Compliance Presented by: Marty McNulty, ARMA Board Member.

Slides:

Advertisements

Similar presentations

IBM Corporate Environmental Affairs and Product Safety

Advertisements

The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.

[Organisation’s Title] Environmental Management System

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

Auditing, Assurance and Governance in Local Government

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

Child Safeguarding Standards

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Buying Better Outcomes Workshop 4 Equalities and Contract Management If you do not take it seriously, why should the supplier?

Global Corporate Citizenship

How a Large Company Used the Principles to Establish its Corporate Information Governance Robin Woolen, MBA, IGP President / Principal.

Audit Documentation PCAOB Auditing Standard no.3.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Environmental Management Systems An Overview With Practical Applications.

© CSR Asia 2010 ISO Richard Welford CSR Asia

ISO General Awareness Training

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.

Challenge Questions What outcomes have we achieved?

Internal Control and Internal Audit

SAFA- IFAC Regional SMP Forum

Purpose of the Standards

PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting

ASPEC Internal Auditor Training Version

Quality Representative Training Version

Total Quality, Competitive Advantage, and Strategic Management

The Principles: How we incorporated them into our Business Process by Lawrie Barroner.

Internal Auditing and Outsourcing

Session No. 3 ICAO Safety Management Standards ICAO SMS Framework

Inclusion Ireland Annual Conference 28 March 2009 “Living Life to the Full” So where do Standards come in? Niall Byrne Deputy Director Office of the Chief.

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

Principle of Protection By C’Les Jensema About ARMA International and the Generally Accepted Recordkeeping Principles® ARMA International (

Internal Control in a Financial Statement Audit

Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.

Chapter 8: Client Risk Profile and Documentation

Assess Your Organization's Information Governance using the Generally Accepted Recordkeeping ® Principles September,

PRESENTED BY: RAHIMA NJAIDI MJUMITA 3 RD APRIL 2012.

Proposed Model for Ranking Business Response to HIV/AIDS Private Sector Conference on HIV/AIDS November 2008 Presented by Gavin George.

Advanced Program in Auditing and Accounting Regulation Module 12 Enhancing Statutory Audit Quality from a Financial Regulator’s Perspective Presenter:

Priscilla Emery President, ECM Scope.  What is Compliance?  What is GARP?  What is considered Best Practice in this area?  A Framework for Compliance.

5-1 Lesson 5 | Common Issues & Challenges. Describe how RSAs address project schedule (time), project cost, and agency liability concerns. Explain the.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Indicators to Measure Progress and Performance IWRM Training Course for the Mekong July 20-31, 2009.

IAEA International Atomic Energy Agency School of Drafting Regulations – November 2014 Government and Regulatory Body Functions and Responsibilities IAEA.

Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.

1 EMS Fundamentals An Introduction to the EMS Process Roadmap AASHTO EMS Workshop.

Revised AQTF Standards for Registered Training Organisations Strengthening our commitment to quality - COAG February August 2006.

Kathy Corbiere Service Delivery and Performance Commission

Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.

Generally Accepted Recordkeeping Principles: The Principle of Transparency Alaska Chapter of ARMA International Presented by: Tara Carey, ARMA Board Member.

Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.

Briefing to the portfolio committee: Social Development Audit outcomes of the Social Development portfolio for the financial year October 2015.

SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:

Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

Maximizing the Value of Information Information Governance As A Strategic Framework Presenter: Margaret Hermesmeyer, MLIS, IGP, CRM Division Chief Information.

Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.

Presenters: Margaret Hermesmeyer, MLIS, CRMKevin Waldrup, MBA, CRM Chief, Records Management Division Records Management Administrator Office of the Attorney.

“The Role of CPSB and CASB in the Transformation and Growth of Counties” By CS Peterson Mwangi.

Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

CPA Gilberto Rivera, VP Compliance and Operational Risk

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

Data Minimization Framework

Our new quality framework and methodology:

The Public Sector Equality Duty

RECORDS AND INFORMATION

Lockheed Martin Canada’s SMB Mentoring Program

The Public Sector Equality Duty

Stakeholder Involvement in Nuclear issues Workshop: Milestones for Nuclear Power Infrastructure Development November 5-9, 2007 Why Stakeholders are.

Managing IT Risk in a digital Transformation AGE

The Corporate Social Audit Corporate Sustainability

Presentation transcript:

Compliance Presented by: Marty McNulty, ARMA Board Member

One Reason to use The Principles New regulation of Dodd-Frank mandate new enforcement for financial, credit, investment and other organizations such as Energy Companies, Electric and Gas utilities, Chemical, Mining and Mineral, Airlines, Agribusiness, and Consumer Products. Information Management, Pulzello, Fred and Bhavsar, Sonali, November 2011.

Dodd-Frank Act Focus on Information Governance ECM Capabilities Management Tools “Dodd-Frank’s “Title VII-Wall Street Transparency and Accountability” emphasizes the principles of accountability and transparency for recordkeeping”. Information Management, Pulzello, Fred and Bhavsar, Sonali, November 2011.

