GUIDELINE ON RISK MANAGEMENT AND INTERNAL CONTROL PRINCIPLES AS WELL AS INTERNAL AUDIT FUNCTION OF INVESTMENT FIRMS
|
|
- Alexis Hamilton
- 7 years ago
- Views:
Transcription
1 until further notice 1 (10) Applicable to investment firms GUIDELINE ON RISK MANAGEMENT AND INTERNAL CONTROL PRINCIPLES AS WELL AS INTERNAL AUDIT FUNCTION OF INVESTMENT FIRMS By virtue of section 4, point 2, of the Act on the Financial Supervision Authority, the Financial Supervision Authority issues the following guideline on risk management and internal control principles as well as internal audit function of investment firms and undertakings belonging to an investment firm's consolidation group. In this guideline, the Financial Supervision Authority issues recommendations for the implementation of risk management and other aspects of internal control in accordance with the provisions set out in Regulation Principles for reporting and communication are discussed in more detail than other principles since the Financial Supervision Authority has not issued a separate guideline on these principles. The provisions in this guideline concerning an investment firm shall also apply, where applicable, to an investment firm s consolidation group. Contents Page 1 Introduction Principles relating to management style and control culture Principles relating to identification, assessment, limitation and control of risks Principles relating to control activities and segregation of duties Principles relating to information and communication Monitoring operations and correcting deficiencies Tasks of internal audit Role of internal audit... 9
2 until further notice 2 (10) 1 Introduction Deficiencies in internal control have either been the central cause or a crucial factor in a number of corporate failures in the financial markets both in Finland and abroad. Thus, the Financial Supervision Authority has decided to issue a regulation and a guideline laying down principles relating to risk management and internal control. The above regulation and guideline document generally accepted principles that represent the common view of financial supervisors around the world. The Financial Supervision Authority has issued a separate regulation (issued on 1 June 1999) on risk management and other aspects of internal control in investment firms. In this guideline, the terms risk management and other aspects of internal control have the same meaning as in the regulation in question. Internal control is a set of procedures included in the operations of a business unit. These procedures are part of the management function of any investment firm. All personnel, however, need to be involved in internal control for it to be effective. Small organizations may find it difficult to abide by the following principles to the letter. In such cases, use of alternative control procedures can be considered. This approach requires a separate decision by the board of directors on the steering and control procedures that will be followed. 2 Principles relating to management style and control culture The investment firm must 1) determine the investment firm s business strategies, operating principles and organizational structure; ensure an appropriate allocation of responsibilities, reporting relations and decision-making powers; and see to it that risk management and other aspects of internal control cover all activities of the investment firm and are commensurate with the risks inherent in its different operations; The responsibility for overall risk management should be centralized within the organization of an investment firm. The aim is to ensure that the business operations of an investment firm and its consolidation group are monitored and the associated risks identified, so that senior management will be aware of the total impact of all risks that arise in the course of business operations on the performance and own funds of the investment firm and its consolidation group. If the business strategies and operating principles of a consolidation group are applicable to the group itself, an investment firm belonging
3 until further notice 3 (10) to this group must separately approve the business strategies and operating principles applicable to it. Superiors are responsible for ensuring that authorizations and responsibilities are put in writing. 2) establish quantitative and qualitative objectives for each field of operation and monitor their implementation; Decision-making and implementation of internal control must be documented in the minutes and appendices thereto. Internal control needs to be considered when establishing objectives and recognizing their attainment; further, it must be ensured that attainment of objectives does not encourage undesirable practices. To maintain confidence in and reputation of an investment firm and to protect it against criminal activity and malpractices, the investment firm must follow ethically acceptable principles when establishing objectives and procedures. An investment firm must pay attention to the quality of its customers, know its customers, observe good securities market practices, and comply with regulations concerning prevention of money laundering. 3) ensure that staff have the requisite skills and are suitable for their tasks and that they have access to the information required to perform their tasks. An investment firm must ensure that its staff are fully conscious of the internal control aspect of their tasks and undertake to comply with it. An investment firm must have procedures for preventing the hiring of unqualified or dishonest persons. When an investment firms contracts external services, the same care must be observed as when hiring new, permanent staff. This applies both to the provider of external services and those of its employees who, in the course of their duties, gain access to the investment firm s internal information. An investment firm cannot transfer the responsibility regarding internal control to the provider of external services. 3 Principles relating to identification, assessment, limitation and control of risks The investment firm must 4) ensure that the risks inherent in the investment firm s business are identified and assessed; Adequate risk management covers at least the following risks (but is not limited to these):
