19 March 2008Assessment workshop1 Assessment methodology.

Slides:

Advertisements

Similar presentations

Armand Racine Consultant Chemicals Branch

Advertisements

Pentti Mäkinen Central Chamber of Commerce of Finland Benefits of low regulation environment Brussels

GLOBAL FORUM V ON FIGHTING CORRUPTION AND SAFEGUARDING INTEGRITY Fulfilling our commitments: Effective action against corruption Sandton Convention Centre,

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

CAMBODIAN COUNTRY PROJECT IMPLEMENTATION Towards consolidating the existing social health protection schemes in Cambodia: assessment of best practices.

1 Regional policy The Resource BOOK of PPP case studies Second International workshop on PPP Brussels 5th July Roberto Ridolfi.

Presentation to EPSO, Porto, Portugal RQIA Review of Patients/Service User Finance and Property in Regulated and Statutory Adult Care Settings 8 May 2014.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Institute of Municipal Finance Officers & Related Professions

ISO General Awareness Training

Control environment and control activities. Day II Session III and IV.

INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.

Topic: Fundamentals of taxes and taxation methods.

19 March 2008Corruption Risk Mapping1 Corruption risk mapping Towards an Integrity risk map for the Hungarian public sector.

Budgeting and Controlling Operations and Taxes. Control Financial Planning  Operating System Financial Planning  Operating System Steps Steps Set performance.

Governance of the Treasury Function CIPFA Scottish Treasury Management Forum Alan George, Regional Director 23rd February 2012.

SSRG annual workshop Balancing and Managing Risk 8th April 2008 Costing Children’s Services: Availability of Child Level Data Samantha Culley Centre for.

The Evergreen, Background, Methodology and IT Service Management Model

Overview of Systems Audit

Org Name Org Site CMM Assessment Kick-off Meeting Dates of assessment.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

Implementation of “ APEC Anti-corruption Code of Conduct for Business ” by Chinese State-Owned Enterprises (SOEs) - Mr. SHAO CHUNBAO - CHINA TELECOM -

Grosu-Axenti Diana Financial Inspection Director Financial Inspection vs External & Internal audit in Republic of Moldova.

Inspecting safeguarding in post-16 education and training Natspec Conference October 2012.

The New Role and New Mission of Cooperative Auditing Department in Thailand. Assist. Prof. Dr. Ratana Pothisuwan Assoc. Prof. Dr. Prasert Janyasupab Department.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

1 Into-. 2 What is IntoSAINT? Intosai Self Assessment INTegrity vulnerabilities Integrity controls.

Risk Identification in Practice Solange Berstein Chair IOPS Technical Committee Superintendent Pension Supervisor Chile.

The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.

Economic Instruments Session Objectives: Identify economic instruments for specific environmental issues Identify constraints on application of economic.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

9 december 2010Auditing integrity1 Experiences in Auditing Integrity in The Netherlands Ina de Haan Netherlands Court of Audit.

Risk Identification in Practice Solange Berstein Chair IOPS Technical Committee Superintendent Pension Supervisor Chile.

Healthcare Commission update Sue Fraser-Betts Senior Assessment Manager October

Revenue Administration Reform Project and Further Revenue Administration Reform Project and Further Restructuring for Higher Efficiency and Effectiveness.

The Present and Future Margaret McKinlay, Chair Paul Broadbent, Chief Executive.

INTOSAI WORKING GROUP ON KEY NATIONAL INDICATORS Audit on Social Protection of Vulnerable Groups Mrs Ivanka Kesyakova, SAI Bulgaria Sofia, March.

We provide web based benchmarking, process diagnostics and operational performance measurement solutions to help public and private sector organisations.

EQUIPMENT 1.At the UW, items with a purchase value of $2,000 or more (including tax and other ancillary charges) are defined as Equipment (not Supplies).

INTERNAL CONTROLS What are they? Why should I care?

Copyright © Texas Education Agency, All rights reserved. Risk Management Fundamentals Statistics & Risk Management 1.

Kathy Corbiere Service Delivery and Performance Commission

Ethics Management in the Public Service Presentation to Portfolio Committee 21 October

INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 4.3: Internal Control & Audit.

Achievements in IPPC Directive Implementation: problems and constraints Albania Ministry of Environment 3 rd BERCEN Exchange Programme for the Environmental.

Financial Management – a brief overview Portfolio Committee on DoD Briefing 19 October 2005 RP Mosaka/ C Botes Parliamentary Service Unit Office of the.

Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Fire & Rescue Service CAA and Improvement Sharon Gernon-Booth Fire and rescue services PIN 23 March 2009.

Inter-American Development Bank BIMILACI 2007 QUALITY PROCUREMENT Third Party Review May 2007 Project Procurement Division.

Presented By: W. Andrew Powell, CPA Principal Halt, Buzas & Powell, Ltd.

