GOVERNANCE, RISK, AND COMPLIANCE HANDBOOK
GOVERNANCE, RISK, ANDCOMPLIANCE HANDBOOKTECHNOLOGY, FINANCE, ENVIRONMENTAL, A N DINTERNATIONAL GUIDANCE AND BEST PRACTICESEdited ByANTHONY TARANTINO, P H DWILEYJOHN WILEY & SONS, INC.
CONTENTSPrefaceAcknowledgmentsAbout the ContributorsCHAPTER 1XXXIIIXXXVxxxvii1INTRODUCTION1.1Act Locally, Impact Globally1.2Governance1.3Risk1.4 - Compliance and Internal Controls1.5GRC and Globalization1.6Growth of Global Trade1.7Simple Suggestions to Improve Governance,Risk Management, and Compliance (GRC)1.8Why Read This Book: The Case for Good GRC1.9Organization of the HandbookPART 1 Corporate GovernanceCHAPTER 22.12.22.32.42.52.62.72.8330353639A RISK-BASED APPROACH TO ASSESS INTERNALCONTROL OVER FINANCIAL REPORTINGCHAPTER1215212530A Risk-Based Approach to Assessing ICFRDetermine Key StakeholdersEstablish the Risk Management ContextRisk Rating and Risk IdentificationAnalyze and Evaluate RisksTreat/Mitigate RisksIdentify, Assess, and Report on Residual RiskStatusConcluding RemarksCOSO—Is IT3.1(ICFR)FIT FOR PURPOSE?The Roots of COSOIX4142424447515262646566
x CONTENTS3.23.8COSO the Committee and COSO the 1992Integrated Control Framework: Have TheyStood the Test of Time?Actual Market Acceptance of the COSO 1992Framework Prior to SOXExpectations of COSO Escalate OvernightIs COSO 1992 Free from Bias?Does COSO 1992 Permit ConsistentQuantitative/Qualitative Measurement?Is COSO 1992 Sufficiently Complete So ThatRelevant Factors Are Not Omitted?Is COSO 1992 Relevant to an Analysis of3.9Controls over Financial Reporting?COSO: Looking Forward7475TIME; TO RETHINK THE CORPORATE TAX773.33.43.53.63.7CHAPTER 44.14.2CHAPTER 5THE ROLE OF INTERNAL AUDIT5.15.25.35.45.55.6CHAPTER 6CHAPTER 7Q&A with Mihir DesaiAbout Faculty in This ArticleIntroductionInternal Auditors' Role Throughout HistoryThe Role TransformedBeyond Assurance: Advisory ServicesAchieving the Greatest ImpactThe Bright Outlook of Internal Auditing697071727373118183838386878992OUTSOURCED PROCESSES: RISK A N D RESOLUTION956.16.26.36.46.56.695969799100100A Matter of RiskA Matter of ResponsibilityOutsourced Risk ManagementSAS 70 CriticismsSAS 70 AlternativesSummaryTHE LAST MILE OF FINANCE7.1The Last Mile of Finance103103
CONTENTS7.27.37.47.5CHAPTER 8U.S. STOCK OPTION BACKDATING SCANDALS8.18.28.38.48.58.6CHAPTER 9IntroductionThe Pros and Cons of Stock OptionsThe American ScandalsWhy Stock Options Should Be AvoidedSuggestions in Managing Options for ThoseWho Must Retain ThemHow the United States Got into Such a MessFRAUD A N D CORRUPTION9.19.29.39.49.59.69.7CHAPTER 10Regaining ControlWhere Everything Comes TogetherThe Path to an Optimum CloseA Return to Good FinanceWhat Are Fraud and Corruption? HistoricalBackground from sequences of Fraud and Corruption for anIndividual, Business, and Community123Principal-Agent Problem with Practices andProcedures for Managing Fraud and Corruption 125Best Practice Guidelines for DetectionMethods, Including Checking of Backgroundand References126Data Mining for Detection of Fraud andCorruptionCorporate Governance, Compliance Issues,and-Knowing Your Employees and ClientsEnforcement, Incentive Schemes, and MarketSolutions Preventing Fraud and Corruption126127130W H Y FIGHTING CORRUPTION REMAINS A LOSINGBATTLE10.1Introduction: The Fight against CorruptionRequires a Deeper Understanding of theUnderlying Malaise133133
xiiCONTENTS10.2Corruption and Governance: FundamentalConcepts and Concerns10.3 What Drives Corruption?10.4 Conclusions: Don't Use the " C " WordPART 2IT GovernanceCHAPTER 11IT GOVERNANCE 1.1111.1211.1311.14CHAPTER 12134136145153155Governance BackgroundInformation Economy, Intellectual CapitalCompetitivenessIT Service DeliveryGovernance ConvergenceStrategic and Operational Risk ManagementRegulatory ComplianceInformation RiskStrategic System Deployment and ProjectGovernanceIT Governance Frameworks and ToolsFrameworksAS 8015-2005IT Governance—The Implementation ChallengeBenefits of an IT Governance Frameworkiso: 7001 AND ISO 17799ISO 27001 and ISO 17799—The InformationSecurity Standards12.2 ISO 1 7799 versus ISO 2700112.3 Conclusion12.4 Essential Further 6912.1CHAPTER storyCOBlT CUBELinking Business Goals to IT Goals181182184187