4 until further notice 4 (10) Credit risk refers to the possibility of default by a counterparty on its obligation to an investment firm. Market risk refers to the possibility of a loss resulting from adverse variation of market prices or their volatility. Market risks include interest rate risk, exchange rate risk, share price risk or other price risk (commodity price risk). An investment firm s financial risk is the risk that it may not be able to fulfil its payment obligations. Market liquidity risk is the risk that the investment firm may not be able to realize or cover its positions at the present market price due to a lack of market depth or a market disturbance. Operative risk is the risk of unexpected losses due to deficiencies in information or other systems or routines for internal control and checking. Legal risk is the risk of invalidity or nullity of a contract or lack of documentation. Strategic risk is the risk that the investment firm s chosen strategy may be incommensurate with its risk-bearing ability, technical resources or staff expertise. In this case, realization of the strategy may prove to be a mistake that results in financial losses. 5) approve the investment firm s risk-taking principles; establish policies for risk limitation and supervise compliance with such policies; Set defined procedures for limitation of risks and operational limits for quantifiable risks must be put in writing. Risk management systems incorporate decision-making procedures for engaging in new activities or introducing new products. All individuals involved are briefed, in respect of their own spheres of responsibility, of the risks associated with the new activity and the ways in which the risk management procedures for the new activity will be implemented. Compliance with risk limits and procedures is monitored on a continuous basis. When operational limits are exceeded or risk management procedures are not followed, the incident should be promptly reported and assessed. Clear follow-up procedures for violation are established. Risk management limits and procedures are reviewed periodically so that they correspond to adopted operational modes and the current market situation. 6) ensure that the investment firm has a risk control function that is independent of the risk-taking function.
5 until further notice 5 (10) The risk management function must be independent of the risk-taking function up to and including the remits of members of the board of directors. 4 Principles relating to control activities and segregation of duties The investment firm must 7) ensure that internal control measures are an integral part of the daily operations of the investment firm and that conflicting duties are appropriately segregated and the procedures for key operations documented in writing; Appropriate control measures that are integrated within operations are to be defined for all organizational levels. Control measures at different levels include the following: monitoring of operations and attainment of objectives specified by the board of directors appropriate control of operations in all units physical controls monitoring compliance with risk limits and deviations establishing procedures for approval and authorization which ensure that excesses of limits are reported to the next organizational level responsibility for checking, reconciliation and reporting of noncompliance must be at the appropriate organizational level. 8) ensure that the investment firm s staff do not handle, in their capacity as representatives of the investment firm, any business transactions of their own or concerning persons with whom they are closely related, or otherwise influence any decisions relating to such business transactions. ownerships and other interests and secondary occupations of management and staff should be investigated and registered to avoid potential conflicts of interest. Monitoring procedures for registered information should be established. 5 Principles relating to information and communication Accounting and information systems provide information concerning the business operations of an investment firm and markets needed for internal decision-making and internal control as well as for external purposes. Information provided by accounting system must give a true and fair view of all the investment firm s operations. Therefore, the investment firm must
6 until further notice 6 (10) 9) ensure that the investment firm maintains accounting and information systems that are adequate for decision-making and assessment of operations; Every transaction is recorded promptly and accurately with the correct time and date and sufficient detail. The audit trail must be complete starting from the original document. A written description of the investment firm s accounting systems must be prepared covering both manual and automated processes as well as internal control routines. Management and other personnel have prompt access to sufficient and appropriate information to properly perform their duties. Information must be relevant and sufficient for decision-making. Information is released to the authorities at appointed times without delay. Information provided for external use (annual accounts, supervisory reporting, etc) complies with the relevant statutes and regulations. Management must establish bi-directional communications channels within the organization. 