Self Assessment Risk Management Toolkit Summary



Similar documents
Project Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee

PROGRESS THROUGH PARTNERSHIP MAKING A DIFFERENCE GUIDANCE PERFORMANCE MANAGEMENT FRAMEWORK AND CONTINUOUS IMPROVEMENT

Project Risk Management

Sample Enterprise Risk Management Work Plan Fiscal Years 20XX and 20YY Revised June Internal Environment / Objectives Setting

Copyright Soleran, Inc. esalestrack On-Demand CRM. Trademarks and all rights reserved. esalestrack is a Soleran product Privacy Statement

Policy and Procedure Statement

Project Management in the Rational Unified Process

ROLE PROFILE. Performance Consultant (Fixed Term) Assistant Director for Human Resources

The tool covers three key processes under three sections: selection of applicants (worksheet 1 of the spread-sheet);

Info sheet : Considering labour standards in the procurement process

Confident in our Future, Risk Management Policy Statement and Strategy

Compliance. Group Standard

Maturity Model. March Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

ESKITP Manage IT service delivery performance metrics

Audit summary. International students are a significant source of revenue and are major purchasers of Australian education services.

Risk Management Within an Organisation

Risk assessment. made simple

Best Value toolkit: Performance management

Appendix 10: Improving the customer experience

Change Management Office Benefits and Structure

OPERATIONAL RISK MANAGEMENT & MODELLING FROM WYNYARD GROUP & EVMTECH

PROCEDURE Transaction Monitoring and Audit. Number: G 0811 Date Published: 6 June 2013

LSCB Self-Assessment Tool

Internal Audit Division

PRUSAGE. Human Resource BPO ˡˡ ˡˡ. Prudent and Sage. Advisory Automation Outsourcing

Position Description

San Francisco International Airport Enterprise Risk Management

Chain of Custody Standard

Guideline on Implementing Cloud Identity and Access Management

RISK MANAGEMENT STRATEGY

Risk Management Policy. Corporate Governance Risk Management Policy

ERM A View from Compliance

360 Degree Feedback Report

DATA QUALITY STRATEGY

Position description and specification

3. OPERATING COMPANY'S ANNUAL ROAD SAFETY REVIEW 1

1.20 Appendix A Generic Risk Management Process and Tasks

Quality Manual ISO 9001:2015 Quality Management System

Risk Management Policy

Release: 1. AHCBUS604A Design and manage the enterprise quality management system

Why do Project Fail? 42% 37% 27% 26% 24% 24% 0% 10% 20% 30% 40% 50% IBM Software Group Rational software. Source: AberdeenGroup, August 2006

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

Optimize Brand Asset Management with Enterprise Content Management

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy? Scope of this Policy Principles of data quality...

Gateway review guidebook. for project owners and review teams

Version No: 2 Date: 27 July Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7

OAC Presentation to UNESCO Member States

RSA ARCHER OPERATIONAL RISK MANAGEMENT

The amount of data you have doubles every 12 to 18 months. Information Asset Management that Drives Business Performance Jeremy Pritchard 10/06/2015

Insurance management policy and guidelines. for general government sector, September 2007

SOS Connect. Software for the new legal landscape

OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE

Royal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information

Trust Board Report. Review of the effectiveness of the IM&T Committee

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll

Subject: Establishment of a Safety Management System (SMS)

Scheme Document. How could it be used to assess a multi-tenanted asset?

PDNPA Project Management Peak District National Park Authority Internal Audit Report 2014/15

Project Management Agile Experience Report

Post-accreditation monitoring report: The Chartered Institute of Personnel and Development. June 2007 QCA/07/3407

1. Background and business case

Glasgow Life Risk Management & Business Continuity Planning. Final Report

Texas Lottery Commission. Comprehensive Study and Evaluation of Lottery Security PUBLIC REPORT

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

The Proposed Quality Competency Framework for the Future Quality Professional

Corruption Risk Assessment Topic Guide

HIGHWAY INFRASTRUCTURE ASSET MANAGEMENT STRATEGY

Minutes/Decision & Actions of Management Board Assurance Branch / OCU

Capital Works Construction Project. [Insert Project Title] [Insert Sponsoring Agency]

Department of Audit and Compliance. Quality Self-Assessment

Shepway District Council Risk Management Policy

Achieve. Performance objectives

Metrics that Matter Security Risk Analytics

Project Risk Analysis toolkit

Building a Data Quality Scorecard for Operational Data Governance

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

BSBCUE607 Manage customer engagement centre staffing

ESKITP Authorise strategy, policies and standards relating to IT service delivery performance metrics management

