Académique Documents
Professionnel Documents
Culture Documents
Codes, guidelines and initiatives of corporate governance introduced risk and control elements into various functional areas Firms have entered recession with compliance, legal, internal audit and enterprise risk management functions of considerable size and scope However often no singular cross-functional definition of what risk or compliance means. Recession must focus concerns over increased expenses and duplication of activities
For Internal Auditors governance, risk and compliance: - risk to independence or - lead (advice on process requirements) and participate in the processes themselves ISPPIA (Standard 2110): assess and make recommendations for improving governance processes Status within organization determines how auditors deploy and manage dual roles: - primary driver or advise other functional areas driving the process
Clarity of objectives and goals key to governance, risk and compliance processes Are solutions being sought in keeping with organizations goals, culture and stakeholder expectations? Common definition of issue significance and station for tracking & reporting Efficiencies through leveraging of common processes and increased knowledge sharing across functions Consistent view of an organizations risk and prioritize issues requiring management attention.
But integrating governance, risk and compliance may be detrimental to individual risk and control units, thus: Thus: integration objectives must be clear (1) Adopt a strategic framework (2) Ask: How does integration help achieve the frameworks mission? Goal: Integration of common processes and alignment of focus Not: Added competition/distraction from units already exist or creation of new infrastructure.
Strategic Top
Overall policy and risk appetite set by Board and Executive Management
Each risk and control function continues to execute its unique role as a part of a fully integrated effort with a common goal to manage the organization's risks
Enterprise Risk Policy & Appetite Legal / Internal Audit / Compliance / Safety / IT / Finance King III
Policy establishes: - Role of each function -Common goal of managing organizations risks -Expectation of working relationships and knowledge sharing
Middle
Risk Assessment Emerging Risk Identification Risk/Control Monitoring (Key Risk Indicators)
Bottom
(2) Discuss internal vision with executive management and board (or audit committee)
present both benefits and potential pitfalls! test against Strategic Framework
(10) Execute!