10) ensure that the investment firm maintains IT systems that are adequate with regard to its activities and organized in an appropriate fashion. An investment firm needs to have the necessary expertise, organization and internal control procedures to maintain and process information in an electronic form. For internal control, this implies compliance with the principles identified below in points a k. These principles also apply in situations where data are handled in a decentralized manner, ie business units besides the IT department handle and process data. An investment firm should further ensure that their suppliers of IT systems and services apply similar principles. An investment firm must comply with the following principles in the pursuit of its own operations only to the extent that these principles apply to its operations. Thus, it is unnecessary, for example, for an investment firm to establish policies and standards for systems development when it only uses off-the-shelf software or systems commissioned jointly by several investment firms for which developmental standards are collectively defined. a) Approval by the board of directors of IT strategy and budget that accord with the investment firm s current and estimated future needs to ensure the integrity and support of the technical environment. b) Policies, standards, procedures and controls for the various spheres of IT activity should be defined so as to enable cooperation among business units and in-house providers of IT services. Operational models, standards, procedures and
7 until further notice 7 (10) controls should serve as a basis for management planning, control and evaluation of IT activities. c) User operations and technical operations should be kept separate. The IT department should carry responsibility for development and operation of computer systems; users should carry responsibility for correctness and accuracy of data they enter or otherwise handle. d) There should also be further segregation of systems development and computer operation responsibilities so that individuals performing tasks in either of these spheres can only access information in the other sphere through controlled standard procedures. e) The internal audit function should be capable of evaluating the adequacy and effectiveness of IT internal controls. f) The IT department should implement and provide on-going support of systems development and quality assurance procedures to ensure that systems perform the functions for which they were designed as well as oversee the production of standardized documentation to support current users and future development tasks. g) The procedures to be followed in acquisition or approval of software and hardware, as well as in procuring services from independent providers should be decided. There should further be means to evaluate that an acquisition or contracted service corresponds to the investment firm s needs and its established standards, and is backed by continued technical support. h) Information systems should incorporate controls and violation detection capabilities with full traceability so that it is possible to assure the legitimacy and correctness of input and output data and determine that the data were input or accessed by individuals with proper authorization. In the event of disturbances, it should be possible to fully restore processes without loss of transaction records in order to assure a complete audit trail. i) Authorizations for access to data and software as well as system administrator authorizations should be granted in accordance with consistent principles approved by management. Access to data and programmes must be restricted to authorized individuals through a variety of technical means (user IDs, passwords, etc). A system for tracing and dealing with unauthorized access attempts and violations should be in place. j) The risks of interruption and loss of access to IT systems due to eg fire, flood, electricity supply, must be minimized through appropriate physical security measures. Access to networks,
8 until further notice 8 (10) devices and sensitive materials (storage media, documentation, etc) must be restricted to authorized individuals. k) Plans to assure the continuity of vital operations under all circumstances should be in place. In the event of unexpected disturbances or downtime, it should be possible to re-establish normal operation within a reasonable time. Such continuity plans should be updated and tested at regular intervals. 6 Monitoring operations and correcting deficiencies Continuous monitoring of the investment firm s internal control in respect of its efficiency is necessary. Monitoring significant risk-taking must be an integral part of the investment firm s daily operations. Business operations also need to be regularly monitored. To this end, the investment firm must 11) ensure that the internal audit function is organized in an appropriate fashion and operates in accordance with good internal audit practice; It is recommended that an investment firm use the main precepts of professional standards for internal control, such as The Institute of Internal Auditors standards for good internal control procedures. 12) ensure that the board of directors are informed of material findings made by the internal audit function, the auditors and the authorities; Findings and the measures taken following these must be documented in and verifiable from board meeting minutes and appendices. 13) review internal control and the adequacy of risk management on a regular basis and always when operations expand into new markets; new products are introduced; there are or will be material changes in the operating environment; or businesses are reorganized; 14) establishing procedures to ensure that control systems are revised when deficiencies are detected. 6.1 Tasks of internal audit The internal audit function is an independent function within an organization that is directly subordinate to and supportive of senior management. The task of this function is to analyse and assess the adequacy and efficiency of internal control as well as the quality of control activities. An investment firm must organize its analysis function so as to ensure that tasks required in respect of internal control are carried out. Internal control activities must comply with good internal control practice.