CONTENTS13.513.6How Will COBlT 4.x Impact/Benefit Users?ConclusionPART 3 Operational RiskCHAPTER 14OPERATIONAL RISK MANAGEMENT ining Operational Risk14.3 Tone at the Top and Corporate Culture14.4 Documentation14.5 Policies and Procedures14.6 Independent Audit14.7 Management OversightCHAPTER 15xiii193193195195196196196197THE USE OF SIX SIGMA IN OPERATIONAL RISK A N DREGULATORY COMPLIANCE: REDUCTION INVARIABILITY15.115.215.315.415.5CHAPTER 16What Is Six Sigma?The Six Sigma MethodologyThe Hard Tools of Six SigmaThe Soft Tools of Six SigmaConclusion199200201206211212OPERATIONAL RISK MANAGEMENT USINGQUANTITATIVE nDefining Operational RiskDefining Quantitative Analysis (QuantitativeMethods)Advantages and Disadvantages of UsingQuantitative MethodsOperational Risk Assessment andManagement—Essential ComponentsQuantify Operational RiskMonitor and Control Operational RiskChange Management213213215216217217226229229
xivCONTENTSCHAPTER 17OPERATIONAL RISK MANAGEMENT IN 40IntroductionApproaches to Operational Risk ManagementBanking DocumentationOperational Risk Tools OverviewU.S. NPR: AMA Approaches for OperationalRiskPART 4 Technology and ToolsCHAPTER 18CHAPTER 20257W H A T TO LOOK FOR IN ENTERPRISE CONTENTMANAGEMENT FOR COMPLIANCECHAPTER 1924325918.1 Introduction18.2 Financial Compliance Process18.3 Standard Requirements18.4 Advanced Requirements18.5 Next Generation ECM Systems18.6 Conclusion259260261262264265ENTERPRISE SEARCH A N D AUTOMATED TESTING26719.119.219.3267273Current State OverviewChallenges in Applying Best PracticesCase Study: Global Oil and Gas ExplorationCorporation274W H A T TO LOOK FOR IN AUDIT t ProcessAudit Operations Maturity ModelBusiness Pain Points (Level 1: Initial)Value Proposition of Audit OperationsApplicationsAudit Operations ApplicationsStandard Functionalities (Levels 2 and 3:Defined)277277279280281283283
CONTENTS xv20.720.820.9CHAPTER 21Advanced Functionalities (Level 4: Managed)286Next Generation Offerings (Level 5: Optimizing) 288Conclusion291AUTOMATION OF SEGREGATION OF DUTIES21.1 Introduction21.2 Defining Segregation of Duties21.3 Looking toward Automation21.4 Automating Segregation of Duties21.5 Segregation of Duties Consideration Checklist21.6 Types of Automation Tools21.7 SOD Violation Reporting Capabilities21.8 SOD Simulation Capabilities21.9 Preventive Controls21.1 0 SOD Risk Libraries21.1 1 Implementing a SOD Automation Tool21.1 2 Postimplementation SupportCHAPTER 22INTERNAL CONTROLS BEST PRACTICES22.122.222.322.4OverviewCOSO IIAutomation of ControlsTypes of Automated Controls22.5 Primary Financial Control Considerations22.6 Combining Compliance and OperationalRequirements to Achieve an ROI onCompliance Expenditure22.7 Further Considerations22.8 ConclusionCHAPTER 307309313318321322IT CONTROLS AUTOMATION A N D DATABASEMANAGEMENT: DEFENDING AGAINST THE INSIDERTHREAT23.123.2325The New Internal Controls Environment: ITDepartments Face a Sea Change326A Layman's Guide to the Role of RelationalDatabase Management Systems in an Enterprise 328
xviCONTENTS23.323.423.523.623.723.823.9CHAPTER 24A Layman's Guide to the Role of the DatabaseAdministrator in an EnterpriseHow Internal Auditors Test DatabaseManagement OperationsA Framework for Formulating an IT ControlsAutomation StrategyHow to Implement Effective PreventiveControls for RDBMS'How to Implement Effective DetectiveControls for RDBMSOutsourced IT Processes: The Promise and thePitfallsThe Compelling Business Case for AutomatedInfrastructure Controls330332333336338340PLM TECHNOLOGIES: ROLE A N D VALUE INSUPPORTING PRODUCT ionPLM—What It Is, and What It Isn'tThe ProductThe Requirements24.5 The Processes34624.624.7Compliance Assurance SystemValue of Automation and System Control34734824.8Reference Architecture34924.9 ConclusionsCHAPTER 25329351How XBRL WILL DRAMATICALLY IMPROVEREPORTING A N D CONTROL PROCESSES35325.125.2IntroductionA Primer on XBRL35335525.325.4Who Is Using XBRL Today?The Business Case for Improving BusinessReporting TransparencyCurrent ConstraintsAdditional Benefits from XBRL35625.525.6359359363
