Get Started. It's Free
or sign up with your email address
Rocket clouds

1. 1. CM

1.1. enables management to continually review business processes for adherence to & deviations from their intended levels of performance & effectiveness.

1.2. enables management to determine more quickly & accurately where it should be focusing attention & resources.

1.3. management can :

1.3.1. assess the effectiveness of controls & detect associated risk issues.

1.3.2. improve business processes & activities while adhering to ethical & compliance standards.

1.3.3. execute more timely quantitative & qualitative risk-related decisions.

1.3.4. increase the cost-effectiveness of controls & monitoring through IT solutions.

1.4. Benefit : Gives management greater visibility into, and more timely information on business processes designed to achieve strategic & operational goals.

2. 2. CA

2.1. Enables internal audit to continually gather from processes data that supports auditing activities.

2.2. enables internal auditors to determine more quickly & accurately where to focus attention & resources.

2.3. Internal audit

2.3.1. collect from processes, transactions, & accounts data that supports internal & external auditing activities.

2.3.2. achieve more timely, less costly compliance with policies, procedures, & regulations.

2.3.3. shift from cyclical or episodic reviews with limited focus to continuous, broader, more proactive reviews.

2.3.4. evolve from a traditional, static annual audit plan to a more dynamic plan based on CA results.

2.3.5. reduce audit costs while increasing effectiveness through IT solutions.

2.4. Benefit : Enables internal audit to move from sampling accounts and transactions to 100% coverage of accounts & transactions.

3. 3. CM + CA =

3.1. integrate management's responsibility for the performance of controls with internal audit's responsibility for assurance regarding management's controls.

3.2. increasing coordination between management and internal audit in these areas should minimize duplication of controls and effort.

3.3. enable enterprise to adapt more quickly and effectively to changes in the risk and regulatory climate.

3.4. improve the risk management and control activities of virtually any large enterprise.

4. 4. Benefits of Implementing CM & CA

4.1. heightened demand for faster, better decisions and for improved, but cost-effective risk management.

4.2. rising pressures on internal audit to provide timely assurance to stakeholders.

4.3. increasing complexity and change in regulatory requirements

4.4. greater efforts to align internal audit activities with management's strategic business goals.

5. 5. The Risk Intelligent Enterprise Practices

5.1. address the full spectrum of risks, including strategic, operational, compliance, reporting, security, environmental, and other risks.

5.2. acknowledge the need for specialization by business and function, but also across organization silos.

5.3. consider the interaction of multiple risks rather than focusing on a single risk or event, and consider the potential impacts of multiple threats.

5.4. create common terms ad metrics for risk, and a culture in which people account for risk in every activity.

5.5. support risk taking for reward & value creation, rather than pure risk avoidance.

6. 6. Three Stages of CM Adoption

7. 7. From Manual -> Automated

8. 8. Barriers to CM & CA Adoption

8.1. perceived impact on the enterprise

8.2. priority of implementation

8.3. internal audit's readiness to develop and adopt CA

8.4. IT & software considerations

8.5. realistic expectations

9. 9. Varying Perspectives & IT Consideration

9.1. process perspective

9.2. technology perspective

9.3. operationalizing CM or CA

9.4. IT capabilities

10. 10. The CM/CA Roadmap

10.1. 1. Develop the Business Case

10.1.1. connecting the initiative to the drivers of value, and the risks, in the business.

10.1.2. identifying benefits and costs, and quantifying them when possible.

10.1.3. placing CM/CA in the context of the overall GRC effort and clarifying their roles.

10.2. 2. Develop a Strategy for Adoption

10.2.1. targeting efforts based upon risk exposure, appetite, and tolerances, enterprise-wide and locally

10.2.2. identifying which areas are appropriate to pursue based on projected benefits, costs, & ROI.

10.2.3. identifying how to set thresholds and monitor risks, as well as useful intervals and notification mechanism.

10.2.4. considering required resources and how current resources and priorities may help or hinder adoption.

10.3. 3. Plan the Design & Implementation

10.3.1. determining the scope of the objectives

10.3.2. establishing roles & responsibilities

10.3.3. designing the CM/CA process and mechanisms

10.3.4. allocating resources and creating a timeline and project plan

10.3.5. setting reasonable expectations for performance

10.3.6. aligning people, processes, and IT resources

10.4. 4. Build and Implement the CM/CA Syatem

10.4.1. begin with relatively straightforward, low-cost, high-return projects

10.4.2. involve IT, business units, and other key stakeholders early on

10.4.3. create a sense of shared ownership of the project and the results

10.4.4. test the CM/CA system, particularly for its impact on the IT system, before actual launch and adoption.

10.5. 5. Monitor Performance and Progress, and Refine as Needed

10.5.1. report the result of the effort to management and all other stakeholders

10.5.2. demonstrate the value added (in monetary terms when possible)

10.5.3. verify by manual means that te early readings and results are accurate