9 until further notice 9 (10) If the size, activities and risk exposure of the investment firm do not justify the establishment of an independent internal audit function, the investment firm may prefer to use external, independent auditors rather than establish an internal audit function of its own. The investment firm's board of directors should decide on internal audit tasks, authority and responsibilities as well as on general principles to be observed in the planning of audits and reporting of findings. Although the objectives and tasks delegated to the internal audit functions may differ among investment firms, it is generally recognized that they include the following: Internal audit must analyse the reliability and integrity of financial and operative information as well as the means of identifying, measuring, classifying and reporting this information. Internal audit must analyse the methods of ensuring compliance with such operating principles, plans, procedures, and applicable legislation and regulations as are essential for operations and reporting, and must monitor compliance with these. Internal audit must analyse the methods of safeguarding assets and, where appropriate, ensuring their existence. Internal audit must analyse the cost-effectiveness and efficiency of use of resources. Internal audit must analyse both operative activities and projects to ensure that their results are in accordance with the objectives and aims and must investigate whether these are carried out according to plans. Internal audit must analyse/assess management of functionality of risk control systems. Given their importance in internal control, the management of an investment firm should ensure that the tasks listed above are performed. 6.2 Role of internal audit The internal audit function should apply the following general principles: Independence from all other functions to be audited. Unlimited access to all operations to ensure that auditing covers all aspects of an investment firm's activities. Dimensioning commensurate with the size and activities of the investment firm; internal audit staff must possess adequate qualifications and experience.
10 until further notice 10 (10) Standing within the organization to ensure the board of directors and an administrative body supervising the board of director s activities, if any, duly process audit reports and recommendations presented therein. For further information, please contact: Capital Markets Department
Guideline on risk management and other aspects of internal control in stock exchange
until further notice 1 (11) Applicable to stock exchanges Guideline on risk management and other aspects of internal control in stock exchange By virtue of section 4, paragraph 2, of the Act on the Financial
More informationGuideline on risk management and other aspects of internal control in central securities depository
until further notice 1 (11) Applicable to central securities depositories Guideline on risk management and other aspects of internal control in central securities depository By virtue of section 4, paragraph
More informationREGULATION ON RISK MANAGEMENT AND OTHER ASPECTS OF INTERNAL CONTROL IN INVESTMENT FIRMS
until further notice 1 (5) Applicable to investment firms REGULATION ON RISK MANAGEMENT AND OTHER ASPECTS OF INTERNAL CONTROL IN INVESTMENT FIRMS By virtue of section 29, paragraph 2, of the Investment
More informationAdvisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management
Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management
More informationInternal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)
Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) 1 Introduction 1.1 Section 316 (4) of the International Business
More informationS t a n d a r d 4. 4 a. M a n a g e m e n t o f c r e d i t r i s k. Regulations and guidelines
S t a n d a r d 4. 4 a M a n a g e m e n t o f c r e d i t r i s k Regulations and guidelines THE FINANCIAL SUPERVISION AUTHORITY 4 Capital adequacy and risk management until further notice J. No. 1/120/2004
More informationRESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT
RESERVE BANK OF VANUATU DOMESTIC BANK PRUDENTIAL GUIDELINE NO 12 OPERATIONAL RISK MANAGEMENT 1. This Guideline outlines a set of principles that provide a framework for the effective management of operational
More informationGUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
More informationChecklist. Standard for Medical Laboratory
