Create integrated GRC dept. structure
Ensure CAE reports to CEO
Empower Audit Committee
Get Senior Management involved
Engage at Board level
Implement ERM
Put into practice a code of business ethics
Prepare & execute annual GRC plan
Educate board on strategic risks
Ensure accurate financial reporting
Continuously monitor control environment
Focus on fraud risk assessments
Tighten controls on information security
Review disaster recovery plans
Test business continuity plans
Build awareness & train staff on risk management
Ensure compliance to laws
Build control centric organization culture
Engage human resources dept. to manage people risks
Partner with business units to manage operational risks
Focus on providing assurance & value addition to CXOs
This is a very slick presentation of a very smart system… but it is a little bit scary. Merely sending someone an email that a task has been allocated to them doesn’t mean that they will own that task or even be able to do it. This is command and control gone mad.
Nevertheless, one interesting video deserves another and while on teh subject of making complex things simpler you might like this TED video, which manages to makes its point far faster; http://tinyurl.com/2dlsfvv
Geoffrey,
Thanks for the information and links. The other one on ethics, the article which you have on Yala is great. Thanks for sharing.
Sonia