Presentation is loading. Please wait.

Presentation is loading. Please wait.

Open Compliance & Ethics Group (www.oceg.org)

Published byBen Lowery Modified over 9 years ago

Similar presentations

Presentation on theme: "Open Compliance & Ethics Group (www.oceg.org)"— Presentation transcript:

1 Open Compliance & Ethics Group (www.oceg.org)
4/13/2017 A Technology Blueprint for Governance, Risk Management and Compliance Carole Stern Switzer, Esq. President, OCEG Driving Principled Performance® (c) 2007, OCEG

2 Open Compliance & Ethics Group (www.oceg.org)
4/13/2017 What is OCEG? (c) OCEG 3/12/2009 (c) 2007, OCEG

3 Over 20,000 members in the OCEG Community
Our PURPOSE OCEG is the only nonprofit that helps organizations drive Principled Performance® by enhancing corporate culture and improving governance, risk management, internal control and compliance (GRC) capabilities via: Community Interdisciplinary, Cross-Industry Benchmarking and Research Education, Webinars and Events Content Standards & Guidelines (technical, process, content) Repositories of Laws, Regulations and Related Standards Media, Research and other Resources Certification Entire Programs or Components of a Program Solutions, Products and Services Over 20,000 members in the OCEG Community 3/12/2009 (c) OCEG

4 Principled Performance®?
But what exactly is Principled Performance®? (c) OCEG 3/12/2009

5 Principled Performance®
The Bottom Line an organization must clearly define WHAT it will achieve and how it will create value while addressing UNCERTAINTY, PROTECTING VALUE and staying within BOUNDARIES the outcome of this effort will be Principled Performance® Carefully Chosen Words “Principled” “Performance” No “accidental performance” Be specific and transparent about objectives Be specific and transparent about boundaries (mandated & voluntary) Not just about compliance “Keep us out of trouble” “Make our business better” Principle Performance® depends on defining what is “right” for your company and doing the “right” things the “right” way – to achieve these goals. 3/12/2009 (c) OCEG

6 Open Compliance & Ethics Group (www.oceg.org)
4/13/2017 What is GRC and what exactly is GRC? 3/12/2009 (c) OCEG (c) 2007, OCEG

7 Governance, Risk Management & Compliance
Integration “Principled Performance®” requires the integration of a number of enterprise processes, most notably Governance, Risk Management & Compliance GRC Carefully Chosen Words “Principled” “Performance” No “accidental performance” Be specific and transparent about objectives Be specific and transparent about boundaries (mandated & voluntary) Not just about compliance “Keep us out of trouble” “Make our business better” 3/12/2009 (c) OCEG

8 What is New? Increased global footprint, increased executive liability, increased volume and velocity of mandates, increased pressure from stakeholders and other drivers are forcing organizations to… Do Things Differently 3/12/2009 (c) OCEG

9 Trend or Fad? Just a Fad? 3/12/2009 (c) OCEG

10 Forrester Research Briefing
Market Need Forrester Research Briefing “GRC Software Platform Revenues Will Rise To $1.3 Billion In 2011” … “We estimate that the market is currently $36 billion, and we expect it to grow to $50 billion over the next three years” Gartner Research Briefing “By 2009, the annual worldwide total software spending for GRC will be about $14 billion.” AMR Research Briefing “2007 GRC spending will hit $29.9B, growing 8.5% from last year; companies now expect to spend an additional 3.6%, or $31B, in 2008.” 3/12/2009 (c) OCEG

11 Agree or Strongly Agree
Most Important “We should adopt a consistent approach or methodology for similar activities in governance, risk and compliance” 90% Agree or Strongly Agree Source: OCEG Benchmark Series: GRC Strategy Study 3/12/2009 (c) OCEG

12 Adverse Impact of failure to be consistent
Increased general operating expenses Increased cost of reconciling disparate information Reduced margins Higher cost from suppliers Higher cost of capital Source: OCEG Benchmark Series: GRC Strategy Study 3/12/2009 (c) OCEG 12

13 Open Compliance & Ethics Group (www.oceg.org)
4/13/2017 Red Book 2.0 The OCEG GRC Capability Model 3/12/2009 (c) OCEG (c) 2007, OCEG

14 OCEG GRC Capability Model
GRC Content Domains Content Domains provide topical or industry-specific information that integrates with and assumes that the a capability is in place GRC Capability Model (“Red Book 2.0”) Capability Model describes common elements of an effective program that integrates the principles of good corporate governance, risk management, compliance, ethics and internal control. GRC Taxonomy & Technical Standards Taxonomy & Technical Standards define key entities and systems that comprise a GRC “backbone” and interface standards so that these systems more easily and effectively integrate. 3/12/2009 (c) OCEG

15 Component View of the OCEG GRC Capability Model
3/12/2009 (c) OCEG

16 Element View of the GRC Capability Model
3/12/2009 (c) OCEG

17 Common Sources of Failure Practices Related Requirements
Element Contents Principles Common Sources of Failure Practices Related Requirements Key Deliverables Technology Modules from the GRC-IT Blueprint 3/12/2009 (c) OCEG

18 Open Compliance & Ethics Group (www.oceg.org)
4/13/2017 What’s the Goal? 3/12/2009 (c) OCEG (c) 2007, OCEG

19 High-Performing Program
Effective Program Effectiveness is a term of art Design Effectiveness Operating Effectiveness We want to keep it that way! Effectiveness Performance The law does not demand anything beyond effectiveness – BUT shareholders (stakeholders) expect more! Scott