CONTENTSPART 5CHAPTEREnvironmental Governance26IntroductionThe RoHS and WEEE LegislationsRestriction of Hazardous Substances GloballyImpact of RoHS and WEEE on BusinessProcesses and Supply Chain Participants26.5 7.727.828IntroductionPressures on the EnvironmentLegal FrameworkInstitutional FrameworkEnforcement and Compliance PromotionCompliance by IndustryRising Public Environmental AwarenessHarmonious Society and EnvironmentalCompliance and 380381381383387387388THE TRAJECTORY OF ENVIRONMENTAL REGULATION: A STRATEGIC APPROACH FOR INDUSTRYCHAPTER369ENVIRONMENTAL COMPLIANCE AND ENFORCEMENTIN CHINACHAPTER367THE IMPACT OF ENVIRONMENTAL LEGISLATION O NHIGH-TECH SUPPLY CHAINSCHAPTERxviiDriversCharacteristics of Resulting RegulationsThe ImpactA Holistic ApproachENVIRONMENTAL COMPLIANCE IN INDIA29.1 Introduction29.2 Current State of Regulatory Compliance andInstitutional Challenges29.3 Corporate Environmental Performance:Compliance and Beyond29.4 Conclusion393393394397400405405407409411
XVIIICONTENTSCHAPTER 30LATIN AMERICAN ENVIRONMENTAL COMPLIANCE:ENVIRONMENTAL BIOTECHNOLOGY30.1 Environment and Industrialization30.2 Environmental Biotechnology Role30.3 Environmental Biotechnology Applied toSewage Treatment30.4 Environmental Biotechnology Applied toReforestation30.5 LegislationCHAPTER 31421422422RELATED TO CHEMICALS AND ELECTRONIC WASTE42531.1 Introduction31.2 The U.S. Toxic Substance Control Act31.3 Electronic Waste in Environmental Policy425426431439ELECTRONICS GLOBAL HOMOLOGATION:REMOVING REGULATORY BARRIERS TO TRADE32.132.232.332.432.532.632.7CHAPTER 33414416POLICY DEVELOPMENTS IN THE UNITED STATESPART 6 Industry GovernanceCHAPTER 32413OverviewHomologation Project ManagementNorth AmericaWestern Europe: R&TTE DirectiveRest of the WorldProduct CollateralThe Future: Positive Regulatory Trends441441442443443444448448PROTECTING THE INNOCENT: THE INFORMATIONSECURITY AND PRIVACY BATTLE33.1 Recent History of Privacy Regulations in theUnited States33.2 Personal Data Privacy Protection in Europe33.3 Critical Role of Accountability in InformationSecurity451451453454
CONTENTS xix33.4 For Further Consideration—IndividualRecognition TechnologyCHAPTER 34SHIPPERS COMPLIANCE IN FREIGHTTRANSPORTATION A N D LOGISTICS34.134.234.334.434.534.6IntroductionKey Regulatory BodiesImport RequirementsExport RequirementsHazardous MaterialsOther Generally Accepted Protocolsand Standards34.7 The Increasing Importance of Conformanceto Customer Standards34.8 ConclusionCHAPTER 35PHARMACEUTICAL35.135.235.335.435.5CHAPTER 461470470471473475481481481482483PUBLIC SECTOR TRANSPARENCY—How Is ITREGULATED IN EUROPE?36.1 Introduction: The Role of Transparencyfor Good Governance36.2 Right of Access to Public Sector Informationin Europe36.3 ConclusionsCHAPTER pliance in the Retail IndustryConsumer SafetyEnvironment: RecyclingData and Payment TransactionsLooking Ahead485485486491493493494496500502503
xxCONTENTSCHAPTER 38SUPPLY CHAIN COMPLIANCE38.1 Introduction38.2 Separation of Duty38.3 Selection of Suppliers38.4 Risk and Business Continuity Management38.5 Payments38.6 Item and Supplier Setup38.7 Contracts and Purchase Orders38.8 Tracking and Reporting Purchase Obligations38.9 Assurance of Supply38.10 Supply Chain Planning and Scheduling38.11 Inventory Management38.12-Physical Asset Protection, IntellectualProperty, and Confidentiality38.13 Logistics, Tax, and Trade38.14 Anticompetitive Behavior38.15 Quality Requirements for the BusinessManagement System38.16 Supply Chain Environmental and SocialResponsibility Management38.17 Record Keeping38.18 TrainingCHAPTER 39TELECOMMUNICATIONS39.139.239.339.439.5CHAPTER 40LicensesRegulated Pricing and TariffsHealth and SafetyPrivacy and Security of Customer S COMPLIANCE IN FREIGHTTRANSPORTATION A N D LOGISTICS40.140.240.340.4IntroductionKey Regulatory BodiesCompliance Issues for Trucking CompaniesCompliance Issues for Railroads537537538538541
