Presentation is loading. Please wait.

Presentation is loading. Please wait.

GRC - Governance, Risk MANAGEMENT, and Compliance

Similar presentations


Presentation on theme: "GRC - Governance, Risk MANAGEMENT, and Compliance"— Presentation transcript:

1 GRC - Governance, Risk MANAGEMENT, and Compliance

2 "Governance, Risk Management, and Compliance
Governance : Combination of processes established and executed by the BOD and how it is managed and led towards achieving goals.  Risk management : Identify, analyse and manage risks that could hinder the organization from achieving its objectives.  Compliance : Conforming to company's policies, procedures, laws and regulations .

3 GOVERNANCE The system of rules, practices and processes by which a company is directed and controlled. Involves balancing the interests of the many stakeholders in a company. Also provides the framework for attaining a company's objectives. Action plans and internal controls to performance measurement and corporate disclosure.

4 Governance Principles
Rights and equitable treatment of shareholders Interests of other stakeholders Roles and responsibilities of the board Integrity and ethical behaviour Disclosure and transparency

5 RISK MANAGEMENT Identify , assess , prioritize , control, exploit , finance and monitor risks. Coordinated and economical application of resources . To minimize, monitor and control the probability and/or impact of unfortunate events . Eliminates uncertainties. RISK MANAGEMENT vs GOVERNANCE Are they same ?

6 RISK TYPES Hazard risk Liability torts, Property damage, Natural catastrophe Financial risk Asset risk, Currency risk, Liquidity risk Operational risk Customer satisfaction, Product failure, Integrity, Reputational risk, Knowledge drain. Strategic risks Competition, Social trend, Capital availability.

7 RISK MANAGEMENT PROCESS
Establishing Context. Identifying Risks. Analysing/Quantifying Risks. Integrating Risks. Assessing/Prioritizing Risks. Treating/Exploiting Risks. Monitoring and Reviewing.

8 COMPLIANCE Conforming to a rule, such as a specification, policy, standard or law. Compliance audit : Review of an organization's adherence to regulatory guidelines. Organization must be able to demonstrate compliance by producing an audit trail. Auditors review security polices, user access controls and risk management procedures CIOs, CTOs and IT administrators answers a series of pointed questions over the course of an audit. Event log managers and robust change management software allows tracking and documentation of authentication and controls in IT systems.

9 Some prominent regulations, standards :
Sarbanes-Oxley Act (SOX) of 2002: To protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. Can Spam Act of 2003: Requires businesses to label commercial s as advertising, use legitimate return addresses, provide recipients with opt-out. Payment Card Industry Data Security Standard (PCI DSS):  Created in 2004 by Visa, MasterCard, Discover and American Express to ensure the security of credit, debit and cash card transactions. Information Security Management System (ISMS : ISO 27001): Design, implement and maintain a coherent set of policies, processes and systems to manage risks to the information assets.

10 COBIT (Control Objectives for Information and Related Technology)
Created by ISACA (Information Systems Audit and Control Association) Bridge the gap between control requirements, technical issues and business risks. More comprehensive definition of roles and responsibilities

11 Principles

12 ENABLERS

13 Governance x Management
EDM (Evaluate , Direct and Monitor) Management PBRM (Plan, Build, Run, Monitor )

14 Other standards Risk Management Standards :
ISO/IEC : Information security risk management  ISO 31000 NIST Risk IT by ISACA

15 NIST SP

16 THANK YOU


Download ppt "GRC - Governance, Risk MANAGEMENT, and Compliance"

Similar presentations


Ads by Google