigated. Effective compliance will be delivered by three Lines of Defence : 1 st Line of Defence operations and s day to day compliance activities concerned with providing confidence that required policies and procedures are being applied, decision making is within defined authority limits and risks that reside with the business are being managed effectively 2 nd Line of Defence compliance reviews, undertaken by someone independent of operational reporting lines, provide validation that the business is compliant with policies and procedures with the aim of continually improving procedures and assessing capability 3 rd Line of Defence Internal and external audit - whilst there are similarities in the activities with compliance activities; Internal Audit operates on behalf of the Serco Group plc Board and Audit Committee and is independent of business operations. The role of Internal Audit is to provide an objective and independent review of the design and operation of risk management processes and controls operated across the Group 1 External audits or quality reviews are completed either where it is a contractual requirement to be externally certified to a particular Standard or recognised industry award or where there is a business need. This Group standard defines the requirements for compliance in support of the 1 st and 2 nd Lines of Defence. 1 See Internal Audit Group Standard : SMS-GS-G3 2 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

4 3 Policy Standards 3.1 Compliance programme S1. Management is responsible for maintaining adequate internal controls to manage risks and ensure compliance with local laws and regulations, contractual obligations and the SMS. Compliance activity provides the basis to enable management to confirm such compliance S2. The al CEO will ensure, through the al Compliance Lead that an appropriate compliance programme is implemented to ensure key risks are being managed and regulations/procedures complied with S3. The basis of a structured approach to compliance testing will be through a compliance Review Programme ( programme ) which will be developed to cover each, its s and Contracts S4. Programme development will cover: a. Step 1 (see 3.2): Identification of all inputs that will perform some form of compliance activity in any given year, including risk profiles, SMS core control requirements, certification, regulatory and customer requirements and contractual obligations, external assurance reviews and internal audit b. Step 2 (see 3.3): Mapping of compliance activities identified in Step 1 against the relevant SMS standard area to understand where there may be duplication of effort or gaps in the coverage provided c. Step 3: Identification of individual compliance reviews that should be conducted in the period based on the current level of compliance activity against the SMS d. Step 4: Validation of proposed compliance reviews with management and amendment to reflect business priorities e. Step 5: Definition of indicative scopes for compliance activity identified including guidance on key processes and control areas that will be examined. S5. The al compliance programme will comprise of individual reviews conducted over the year, that will collectively make up the compliance programme S6. The Group Compliance Lead will review and endorse the s annual compliance programme prior to final approval by the al Executive Management Team (EMT) S7. Those undertaking compliance reviews will be independent of operational reporting lines S8. Resources responsible for conducting compliance reviews will have experience of key methodologies in the areas of risk, quality and compliance as well as a good understanding of the business /functional area that is being reviewed S9. The al EMT will review the implementation of the al annual compliance programme and monitor implementation, findings and action close out status 3.2 Input identification S10. The compliance programme will focus on, but not be limited to, compliance with policy and standards defined within the SMS, legal and regulatory requirements that are applicable to the management of the business and will review the operation of key controlling processes in place to manage the risks under review S11. The al compliance programme will be risk based and focus on risks that could impact on Serco s ability to effectively achieve its objectives S12. Risks will be assessed and reviewed by the al EMT throughout the year and these reviews will inform the al compliance programme, which will be updated if required 2 S13. The risk profiles of the, s and Contracts will identify the key controls to manage or mitigate assessed risks. The Compliance Programme should provide a mechanism for independently testing the effectiveness of these controls S14. Reviews undertaken by Internal Audit 3 and planned reviews by the customer, external regulators, certification bodies and other third parties for the year will be taken into consideration when designing the compliance programme 2 See Risk Management Group Standard : SMS-GS-RM1 3 See Internal Audit Group Standard : SMS-GS-G3 3 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