Checklist Standard for Medical Laboratory Name of hospital..name of Laboratory..... Name. Position / Title...... DD/MM/YY.Revision... 1. Organization and Management 1. Laboratory shall have the organizational
More informationGUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004
GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE October 2004 1 1. Introduction Guaranteeing the efficiency and correct operation of money and financial
More information6/8/2016 OVERVIEW. Page 1 of 9
OVERVIEW Attachment Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion [Fotnote1 6/8/2016 Managing risks is fundamental to
More informationStandard 4.1. Establishment and maintenance of internal control and risk management. Regulations and guidelines
Standard 4.1 Establishment and maintenance of internal control and risk management Regulations and guidelines THE FINANCIAL SUPERVISION AUTHORITY 4 Capital adequacy and risk management until further notice
More informationRegulation for Establishing the Internal Control System of an Investment Management Company
Unofficial translation Riga, 11 November 2011 Regulation No. 246 (Minutes No. 43 of the meeting of the Board of the Financial and Capital Market Commission, item 8) Regulation for Establishing the Internal
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationSystem of Governance
CEIOPS-DOC-29/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: System of Governance (former Consultation Paper 33) October 2009 CEIOPS e.v. Westhafenplatz 1-60327 Frankfurt Germany Tel.
More informationPART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2
PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART II POLICY REQUIREMENTS...3 Investment and Risk Management Policy...3 Monitoring and Control...5 Roles of
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationHigh level principles for risk management
16 February 2010 High level principles for risk management Background and introduction 1. In their declaration of 15 November 2008, the G-20 leaders stated that regulators should develop enhanced guidance
More informationSUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT
SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT Bank of Guyana July 1, 2009 TABLE OF CONTENTS 1.0 Introduction 2.0 Management
More informationISO 9001:2015 Internal Audit Checklist
Page 1 of 14 Client: Date: Client ID: Auditor Audit Report Key - SAT: Satisfactory; OBS: Observation; NC: Nonconformance; N/A: Not Applicable at this time Clause Requirement Comply Auditor Notes / Evidence
More informationFRAMEWORK FOR INTERNAL CONTROL SYSTEMS IN BANKING ORGANISATIONS (September 1998)
FRAMEWORK FOR INTERNAL CONTROL SYSTEMS IN BANKING ORGANISATIONS (September 1998) INTRODUCTION 1. As part of its on-going efforts to address bank supervisory issues and enhance supervision through guidance
More informationDNV GL Assessment Checklist ISO 9001:2015
DNV GL Assessment Checklist ISO 9001:2015 Rev 0 - December 2015 4 Context of the Organization No. Question Proc. Ref. Comments 4.1 Understanding the Organization and its context 1 Has the organization
More informationRevised May 2007. Corporate Governance Guideline
Revised May 2007 Corporate Governance Guideline Table of Contents 1. INTRODUCTION 1 2. PURPOSES OF GUIDELINE 1 3. APPLICATION AND SCOPE 2 4. DEFINITIONS OF KEY TERMS 2 5. FRAMEWORK USED BY CENTRAL BANK
More informationBANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994
BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION
More informationEURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS
D2725D-2013 EURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS Version: 1 October 2013 1. Objectives The European Money Markets Institute EMMI previously known as Euribor-EBF, as Administrator for the Euribor
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationStatement of Guidance
Statement of Guidance Internal Audit Unrestricted Trust Companies 1. Statement of Objectives 1.1. To provide specific guidance on Internal Audit Functions as called for in section 3.6 of the Statement
More informationInsurance Undertakings and Compliance Requirements
REGULATION N. 20 OF 26 MARCH 2008 (Only the Italian version is authentic) REGULATION CONCERNING INTERNAL CONTROLS, RISK MANAGEMENT, COMPLIANCE AND THE OUTSOURCING OF ACTIVITIES OF INSURANCE UNDERTAKINGS,
More informationOn the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal
(Provisional translation) On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on
More informationINTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Revised: October 2012 i Table of contents Attribute Standards... 3 1000 Purpose, Authority, and Responsibility...
