1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.

Slides:



Advertisements
Similar presentations
Internal Control Integrated Framework
Advertisements

Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
It’s Time to Talk About Risk and Control
This project is co-financed by the European Union and the Republic of Turkey REPUBLIC OF TURKEY MINISTRY OF SCIENCE, INDUSTRY AND TECHNOLOGY Introduction.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
Applying COSO’s Enterprise Risk Management — Integrated Framework
Risk Assessment Frameworks
Purpose of the Standards
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Information Systems Controls for System Reliability -Information Security-
Opportunities & Implications for Turkish Organisations & Projects
The Government Finance Officers Association
COBIT® 5 for Risk Introduction
Got Internal Controls? presented by South Texas College Business Office “Count on Satisfaction”
1 Solvency II Part 3: Other pillars Vesa Ronkainen Insurance Supervisory Authority, Finland
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
COMMON CHALLENGES AND SOLUTIONS IN ERM IMPLEMENTATION TO IMPROVE MUNICIPAL CLEAN ADMINISTRATION PROCESS. M.J. RAMAKGOLO (CCSA)
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Enterprise Risk Management
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Internal Control in a Financial Statement Audit
IPA Funds Programme Management sept Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına.
IPA Funds Programme Management sept Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
IPA Funds Programme Management sept Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına.
IPA Funds Programme Management sept Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
This project is co-financed by the European Union and the Republic of Turkey REPUBLIC OF TURKEY MINISTRY OF SCIENCE, INDUSTRY AND TECHNOLOGY Bölgesel Rekabet.
This project is co-financed by the European Union and the Republic of Turkey REPUBLIC OF TURKEY MINISTRY OF SCIENCE, INDUSTRY AND TECHNOLOGY 1 Bölgesel.
IPA Funds Monitoring and Evaluation December Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
Chapter 9: Introduction to Internal Control Systems
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
The Risk Management Process
This project is co-financed by the European Union and the Republic of Turkey REPUBLIC OF TURKEY MINISTRY OF SCIENCE, INDUSTRY AND TECHNOLOGY 1 Bölgesel.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
1 COSO ERM Framework Update Our Next Challenge and Opportunity September 2015.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Company LOGO Chapter4 Internal control systems. Internal control  It is any action taken by management to enhance the likelihood that established objectives.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
#127 – Risk Management Basics Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
JMFIP Financial Management Conference
An Overview on Risk Management
With current ethical challenges, is it safe to say Risk Management processes are responsive to an accountable government? CIGFARO- AUDIT &RISK INDABA.
Understanding the Principles and Their Effect on the Audit
COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,
HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE
PEM PAL IA COP Internal Control Working Group COSO Principles
COSO Internal Control s Framework
Internal control - the IA perspective
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance on Institutional Building for the Implementation of RCOP in Turkey This project is co-financed by the European Union and the Republic of Turkey Risk management – Principles, Legal basis and Best practices Todor Yankulov,

2 This project is co-financed by the European Union and the Republic of Turkey 1.Risk Management purposes and principles 2.Risk Management in EC Regulations 3.Risk Management Best practices Content

3 This project is co-financed by the European Union and the Republic of Turkey Every entity, whether for-profit or not, exists to realize value for its stakeholders. All entities face uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value. Risk management enables management to effectively deal with uncertainty and associated risk, enhancing the capacity to build value. Why Risk Management

4 This project is co-financed by the European Union and the Republic of Turkey Supporting strategic and operational planning Objectives are more likely to be achieved Damaging things will not happen or are less likely to happen Beneficially things will be or are more likely to be achieved Supporting effective use of resources Promoting continuous improvement Why Risk Management

5 This project is co-financed by the European Union and the Republic of Turkey “…a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” ERM COSO Framework Risk Management Definition

6 This project is co-financed by the European Union and the Republic of Turkey A process related with the objectives Dynamic process Process applied at every level of the organization Dealing with potential events Complex but not complicated Close cooperation wit Internal Audit function Risk Management principles

7 This project is co-financed by the European Union and the Republic of Turkey Able to provide reasonable assurance to an entity’s management and board of directors regarding the achievement of objectives Applied in strategy setting There must be objectives at place before identifying risks Objective related process

8 This project is co-financed by the European Union and the Republic of Turkey Important objective concepts Strategic and operational objectives must be consistent with each other Clearly defined goals - more easily identified risks Written down in relevant internal documents Clearly communicated and understood by all the staff Objective related process

9 This project is co-financed by the European Union and the Republic of Turkey Objectives are S.M.A.R.T. Specific – clearly specified, not general Measurable - units of accuracy, timeliness, quality, quantity, etc. used to determine progress and achievement. Attainable - the objective could be achieved with the available resources Relevant/Realistic - an objective that the goal-setter is willing and able to work towards Time-bound - a time frame, a target date is needed Objective related process