20 O U T C O M E S High-Performance ACTIVITIES EFFECTIVE EFFICIENT
Scott w/ Jack EFFICIENT RESPONSIVE 20

21 Principles and Needs Common IT Needs for GRC:
Legal and regulatory requirements management Policy and procedure management Communication management Organization and responsibility management Process and control libraries or frameworks Risk libraries Training and attestations Risk and impact assessments Audit and assurance activities Incident and action plan management Alignment with the business Visibility for process owners Visibility at the business unit and enterprise levels IT for GRC Principles Integration – it is unlikely a single application can enable all GRC activities. Create a “GRC Backbone” of integrated parts Simplification – Simplify the architecture and use common components to enable multiple risk areas Reuse – Leverage existing investments and only buy when you must Automation – For repetitive or complex tasks, but sometimes human judgment is required Information – Sharing information about performance, risks, controls, incidents and resolution is fundamental to GRC. The ability to analyze this information alongside business information is the essence of GRC. 3/12/2009 (c) OCEG

22 The GRC-IT Blueprint The Blueprint defines 72 GRC Technology Modules and organizes and maps them in several ways as follows: To Each of the Elements of the GRC Capability Model Within Three Technology Levels Business Applications GRC Core Applications Infrastructure Within Nine Technology Arenas Assurance and Audit Management Business Intelligence Business Process Management Corporate Governance Enterprise Content Management Enterprise Resource Management Enterprise Risk Management Human Resources Management Security Management 3/12/2009 (c) OCEG

23 Sample Element Page 3/12/2009 (c) OCEG

24 Release of final Red Book 2.0 – March 2009
Next Steps for OCEG Release of final Red Book 2.0 – March 2009 Release of final GRC-IT Blueprint – March 2009 Release of GRC-IT Roadmap (a process guide for maturing use of IT for GRC with self-evaluation tools) – June 2009 Development of GRC-XML – ongoing through OCEG Technology Council Launch of broader GRC-IT Community in OCEG site – June 2009 3/12/2009 (c) OCEG

25 The use of technology for GRC is not an option, it is a necessity
A few key take aways The use of technology for GRC is not an option, it is a necessity Using the OCEG Red Book and GRC-IT Blueprint can help you benchmark against an independent standard and other companies There are barriers beyond budget – people like their spreadsheets; data hoarding has perceived benefits But don’t attempt to boil the ocean – look for small quick wins and build support for more 3/12/2009 (c) OCEG

26 15 days demo subscription
OCEG Resources For more information and to access some key OCEG resources, go to: 15 days demo subscription Download OCEG Illustrations (from the GRC Illustrated Series) IT ROADMAP FOR GRC How Do We Integrate IT to Enable GRC? HOW DO I ASSESS RISK? Download from the OCEG Whitepaper Series “Critical Conversations” - CFO AT THE CENTER 3/12/2009 (c) OCEG

Download ppt "Open Compliance & Ethics Group (www.oceg.org)"

Similar presentations

Life Science Services and Solutions

Life Science Services and Solutions
First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.

First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.
Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
Enabling traceability and transparency with standards-based regulatory reporting Dr. Said Tabet Senior Technologist and Industry Standards Strategist Office.

Enabling traceability and transparency with standards-based regulatory reporting Dr. Said Tabet Senior Technologist and Industry Standards Strategist Office.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Lecture 8 ISM- © 2010 Houman Younessi Information Systems Spring 2011 Convener: Houman Younessi 1-860-548-7880

Lecture 8 ISM- © 2010 Houman Younessi Information Systems Spring 2011 Convener: Houman Younessi
Misys Treasury & Capital Markets

Misys Treasury & Capital Markets
Chapter 11 11-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Enterprise Architecture. 2 Agenda What is Enterprise Architecture (EA)? Roles in EA? Why is EA Important? Tangible Benefits from EA? What Do We Need to.

Enterprise Architecture. 2 Agenda What is Enterprise Architecture (EA)? Roles in EA? Why is EA Important? Tangible Benefits from EA? What Do We Need to.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Innovating with SAP Enterprise Service Content - a Practical Guide Derek Wood –LS Computing A CLEAR NEW AFRICA.

Innovating with SAP Enterprise Service Content - a Practical Guide Derek Wood –LS Computing A CLEAR NEW AFRICA.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Oceg © 2011 Driving Principled Performance An Overview of the OCEG GRC Capability Model.

Oceg © 2011 Driving Principled Performance An Overview of the OCEG GRC Capability Model.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
project management office(PMO)

project management office(PMO)
Victorian Managed Insurance Authority APCO Presentation – Risk Management in the VPS Jonathon Masom – Risk Management Adviser.

Victorian Managed Insurance Authority APCO Presentation – Risk Management in the VPS Jonathon Masom – Risk Management Adviser.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
18 th International XBRL Conference Governance, Risk, and Compliance: Panel Session Lane Leskela – OCEG Scott Mitchell – OCEG Scott C. Rosenfelder – Deloitte.

18 th International XBRL Conference Governance, Risk, and Compliance: Panel Session Lane Leskela – OCEG Scott Mitchell – OCEG Scott C. Rosenfelder – Deloitte.
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects

Similar presentations

Ads by Google