The Principles ARMA International’s Governance Maturity Model Purpose: Provide a solid foundation for an Information Governance Structure Objective: Ensure companies are meeting their operating needs, legal and regulatory obligations.

The Principles 1. Accountability 2. Integrity 3. Protection 4. Compliance 5. Availability 6. Retention 7. Disposition 8. Transparency

How can adopting GARP principles help an organization in Legal matters? Adherence to the PRINCIPLES indicate how an organization is on top of its statutory and regulatory recordkeeping requirements. Overarching all this is the Principle of Compliance, which means that organizations must be sure that they are complying with recordkeeping and overall information governance requirements. In terms of “Legal matters,” compliance with The Principles should mean that the organization has a RIM program that is legally defensible, including the all-important Legal Holds policy and procedures to avoid sanctions for spoliation (i.e., the wrongful destruction of documents or evidence). John Isaza is a California-based attorney and founding partner of the Howett Isaza Law Group, a law firm that specializes in electronic information governance, records management and overall corporate compliance.

The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as, the organization’s policies.

Compliance It is the duty of every organization to comply with applicable laws, including those maintaining records. An organization’s credibility and legal standing rest upon its ability to demonstrate that it conducts its activities in a lawful manner. The absence of and/or the poor quality of records may impair or jeopardize a business’s right to conduct business.

Compliance Duty: 1. The recordkeeping system must contain information documenting that the organization’s activities are conducted in a lawful manner. 2. The recordkeeping system is subject to legal requirements (i.e. tax, environmental, engineering, etc.).

Steps to Achieve Compliance Step One: Identify the Key Stakeholders Compliance – Legal and regulatory agencies and their associated staff members. Legal – understand the firm’s litigation profile Information Technology – understand technology infrastructure of the firm. Risk Management Business Unit Line Managers

Steps to Achieve Compliance Step Two: Gather Existing Information Policies and Procedures Data Maps Functional Workflows

Steps to Achieve Compliance Step Three: Define Desired Compliance Outcome and Criteria Use five level grading criteria Substandard Indevelopment Essential Proactive Transformational

Steps to Achieve Compliance Step Four: Identify Gaps between Current and Desired Compliance Criteria-Practices Use the Principles Assessment Tool Conduct a Gap Analysis Establish Benchmarks and/or Set Criteria

Steps to Achieve Compliance Step Five: Prioritize Gaps to be addressed  List Gaps and set priorities  Make them simple and clear

Steps to Achieve Compliance Step Six: Develop a Roadmap to the Desired Compliance Criteria/Practices Determine the actions to take along a timeline to reach the desired Compliance State with the new Criteria/Practices Identify/assign resources to deliver action items.

Steps to Achieve Compliance Step Seven: Develop a Roadmap to the Desired Compliance Criteria/Practices Determine the actions to take along a timeline to reach the desired Compliance State with the new Criteria/Practices Identify/assign resources to deliver action items.

Steps to Achieve Compliance Step Eight: Deliver New Criteria and Audit Reporting Setup a Compliance auditing tool with the new criteria Schedule an audit annually and measure against previous year’s compliance. Report Compliance Grade and Findings Submit Recommendations to close gaps and address findings.

Maturity Model for Information Governance Level 1 – Substandard Level 2 – In Development Level 3 – Essential Level 4 – Proactive Level 5 - Transformational Maturity Model can be found on ARMA website at: recordkeeping-principles/metrics/metrics-compliance recordkeeping-principles/metrics/metrics-compliance

Maturity Model Level 1 (Sub-standard): This level describes an environment where recordkeeping concerns are either not addressed at all, or are addressed in a very ad hoc manner. Organizations that identify primarily with these descriptions should be concerned that their programs will not meet legal or regulatory scrutiny.

Maturity Model Level 2 (In Development): This level describes an environment where there is a developing recognition that recordkeeping has an impact on the organization, and that the organization may benefit from a more defined information governance program. However, in Level 2, the organization is still vulnerable to legal or regulatory scrutiny since practices are ill-defined and still largely ad hoc in nature.

Maturity Model Level 3 (Essential): This level describes the essential or minimum requirements that must be addressed in order to meet the organization's legal and regulatory requirements. Level 3 is characterized by defined policies and procedures, and more specific decisions taken to improve recordkeeping. However, organizations that identify primarily with Level 3 descriptions may still be missing significant opportunities for streamlining business and controlling costs.

Maturity Model Level 4 (Proactive): This level describes an organization that is initiating information governance program improvements throughout its business operations. Information governance issues and considerations are integrated into business decisions on a routine basis, and the organization easily meets its legal and regulatory requirements. Organizations that identify primarily with these descriptions should begin to consider the business benefits of information availability in transforming their organizations globally.

Maturity Model Level 5 (Transformational): This level describes an organization that has integrated information governance into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine. These organizations have recognized that effective information governance plays a critical role in cost containment, competitive advantage, and client service.

Compliance is the umbrella of all of The Principles. All firms are legally responsible to perform recordkeeping practices that are legally defensible and responsible. This level of compliance can be achieved by using The Principles.