5 3.3 Compliance mapping S15. To ensure that we have a balanced compliance programme that recognises all compliance activities, all planned 2 nd and 3 rd Lines of Defence compliance activity will be mapped to allow comparison and determine the extent of assurance being provided by internal and external assurance providers S16. This mapping process will consider planned compliance activity at all levels including Contract, and S17. Through the aggregation of compliance activity, adjustments will be made to reflect business priorities and risks and areas of coverage, duplication or gaps S18. The al Compliance Lead will ensure the compliance activity covered by the compliance map provides al Executive Management with sufficient assurance to satisfy themselves that key risks are being managed and regulations/procedures complied with 3.4 Scope and testing of compliance activity S19. Reviews will assess compliance against the SMS and identify the controls in the existing Group Standards for testing. The extent of test required will be determined during the planning/scoping phase of the review S20. Reviews will check the results and completion of self-assessment reporting, where it exists S21. Reviews can be undertaken using the following: a. control walkthroughs walkthrough a process to determine the design effectiveness of a control and process flow (i.e. existence of bottlenecks, unnecessary activities and conflicting controls) b. control review adequacy assessment of business processes and controls that ensure the business processes are being complied with c. control review effectiveness (sample testing) testing a sample of transactions to conclude on the operating effectiveness of the control S22. The scope of compliance reviews will be validated by management prior to reviews being conducted to ensure accurate and relevant coverage is undertaken during the review 3.5 Delivery of compliance reviews S23. A structured approach will be applied to the delivery of individual compliance reviews and will detail the approach in undertaking the review in regard to the following areas: Planning and scoping S24. The high level background, objectives, scope and timescales for the review will be determined for each review S25. A Manager/senior point of contact (nominated contract lead) for the site/contract being reviewed will be appointed S26. The review will agree the logistics of the review (e.g. site access requirements), agree the list of employees to be interviewed and examine provided documents provided prior to the commencement of the review S27. Key processes/areas, SMS requirements and relevant standards to be reviewed will be identified S28. Compliance review records from previous compliance activity and internal audits to establish any relevant areas that should be covered will be reviewed S29. Reviews will identify and test the effectiveness of controls in the existing process S30. The extent of test required will be determined during the planning and scoping phase of the review Conducting fieldwork S31. An opening meeting will be conducted with the Manager of the site/contract being reviewed. The purpose of this meeting is to confirm the scope and schedule for the visit S32. The reviewer will conduct interviews and look for objective evidence of compliance with controls/ processes/ procedures being reviewed. S33. During meetings, records/ documents will be reviewed and appropriate notes/ evidence taken of what is seen and said will be recorded on the review programme being used S34. The sensitivity, data classification and data protection of evidence will be considered 4 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

6 S35. Personal records will not be identified unless absolutely necessary for an audit trail and traceability of evidence S36. At the end of the meeting or visit, the draft findings with the Contract Manager will be documented Closing meeting S37. A closing meeting with the nominated contract lead of the site/contract being reviewed will be held. The purpose of this meeting is to provide and discuss initial feedback on the findings from the review Draft reporting S38. Using a combination of the complete review programme, notes made and objective evidence seen, testing undertaken; a factual, draft report will be produced S39. The draft report will be issued to the nominated contract lead of the site/contract being reviewed to confirm the factual accuracy and agreement to the actions Management response S40. Management will review the draft report and agree or challenge (giving reasons) the findings of the report S41. Corrective/preventive action(s) including an action owner and timescales for completion of each action will be assigned to each Performance Improvement Opportunity (PIO) identified S42. Upon review, management will provide the draft report to the reviewer in a timely manner Issuing the final report S43. Management responses, owners and suggested completion dates will be reviewed for appropriateness S44. A final version of the report will be documented, converted into PDF and issued to the relevant stakeholders Follow up S45. Actions must be completed within agreed timescales, where possible S46. Overdue actions will be tracked and reported. A revised date will be identified and recorded but tracking and reporting will continue to be against the original due date S47. To ensure accurate monitoring and reporting, the reviewer will periodically monitor the status of open actions to ensure that the action status field is correct S48. Evidence for completion of actions will be proportionate to the priority of the finding S49. Where the action is outstanding, or has not been completed to the Reviewer s satisfaction, further follow up will be required. If the Action Owner disagrees, escalation to management will be invoked 3.6 Resource management S50. Resources will be competent (have the necessary knowledge, skills and experience) to undertake their role and to deliver compliance reviews S51. The individual competency required to identify risks, test the design and operating effectiveness of controls and undertake compliance reviews will be assessed with training needs identified and delivered Review and monitoring S52. Reports on progress against the planned compliance programme and common trends or issues found will be issued on a periodic basis to enable management to consider areas for improvement S53. Oversight and review of Contract compliance activity will be completed by the MD. Oversight of compliance activity, exceptions and high risk areas will be reviewed by the al EMT S54. Significant findings or actions requiring escalation to management will be raised with the al Compliance Lead to ensure appropriate management attention and close out S55. Documentation relating to all compliance reviews will be retained and, where identified for disposal, disposed of in accordance with Document Retention requirements 5 4 See Employee Lifecycle Group Standard : SMS-GS-P1 5 See Document Retention GSOP : SMS GSOP-II1-2 5 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

7 4 Responsibilities & Accountabilities S56. The following responsibilities will apply to the delivery of the defined standards. If these are not completed effectively, the person responsible will be accountable for any consequences 6 Group S57. The Group CEO will appoint a Group Compliance Lead responsible for: a. developing and maintaining Group compliance policy b. ensuring standards and associated procedures and key controls remain fit for purpose, reflect legislative and regulatory requirements and effectively manage business risks c. reviewing and endorsing al compliance plans d. providing oversight and reporting on compliance activity and performance S58. The al CEO will appoint a al Compliance Lead who is independent of the operational reporting lines of the business with responsibility for: a. implementing compliance policy, standards, procedures and key controls across the ; which may include the development of country/region/al procedures b. ensuring that the level of compliance activity provides sufficient coverage to provide assurance that key risks are being managed and regulations/ procedures are being complied with c. ensuring procedures and key controls, remain fit for purpose, reflect legislative and regulatory requirements d. implementing a compliance framework that provides confidence key controls are effectively managing business risks e. ensuring resources responsible for conducting compliance reviews have appropriate skills, experience and a good understanding of the business / functional area that is being reviewed f. providing oversight and reporting al compliance performance 6 See Consequence Management Group Standard : SMS-GS-G1 S59. The al EMT is responsible for: a. reviewing and approving the al compliance programme b. monitoring implementation and completion of the al compliance programme c. providing oversight and reviewing and al compliance activities to ensure they provide sufficient coverage to satisfy itself that the key risks are being managed and regulations/ procedures complied with S60. Those conducting compliance reviews will: a. maintain all evidence and records gained throughout the review b. plan and prepare for the review c. agree and document the ToR d. conduct the review e. record review findings f. produce the draft and final reports g. gain agreement from management on the content of the final report h. verify completed actions i. follow-up outstanding actions S61. The Managing Director is responsible for: a. Appointing a nominated contract lead to manage the compliance review b. Ensuring that the agreed actions are implemented and completed within the agreed timescales c. Oversight and review of Contract compliance activity Contract/Function S62. The Contract Manager (or Corporate Function Head) is responsible for: a. complying with compliance policy, standards, procedures and key controls b. ensuring local controls and procedures are in place for providing assurance that business risks are being effectively managed and decision making is within defined authority limits c. completing actions within agreed timescales following all compliance activity 6 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