Enabling efficiency through Data Governance: a phased approach

Risk Management Plan

Subcontractors and Supply Chain Partners Management Fee Policy

13. Performance Management

REPORT OF: DIRECTOR OF DEMOCRATIC AND LEGAL SERVICES 13/358 WARDS AFFECTED: ALL

Workforce Race Equality Standard

SFS SYS 7 (SQA Unit Code - H4GL 04) Audit electronic security systems

Lauren Hamill, Information Governance Officer

Business Continuity Plan Toolkit

Change Management in Project Work Survey Results

Ethical Maturity Index: Questionnaire Authors: Elena Demidenko and Patrick McNutt

Literature Review of Business Process Improvement Methodologies: Executive Summary

Level: 3 Credit value: 5 GLH: 28 Relationship to NOS:

Risk Management Policy and Procedures

Consultation on financial management guidelines for defined benefit schemes

Business Continuity Policy

Sector Led Improvement Peer Challenge. of the. London Borough of Haringey Direct Payments Support Services. May 2013

Job Description. Pay band 6

Key USP s. Multiple PCI level GRC tool

Transcription:

Self Assessment Risk Management Toolkit Summary

Objectives of Toolkit Self Assessment Risk Management The objectives of the Risk Toolkit are: Helps Risk Managers identify and mitigate the risks in their organisation s Mobile Money service. Extensible to enable new risks to the added, assessed and managed as they are identified. Enables Mobile Money Operators to evaluate their current security controls. Provides business with better visibility of those areas where action is needed.

Mobile Money Toolkit Scope Basic Services This version of the toolkit covers risks and controls for the following functionality: Scheme and technology provided by a single Operator Customers provisioned with a stored value e-money account Trust account management resides with an external Bank partner Transactions are e-money account to e-money account Cash-in & Cash-out is through an Agent network Customer care can perform transactions on behalf of customers (e.g. reversals) Other functions (e.g. multi-operator schemes, retail payments, etc) are out of scope for this version of the toolkit.

Workflow Where the Toolkit fits Risk management aims for the correct Organise Governance identification and treatment of risk. Idenitfy A typical risk management process flow is illustrated in the chart opposite. Analyse Assessment This toolkit can be used during all stages Evaluate of the risk assessment process, to aid risk mitigation and as an aid to on-going Action Mitigation management. Audit, Re-plan and Repeat Report & Monitor Management

Risk Register By Stakeholder Risk registers are organised by the stakeholder (an individual or organisation) bearing the risk: Customers Agents Operators (i.e. account providers) Trust Bank For each stakeholder risks are recorded, controls assessed and actions tracked.

Controls With Assurance Information When a risk is identified, to mitigate the risk, controls need to be applied. For each risk, the controls that apply are assigned from a master list. To verify a control has been implemented correctly, assurance information should be provided by the business and validated during the risk assessment.

Severity Analysing Impact & Likelihood The current impact and likelihood is assessed, based on the existing controls.

Evaluate & Action Tolerate or Treat Each risk is evaluated to determine whether it: Can be tolerated, Needs to be treated with mitigating actions, Can be transferred to another risk or Should be terminated by removing a process that leads to the risk. If action is required, and particularly for high-severity risks, specific activities should be identified for the owners of each risk for improving the controls. The aim is to reduce the severity score.

Extract Reports Extensible Contains three prepared reports: Report 1 extracts high & extreme risks Report 2 extracts risks with outstanding actions Report 3 re-groups risk by user-defined tags Uses standard Excel functionality without advanced macro programming. Additional reports can be added by local users.

Risk Assessment Assurance Verifying Assessments Senior managers need to be confident that the risk assessment has correctly identified, evaluated and actioned the most key risks. Reports to senior manages in the organisation, business owners of risks and, if required, external parties such group or regulators are likely to be required. Part of a risk manager role is to monitor, on an on-going basis, key metrics from the business (Key Risk Indicators (KRIs)) that can inform whether risk are materialised. The specification of KRIs is currently outside the scope of this toolkit edition. However, the assurance information required to verify that controls are in place and working is the basis of a set of suitable indicators. This may be addressed in future versions of the toolkit.

When and What Timescales and Resource How Often - a full audit is recommended on an annual basis. Individual risks with specific actions need to monitored to ensure actions are completed. How Long - a full risk management process can be done in two to three weeks (with appropriate commitment from the business) Resources - completing the toolkit is a manual exercise through document review and interviews. Confirming that controls are implemented requires access to assurance information. Changes to systems or additional reporting may be needed to generate the required assurance information.

End

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information