10 This project is co-financed by the European Union and the Republic of Turkey Linked to the constantly changing environment It is performed at a permanent basis in time and reflects the changes Continuous monitoring and updating Dynamic process

11 This project is co-financed by the European Union and the Republic of Turkey A process, ongoing and flowing through an entity Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk Effected by people at every level of an organization Applied at every level of the organization

12 This project is co-financed by the European Union and the Republic of Turkey Risk - the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood. Facing uncertainty Subjectivity has to be accepted How big is the fear of the uncertainty / the appetite for opportunities – risk appetite Dealing with potential events

13 This project is co-financed by the European Union and the Republic of Turkey Covering multiple structures, policies and people Clear and effective procedures are needed Avoid unnecessary labeling – not to much terminology Complex but not complicated

14 This project is co-financed by the European Union and the Republic of Turkey IPPF 2120 – Risk Management - The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. IPPF 2120.A2 – The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. IPPF 2120.C3 – When assisting management in establishing or improving risk management processes, internal auditors must refrain from assuming any management responsibility by actually managing risks. Close cooperation wit Internal Audit function

15 This project is co-financed by the European Union and the Republic of Turkey Understanding and commitment by management and employees To have strategic planning in the organization Strategic Plan to be developed into operational plans Resources to be provided, including the necessary information The internal auditor shall assess the risk management, identify and evaluate significant risks, support the board without taking responsibility or participating directly in management Conditions for successful risk management

16 This project is co-financed by the European Union and the Republic of Turkey Commission Regulation (EC) No 718/2007 Art. 11, p. 2 - the management and control systems set up in the beneficiary country shall provide for effective controls in at least the areas set out in the Annex. Annex 1 - Planning/risk management (planning of interventions) Legal Basis

17 This project is co-financed by the European Union and the Republic of Turkey Annex 1 - Planning/risk management (planning of interventions) Risk identification, assessment and management— ensuring that risks are identified and management, in particular that adequate control resources are applied in all areas, in function of the significance of different risks they mitigate. Legal Basis

18 This project is co-financed by the European Union and the Republic of Turkey Annex 1 - Planning/risk management (planning of interventions) Objective setting and allocation of resources against objectives — ensuring that appropriate (and measurable) objectives at output and impact level are established at all levels and understood throughout the organisation; ensuring that resources are appropriately allocated against those objectives respecting transparent sound financial management principles; ensuring that responsibility for those objectives is clear. Legal Basis

19 This project is co-financed by the European Union and the Republic of Turkey Annex 1 - Planning/risk management (planning of interventions) Planning of the implementation process — ensuring clear planning of steps needed to deliver objectives — including timing and responsibility for each step, and critical path analyses where necessary. Legal Basis

20 This project is co-financed by the European Union and the Republic of Turkey Issued by international professional (standardization) organizations Not obligatory but accepted by professionals (some cases receive official recognition by legal acts) ERM COSO Framework, Risk Management Standards (UK), ISO Framework Best practices frameworks

21 This project is co-financed by the European Union and the Republic of Turkey This COSO ERM framework defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management. ERM COSO Framework

22 This project is co-financed by the European Union and the Republic of Turkey Eight components - all are interrelated ERM COSO Framework

23 This project is co-financed by the European Union and the Republic of Turkey Entity objectives can be viewed in the context of four categories: ERM COSO Framework

24 This project is co-financed by the European Union and the Republic of Turkey ERM considers activities at all levels of the organization: ERM COSO Framework

25 This project is co-financed by the European Union and the Republic of Turkey Establishes a philosophy regarding risk management. It recognizes that unexpected as well as expected events may occur. Establishes the entity’s risk culture. Considers all other aspects of how the organization’s actions may affect its risk culture. ERM Internal Environment

26 This project is co-financed by the European Union and the Republic of Turkey Is applied when management considers risks strategy in the setting of objectives. Forms the risk appetite of the entity — a high-level view of how much risk management and the board are willing to accept. Risk tolerance, the acceptable level of variation around objectives, is aligned with risk appetite. ERM Objective Setting

27 This project is co-financed by the European Union and the Republic of Turkey Policies and procedures that help ensure that the risk responses, as well as other entity directives, are carried out. Occur throughout the organization, at all levels and in all functions. Include application and general information technology controls. ERM Control Activities

28 This project is co-financed by the European Union and the Republic of Turkey Management identifies, captures, and communicates pertinent information in a form and timeframe that enables people to carry out their responsibilities. Communication occurs in a broader sense, flowing down, across, and up the organization. ERM Information & Communication

29 This project is co-financed by the European Union and the Republic of Turkey Effectiveness of the other ERM components is monitored through: Ongoing monitoring activities. Separate evaluations. A combination of the two. ERM Monitoring

30 This project is co-financed by the European Union and the Republic of Turkey Thank you for your attention! Questions/Discussions