Presentation is loading. Please wait.

Presentation is loading. Please wait.

GRC - Governance, Risk MANAGEMENT, and Compliance

Published byAlberta Atkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "GRC - Governance, Risk MANAGEMENT, and Compliance"— Presentation transcript:

1 GRC - Governance, Risk MANAGEMENT, and Compliance

2 "Governance, Risk Management, and Compliance
Governance : Combination of processes established and executed by the BOD and how it is managed and led towards achieving goals.  Risk management : Identify, analyse and manage risks that could hinder the organization from achieving its objectives.  Compliance : Conforming to company's policies, procedures, laws and regulations .

3 GOVERNANCE The system of rules, practices and processes by which a company is directed and controlled. Involves balancing the interests of the many stakeholders in a company. Also provides the framework for attaining a company's objectives. Action plans and internal controls to performance measurement and corporate disclosure.

4 Governance Principles
Rights and equitable treatment of shareholders Interests of other stakeholders Roles and responsibilities of the board Integrity and ethical behaviour Disclosure and transparency

5 RISK MANAGEMENT Identify , assess , prioritize , control, exploit , finance and monitor risks. Coordinated and economical application of resources . To minimize, monitor and control the probability and/or impact of unfortunate events . Eliminates uncertainties. RISK MANAGEMENT vs GOVERNANCE Are they same ?

6 RISK TYPES Hazard risk Liability torts, Property damage, Natural catastrophe Financial risk Asset risk, Currency risk, Liquidity risk Operational risk Customer satisfaction, Product failure, Integrity, Reputational risk, Knowledge drain. Strategic risks Competition, Social trend, Capital availability.

7 RISK MANAGEMENT PROCESS
Establishing Context. Identifying Risks. Analysing/Quantifying Risks. Integrating Risks. Assessing/Prioritizing Risks. Treating/Exploiting Risks. Monitoring and Reviewing.

8 COMPLIANCE Conforming to a rule, such as a specification, policy, standard or law. Compliance audit : Review of an organization's adherence to regulatory guidelines. Organization must be able to demonstrate compliance by producing an audit trail. Auditors review security polices, user access controls and risk management procedures CIOs, CTOs and IT administrators answers a series of pointed questions over the course of an audit. Event log managers and robust change management software allows tracking and documentation of authentication and controls in IT systems.

9 Some prominent regulations, standards :
Sarbanes-Oxley Act (SOX) of 2002: To protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. Can Spam Act of 2003: Requires businesses to label commercial s as advertising, use legitimate return addresses, provide recipients with opt-out. Payment Card Industry Data Security Standard (PCI DSS):  Created in 2004 by Visa, MasterCard, Discover and American Express to ensure the security of credit, debit and cash card transactions. Information Security Management System (ISMS : ISO 27001): Design, implement and maintain a coherent set of policies, processes and systems to manage risks to the information assets.

10 COBIT (Control Objectives for Information and Related Technology)
Created by ISACA (Information Systems Audit and Control Association) Bridge the gap between control requirements, technical issues and business risks. More comprehensive definition of roles and responsibilities

11 Principles

12 ENABLERS

13 Governance x Management
EDM (Evaluate , Direct and Monitor) Management PBRM (Plan, Build, Run, Monitor )

14 Other standards Risk Management Standards :
ISO/IEC : Information security risk management  ISO 31000 NIST Risk IT by ISACA

15 NIST SP

16 THANK YOU

Download ppt "GRC - Governance, Risk MANAGEMENT, and Compliance"

Similar presentations

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Appendix F: Common risk categories for the public sector Insert client-specific photo here.

Appendix F: Common risk categories for the public sector Insert client-specific photo here.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Enterprise Risk Management Its Meaning and Import Jerry A. Miccolis, FCAS, MAAA Tillinghast - Towers Perrin.

Enterprise Risk Management Its Meaning and Import Jerry A. Miccolis, FCAS, MAAA Tillinghast - Towers Perrin.
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Doğancan USTACAN Hasan KÜTÜKÜT Abdullah Cihan Küçük Sevil KUGU.

Doğancan USTACAN Hasan KÜTÜKÜT Abdullah Cihan Küçük Sevil KUGU.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.

© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

Similar presentations

Ads by Google