1 Corruption Prevention Strategies. 2 Specific Objectives: 1. Corruption Loopholes 2. Corruption Prevention Strategies 3. Conclusions.

Outcomes of the FMC review Vania Tomeva, PIFC consultant July 2013, Tbilisi 1.

WHY MONITOR? Compliance with applicable Federal requirements & performance goals are being achieved. Prevention of fraud & waste Early detection of inefficiencies.

Security Management in Practice

Accounting Standards Board Annual Report 2006

Internal Control Principles

Information Technology Controls

Presentation to the Parliamentary Portfolio Committee on Energy

Descriptive Analysis of Performance-Based Financing Education Project in Burundi Victoria Ryan World Bank Group May 16, 2017.

Project proposal for ISO 27001:2013 implementation

Accountability and Internal Controls – Best Practices

Content and Methodology

Software Assurance Maturity Model

INTRODUCTION TO PUBLIC FINANCE MANAGEMENT

REGIONAL NETWORK FOR CIVIL ORGANIZATIONS ON MIGRATION – RNCOM

IS4680 Security Auditing for Compliance

Presentation transcript:

19 March 2008Assessment workshop1 Assessment methodology

19 March 2008Assessment workshop2 Characteristics Focus on: Integrity, not corruption Prevention, not repression Organisations, not legislation Processes, not people

19 March 2008Assessment workshop3 Assessment methodology Object definition - organisation - processes Assessment vulnerabilities Assessment Maturity level Integrity Control System Gap analysis Recommendations for strengthening controls

19 March 2008Assessment workshop4 Outcome Depending on the objective, thoroughness, scope and results of these steps, the result could be: –In-depth Risk Analysis –Action agenda –Audit proposal –Audit report

19 March 2008Assessment workshop5 Assessment of vulnerabilities Assess the vulnerability profile: What are the inherent vulnerabilities? Are there circumstances that may increase the vulnerability of the organisation? Result: –Vulnerability profile –List of vulnerable processes

19 March 2008Assessment workshop6 High vulnerability areas Areas dealing with the public or with the private sector CollectingAssessments, taxes, import duties, excise duties, fees, charges ContractingTenders, orders, assignments, awards PaymentSubsidies, benefits, allowances, grants, sponsoring Granting/ issuancePermits, passports, driving licenses, identity cards, authorisations, inspections Public servicesHealth care, education, garbage collection, water supply etc. RegulatingDesign and implementation of new regulations Supervising/ enforcement Supervision, control, inspection, prosecution, detection, justice, punishment Areas dealing with government property InformationNational security, confidential information, documents, dossiers, copyright Money treasury, financial instruments, portfolio management, cash/bank via budgets, premiums, expenses, bonuses, allowances, etc. GoodsBuying/selling (auction), management and consumption Real estateBuying/selling (buildings / land)

19 March 2008Assessment workshop7 Vulnerability Enhancement Profile Factors Complexity Change/dynamics Management Personnel Problem history

19 March 2008Assessment workshop8 Assessment maturity level integrity control system Assess the maturity level of the integrity control system What is the maturity of the integrity control system? –Existence of controls –Operation of controls –Performance of controls Result: –Maturity profile of integrity control system

19 March 2008Assessment workshop9 Maturity levels LevelCriteria 0 - This measure does not exist 1 - This measure exists - Its implementation / observance is unclear 2 - This measure exists - It is implemented / observed - Its effectiveness is unclear 3 - This measure exists - It is implemented / observed - It is effective

19 March 2008Assessment workshop10 Integrity Control System

19 March 2008Assessment workshop11 Gap analysis Match maturity level of integrity control system with established risks –What are the organisations most important integrity risks? –Does the integrity control system protect the organisation against these integrity risks? –What are the remaining risks?

19 March 2008Assessment workshop12 Gap analysis: Vulnerabilities Resilience is determined by the maturity level of integrity controls Balance may be achieved by reducing vulnerability or enhancing controls Vulnerabilities Resilience Remaining Vulnerability

19 March 2008Assessment workshop13 Gap analysis: Risks Mitigation of risks is possible by introducing specific controls Remaining unbalance = Remaining risks Vulnerabilities Resilience Risks Mitigation Remainin g risks

19 March 2008Assessment workshop14 Assessment methodology Mini workshop

19 March 2008Assessment workshop15 Assessment vulnerabilities Assess the vulnerability profile: Check and name high vulnerability areas for this organisation Check and name vulnerability increasing circumstances Award score of increased vulnerability in profile

19 March 2008Assessment workshop16 Assessment maturity level of integrity control system Assess the integrity control system / resilience –Assess the maturity level of the integrity controls –Analyse the strengths and weaknesses of the integrity control system

19 March 2008Assessment workshop17 Gap analysis Match resilience (maturity level of integrity control system) with established vulnerabilities Vulnerabilities Resilience Remaining Vulnerability