More informationHealth and Safety Policy and Procedures
Health and Safety Policy and Procedures Health & Safety Policy & Procedures Contents s REVISION AND AMENDMENT RECORD : Summary of Change Whole Policy 4.0 05 Nov 08 Complete re-issue Whole Policy 4.1 10
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationReserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI
Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 NOTICE TO INSURANCE COMPANIES LICENSED UNDER THE INSURANCE ACT 1998 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS
More informationKey functions in the system of governance Responsibilities, interfaces and outsourcing under Solvency II
Responsibilities, interfaces and outsourcing under Solvency II Author Lars Moormann Contact solvency solutions@munichre.com January 2013 2013 Münchener Rückversicherungs Gesellschaft Königinstrasse 107,
More informationThe task of Orava s risk management is also to support in adapting to the changes in business and risk environment.
RISK MANAGEMENT POLICY AND PRINCIPLES 1 (17) Board of Directors 20 January 2011 RISK MANAGEMENT POLICY Orava s goals and tasks of the Risk management The central short-term goal of Orava is to distinctly
More informationBARRAMUNDI L IMITED RISK MANAGEMENT POLICY
BARRAMUNDI L IMITED RISK MANAGEMENT POLICY Last updated: 25 August 2014 THE OBJECTIVES OF RISK MANAGEMENT Risk management is the systematic process of managing an organisation's risk exposures to achieve
More informationGeneral Computer Controls
1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems
More informationHealth, Security, Safety and Environment (HSE)
Health, Security, Safety and Environment (HSE) Content: 1 Objective 2 Application and Scope 21 Application of HSE Directive with underlying documents 22 Scope of HSE Management system 3 Framework for our
More informationRISK MANAGEMENT AND COMPLIANCE
RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6
More informationAPPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1
APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1 The CAMEL rating system is based upon an evaluation of five critical elements of a credit union's operations: Capital Adequacy, Asset Quality, Management,
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationClearing and Settlement Procedures. New Zealand Clearing Limited. Clearing and Settlement Procedures
Clearing and Settlement Procedures New Zealand Clearing Limited Clearing and Settlement Procedures 30 November 2011 Contents Section A: Interpretation and Construction 6 Section 1: Introduction and General
More informationDevelopment, Acquisition, Implementation, and Maintenance of Application Systems
Development, Acquisition, Implementation, and Maintenance of Application Systems Part of a series of notes to help Centers review their own Center internal management processes from the point of view of
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationControl Environment Questionnaire
Control Environment Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks INTEGRITY AND ETHICAL VALUES Management must convey the message that integrity and ethical values cannot be
More informationQUALITY MANUAL ISO 9001:2015
Page 1 of 22 QUALITY MANUAL ISO 9001:2015 Quality Management System Page 1 of 22 Page 2 of 22 Sean Duclos Owner Revision History Date Change Notice Change Description 11/02/2015 1001 Original Release to
More informationOutsourcing Risk Guidance Note for Banks
Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the
More informationINTERNATIONAL STANDARD ON AUDITING 610 USING THE WORK OF INTERNAL AUDITORS CONTENTS
INTERNATIONAL STANDARD ON 610 USING THE WORK OF INTERNAL AUDITORS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope
More informationCHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT
CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT 1 Scope of Internal Audit 1.1 Terms of Reference 1.1.1 Do terms of reference: (a) establish the responsibilities and objectives
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationStrategic Planning and Organizational Structure Standard
Table of contents Strategic Planning and Organizational Structure Standard 1. General provisions Grounds for application of the Standard Provisions of the Standard 2. Contents of the Standard 3. Corporate
More informationAudit, Risk Management and Compliance Committee Charter
Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition
More informationMaster Document Audit Program
