M2. Performance Monitoring | by OCEG the Open Compliance and Ethics Group

OCEG Contributed

OCEG Measurement & Metrics Guide

Measurement & Metrics Guide (MMG) Full Listing

Elephant in the Room: Program Evaluation and Performance Measurement

OCEG One Minute Poll: Evaluate What?

OCEG 2008 Benchmarking Series Report: GRC Measurement and Metrics

OCEG One Minute Poll: How Do You Screen Vendor Compliance? September, 2011

M1 Monitoreo del Contexto-v2.1

M2 Monitoreo del Desempeno.v2-1

OCEG Internal Audit Guide

AICPA, Auditing Standards

IIA, Using Nonfinancial Measures to Assess Fraud Risk (2008)

SEC Publishes Its Guidance for Management on Evaluating Internal Controls (FSA, IIA, 2007)

Burgundy Book (GRC Assessment Tools) v2.1.1

ARRA and Single Audits: Addressing the Risks and Challenges (2010)

Treasury Board of Canada Secretariat Internal Audit Web Site

Whistleblower Protection: Sustained Management Attention Needed to Address Long-standing Program Weaknesses (GAO, 2010)

USSC, Amendments to the Sentencing Guidelines - Reader Friendly Version of Amendments (Aprill 28, 2011)

Brief Summary of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010

Consultation Paper on Corporate Governance Regulations and Guidelines, Monetary Authority of Singapore, March 2010

Asian Corporate Governance Association (ACGA) - Singapore Codes and Rules

OMB Circular A-133 Compliance Supplement March 2009

AICPA, Technical Practice Aid 8700.03, “Auditor’s Responsibilities for Subsequent Events Relative to a Conduit Debt Obligor" (September 2010)

Member Contributed

Evaluating Governance, Risk & Compliance Effectiveness

Evaluating Governance, Risk & Compliance Performance

EthicsPoint: Tools and Insight to Achieve Corporate GRC Maturity

Information Systems Audit and Control Association (ISACA)

Federal Financial Institutions Examination Council (FFIEC) IT Handbook Infobase

American Society for Quality

Auditing System Conversions (IIA)

Conduct an Ethics Audit (The Physician's Resource)

Ethics Audit Essential for Every Business (2004)

Audit Your Ethics

Technology - The Institute of Internal Auditors (IIA)

Information Technology Process Institute (ITPI) Reading Room

Tripwire Documents: White Papers Collection

GAO/NSAA, Management Planning Guide for Information Systems Security Auditing (2001)

IT Security, IIA Resources Page

SANS, What Works in Internet Security

International Systems Security Engineering Association (ISSEA)

CCCure.org - An Open Study Guides Web Site

Professional Security Testers Web Site

Forrester Research

GAO Special Publications: Computer and Information Technology

UK, Office of Government Commerce (OGC) Successful Delivery Toolkit

Office of Government Commerce (OGC) IT Infrastructure Library (ITIL)

Chief Information Officers Council (CIO)

FAQs for COSO's Enterprise Risk Management Integrated Framework

COSO, Enterprise Risk Management Integrated Framework: Executive Summary

DHS, Risk Management Approaches to Protection (October 2005)

Enterprise Governance: Getting the Balance Right (2003)

Sarbanes-Oxley Sections 302 & 404: A White Paper Proposing Practical, Cost Effective Compliance Strategies (April 2003)

International Organization for Standardization (ISO)

International Organization for Standardization (ISO) Understand the basics

ISO, 14000 Family of International Standards

ISO 14001:2004 - Environmental management systems -- Requirements with guidance for use (Purchase Site)

ISO 9000 essentials (9001:2008)

ISO Management Standards - Specific applications

ISO, Quality management principles

ISO 9001 Auditing Practices Group

ISO 9001 Accreditation Auditing Practices Group

ISO Code of Ethics

ISO Annual Reports

ISO Strategic Plan 2005 2010

Nasdaq Code of Conduct for the Board of Directors

Nasdaq, Summary of Corporate Governance Proposals

Nasdaq, Corporate Governance (2004)

NASDAQ Stock Market, Inc. Corporate Governance Guidelines for the Board of Directors

New York Stock Exchange (NYSE), Corporate Governance

Selection and Use of the ISO 9000:2000 family of standards (ISO 9001:2000.)

