M4. Assurance

Order by:Group by:
FILTER BY:
Why is GRC important? blog
Submitted by nmarks on May, 17 2010

I have been blogging about what GRC is, advocating the definition developed by the Open Compliance and Ethics Group, OCEG (see this and subsequent posts). But, I haven’t really talked about why the concept of GRC has value.

Read more
The Network Policy Management

  • IT.22 - Policy Mgmt, Communication & Training
  • M1. Context Monitoring
  • P1. Proactive Actions & Controls
  • I2. Communication
  • M2. Performance Monitoring
  • P2. Codes Of Conduct
  • C3. Culture
  • M3. Systemic Improvement
  • P3. Policies
  • R3. 3rd Party Inquiry & Investigation
  • M4. Assurance
  • P4. Education
  • P5. Incentives
Read more
IT Audit Checklist for Change Management resource White Papers Member contributionOCEG Reviewed
This paper, "IT Audit Checklist: Change Management," supports an internal audit of the organization's change management policies in order to verify compliance and look for opportunities to improve efficiency, effectiveness, and economy.
Read more
Audit Fatigue resource Articles OCEG Reviewed
Submitted by OCEG Staff on Sep, 20 2008
Thumbnail
By Evelyn de Souza
Read more
AICPA, Statement on Auditing Standards No. 115, Communicating Internal Control Related Matters Identified in an Audit, Executive Summary (2008) resource Guides  OCEG Reviewed
The Auditing Standards Board has issued Statement on Auditing Standards (SAS) No. 115, Communicating Internal Control Related Matters Identified in an Audit. SAS No. 115 supersedes SAS No. 112 of the same title and was issued to eliminate differences within the AICPA’s Audit and Attest Standards resulting from the issuance of Statement on Standards for Attestation Engagements (SSAE) No. 15, An Examination of an Entity’s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements. SSAE No.
Read more
SAI Global GRC Software

SAI Global’s GRC Platform provides a flexible software solution to manage and profile risks, compliance obligations, incidents and cases, policies, and learning across the organization. Specific applications include configurations for environmental, health and safety use and for bribery and corruption risk management. A full utilization of SAI Global's software enables integration with SAI Global's Learning & Communication Platform and a single view across highly decentralized global operations. This inevitably results in better use of human capital, reduced costs, increased transparency and improved business results. A partial list of solution components, deployable as standalone elements or integrated, include risk assessment and profiling; obligations management; case and incident management; policy management; registries to manage gifts, hospitality, entertainment, facilitation payments and conflicts of interests; audit management; integration with hotline; and a fully configurable GRC Dashboard that integrates with learning and communication.

  • IT.02 - Board and Entity Management
  • IT.05 - Compliance Management
  • IT.11 - Environmental, Health, and Safety
  • IT.14 - Global Trade Compliance/International Dealings
  • IT.15 - Hotline/Helpline
  • IT.19 - Issue and Investigations Management
  • IT.22 - Policy Mgmt, Communication & Training
  • IT.23 - Privacy Management
  • IT.26 - Risk Management
  • IT.26 - Regulatory Intelligence and Monitoring
  • IT.28 - 3rd Party/Vendor Risk & Compliance
  • (C) Context
  • M1. Context Monitoring
  • P1. Proactive Actions & Controls
  • R1. Responsive Actions & Controls
  • D2. Notification
  • M2. Performance Monitoring
  • P2. Codes Of Conduct
  • R2. Internal Investigation
  • D3. Inquiry
  • P3. Policies
  • R3. 3rd Party Inquiry & Investigation
  • M4. Assurance
  • P4. Education
  • (O) Organize
  • (A) Assess
  • (I) Interact
Read more
FFIEC, Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual (2010) resource Agency Guidances

Introduction: This Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual provides guidance to examiners for carrying out BSA/AML and Office of Foreign Assets Control (OFAC) examinations.

Read more
General Rules and Regulations Promulgated under the Securities Exchange Act of 1934 resource National Regulations Member contributionOCEG Reviewed
Section 2 -Necessity for Regulation as Provided in This Title:
Read more
GAIT for Business and IT Risk (GAIT-R) (The IIA, 2008) resource White Papers OCEG Reviewed
Introduction: GAIT for Business and IT Risk (GAIT-R) is a methodology for identifying all the key controls that are critical to achieving business goals and objectives. GAIT-R identifies the critical aspects of IT that are essential to the management and mitigation of organizational risk, generically described in this document as business risk. These critical IT functionalities and their corresponding risks can then be considered when planning audit work.
Read more

All Access Pass

OCEG All Access Pass

Related terms
M2. Performance Monitoring
M1. Context Monitoring
M3. Systemic Improvement
M4. Assurance
Featured OCEG Programs
GRC Fundamentals on Demand