Oceg © 2011 Driving Principled Performance An Overview of the OCEG GRC Capability Model.

Slides:



Advertisements
Similar presentations
Governance, Risk, Compliance & Trust Presentation to KPMG May 20, 2009 By Alex Todd
Advertisements

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Microsoft Operations Framework (MOF) 4.0
Lisanne Sison Director ERM Bickmore
Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems
Open Compliance & Ethics Group (
Development of internal control: methodology and responsibility
It’s Time to Talk About Risk and Control
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Interoperability. Martin Sykes Information architecture programs suffer from EA's worst problem: They have a strategic and enterprisewide focus that.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Aust. AM Collaborative Group (AAMCOG) An introduction to ISO “What to do” guide 20th October 2014.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Information Systems Controls for System Reliability -Information Security-
ISO 9001:2015 “Risk Based Thinking”
Dorothy Gjerdrum, ARM-P, CIRM Chair, US ISO Technical Adv Group
Opportunities & Implications for Turkish Organisations & Projects
© IBE....doing business ethically makes for better business…. Business Ethics: the essential components Philippa Foster Back OBE Director Institute of.
Identity & Purpose Desired State Vision 2012 Target Achievements Projection into the external environment Key Successful factors / Value Drivers / Internal.
Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.
Corporate Social Responsibility- do we need a Statutory Instrument? Presented to the Zambia Alternative Mining Indaba conference- July 17, 2013 Sombo Chunda,
BC Injury Prevention Strategy Working Paper for Discussion.
The Institutionalization of Business Ethics
1 CREATING A LEARNING ORGANIZATION AND AN ETHICAL ORGANIZATION STRATEGIC MANAGEMENT BUAD 4980.
PRMIA Toronto Chapter Event The ALPHA and BETA of Corporate Governance and Risk Oversight Tuesday, March 8, 2011 Alex Todd TE Research A division of Trust.
This Lecture Covers Review of Internal Control Definitions.
Chapter Three IT Risks and Controls.
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
Overview of COBIT5 and Impact on Local Content for IT By Mrs Tokunbo Martins Director Banking Supervision (Central Bank of Nigeria)
RUSSIAN CUSTOMS DEVELOPMENT PROJECT (CDP). Russia CDP.
1 Inter-American Development Bank Environment and Safeguards Policy - A Strategic Overview.
1 Efficient, Transparent and Strategic Management Presented by: Prof. Venansius Baryamureeba Acting Vice Chancellor, Makerere University, Kampala, UGANDA.
Holistic Approach to Security
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Copyright © Houghton Mifflin Company. All rights reserved.
Self Assessment Using EFQM Excellence MODEL Down Lisburn Trust’s Experience of Continuous Improvement John Simpson Down Lisburn Trust.
IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.
Kathy Corbiere Service Delivery and Performance Commission
Risk Management Standards and Guidelines
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
1 MANAGEMENT OF CHANGE LEADERSHIP TOWARDS CHANGE, RENDERING STRUCTURES, FUNCTIONS AND PROCEDURES COMPATIBLE A Case Study of the Kenya Revenue Authority.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Business Ethics 1 كلية العلوم والدراسات الانسانية بالغاط Chapter 3: Stakeholder Relationships, Social Responsibility, and Corporate Governance.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
ERM and Information Risks July 2013 Advisory. 1 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent.
JMFIP Financial Management Conference
Defining a World-Class Finance Organization
Internal Control.
FILM AND PUBLICATIONS BOARD
The Institutionalization of Business Ethics
Audit & Risk Management
Supplier Partnership Supplier Partnership is the discipline the strategically planning for, and managing, all interactions with third party organization.
CQ WORKSHOPS 2 staff workshops on ‘Course Quality’ (June & Sept 2017)
Risk Management in Plain English
Vision Facilitation Template
Advanced Management Control and Sustainable Development
Leadership and Management for Safety
‘The Governance Profession’
Adding Value Across the Board
ISO management systems
GRC, A holistic Road Map for Information Security Transformation
COBIT 5 and GRC Date.
Effectiveness Working Group
Presentation transcript:

oceg © 2011 Driving Principled Performance An Overview of the OCEG GRC Capability Model

OCEG and Risk Management What is OCEG? Is the OCEG Red Book a risk management standard?

OCEG is a nonprofit organization that uniquely helps organizations drive Principled Performance ® by enhancing corporate culture and integrating governance, risk management, and compliance processes by providing: Guidelines and Standards Community of Practice Evaluation Criteria & Benchmarks

OCEG Red Book 2.1 What it is and what it is not…

Let’s start with the “Big Picture” The goal is Principled Performance

The Goal: Principled Performance OBJECTIVES strategic, operational, customer, process, and compliance objectives OPTIMIZE PERFORMANCE strategy, people, process, technology, and infrastructure in place to drive toward objectives MANDATED BOUNDARY boundary established by external forces including laws, government regulation, and other mandates VOLUNTARY BOUNDARY boundary defined by management including public commitments, organizational values, contractual obligations, and other voluntary policies OPPORTUNITIES OBSTACLES

Principled Performance reliable achievement of objectives while addressing uncertainty and acting with integrity

GRC Defined a capability that enables an organization to reliably achieve objectives while addressing uncertainty and acting with integrity… (c) OCEG. All rights reserved. …including the governance, assurance and management of performance, risk, and compliance.

Or, you could say GRC is the integration of capabilities that enable principled performance (c) OCEG. All rights reserved.

What does this capability look like?

Management Assurance Governance High Level View © OCEG. All rights reserved. RiskCompliancePerformance Principled Performance The rigorous governance, assurance and management of performance, risk and compliance helps an organization reliably achieve objectives while addressing uncertainty and acting with integrity.

Management Assurance Governance Too Much Fragmentation © OCEG. All rights reserved. RiskCompliancePerformance Principled Performance NACD, OECD, King 3 Domain-Specific Governance (IT, Project, etc.) Balanced Scorecard Strategic Planning Business Intelligence Decision Science Quality Management COSO CoCo Turnbull PCAOB US FSG AS 3806 Quality Management Domain-Specific COSO ERM ISO / BSI UK Orange Book IRM / ALARM / Airmic Domain-Specific (BASEL)

Management Assurance Governance Red Book – Makes it Easier and ‘Better’ © OCEG. All rights reserved. RiskCompliancePerformance Principled Performance OCEG Red Book GRC Capability Model

GRC Body of Knowledge ›Open Source ›Quality Controlled ›Complete 8 Components 40 Elements 100s Practices © OCEG. All rights reserved. OCEG Red Book GRC Capability Model

© OCEG. All rights reserved. 8 UNIVERSAL OUTCOMES Enhance Organizational Culture Increase Stakeholder Confidence Prepare & Protect the Organization Prevent, Detect & Reduce Adversity Motivate & Inspire Desired Conduct Improve Responsiveness & Efficiency Optimize Economic & Social Value Achieve Business Objectives INTERACT DETECT ORGANIZE ASSESSMEASURE PROACTRESPOND 8 INTEGRATED COMPONENTS

What the Red Book is and is not It is not a risk management standard/framework You can use ISO or COSO if you prefer It addresses the optimized delivery of value, and risk management is an essential element Optimized performance requires multiple elements to work together in an orchestrated fashion

Thank You! Norman Marks SAP Palo Alto, California Twitter: normanmarks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.