Case for Compliance, The: An article from the American Bar Association (ABA, 2003)

Corporate Compliance Programs in the Aftermath of Sarbanes-Oxley (ABA)

FRB, To the Officer in Charge of Supervision and Appropriate Supervisory and Examination Staff at each Federal Reserve Bank and to each Domestic and Foreign Banking Organization Supervised by the Federal Reserve (2002)

Public Company Accounting Oversight Board: Standards Setting, Text of Auditing Standards and Standards Related Rules

SEC, Public Company Accounting Oversight Board: Releases Issued by the SEC on PCAOB Rule Proposals

FDIC, Strategies for Enhancing Corporate Governance, Audit Report No. 04-032 (2004)

Compliance Assessments: A First Step Toward Ensuring an Effective Compliance Program (2005)

SEC, Field Offices Integrity Program (2005)

Defense Ethics Program: Opportunities Exist to Strengthen Safeguards for Procurement Integrity (GAO Report, April 2005)

Time Is Ticking On QAS Compliance

Sustaining SOX Compliance: Moving from chaos to consistency (2005)

Time to Consider Revising Compliance and Ethics Programs in Light of New Federal Sentencing Guidelines (2004)

Federal Sentencing Guidelines: Enterprise Risk Management (2004)

SEC, Briefing Paper: Roundtable on Implementation of Internal Control Reporting Provisions (2005)

SEC, Spotlight On: Internal Control Reporting Provisions

Key Elements of Antifraud Programs and Controls (2003)

Seven Habits Of Highly Effective Compliance Programs, Executive Summary (July 12, 2005)

Internal Control Guide for Managers, The State of Massachusetts, Office of the Comptroller

United Kingdom, The Orange Book Management of Risk - Principles and Concepts (2004)

Building a Partnership for Effective Compliance: The Third Government-Industry Roundtable

2007 National Business Ethics Survey (ERC)

OCEG Corporate Governance Maturity Model

OCEG Corporate Compliance and Ethics Maturity Model

J-SOX Newsletter, Issue No.1

20 Questions Directors Should Ask About Internal Audit (2d Edition, 2007)

Auditing a Compliance and Ethics Program (2007)

OCEG Metrics Qualification Tool

SEC Interpretation, Commission Guidance Regarding Management's Report on Internal Control Over Financial Reporting Under Section 13(a) or 15(d) of the Securities Exchange Act of 1934 (June 27, 2007)

SEC, Final Rule: Amendments to Rules Regarding Management's Report on Internal Control Over Financial Reporting (2007)

Approva 2007 Compliance Survey Results

Measuring the Effectiveness and Performance of Your Program (July 2007)

SEC, Definition of the Term Significant Deficiency - Final Rule (2007)

OCEG Internal Audit Guide - Executive Summary

Internal Control from a Risk-Based Perspective (IFAC, 2007)

Looking for Risk in all the Right Places (2006)

Measurement & Metrics Guide Executive Summary

Measurement Program Strategy Template

Guide 6: Managing and Auditing IT Vulnerabilities (IIA, 2007)

PCOAB, Standards - Staff Questions and Answers

SEC, Commission Statement on Implementation of Internal Control Reporting Requirements

AICPA, Audit Committee Effectiveness Center

AICPA Antifraud & Corporate Responsibility Resource Center

AICPA, Audit and Attest Standards

Taking Control: A Guide to Compliance with Section 404 of the Sarbanes-Oxley Act of 2002

Sarbanes-Oxley Section 404: 10 Threats to Compliance (2006)

Compliance Journey: Making Compliance Sustainable (KPMG, 2005)

How to move your company to sustainable Sarbanes-Oxley compliance - from project to process (2002)

Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements - Frequently Asked Questions Regarding Section 404 (2003)

Ethics Resource Center (ERC)

Business Ethics

TheCRO: The Magazine of Corporate Responsibility

Ethics in Computing

U.S. Office of Government Ethics (OGE) Web site

All Access Pass

Related terms

M2. Performance Monitoring

M1. Context Monitoring

M3. Systemic Improvement

M4. Assurance

Featured OCEG Programs

GRC Fundamentals on Demand