8 S63. Management responsible for the business area being reviewed will: a. Review ToR and contribute to the planning phase by agreeing the scope of the review etc. b. Attend the opening meeting c. Carry out on-site preparations d. Review and agree the draft report - including actions, owners and timescales for completion e. Ensure the completion of agreed actions within agreed timescales S64. Those attending interviews as part of a compliance review will: a. Prepare for the review meeting and engage positively with the review process b. Be helpful and honest and see the review as an opportunity to improve the process being reviewed c. Accept the reviewer s feedback, however challenge if something is wrong or unclear S65. Those allocated an action as a result of a review will: a. Ensure the agreed actions are completed with the agreed timescales b. Ensure evidence of actions is maintained to allow for verification that the action has been adequately implemented c. Notify the reviewer at the earliest opportunity if action(s) can t be completed within agreed timescales All employees S66. All employees are responsible for: a. following defined procedures and work instructions b. telling a line manager of any compliance concerns 7 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

9 Group (S57, S63-S65) (S58-S60 & S63-S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) 5 Processes and Controls 5.1 Governance processes and controls Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively P1 Compliance responsibilities are defined and understood C1 A Group Compliance lead is appointed by the Group CEO with responsibility for: Developing and maintaining Group compliance policy Ensuring standards and associated procedures and key controls remain fit for purpose, reflect legislative and regulatory requirements and effectively manage business risks Providing oversight and reporting compliance performance 8 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

10 Group (S57, S63-S65) (S58-S60 & S63-S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively C2 A al Compliance lead is appointed by the al CEO with responsibility for: Implementing compliance policy, standards, procedures and key controls across the ; which may include the development of country/region/ al procedures Ensuring that the level of compliance activity provides sufficient coverage to provide assurance that key risks are being managed and regulations/ procedures are being complied with Ensuring procedures and key controls remain fit for purpose and reflect legislative and regulatory requirements Implementing a compliance framework to provide confidence that key controls are effectively managing business risks Ensuring resources responsible for conducting compliance reviews have appropriate skills, experience and a good understanding of the business / functional area that is being reviewed Providing oversight and reporting al compliance performance 9 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

11 Group (S57, S63-S65) (S58-S60 & S63-S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively C3 al EMT is responsible for: Reviewing and approving the al compliance programme Monitoring implementation and completion of the al compliance programme Providing oversight and reviewing and al compliance activities to ensure they provide sufficient coverage to satisfy itself that the key risks are being managed and regulations/ procedures complied with C4 The MD is responsible for: Appointing a nominated contract lead to manage the compliance review Ensuring that the agreed actions are implemented and completed within the agreed timescales Oversight and review of Contract compliance activity 10 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

12 Group (S57, S63-S65) (S58-S60 & S63-S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively C5 The Contract Manager (or Corporate Function Head) is responsible for: Complying with compliance policy, standards, procedures and key controls Ensuring local controls and procedures are in place to provide assurance that business risks are being effectively managed Completing actions within agreed timescales following all compliance activity C6 Those conducting compliance reviews are responsible for: Maintaining all evidence and records gained throughout the review Planning and preparing for the review Agreeing and documenting the ToR Conducting the review Recording review findings Producing the draft and final reports Gaining agreement from management on the content of the final report Verifying completed actions Following-up outstanding actions 11 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

13 Group (S57, S63-S65) (S58-S60 & S63-S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively C7 Management responsible for the business area being reviewed will: Review ToR and contribute to the planning phase by agreeing the scope of the review etc. Attend the opening meeting Carry out on-site preparations Review and agree the draft report - including actions, owners and timescales for completion Ensure the completion of agreed actions within agreed timescales C8 Those attending interviews as part of a compliance review will: Prepare for the review meeting and engage positively with the review process Be helpful and honest and see the review as an opportunity to improve the process being reviewed Accept the reviewer s feedback, however challenge if something is wrong or unclear 12 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

