Governance, Risk and Compliance (GRC)

advertisement
Governance, Risk and Compliance (GRC)
November 19-20, 2015
It is a significant responsibility for an organization to implement and maintain a GRC
Framework. Today’s organizations have implemented selected components of a GRC
framework, but the challenge still remains: Which strategies need to be implemented to
have a completely integrated GRC approach?
In this two-day, interactive seminar attendees will learn how to implement a best-in-class
GRC Integrated Framework in an organization. Attendees will learn what the Audit
Committee and boards are seeking from their executives about GRC. You will learn how to
work with executive management to set the appropriate “tone” for ethics, compliance,
investigations and fraud reporting, and the management of governance risks. Participants
will learn how to successfully leverage every part of your organization to be part of the
Chief Risk Office. You will also learn the steps to take to make the internal audit function a
strategic part of the GRC framework. Attendees will be provided with the tools and best
practices you need to implement an integrated GRC model in your organization.
Day One
1. GRC: First, Answering the Important Questions

What is it?

Why is it important?

Why are we here? The defining moments!

Who is involved?

What are the roles and responsibilities?
2. Understanding Governance Risks: The GRC Model

Different drivers in corporate governance

Focus on “risks”: Thinking like the CCO and CRO

The “four cornerstones” of a corporate governance framework: The board,

Executive management, internal auditors, and external auditors

The board and audit committee: Stewards for governance reform

Executive management and tone at the top

The four key components

The GRC framework and model
3. Analysing the Tone at the Top and Tone in the Middle

What does tone at the top really mean? Tone-in-the-Middle?

Who sets the tone at the top

How to assess and determine an organization’s tone

Performing a "quick tone at the top" assessment

Responsibilities of management

Dealing with a tone that is unacceptable

Right vs. wrong: Consistency

Real-world “tone-at-the-top” scenarios: A behavioural model

Drill down - assessing the “tone-at- top” at the Middle Management level
4. Always Start with Risk: GRC Focus on Managing Risks

Determining your tolerance to risk and your organization's

Establishing the ERM Program and required sponsorship

Linking ERM to the annual planning process

Ownership/responsibility/accountability

Defining level 1 and level 2 risks: A different application of the risk pyramid

Adopting a risk culture and the types of risk assessments that need to be performed

Answering an important question: Do you need a risk policy?

Transference of risk

Applying the risk process to major events: Acquisitions and divestitures
determining the risks and obstacles in the way of achieving a financial plan

Strategic view for Internal Audit: Annual evaluation of the ERM approach

Best practice reporting: Who, what, when

Best practices for the CRO: What should be in your GRC framework
Day Two
5. Compliance and Regulatory Matters: The Core Strategy

Forming the compliance committee and charter

Assessing the impact of laws and regulations: Through the eyes of a regulator

The regulatory risk assessment

Identifying and using your organization’s subject matter experts

Building a best in class compliance organization

SOX considerations: Entity and transaction level

Developing the "playbook”

Attacking policies and procedures: Policy and procedures sub-committee

Effective compliance program roll-out - discipline vs. recognition

Effective use of tools and technology

Best in class reporting: Who, what, when

The “theme” for the compliance component

Best practices for the CROs: What should be in your GRC framework
6. Ethics: Values and Behaviour

forming the ethics committee and charter

Establishing a code of ethics and business conduct

Developing a separate and distinct conflict of interest statement

Social responsibility issues: Maintaining your public image

The starting point: Hiring ethical employees

HR policies and procedures: What’s important

Performance appraisals: A different view

Conducting ethics investigations

The independent hotline

Leverage technology: Analysing the trends

Best in class reporting: Who, what, when

The “theme” for the ethics component

Best practices for the CROs: What should be in your GRC framework
7. Investigations and Fraud Reporting: Standing Your Ground

Establishing a fraud policy and an anti-fraud program

The fraud risk assessment

Communication channels and one central point of contact for all allegations and
investigations

The protocols for an effective investigation

Success through constant internal communication

Once a fraud occurs: Evaluating controls and the connection to SOX

Leveraging technology" analysing the trends and getting ahead of a fraud

Reporting: Who, what, when

The “theme” for the investigation and fraud reporting component

Best practices for the CROs: What should be in your GRC framework
8. Key Strategy: Implementing the CCO/CRO and Monitoring Activities

The organization: Who should be involved and their roles and responsibilities

The connection to/working with operations, legal, accounting, IT, etc...Truly breaking down
the silos!

Leveraging existing self-monitoring activities and infrastructure: Implementing control selfassessment

Monitoring activities: Linking to the internal audit and the annual business plan, and which
audits need to be done for each component

Making internal audit a strategic part of GRC: That’s what this office will do

Evaluating the corporate governance program

Suggesting changes: Getting sustained results
About the Instructor . . .
Dr. Hernan Murdock, CIA, CRMA
Hernan Murdock is a Vice President, Audit Division for MIS Training Institute. Before joining MIS he was
the Director of Training at Control Solutions International, where he oversaw the company’s training and
employee development program. Prior to that, he was a Senior Project Manager leading audit and
consulting projects for clients in the manufacturing, transportation, high tech, education, insurance and
power generation industries. Dr. Murdock also worked at Arthur Andersen, Liberty Mutual and KeyCorp.
Dr. Murdock is a senior lecturer at Northeastern University where he teaches management, leadership
and ethics. He is the author of 10 Key Techniques to Improve Team Productivity and Using Surveys in
Internal Audits, both published by the IIA Research Foundation. He has also written articles and book
chapters on whistleblowing programs, international auditing, mentoring programs, fraud, deception,
corporate social responsibility, and behavioral profiling. He has conducted audits and consulting projects,
delivered seminars and invited talks, and made numerous presentations at internal audit, academic and
government functions in North America, Latin America, Europe and Africa.
Download