Activity Code 11510 B-1 Planning Considerations Information Technology General System Controls Audit Specific Independence Determination Members of the audit team and internal specialists consulting on
More informationV1.0 - Eurojuris ISO 9001:2008 Certified
Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation
More informationInsurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive
Insurance Guidance Note No. 14 Transition to Governance Requirements established under the Solvency II Directive Date of Paper : 31 December 2013 Version Number : V1.00 Table of Contents General governance
More informationPrinciples for An. Effective Risk Appetite Framework
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
More informationNOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE
STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52
More informationPursuant to Article 95, item 3 of the Constitution of Montenegro I hereby pass the ENACTMENT PROCLAIMING THE LAW ON BANKS
Pursuant to Article 95, item 3 of the Constitution of Montenegro I hereby pass the ENACTMENT PROCLAIMING THE LAW ON BANKS I hereby proclaim the Law on Banks, adopted by the Parliament of Montenegro at
More informationINTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;
More informationGuidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004
Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes
More informationImplementation of a Quality Management System for Aeronautical Information Services -1-
Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services Chapter IV, Quality Management
More informationSolvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)
Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Governance, Risk Management, and Internal Controls INTERIM REQUIREMENTS CONTENTS 1. INTRODUCTION
More informationCorporate Governance in D/S NORDEN
Corporate Governance in D/S NORDEN Contents: 1. The role of the shareholders and their interaction with the management of the company... 2 2. The role of the stakeholders and their importance to the company...
More informationAdvisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities
Advisory Guidelines of the Financial Supervision Authority Requirements for Organising the Business Continuity Process of Supervised Entities These advisory guidelines were established by Resolution No
More informationISO/IEC 17025 QUALITY MANUAL
1800 NW 169 th Pl, Beaverton, OR 97006 Revision F Date: 9/18/06 PAGE 1 OF 18 TABLE OF CONTENTS Quality Manual Section Applicable ISO/IEC 17025:2005 clause(s) Page Quality Policy 4.2.2 3 Introduction 4
More informationOperational Risk Management Policy
Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well
More informationRS Official Gazette, No 23/2013 and 113/2013
RS Official Gazette, No 23/2013 and 113/2013 Pursuant to Article 15, paragraph 1 and Article 63, paragraph 2 of the Law on the National Bank of Serbia (RS Official Gazette, Nos 72/2003, 55/2004, 85/2005
More informationINSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES
SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting
More informationTable of Contents: Chapter 2 Internal Control
Table of Contents: Chapter 2 Chapter 2... 2 2.1 Establishing an Effective System... 2 2.1.1 Sample Plan Elements... 5 2.1.2 Limitations of... 7 2.2 Approvals... 7 2.3 PCard... 7 2.4 Payroll... 7 2.5 Reconciliation
More informationAchieve. Performance objectives
Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationInternal Quality Management System Audit Checklist (ISO9001:2015) Q# ISO 9001:2015 Clause Audit Question Audit Evidence 4 Context of the Organization
Internal Quality Management System Audit Checklist (ISO9001:2015) Q# ISO 9001:2015 Clause Audit Question Audit Evidence 4 Context of the Organization 4.1 Understanding the organization and its context
More informationISO 9001:2000 AUDIT CHECKLIST
ISO 9001:2000 AUDIT CHECKLIST No. Question Proc. Ref. Comments 4 Quality Management System 4.1 General Requirements 1 Has the organization established, documented, implemented and maintained a quality
More informationSupervisory Policy Manual
This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue
More information2015 No. 575 FINANCIAL SERVICES AND MARKETS. The Solvency 2 Regulations 2015
S T A T U T O R Y I N S T R U M E N T S 2015 No. 575 FINANCIAL SERVICES AND MARKETS The Solvency 2 Regulations 2015 Made - - - - 6th March 2015 Laid before Parliament 9th March 2015 Coming into force in
More informationChapter 5 Responsibilities of the Board of Directors Structure of the Board
