Auditing Your GRC Program - PowerPoint PPT Presentation

About This Presentation
Title:

Auditing Your GRC Program

Description:

This quick reference guide discusses the importance of auditing the GRC programs and best practices for successfully auditing it. – PowerPoint PPT presentation

Number of Views:116
Slides: 8
Provided by: referral
Category: Other

less

Transcript and Presenter's Notes

Title: Auditing Your GRC Program


1
Auditing Your GRC Program
2
What Constitutes a GRC Program?
  • Governance, risk and compliance or GRC programs
    are complex an organization has to use its GRC
    program to address the regulatory requirements
    expected of, among others, the following
  • Enterprise Risk Management
  • COSO Internal Controls
  • Environmental Compliance (EPA rules)
  • Anti Trust
  • Anti Money Laundering
  • Anti Bribery/Corruption
  • Quality Management and Standards such as ISO
    9000, 9001
  • Process Management such as Six Sigma
  • Anti Harassment
  • Human Capital
  • Whistle-blowing
  • HR Processes
  • The areas listed above are just few of those that
    come under the purview of a robust GRC program.

3
Why Audit a GRC Program?
  • Given the complex nature of regulations around
    the world today and the increasing risks of doing
    business, it is important that the GRC program in
    an organization is audited frequently. Most of
    the lapses in corporate governance occur due to
    outdated GRC programs that have not been audited
    and updated to reflect the current regulatory
    environment.
  • Internal audits of GRC programs allow management
    and the board to identify risks and areas that
    need strengthening and root out any
    non-compliance.
  • An audit can help evaluate the adequacy of the
    programs design and effectiveness as well as new
    practices and technologies to be implemented.
  • Audits of the GRC program have to be carried out
    periodically these should supplement an
    ongoing, daily evaluation of the effectiveness of
    the program, including monitoring of controls and
    responses.

4
Internal Audit Process The General Steps
  • Define evaluation scope, objectives, and the type
    of evaluation.
  • Define the level and type of assurance
  • Identify the evaluation team and skills required.
  • Develop evaluation plan.
  • Perform design adequacy evaluation.
  • Perform operational effectiveness evaluation.
  • Communicate evaluation results and ensure
    follow-up to address issues.

5
Conduct Proper Risk Assessment
  • Before carrying out the audit, the risks need to
    be understood and assessed. Risk assessment is
    important in ensuring that the audit plan,
    program and specific tests that need to be
    carried out are appropriate and adequate. The
    risk assessment needs to be carried out while the
    audit is underway as well.
  • Some of the key risk factors in GRC program
    audits include
  • The scope and complexity of the program.
  • The scope and complexity of the organization.
  • The current regulatory environment.
  • Breaking news and developments relevant to
    corporate governance.
  • The experience of the GRC program management
    team.
  • Implications of Sarbanes Oxley on the business.
  • The day-to-day involvement and support of the
    management and board.
  • The pace of updates and changes to the programs
    efforts.
  • The maturity of the program.
  • The robustness of the GRC programs project
    management processes.

6
Best Practices for Successfully Auditing GRC
Programs
  • Plan Your Audit Properly
  • Define Your Audit Scope and Objectives
  • Conduct Proper Risk Assessment
  • Ensure Audit Testing is Carried Out
  • Issue a Comprehensive Audit Report

7
  • Want to learn more about audit, and best
    practices for auditing? ComplianceOnline webinars
    and seminars are a great training resource. Check
    out the following links
  • How to Audit GRC Programs?
  • Role of the Audit Committee in Corporate
    Governance
  • Internal Audit's Role in Enterprise Risk
    Management
  • OCEG Approved GRC (Governance, Risk and
    Compliance) Professional Seminar
  • Auditing Technology and IT Investment Management
Write a Comment
User Comments (0)
About PowerShow.com