WHAT ARE THE 3 SUBSETS OF THE KEY GOVERNANCE ELEMENTS
- GOVERNANCE
- RISK MGMT
- INTERNAL CONTROL
THE COMBINATION OF PROCESSES AND STRUCTURES IMPLEMENTED BY THE BOARD TO INFORM, DIRECT, MANAGE, AND MONITOR THE ACTIVITIES OF THE ORG TOWARD THE ACHIEVEMENT OF ITS OBJECTIVES
GOVERNENANCE
WHAT ARE THE TWO BROAD AREAS OF GOVERNANCE UNDER THE RESPONSIBILITY OF THE BOD
- STRATEGIC DIRECTION
2. GOVERNANCE OVERSIGHT
HOW MANAGEMENT PLANS TO ACHIEVE THE ORG’S OBJECTIVES
STRATEGY OR STRATEGIC DIRECTION
THE BOD ROLE IN MANAGING AND MONITORING THE ORG’S OPERATIONS
GOVERNANCE OVERSIGHT
KEY MEMBERS OF THE GOVERNANCE OVERSIGHT PROCESS
- BOD
- SENIOR MGMT
- INTERNAL AUDIT
- EXTERNAL AUDIT
ANY PARTY WITH A DIRECT OR INDIRECT INTEREST IN AN ORGANIZATION’S ACTIVITIES AND OUTCOMES
STAKEHOLDER
3 TYPES OF STAKEHOLDERS
- DIRECTLY INVOLVED
- INTERESTED
- INFLUENCED
4 TYPES OF OUTCOMES TO CONSIDER WHEN ASSESSING RISK
- FINANCIAL
- COMPLIANCE
- OPERATIONS
- STRATEGIC
THE AMOUNT OF RISK, ON A BROAD LEVEL. AN ORG IS WILLING TO ACCEPT IN PURSUIT OF ITS BUSINESS OBJECTIVES
RISK APPETITE
THE ACCEPTABLE LEVELS OF RISK SIZE AND VARIATION RELATIVE TO THE ACHIEVEMENT OF OBJECTIVE, WHICH MUST ALIGN WITH THE ORG’S RISK APPETITE
RISK TOLERANCE
WHAT ARE THE GOVERNANCE RESPONSIBILITIES OF SENIOR MGMT
- ENSURING FULL SCOPE OF DIRECTION AND AUTHORITY DELEGATED IS UNDERSTOOD
- IDENTIFY PROCESSES AND ACTIVITIES INTEGRAL TO EXECUTING THE GOVERNANCE DIRECTION PROVIDED BY THE BOARD
- EVALUATE ABILITY TO DELEGATE LOWER RISK ITEMS TO LOWER MGMT
WHAT ARE THE RESPONSIBILITIES OF RISK OWNERS
- EVALUATING RISK MGMT ACTIVITIES ARE DESIGNED ADEQUATELY
- ASSESS ONGOING CAPABILITY OF THE ORG TO EXECUTE RISK MGMT ACTIVITIES
- DETERMINE WHETHER RM ACTIVITIES ARE OPERATING AS DESIGNED
- CONDUCT DAY TO DAY MONITORING ACTIVITIES
- ENSURE INFORMATION NEEDED BY THE BOARD IS ACCURATE AND READILY AVAILABLE
WHAT IS THE ROLE OF THE INTERNAL AUDIT FUNCTION IN GOVERNANCE ACTIVITIES
ASSESSING AND MAKING APPROPRIATE RECOMMENDATIONS FOR IMPROVING THE GOVERNANCE PROCESS IN ITS ACCOMPLISHMENT OF OBJECTIVES
4 IA OBJECTIVES IN EVALUATING GOVERNANCE
- PROMOTING APPROPRIATE ETHICS AND VALUES WITHIN THE ORG
- ENSURING EFFECTIVE ORG PERFORMANCE MGMT AND ACCOUNTABILITY
- COMMUNICATING RISK CONTROL INFORMATION TO APPROPRIATE ARES OF THE ORG
COORDINATING ACTIVITIES OF AND COMMUNICATING INFORMATION AMONG THE BOARD, AUDITORS, AND MGMT
REPRESENTS THE INTERNAL CONTROL ACTIVITIES CONDUCTED BY INDIVIDUALS AND MGMT
FIRST LINE OF DEFENSE
OTHER ASSURANCE ACTIVITIES SUCH AS CONTROLLERS, COMPLIANCE OFFICERS, HEALTH & SAFETY SPECIALIST, AND QUALITY ASSURANCE EXPERTS
CAN ALSO PROVIDE INDEPENDENT ASSURANCE TO THE BOD OR SENIOR MGMT
SECOND LINE OF DEFENSE
THE MOST INDEPENDENT AND OBJECTIVE FORM OF ASSURANCE WHICH INCLUDES INTERNAL AND EXTERNAL AUDIT
THIRD LINE OF DEFENSE
WHERE DO THE 3 LINES REPORT
FIRST LINE = SENIOR MGMT
SECOND LINE = SENIOR MGMT
THIRD LINE = SENIOR MGMT AND BOD
DIFFERENT ASSURANCE ACTIVITIES DO NOT COORDINATE AND COLLABORATE SUFFICIENTLY RESULTING IN REDUNDANT AND UNNECESSARY ASSURANCE ACTIVITIES
AUDIT FATIGUE
COORDINATED PLAN DEVELOPED TO FACILITATE AWARENESS OF WHAT ASSURANCE ACTIVITY WILL PERFORM ASSESSMENTS WHEN, AND HOW OTHER ASSURANCE ACTIVITIES CAN RELY ON THAT WORK
COMBATS AUDIT FATIGUE
COMBINED ASSURANCE MODEL