14 Group (S57, S63-S65) (S58-S60 & S63-S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively C9 Those allocated an action as a result of a compliance review will: Ensure the agreed actions are completed with the agreed timescales Ensure evidence of actions is maintained to allow for verification that the action has been adequately implemented Notify the reviewer at the earliest opportunity if action(s) can t be completed within agreed timescales C10 All employees are responsible for: Following defined procedures and work instructions Telling a line manager of any compliance concerns P2 Establish compliance policy C11 Policy, standards and Group procedures are defined and published P3 Establish compliance systems and process C12 Policy, standards and Group procedures are communicated and implemented 13 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

15 Group (S57, S63-S65) (S58-S60 & S63-S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively C13 Appropriate compliance systems with supporting procedures and work instructions are defined, published and communicated C14 Compliance systems with supporting procedures and work instructions are periodically reviewed in light of any risk management compliance assessment and audit results, accidents and incident analysis, legal changes, changing circumstances and the commitment to continual improvement C15 Legal and regulatory compliance requirements are monitored with changes reflected in systems, procedures and work instructions P4 Provide oversight over compliance performance C16 Compliance performance is periodically reviewed for effectiveness C17 Compliance and audit reports are produced with action plans to address nonconformance 14 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

16 Group (S57, S63-S65) (S58-S60 & S63- S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) 5.2 Key processes and controls Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively P5 Identify compliance obligations C18 Compliance obligations are identified and inform the al Compliance Programme P6 Develop Compliance Programme C19 All forms of compliance activities, including those conducted by external bodies, the customer and internal audit are identified and inform the development of the Compliance Programme C20 The risk profiles of the, Business Unit and, where required, those of the individual contracts are reviewed and inform the development of the Compliance Programme C21 Risks are periodically assessed and the Compliance Programme is amended to reflect any changes in high risk areas identified C22 The Compliance Programme is approved by the al EMT 15 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

17 Group (S57, S63-S65) (S58-S60 & S63- S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively P7 Map compliance activities against each SMS area C23 All planned compliance review activity is mapped to determine the extent of internal and external compliance activity being undertaken C24 Aggregation of compliance activity is completed and informs the al Compliance Programme P8 Deliver compliance reviews C25 Each compliance review consists of three key stages: Planning and agreeing the scope Conducting fieldwork Reporting C26 The scope of all compliance review activity is approved by management P9 Report findings and monitor agreed actions C27 Agreed actions are validated by management prior to the final report being issued C28 Actions are assigned owners and are completed in the timescales agreed 16 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

18 Group (S57, S63-S65) (S58-S60 & S63- S65) (S61, S63-S65) Contract (S62-S65) All Employees (S66) Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference for ensuring controls are in place and operating effectively C29 Follow up reviews are conducted to determine whether agreed actions have been implemented C30 Reports on progress against the compliance programme, common trends or issues identified will be reported to management C31 Significant findings or actions from compliance review activity, requiring escalation, are raised with the al Compliance Lead to ensure appropriate management attention and close out 17 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

19 6 Supporting documentation and guidance 7 Definitions Term Definition The following should be read in conjunction with this standard: Document SMS GSOP-II1-2 Document Retention Group Standard Operating Procedure SMS-GS-II1 Information Integrity & Data Management Group Standard Accountability Being accountable means being not only responsible for something but also answerable for your actions. A responsible person is the individual who completes the task required. can be shared and delegated. SMS-GS-BC4 SMS-GS-RM1 Reputation, Brand and Communication Group Standard Risk Management Group Standard All responsible persons will also be accountable for completing tasks effectively. Non-compliance will have consequences which may include disciplinary action as defined within the Consequence Management Group Standard. Group Serco Group plc is the administrative centre of the organisation, responsible for setting corporate strategy, defining governance requirements and supporting the business in its day to day operations The Group will define a set of business s which will be responsible for business delivery within a defined set of markets or geographies. A is a cluster of contracts which provide a similar service e.g. Health, Defence, Transport etc. Where appropriate, a separate legal entity wholly owned or where Serco has a controlling share may also be referred to as a, where appropriate. This may also refer to Counties/Territories 18 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

20 Contract Organisation Contract Manager A Contract provides specified requirements to a customer (either directly with Serco or to a consortium/joint Venture in which Serco is a party) A Contract will also refer to a corporate/functional area. Corporate/functional areas are functions which support the business and they include finance, HR, procurement etc. Organisation refers to a site, Contract, Business Unit and. This refers to a manager with responsibility for managing the performance of a contract and can include a Contract Manager on a day-to-day basis (or Operational Manager with devolved responsibility), a Contract Director, Partnership Director and/or a Managing Director Compliance review Internal Audit Testing A review assesses compliance with chosen standards. Reviews will identify the controls in the existing process for testing. The extent of test required will be determined during the planning / scoping phase of the review. Reviews may be referred to as audits (e.g. quality audit, safety audit, regulatory audit etc.) although these provide a different level of audit to that provided by Internal Audit An objective and independent review of the design and operation of the risk management processes and controls to assess whether they are adequate, carried out by Group Internal Audit Testing may cover control walkthrough; control review for adequacy; and control review for effectiveness through sample testing Compliance map A map of compliance activities planned to review selected processes and controls based on the risk profiles of the, or Contract Compliance programme A process based on a structured approach, independent of operational reporting lines, to obtain evidence-based information on the current state of process compliance and control effectiveness. This is achieved through a Compliance Programme by undertaking planned reviews. The Programme should provide comfort that the is managing its risks effectively and is in compliance with local laws and regulations, contractual obligations and the Serco Management System. 8 Further information and support If you require any further information or support regarding this Group Standard, or if you have any suggestions for improvement, please contact the Accountable Policy Owner (Group) or sms@serco.com 19 SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

