Guidance for Audit Committees: Risk management goes beyond financial reporting and should focus on business performance

Posted on September 11, 2011 by

On September 1, 2011, the European Confederation of Director’s Association published a document titled Audit Committee Guidance for European Companies.  This document provides an excellent overview of the roles and responsibilities of the audit committee, a mapping to the expectations of the EU 8th company law directive, and highlights some country specific requirements related to audit committees.  This report also highlights two important topics that should be embraced by all Boards – regardless of geography:

  1. Risk management should focus on performance as well as potential loss events
  2. The Audit Committee should focus on all enterprise risks – not just those related to financial reporting

This document dedicates an entire section related to the discussion of monitoring the effectiveness of internal control and risk management systems.  According to the report: “It is important that risk management and control are not seen as a burden on the institution, but rather the means by which opportunities are maximized and potential losses associated with unwanted events are reduced. Risks manifest themselves in a range of ways and the effect of risks crystallising may have a positive as well as negative outcome for the institution.  It is vital that those responsible for the stewardship and management of an institution be aware of the best methods for identifying and subsequently managing such risks”.

The report goes on discuss that the remit of the audit committee goes well beyond that of reviewing financial controls and risks and address those risks and controls related to operational and compliance matters.  According to the report:  “Traditionally, audit committees have been concerned with the oversight of internal financial controls.  However, the Directive is drawn much wider in that it imposes a duty on the audit committee to monitor the effectiveness of internal control and risk management systems in their entirety.  This goes beyond the financial reporting processes and encompasses the system of risk and control associated with other areas such as operational matters and compliance with laws and regulations.”

At a time when many Board Audit Committees and internal audit professionals are evaluating changes to the scope of their charter, this ecoDa document provides some solid guidance and provides a good reference point to drive process improvement discussions.

Posted in GRC, Internal Audit, Risk Management | Tagged , , | Leave a comment

THOMSON REUTERS POSITIONED IN THE LEADERS QUADRANT OF THE MAGIC QUADRANT FOR ENTERPRISE GOVERNANCE, RISK AND COMPLIANCE PLATFORMS

Posted on July 19, 2011 by

Thomson Reuters (accelus.thomsonreuters.com) has been positioned by Gartner, Inc. in its Leader’s Quadrant of the Enterprise Governance, Risk and Compliance Platforms Magic Quadrant.

This Gartner Magic Quadrant for enterprise governance, risk and compliance (EGRC) platforms presents a global view of Gartner’s assessment of the main software vendors that should be considered by organizations seeking a technology solution to support the oversight and operation of enterprisewide risk management and compliance programs, with the overall objective being improvements in corporate governance and the ability to achieve business objectives.

Thomson Reuters was placed in the Magic Quadrant after Gartner evaluated the Thomson Reuters Enterprise GRC solution on its ability to execute and its completeness of vision. Enterprise GRC is a comprehensive audit, internal controls management, policy management and compliance software solution purpose-built to address connected governance, risk and compliance requirements.

You are invited to read the full report with complimentary access at this link.

Posted in Compliance, GRC, Internal Audit, Risk Management | Tagged , , , , | Leave a comment

Jumpstart your GRC Project – Step 5: Sharpen Your Tools

Posted on May 9, 2011 by

The next step on our journey to jumpstart a GRC project is to evaluate and refine the tools used in your assurance practice.

STEP 5:
There is a saying that you can tell a lot about a workman by looking at the tools they use. That applies to all professionals and, in particular, to GRC professionals. Here are some basic tools every GRC professional should have in their tool- kit and sharpen regularly.

REGULATORY NEWS AND ANALYSIS: Seek out and rely on expert information that includes current, new and proposed regulatory information. Look for expert opinions and analysis that can help you stay ahead of the evolving compliance landscape.

RESEARCH YOUR PEERS: Knowledge of your competitors and their practices provides insight into enforcement trends, legal precedent, and opportunities for innovation and business development.

SELF-ASSESSMENT: Vast amounts of information about risks, controls, compliance and issues can be gathered using self-assessment techniques. Self-assessment instruments range from structured workshops run by skilled facilitators to surveys that can provide new insights.

MONITORING AND SCREENING: Technology exists that can immediately detect fraudulent transactions or screen for risky vendors and employees.  Are you considering, or have you proposed, sophisticated screening and monitoring technology options to management?

REPORTING AND DISCLOSURE: Ensure that the board and your decision makers have access to real-time actionable information and that you are following all disclosure requirements to shareholders, the board and regulatory agencies.

GRC CONVERGENCE TECHNOLOGY: Technology exists and is successfully used to document, manage and report on the work and results of GRC professionals in a corporation. Have you explored this technology?

Posted in GRC | Tagged , | Leave a comment