Chapter 5 Responsibilities of the Board of Directors The Board of Directors is responsible for overseeing the work of the management to ensure compliance with policies, plans and budgets, as well as its
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationInternal Control - Integrated Framework
Internal Control - Integrated Framework Executive Summary Senior executives have long sought ways to better control the enterprises they run. Internal controls are put in place to keep the company on course
More informationQUALITY IN EVERYDAY WORK
QUALITY IN EVERYDAY WORK Quality Guide for the Teacher Education College Version 2.5 Updates: Organisational change 1.1.2009 JAMK s mission and vision 5.1.2010 Planning and development discussion practices
More information2015-16 Internal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 9, 2015 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org TABLE
More informationQuality Management System Manual
Effective Date: 03/08/2011 Page: 1 of 17 Quality Management System Manual Thomas C. West Eric Weagle Stephen Oliver President ISO Management General Manager Representative Effective Date: 03/08/2011 Page:
More informationAccounting Systems: Complying with FAR Requirements. John S. Sroka, CPA Acquisition Cost/Price Analyst
Accounting Systems: Complying with FAR Requirements John S. Sroka, CPA Acquisition Cost/Price Analyst Background Information FAR Requirements FAR Part 9: Contractor Qualifications FAR Part 16: Cost-reimbursement
More informationGeneral IT Controls Audit Program
Contributed February 5, 2002 by Paul P Shotter General IT Controls Audit Program Purpose / Scope Perform a General Controls review of Information Technology (IT). The reviews
More informationJSE Accredited to Audit JSE Listed Companies
Internal Audit: JSE Accredited to Audit JSE Listed Companies Background Since the introduction of King III, the need for a risk based internal audit has been emphasised through the following five principles;
More informationGuideline on good pharmacovigilance practices (GVP)
22 June 2012 EMA/541760/2011 Guideline on good pharmacovigilance practices (GVP) Module I Pharmacovigilance systems and their quality systems Draft finalised by the Agency in collaboration with Member
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationB o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing
B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationINTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION CONTENTS
INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION (Effective for assurance reports dated on or after January 1,
More informationBoard of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5.
Table of Contents Introduction 1 IT Audit Roles and Responsibilities 2 Board of Directors and Senior Management 2 Audit Management 4 Internal IT Audit Staff 5 Operating Management 5 External Auditors 5
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationMEMORANDUM. Municipal Officials. From: Karen Horn, Director, Public Policy and Advocacy; and Abby Friedman, Director, Municipal Assistance Center
MEMORANDUM To: Municipal Officials From: Karen Horn, Director, Public Policy and Advocacy; and Abby Friedman, Director, Municipal Assistance Center 89 Main Street, Suite 4 Montpelier, Vermont 05602-2948
More informationNational Commission for Academic Accreditation & Assessment. Standards for Quality Assurance and Accreditation of Higher Education Institutions
National Commission for Academic Accreditation & Assessment Standards for Quality Assurance and Accreditation of Higher Education Institutions November 2009 Standards for Institutional Accreditation in
More informationEffective Internal Audit in the Financial Services Sector
Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors
More informationTest du CISM. Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais.
Test du CISM Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais. 1. Which of the following would BEST ensure the success of information security governance within an organization?
More informationInternal Code of Conduct on Matters Relating to the Stock Market and Policy on the Use of Relevant Information
Internal Code of Conduct on Matters Relating to the Stock Market and Policy on the Use of Relevant Information 1. Objective This "Internal Code of Conduct on Matters Relating to the Stock Market and Policy
More informationChecklist for Operational Risk Management
Checklist for Operational Risk Management I. Development and Establishment of Comprehensive Operational Risk Management System by Management Checkpoints - Operational risk is the risk of loss resulting
More information