Information Integrity & Data Management

Information Integrity & Data Management Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is

More information

Consequence Management

Consequence Management Group Standard Consequence Management Serco is committed to creating an open and transparent environment, where good behaviour is rewarded and where employees feel safe in the knowledge that poor behaviour

More information

Risk Management. Group Standard

Risk Management. Group Standard Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS

More information

Reputation, Brand & Communications

Reputation, Brand & Communications Group Standard Reputation, Brand & Communications Serco is committed to building a positive reputation with its stakeholders, wherever we operate SMS-GS-BC4 Reputation, Brand and Communication December

More information

Business Continuity & Crisis Management

Business Continuity & Crisis Management Group Standard Business Continuity & Crisis Management The need to plan and respond effectively is critical to the successful management of any crisis situation. Business Continuity Management is the holistic

More information

Operations. Group Standard. Business Operations process forms the core of all our business activities

Operations. Group Standard. Business Operations process forms the core of all our business activities Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations

More information

Procurement & Supply Chain

Procurement & Supply Chain Group Standard Procurement & Supply Chain An effective procurement and supply chain is a critical success factor in driving competitive advantage for Serco and driving benefits for our customers SMS GS-PSC1

More information

Association for Project Management Business Management System

Association for Project Management Business Management System Association for Project Management Business Management System December 2012 2 Association for Project Management About APM Formed in 1972, the Association for Project Management (APM) is committed to developing

More information

Preparation of a Rail Safety Management System Guideline

Preparation of a Rail Safety Management System Guideline Preparation of a Rail Safety Management System Guideline Page 1 of 99 Version History Version No. Approved by Date approved Review date 1 By 20 January 2014 Guideline for Preparation of a Safety Management

More information

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM)) Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose

More information

How To Manage Risk At Atb Financial

How To Manage Risk At Atb Financial Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Regulatory risk is the risk of non-compliance with applicable regulatory requirements. For the

More information

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES Level 37, 2 Lonsdale Street Melbourne 3000, Australia Telephone.+61 3 9302 1300 +61 1300 664 969 Facsimile +61 3 9302 1303 GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES ENERGY INDUSTRIES JANUARY

More information

Derbyshire Trading Standards Service Quality Manual

Derbyshire Trading Standards Service Quality Manual Derbyshire Trading Standards Service Quality Manual This Quality Manual has been developed to give a broad outline of how the Trading Standards Division s range of services comply with the requirements

More information

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND

More information

Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI

Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 NOTICE TO INSURANCE COMPANIES LICENSED UNDER THE INSURANCE ACT 1998 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS

More information

CONTROLLED DOCUMENT. Traffic Management Policy

CONTROLLED DOCUMENT. Traffic Management Policy CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: PURPOSE Controlled Number: Document Version Number: 1 Controlled Sponsor: Controlled Lead: Approved By: On: Document Document Policy Governance To set out

More information

The anglo american Safety way. Safety Management System Standards

The anglo american Safety way. Safety Management System Standards The anglo american Safety way Safety Management System Standards 2 The Anglo American Safety Way CONTENTS Introduction 04 Anglo American Safety Framework 05 Safety in anglo american 06 Monitoring and review

More information

PROJECT MANAGEMENT FRAMEWORK

PROJECT MANAGEMENT FRAMEWORK PROJECT MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Executive Assistant to

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

MARKET CONDUCT ASSESSMENT REPORT

MARKET CONDUCT ASSESSMENT REPORT MARKET CONDUCT ASSESSMENT REPORT PART 1 STATUTORY ACCIDENT BENEFITS SCHEDULE (SABS) PART 2 RATE VERIFICATION PROCESS Phase 1 (2012) Financial Services Commission of Ontario (FSCO) Market Regulation Branch

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

PROCEDURE Transaction Monitoring and Audit. Number: G 0811 Date Published: 6 June 2013

PROCEDURE Transaction Monitoring and Audit. Number: G 0811 Date Published: 6 June 2013 1.0 Summary of Changes This procedure has been amended to include the Police National Database (PND). 2.0 About this Procedure The Chief Constable will assume the responsibilities of the data controller

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles Application of Corporate Governance Principles Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have been applied

More information

Relationship Manager (Banking) Assessment Plan

Relationship Manager (Banking) Assessment Plan 1. Introduction and Overview Relationship Manager (Banking) Assessment Plan The Relationship Manager (Banking) is an apprenticeship that takes 3-4 years to complete and is at a Level 6. It forms a key

More information

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting

More information

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document. 2 of 34 Revision Summary Revision Number Date Description of Revisions Initial issue of the document. Table of Contents Item Description Page 1. Introduction and Purpose... 5 2. Project Management Approach...

