OCEG One Minute Poll: Is Mandatory Audit Firm Rotation a Good Idea? December, 2011 resource OMP - One Minute Poll OCEG Reviewed
A short OCEG research poll on mandatory audit firm rotation
SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Benefits Demonstrates an effective implementation of the GRC framework. Enhances the quality of decision making across the organization. Reduces the likelihood of unpleasant surprises for all stakeholders. Enhances the efficiency and effectiveness of GRC processes. Reduces risk-related losses. Reduces the risk of regulatory compliance violations. Provides more reliable assurance to stakeholders. How SAS® Is Different Creates a common and integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.). Facilitates collaboration between various GRC teams, which will be difficult when the GRC components are in multiple systems. Reduces cost of risk management and compliance by reducing duplication of data and processes. Links all critical GRC elements, enabling you to easily visualize and assess the impact of a business decision in one part of the organization over other parts of the organization.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.04 - Business Continuity Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.27 - Strategy, Performance, and Business Intelligence
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A1. Identification
- D1. Detective Actions & Controls
- I1. Info Management
- M1. Context Monitoring
- O1. Commitment
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- A2. Analysis
- M2. Performance Monitoring
- O2. Roles
- P2. Codes Of Conduct
- R2. Internal Investigation
- A3. Planning
- D3. Inquiry
- I3. Technology
- M3. Systemic Improvement
- O3. Accountability
- P3. Policies
- C4. Objectives
- M4. Assurance
- R5. Remediation
- P7. Risk Financing
SAI Global GRC Software
SAI Global’s GRC Platform provides a flexible software solution to manage and profile risks, compliance obligations, incidents and cases, policies, and learning across the organization. Specific applications include configurations for environmental, health and safety use and for bribery and corruption risk management. A full utilization of SAI Global's software enables integration with SAI Global's Learning & Communication Platform and a single view across highly decentralized global operations. This inevitably results in better use of human capital, reduced costs, increased transparency and improved business results. A partial list of solution components, deployable as standalone elements or integrated, include risk assessment and profiling; obligations management; case and incident management; policy management; registries to manage gifts, hospitality, entertainment, facilitation payments and conflicts of interests; audit management; integration with hotline; and a fully configurable GRC Dashboard that integrates with learning and communication.
- IT.02 - Board and Entity Management
- IT.05 - Compliance Management
- IT.11 - Environmental, Health, and Safety
- IT.14 - Global Trade Compliance/International Dealings
- IT.15 - Hotline/Helpline
- IT.19 - Issue and Investigations Management
- IT.22 - Policy Mgmt, Communication & Training
- IT.23 - Privacy Management
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.28 - 3rd Party/Vendor Risk & Compliance
- (C) Context
- M1. Context Monitoring
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- D2. Notification
- M2. Performance Monitoring
- P2. Codes Of Conduct
- R2. Internal Investigation
- D3. Inquiry
- P3. Policies
- R3. 3rd Party Inquiry & Investigation
- M4. Assurance
- P4. Education
- (O) Organize
- (A) Assess
- (I) Interact
Mitratech TeamConnect® Policy Management
TeamConnect manages policies throughout their lifecycle, from creation to retirement, while enabling collaboration and providing accountability in every phase. Proactively protect your organization by reconciling multiple regulations and requirements. Communicate and enforce procedures throughout your organization and beyond. Gain insights into policy violations and assess the impact of new or changing regulations on your business. TeamConnect’s policy lifecycle management approach delivers business agility, efficiency, and effectiveness in meeting requirements. Collaborate on policy creation and improve compliance through a single authoritative source to consolidate, maintain, and manage your policies and procedures. Publish policies enterprise-wide through online Web access. Defend your organization with a detailed trail of all policies and procedures, receipts, trainings, attestations, exceptions, and violations.
- IT.22 - Policy Mgmt, Communication & Training
- I1. Info Management
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- I2. Communication
- P2. Codes Of Conduct
- C3. Culture
- P3. Policies
- M4. Assurance
Protiviti Governance Portal
The Protiviti Governance Portal is a comprehensive software platform that integrates content and commonly accepted frameworks with world-class consulting expertise that provides organizations with the visibility and insight needed to manage and mitigate critical risk and compliance issues today and in the future.
- IT.01 - Audit and Assurance Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A2. Analysis
- M4. Assurance
- R5. Remediation
- (A) Assess
- (M) Measure
Asian Corporate Governance Association (ACGA) - Singapore Codes and Rules resource Organizations & Associations OCEG Reviewed
Contents and links on this site:
- Laws
- Accounting Standards
- Regulations
- Listing Rules
- Official Codes and Guidelines
Continuous Risk and Control Assurance: The Next Evolution of Internal Audit resource White Papers Member contribution
EU, European Commission Prospectus Directive (Rev. 2009) resource Agency Web Sites OCEG Reviewed
EC Press Release, 24 September 2009: The Prospectus Directive lays down the rules governing the prospectus that has to be made available to the public in case a public offer or admission to trading of transferable securities in a regulated market takes place in the EU.
EU, Consultation on Modernisation of the Directive 2004/109/EC (Transparency Requirements for Listed Companies) (May 2010) resource Standards and Guidelines OCEG Reviewed
Objective: The Commission has published a report on the operation of the Directive 2004/109/EC (Transparancy Directive) accompanied by a consultation document which is the basis for a public consultation on possible ways forward to modernise the transparency regime for listed companies.
FFIEC, Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual (2010) resource Agency Guidances
Introduction: This Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual provides guidance to examiners for carrying out BSA/AML and Office of Foreign Assets Control (OFAC) examinations.