CONTENTS xxi40.540.640.7Compliance Issues for Marine TransportationCompaniesCompliance Issues for Air Cargo CarriersConclusionPART 7 Financial Services GovernanceCHAPTER 4141.141.241.341.441.541.641.741.8The History of Financial Services RegulationInternational RegulationWhat Is the Point of Regulatory Capital?How Much Regulatory Capital Is Required?Other Financial RegulationMoney Laundering DeterrenceBanking and the EnvironmentThe Future of Banking RegulationINSURANCE INDUSTRY A N D SOLVENCY II42.1Introduction42.242.3Valuing Insurance LiabilitiesSolvency Capital and Minimum CapitalRequirementsOperational Risk ManagementIssues Facing Insurers in ImprovingOperational RiskIssues Facing Insurers in Improving DataIntegrity and RetentionIssues Facing Insurers Meeting IFRS andSolvency IIThe Lamfalussy Process in DeployingSolvency IIConclusion42.442.542.642.742.842.9CHAPTER 43551FINANCIAL SERVICES REGULATION A N DCORPORATE GOVERNANCECHAPTER 42545547549ISLAMIC FINANCE43.143.2IntroductionShariah Busin
1.7 Simple Suggestions to Improve Governance, Risk Management, and Compliance (GRC) 30 1.8 Why Read This Book: The Case for Good GRC 35 1.9 Organization of the Handbook 36 PART 1 Corporate Governance CHAPTER 2 A RISK-BASED APPROACH TO ASSESS INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR) 2.1 A Risk-Based Approach to Assessing ICFR
Sep 30, 2013 · Governance Risk and Compliance (GRC) White Paper Introduction Governance, Risk and Compliance (GRC) management is an effective means for organizations to gather important risk data, validate compliance, and report results to management. Definitions of GRC vary as do the potential application
GRC - Governance, Risk Management and Compliance 7 August, 2019 Figure 1.1: Getting an overview on the Governance, Risk and Compliance when starting a new project. Setting the Principles Define a Stakeholder section in the repository that includes a governance model that mand
Risk-Based Compliance Handbook en/2008_02_12_introduction_gmp.pdf Risk-Based Compliance Handbook. Risk-Based Compliance Handbook Introduction
and resources Data Governance for GDPR Compliance: Principles, Processes and Practices November 2017 43 This white paper provides an overview of data governance as it pertains to the GDPR, and how Microsoft services and products can help implement a data governance programme. Data governance is a broad topic and GDPR compliance is a complicated .
International Risk Governance Council's recommendations for the improved risk governance of nanotechnology in food and cosmetics. The International Risk Governance Council (IRGC) is an independent foundation based in Switzerland whose purpose is to identify and propose recommendations for the governance of emerging global risks.
PART III Globalism, liberalism, and governance 191 9 Governance in a globalizing world 193 ROBERT O. KEOHANE AND JOSEPH S. NYE JR., 2000 Defining globalism 193 Globalization and levels of governance 202 Globalization and domestic governance 204 The governance of globalism: regimes, networks, norms 208 Conclusions: globalism and governance 214
The handbook of nonprofiT Governance from boardSource comes The Handbook of Nonprofit Governance. This comprehensive resource explores the overarching question of governance within nonprofit organizations and addresses the roles, structures, and practices of an effective nonprofit. The Handbook of Nonprofit Governance covers the topics that are .
Accounting and Reporting by Charities: Statement of Recommended Practice applicable to charities preparing their accounts in accordance with the Financial
