|
Home > Preview
The flashcards below were created by user
acelaker
on FreezingBlue Flashcards.
-
Flow of information
- Governance (outer layer)
- Risk Management (next layer)
- Internal Control (inner layer)
info can flow both ways
-
Definition of Governance
nInvolves a set of relationships between company’s management, its board, its shareholders and other stakeholders
nGovernance begins with the board of directors and its committees (the umbrella of governance oversight)
nProvides direction to management
nEmpowers management with authority to take necessary action
nBoard must understand and focus on needs of key stakeholders (fiduciary duty)
nDay-to-day, governance is executed by management
- nInternal and external activities provide management and the board assurance regarding the effectiveness of governance activities (including internal and independent
- auditors)
-
Key Components of Governance Oversight
Stakeholders
Goverance "Umbrealla"
Risk Mgmt (Senior/Risk Owner) and Assurance (Internal/External Activities)
-
Board of Directors
- nStrategic direction –
- board is responsible for strategic direction and guidelines relative to the establishment of key business objectives, consistent with the organization’s business model and aligned with stakeholder priorities
- Governance oversight
- – board’s role in managing and monitoring the organization’s operations
-
Key Stakeholders
- nSome stakeholders are directly involved in operations
- nEmployees, customers, vendors
- nOther stakeholders are not directly involved, but are interested in the business (affected by the success)
- nShareholders/investors, regulatory agencies (SEC, DOL, etc.), financial institutions
- nSome stakeholders are neither directly involved or interested, but they may influence aspects of the business
- nRegulatory agencies, financial institutions
-
Senior Management
nManagement executes day-to-day activities
nBoard delegates authority to management to perform activities
nManagement has responsibility to execute the board’s direction in a manner that achieves corporate objectives, but within the tolerance limits outlined by the board
-
Senior management can best execute its governance responsibilities by
- nEstablishing a risk committee
- nTypically led by CRO
- nResponsible for determining that all key risks are identified, linked to risk management
- activities and assigned to risk owners
nEvaluates the organization’s ongoing risk appetite
nArticulating reporting requirements
nRisk owners must understand nature, format and timing of communications regarding effectiveness of risk management activities
nReevaluating governance expectations periodically (typically annually)
-
Risk Owners
nIndividuals who have day-to-day responsibility to ensure risk management activities effectively manage risks with the organization’s tolerance levels
nResponsible for identifying, measuring, monitoring, and reporting on risks to members of senior management
-
Risk owners can best execute by:
nPresenting governance recommendations to the risk committee
nReevaluate risk management activities periodically (at least annually)
-
Assurance Activities
nProvide the board and senior management with an objective assessment regarding the effectiveness of the governance and risk management activities
-
3 Line of Defense Model
- 1st Line: (Senior Mgmt)
- Mgmt Control
- Internal Control Measures
- 2nd Line: (Senior Mgmt)
- Financial Controller
- Risk Mgmt
- Compliance
- Health and Safety
- Environmental
- Quality Assurance
- 3rd Line (Senior Mgmt/Gov Body/Audit Com)
- Internal Audit
|
|
Get the free mobile app
Take the Quiz
Learn more
Learn more