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

JSP 886 THE DEFENCE LOGISTIC SUPPORT CHAIN MANUAL VOLUME 7 INTEGRATED LOGISTICS SUPPORT PART 8.11 QUALITY MANAGEMENT

JSP 886 THE DEFENCE LOGISTIC SUPPORT CHAIN MANUAL VOLUME 7 INTEGRATED LOGISTICS SUPPORT PART 8.11 QUALITY MANAGEMENT JSP 886 THE DEFENCE LOGISTIC SUPPORT CHAIN MANUAL VOLUME 7 INTEGRATED LOGISTICS SUPPORT PART 8.11 QUALITY MANAGEMENT THE MASTER VERSION OF JSP 886 IS PUBLISHED ON THE DEFENCE INTRANET. FOR TECHNICAL REASONS,

More information

1.1 Terms of Reference Y P N Comments/Areas for Improvement

1.1 Terms of Reference Y P N Comments/Areas for Improvement 1 Scope of Internal Audit 1.1 Terms of Reference Y P N Comments/Areas for Improvement 1.1.1 Do Terms of Reference: a) Establish the responsibilities and objectives of IA? b) Establish the organisational

More information

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES First Edition July 2005 Hong Kong Contents Glossary...2 Introduction to Standards...4 Interpretation Section...6

More information

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM September 2011 OUR HEALTH, SAFETY AND ENVIRONMENT POLICY OUR PRINCIPLE OF DUE CARE We care about the wellbeing of our people and our impact on the environment.

More information

Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013

Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013 Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013 Undertaken by KPMG on behalf of Australian Commission on Safety and Quality in Health Care Contents

More information

Information Governance and Management Standards for the Health Identifiers Operator in Ireland

Information Governance and Management Standards for the Health Identifiers Operator in Ireland Information Governance and Management Standards for the Health Identifiers Operator in Ireland 30 July 2015 About the The (the Authority or HIQA) is the independent Authority established to drive high

More information

Royal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information

Royal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information Royal Borough of Kensington and Chelsea Data Quality Framework ACE: A Framework for better quality data and performance information March 2010 CONTENTS FOREWORD 2 A CORPORATE FRAMEWORK FOR DATA QUALITY

More information

Aegon Global Compliance

Aegon Global Compliance Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group

More information

Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD. Publication date: January 2014

Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD. Publication date: January 2014 Evidence guidelines Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD Publication date: January 2014 Supported by the Commonwealth Government

More information

Version No: 2 Date: 27 July 2015. Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

Version No: 2 Date: 27 July 2015. Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy Version No: 2 Date: 27 July 2015 Data Quality Policy Assistant Chief Executive Planning & Performance Data Quality Policy Contents 1. Summary Statement 2. Context 3. Purpose 4. Scope 5. Detail of the policy

More information

13 ENVIRONMENTAL AND SOCIAL MANAGEMENT SYSTEM

13 ENVIRONMENTAL AND SOCIAL MANAGEMENT SYSTEM 13 ENVIRONMENTAL AND SOCIAL MANAGEMENT SYSTEM This ESIA has identified impacts (both positive and negative) to the physical, natural and socio-economic environments, as well as to community and worker

More information

Code of Corporate Governance

Code of Corporate Governance www.surreycc.gov.uk Making Surrey a better place Code of Corporate Governance October 2013 1 This page is intentionally blank 2 CONTENTS PAGE Commitment to good governance 4 Good governance principles

More information

Contract and Vendor Management Guide

Contract and Vendor Management Guide Contents 1. Guidelines for managing contracts and vendors... 2 1.1. Purpose and scope... 2 1.2. Introduction... 2 2. Contract and Vendor Management 2.1. Levels of management/segmentation... 3 2.2. Supplier

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015 FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period Updated May 2015 The Secretary Department of Treasury and Finance 1 Treasury Place Melbourne Victoria

More information

Quality Management Subcontractor QM Guide-Section Two

Quality Management Subcontractor QM Guide-Section Two SECTION TWO QUALITY MANAGEMENT SYSTEMS Version No 1. PREFACE This document has been developed to assist subcontractors to meet Monaco Hickeys (MHPL) Quality Management (QM) requirements whilst working

More information

Framework for an Aviation Security Management System (SeMS)

Framework for an Aviation Security Management System (SeMS) Framework for an Aviation Security Management System (SeMS) CAP 1223 Civil Aviation Authority 2014 All rights reserved. Copies of this publication may be reproduced for personal use, or for use within

More information

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute

More information

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

HORIZON OIL LIMITED (ABN: 51 009 799 455)

HORIZON OIL LIMITED (ABN: 51 009 799 455) HORIZON OIL LIMITED (ABN: 51 009 799 455) CORPORATE CODE OF CONDUCT Corporate code of conduct Page 1 of 7 1 Introduction This is the corporate code of conduct ( Code ) for Horizon Oil Limited ( Horizon

