UNDERSTANDING….. THE GRC FRAMEWORK.

Slides:



Advertisements
Similar presentations
COSO I COSO II. Meycor COSO, a Comprehensive Solution for Enterprise Risk Management (ERM)
Advertisements

Options appraisal, the business case & procurement
Governance, Risk, Compliance & Trust Presentation to KPMG May 20, 2009 By Alex Todd
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
GRC- GOVERNANCE, RISK MANAGEMENT & COMPLIANCE HR GLOBE CONSULTING
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Purpose of the Standards
Information Systems Controls for System Reliability -Information Security-
PAINTING THE FULL PICTURE
Control environment and control activities. Day II Session III and IV.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
1 European Conference on Training Strategies Kieran Cox -NSAI Education & Promotion-
Postgraduate Educational Course in radiation protection and the Safety of Radiation sources PGEC Part IV The International System of Radiation Protection.
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
PRMIA Toronto Chapter Event The ALPHA and BETA of Corporate Governance and Risk Oversight Tuesday, March 8, 2011 Alex Todd TE Research A division of Trust.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
GOVERNANCE IN AFRICA 25 August WELCOME, HOUSEKEEPING AND INTRODUCTIONS.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Alaska Staff Development Network – Follow-Up Webinar Emerging Trends and issues in Teacher Evaluation: Implications for Alaska April 17, :45 – 5:15.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
World Intellectual Property Organization DCPPS 1 presented by Mr. Vladimir Yossifov WIPO NATIONAL WORKSHOP ON INNOVATION SUPPORT SERVICES AND THEIR MANAGEMENT.
FinCoNet Annual General Meeting Workshop I: Strategic Priorities 15 th October 2015, Cape Town Bernard Sheridan, Director of Consumer Protection, Central.
Chapter 3 Governance.
What is a Business..?. Business : An economic system in which goods and services are exchanged for one another or money, on the basis of their perceived.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Company LOGO Chapter4 Internal control systems. Internal control  It is any action taken by management to enhance the likelihood that established objectives.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
12-CRS-0106 REVISED 8 FEB 2013 EDM (Evaluate, Direct, and Monitor) CDG4I3 / Audit Sistem Informasi Angelina Prima K | Gede Ary W. KK SIDE
Phase-1: Prepare for the Change Why stepping back and preparing for the change is so important to successful adoption: Uniform and effective change adoption.
Infrastructure Delivery Management Toolkit:
JMFIP Financial Management Conference
Business Briefing Security Service Providers
COBIT 5 Executive Summary
Title of the Change Project
Process and Timelines.
An Overview on Risk Management
Building evaluation in the Department of Immigration and Citizenship
Audit of predetermined objectives
Well Trained International
Providing assurance on risk management and controls
Economic Regulation of Irish Water
Training Course on Integrated Management System for Regulatory Body
IIASA Governance Review
MANAGING HUMAN RESOURCES
Training Course on Integrated Management System for Regulatory Body
TSMO Program Plan Development
Asset Governance – Integrated Strategic Asset Management
Internal control - the IA perspective
The Strategic Information Technology Formulation
IS4550 Security Policies and Implementation
IAEA General Conference Regulatory Cooperation Forum Regulatory Approach Prescriptive vs Performance Based David Senior Executive Director -
Service Development at Aalto University Key Enabler for Aalto's Academic Mission Mari Svahn.
PLANNING.
COSO I COSO II. Meycor COSO, a Comprehensive Solution for Enterprise Risk Management (ERM)
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
COBIT 5 Executive Summary
Association of International Bank Audit
ISO management systems
Portfolio, Programme and Project
GRC - A Strategic Approach
A COMPETENCY FRAMEWORK FOR GOVERNANCE GOVERNORS’ BRIEFING LANGLEY HALL PRIMARY ACADEMY 14 JULY 2017 Clive Haines & Rebecca Walker.
COBIT 5 and GRC Date.
Presentation transcript:

UNDERSTANDING….. THE GRC FRAMEWORK

PETER METCALFE

NOTHING IS AS POWERFUL AS THE HUMAN NETWORK! THE FOUNDATION FOR THE DEVELOPMENT OF AFRICA is a private, 'not-for-profit', non-membership, organisation actively serving Africa by promoting processes conducive to sustainable development ......throughout Africa - with the emphasis on sustainability! This organisation is currently rated as one of the most proactive Sustainable Business Development Organisations in Africa! Serving Africa since 1999. NOTHING IS AS POWERFUL AS THE HUMAN NETWORK!

PAPERLESS

Sustainable Development is the action and/or act of bringing people and/or processes into position for the effective use in the support and/or delivery of efforts, conducts and the cause!   PETER METCALFE May 2002

DEVELOPMENT

INVESTMENT

THE GRC FRAMEWORK

THE GRC FRAMEWORK GOVERNANCE People Processes STRATEGIC PLANNING COMP Technology COMP RISK THE GRC FRAMEWORK

GRC

GOVERNANCE G

GOVERNANCE Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures. Wikipedia

GOVERNANCE Governance activities ensure that critical management information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision making, and provide the control mechanisms to ensure that strategies, directions and instructions from management are carried out systematically and effectively Wikipedia

GOVERNANCE Governance is a term, broadly used, that refers to the rules, processes, or laws by which an entity is operated, regulated and controlled. Wikipedia

RISK MANAGEMENT R

RISK MANAGEMENT Risk management is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. Wikipedia

RISK MANAGEMENT The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party. Wikipedia

RISK MANAGEMENT Whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks, safety etc.), external legal and regulatory compliance risks are arguably the key issue in GRC. Wikipedia

The effect of uncertainty on objectives RISK MANAGEMENT The effect of uncertainty on objectives

COMPLIANCE C

COMPLIANCE Compliance means conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance. Wikipedia

GOVERNANCE - RISK - COMPLIANCE THE PROCESS

REVIEW ENTERPRISE OBJECTIVES

What are our enterprise objectives?

Which enterprise objectives are most important (this quarter; this year; ect.)?

DEFINE PROGRAMME/PROJECT OBJECTIVES

What are our programme/project objectives and outcomes?

How do these project outcomes contribute to enterprise objectives?

Are these project/programme activities effective efficient responsive?

Will all of this really deliver outcomes that matter?

Where should we focus our improvement efforts and resources?

OUTCOMES

CONCLUSION A fully integrated GRC uses a single core set of control material, mapped to all of the primary governance factors being monitored. The use of a single framework also has the benefit of reducing the possibility of duplicated remedial actions. Wikipedia

The Foundation for the Development of Africa THANK YOU Peter METCALFE The Foundation for the Development of Africa www.foundation-development-africa.org www.isupportafrica.com www.peter-metcalfe.com peter@isupportafrica.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.