More information

Compliance Review Report Internal Audit and Risk Management Policy for the New South Wales Public Sector

Compliance Review Report Internal Audit and Risk Management Policy for the New South Wales Public Sector Compliance Review Report Internal Audit and Risk Management Policy for the New South Wales Public Sector Background The Treasury issued TPP 09-05 Internal Audit and Risk Management Policy for the New South

More information

Guideline on good pharmacovigilance practices (GVP)

Guideline on good pharmacovigilance practices (GVP) 1 2 20 February 2012 EMA/541760/2011 3 4 Guideline on good pharmacovigilance practices (GVP) Module I Pharmacovigilance systems and their quality systems Draft finalised by the Agency in collaboration

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Review Policy Reference Number Title CSD-014 Information Security Review Policy Version Number 1.2 Document Status Document Classification Active Open Effective

More information

COMPLIANCE CHARTER 1

COMPLIANCE CHARTER 1 COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...

More information

Governance and Audit Committee 23 November 2015

Governance and Audit Committee 23 November 2015 Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality...

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality... Data Quality Policy Appendix A Updated August 2011 Contents 1. Why do we need a Data Quality Policy?... 2 2 Scope of this Policy... 2 3 Principles of data quality... 3 4 Applying the policy... 4 5. Roles

More information

Council Policy. Records & Information Management

Council Policy. Records & Information Management Council Policy Records & Information Management COUNCIL POLICY RECORDS AND INFORMATION MANAGEMENT Policy Number: GOV-13 Responsible Department(s): Information Systems Relevant Delegations: None Other Relevant

More information

DATA QUALITY STRATEGY

DATA QUALITY STRATEGY DATA QUALITY STRATEGY If you or anybody you know requires this or any other council information in another language, please contact us and we will do our best to provide this for you. Braille, Audio tape

More information

Internal Audit (policy & procedure)

Internal Audit (policy & procedure) Internal Audit (policy & procedure) Objective (purpose) The purpose of this document is to ensure the Crime and Corruption Commission s (CCC) internal audit function operates efficiently and effectively

More information

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY CONTENTS 1. POLICY STATEMENT... 3 2. PRINCIPLES... 3 DEFINITIONS... 4 3. OBJECTIVES... 4 4. SCOPE... 4 5. OWNERSHIP & RESPONSIBILITIES...

More information

Policy (Board Approved)

Policy (Board Approved) Policy (Board Approved) Compliance and Regulatory Management Document Number GOV-POL-20 1.0 Policy Statement Stanwell Corporation Limited (Stanwell) is a Queensland company Government Owned corporation.

More information

-17 2015 OUTSOURCING POLICY

-17 2015 OUTSOURCING POLICY Outsourcing Policy TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 Aim & Introduction... 3 POLICY PARAMETERS... 4 Key Terms... 4 Outsourcing Agreement Requirements... 5 MATERIAL OUTSOURCING AGREEMENTS... 6 Board

More information

La Trobe University is committed to maintaining a comprehensive and effective Compliance Framework.

La Trobe University is committed to maintaining a comprehensive and effective Compliance Framework. La Trobe University Compliance Framework Introduction The Compliance Framework documents the system and Compliance Process through which La Trobe University can monitor, review and comply with its legislative

More information

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents West Midlands Police and Crime Commissioner Records Management Policy 1 Contents 1 CONTENTS...2 2 INTRODUCTION...3 2.1 SCOPE...3 2.2 OVERVIEW & PURPOSE...3 2.3 ROLES AND RESPONSIBILITIES...5 COMMISSIONED

More information

Revised May 2007. Corporate Governance Guideline

Revised May 2007. Corporate Governance Guideline Revised May 2007 Corporate Governance Guideline Table of Contents 1. INTRODUCTION 1 2. PURPOSES OF GUIDELINE 1 3. APPLICATION AND SCOPE 2 4. DEFINITIONS OF KEY TERMS 2 5. FRAMEWORK USED BY CENTRAL BANK

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Policy (Board Approved)

Policy (Board Approved) Policy (Board Approved) Legal and Regulatory Compliance Policy Document Number GOV-POL-20 1.0 Policy Statement Stanwell is committed to and conducts its business activities lawfully and in a manner that

More information

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218 Copyright in the material is owned by the State of New South Wales. Apart from any use as permitted under the Copyright Act 1968 and/or as explicitly permitted below, all other rights are reserved. You

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3 OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...

More information

Drinking Water Quality Management Plan Review and Audit Guideline

Drinking Water Quality Management Plan Review and Audit Guideline Drinking Water Quality Management Plan Review and Audit Guideline This publication has been compiled by Queensland Water Supply Regulator, Department of Energy and Water Supply. State of Queensland, 2013.

More information

FUND SERVICES BUSINESS & COLLECTIVE INVESTMENT FUNDS

FUND SERVICES BUSINESS & COLLECTIVE INVESTMENT FUNDS FUND SERVICES BUSINESS & COLLECTIVE INVESTMENT FUNDS ON-SITE EXAMINATION PROGRAMME 2014 SUMMARY FINDINGS DOCUMENT OVERVIEW 1 Introduction... 2 2 Scope... 2 3 Process... 2 4 Overview... 2 5 Findings arising

More information

Nuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system

Nuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system Nuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system Published in the Official State Gazette (BOE) number 270 of November

More information

Practice guide. quality assurance and IMProVeMeNt PrograM

Practice guide. quality assurance and IMProVeMeNt PrograM Practice guide quality assurance and IMProVeMeNt PrograM MarCh 2012 Table of Contents Executive Summary... 1 Introduction... 2 What is Quality?... 2 Quality in Internal Audit... 2 Conformance or Compliance?...

More information

What Every Director. How to get the most from your internal audit. Endorsed by

What Every Director. How to get the most from your internal audit. Endorsed by What Every Director Should Know How to get the most from your internal audit Endorsed by Foreword This is the second edition of our flagship governance guide What every director should know. Since we published

More information

Internal Audit Quality Assessment Framework

Internal Audit Quality Assessment Framework Internal Audit Quality Assessment Framework May 2013 Internal Audit Quality Assessment Framework May 2013 Crown copyright 2013 You may re-use this information (excluding logos) free of charge in any format

More information

VISION FOR LEARNING AND DEVELOPMENT

VISION FOR LEARNING AND DEVELOPMENT VISION FOR LEARNING AND DEVELOPMENT As a Council we will strive for excellence in our approach to developing our employees. We will: Value our employees and their impact on Cardiff Council s ability to

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers Queensland Government Human Services Quality Framework Quality Pathway Kit for Service Providers July 2015 Introduction The Human Services Quality Framework (HSQF) The Human Services Quality Framework

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version) Smart Meters Programme Schedule 2.5 (Security Management Plan) (CSP South version) Schedule 2.5 (Security Management Plan) (CSP South version) Amendment History Version Date Author Status v.1 Signature

More information

A Best Practice Guide

A Best Practice Guide A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals

More information

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Date(s) of Evaluation: CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Assessor(s) & Observer(s): Organization: Area/Field

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Bailador Technology Investments ACN 601 048 275 adopted on 25 September 2014 1 Introduction -------------------------------------------------------------------------------------------------

More information

THE CLAIMS MANAGEMENT CODE ( the Code )

THE CLAIMS MANAGEMENT CODE ( the Code ) THE CLAIMS MANAGEMENT CODE ( the Code ) CONTENTS 1 Introduction 2 Principles 3 Publishing the Code 4 Training and Competence 5 Advertising, Marketing and Promotional Activities 6 Charges 7 Information

More information

KING III COMPLIANCE REGISTER 2015

KING III COMPLIANCE REGISTER 2015 KING COMPLIANCE REGISTER 2015 Partially Not 1.1 The Board should provide effective leadership based on an ethical foundation. Mr Paul Jenkins is currently the executive chairman of MNY. He is a well respected

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

Board of Directors and Management Oversight

Board of Directors and Management Oversight Board of Directors and Management Oversight Examination Procedures Examiners should request/ review records, discuss issues and questions with senior management. With respect to board and senior management

More information

Achieve. Performance objectives

Achieve. Performance objectives Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.

More information

corporategovernance twothousandfourteen

corporategovernance twothousandfourteen corporategovernance twothousandfourteen 2014 1 Corporate governance This Corporate Governance Statement for IOOF Holdings Limited (IOOF) sets out as required by the ASX Listing Rules details of IOOF s

More information

Health, Safety and Environment Management System

Health, Safety and Environment Management System Health, Safety and Environment Management System For Bridgeport Energy Ltd Level 7, 111 Pacific Highway North Sydney 2011 June, 2010 DOCUMENT CONTROL Title: Document Number: Health, Safety and Environmental

More information

Complaints Standard. for Suppliers. Categorised as Basic (B or F)

Complaints Standard. for Suppliers. Categorised as Basic (B or F) Complaints Standard for Suppliers Categorised as Basic (B or F) (UK version) Contents Introduction 3 Definitions 3 1. Process, Procedures and Controls 5 2. Regulatory Standards 7 3. Employees 7 4. Publicising

More information

National Institute for Health Research Coordinated System for gaining NHS Permission (NIHR CSP)

National Institute for Health Research Coordinated System for gaining NHS Permission (NIHR CSP) National Institute for Health Research Coordinated System for gaining NHS Permission (NIHR CSP) Operating Manual Please check the CRN Website for the latest version. Version: 6.0 Status: Consultation in

More information

QSS 0: Products and Services without Bespoke Contracts.

QSS 0: Products and Services without Bespoke Contracts. QSS 0: Products and Services without Bespoke Contracts. Amendment History Version Date Status v.1 Dec 2014 Updated For 2015 deployment Table of Contents 1. DEFINITIONS 3 2. INTRODUCTION 3 3. WORKING WITH

More information

South East Water Corporation Finance Assurance and Risk Management Committee Charter

South East Water Corporation Finance Assurance and Risk Management Committee Charter South East Water Corporation Finance Assurance and Risk Management Committee Charter Created: October 2012 Document number: BS 2359 Last reviewed: May 2015 1. Purpose The South East Water Corporation Board's

More information