SlideShare a Scribd company logo

Auditing your grc programs

Download as PPTX, PDF
C
complianceonline123

What Constitutes a GRC Program? Governance, risk and compliance or GRC programs are complex – an organization has to use its GRC program to address the regulatory requirements expected of, among others, the following: Enterprise Risk Management COSO Internal Controls Environmental Compliance (EPA rules) Anti Trust Anti Money Laundering Anti Bribery/Corruption Quality Management and Standards such as ISO 9000, 9001 Process Management such as Six Sigma Anti Harassment Human Capital Whistle-blowing HR Processes The areas listed above are just few of those that come under the purview of a robust GRC program. Why Audit a GRC Program? Given the complex nature of regulations around the world today and the increasing risks of doing business, it is important that the GRC program in an organization is audited frequently. Most of the lapses in corporate governance occur due to outdated GRC programs that have not been audited and updated to reflect the current regulatory environment. Internal audits of GRC programs allow management and the board to identify risks and areas that need strengthening and root out any non-compliance. An audit can help evaluate the adequacy of the program’s design and effectiveness as well as new practices and technologies to be implemented. Audits of the GRC program have to be carried out periodically – these should supplement an ongoing, daily evaluation of the effectiveness of the program, including monitoring of controls and responses. Internal Audit Process – The General Steps: Define evaluation scope, objectives, and the type of evaluation. Define the level and type of assurance Identify the evaluation team and skills required. Develop evaluation plan. Perform design adequacy evaluation. Perform operational effectiveness evaluation. Communicate evaluation results and ensure follow-up to address issues.

Government & Nonprofit
1 of 7
Governance, risk and compliance or GRC programs are complex – an organization has to use its GRC program to address the regulatory requirements expected of, among others, the following:  Enterprise Risk Management  COSO Internal Controls  Environmental Compliance (EPA rules)  Anti Trust  Anti Money Laundering  Anti Bribery/Corruption  Quality Management and Standards such as ISO 9000, 9001  Process Management such as Six Sigma  Anti Harassment  Human Capital  Whistle-blowing  HR Processes The areas listed above are just few of those that come under the purview of a robust GRC program.
 Given the complex nature of regulations around the world today and the increasing risks of doing business, it is important that the GRC program in an organization is audited frequently. Most of the lapses in corporate governance occur due to outdated GRC programs that have not been audited and updated to reflect the current regulatory environment.  Internal audits of GRC programs allow management and the board to identify risks and areas that need strengthening and root out any non-compliance.  An audit can help evaluate the adequacy of the program’s design and effectiveness as well as new practices and technologies to be implemented.  Audits of the GRC program have to be carried out periodically – these should supplement an ongoing, daily evaluation of the effectiveness of the program, including monitoring of controls and responses.
1. Define evaluation scope, objectives, and the type of evaluation. 2. Define the level and type of assurance 3. Identify the evaluation team and skills required. 4. Develop evaluation plan. 5. Perform design adequacy evaluation. 6. Perform operational effectiveness evaluation. 7. Communicate evaluation results and ensure follow-up to address issues.
 Before carrying out the audit, the risks need to be understood and assessed. Risk assessment is important in ensuring that the audit plan, program and specific tests that need to be carried out are appropriate and adequate. The risk assessment needs to be carried out while the audit is underway as well.  Some of the key risk factors in GRC program audits include: ◦ The scope and complexity of the program. ◦ The scope and complexity of the organization. ◦ The current regulatory environment. ◦ Breaking news and developments relevant to corporate governance. ◦ The experience of the GRC program management team. ◦ Implications of Sarbanes Oxley on the business. ◦ The day-to-day involvement and support of the management and board. ◦ The pace of updates and changes to the program’s efforts. ◦ The maturity of the program. ◦ The robustness of the GRC program’s project management processes.
 Plan Your Audit Properly  Define Your Audit Scope and Objectives  Conduct Proper Risk Assessment  Ensure Audit Testing is Carried Out  Issue a Comprehensive Audit Report
Want to learn more about audit, and best practices for auditing? ComplianceOnline webinars and seminars are a great training resource. Check out the following links:  How to Audit GRC Programs?  Role of the Audit Committee in Corporate Governance  Internal Audit's Role in Enterprise Risk Management  OCEG Approved GRC (Governance, Risk and Compliance) Professional Seminar  Auditing Technology and IT Investment Management

Recommended

Risk Management in QMS Processes - examples
Risk Management in QMS Processes - examplesRisk Management in QMS Processes - examples
Risk Management in QMS Processes - examplesCentauri Business Group Inc.
 
Risk Mitigation Checklist
Risk Mitigation ChecklistRisk Mitigation Checklist
Risk Mitigation ChecklistDemand Metric
 
ISQC 1 training for smp's
ISQC 1 training for smp'sISQC 1 training for smp's
ISQC 1 training for smp'sRansford Armah
 
AUDIT PROGRAMME - PPT.pptx
AUDIT PROGRAMME - PPT.pptxAUDIT PROGRAMME - PPT.pptx
AUDIT PROGRAMME - PPT.pptxHeldaMaryA
 
Conducting management review1
Conducting management review1Conducting management review1
Conducting management review1mdt77777
 
Cmm Level5
Cmm Level5Cmm Level5
Cmm Level5suhas deshpande
 
Sample QUESTION PMP
Sample QUESTION PMPSample QUESTION PMP
Sample QUESTION PMPAbdul Khader Shahadaf TH
 
Presentation project freq shop dt
Presentation project freq shop dtPresentation project freq shop dt
Presentation project freq shop dtndpr
 

Recommended

Risk Management in QMS Processes - examples
Risk Management in QMS Processes - examplesRisk Management in QMS Processes - examples
Risk Management in QMS Processes - examplesCentauri Business Group Inc.
 
Risk Mitigation Checklist
Risk Mitigation ChecklistRisk Mitigation Checklist
Risk Mitigation ChecklistDemand Metric
 
ISQC 1 training for smp's
ISQC 1 training for smp'sISQC 1 training for smp's
ISQC 1 training for smp'sRansford Armah
 
AUDIT PROGRAMME - PPT.pptx
AUDIT PROGRAMME - PPT.pptxAUDIT PROGRAMME - PPT.pptx
AUDIT PROGRAMME - PPT.pptxHeldaMaryA
 
Conducting management review1
Conducting management review1Conducting management review1
Conducting management review1mdt77777
 
Cmm Level5
Cmm Level5Cmm Level5
Cmm Level5suhas deshpande
 
Sample QUESTION PMP
Sample QUESTION PMPSample QUESTION PMP
Sample QUESTION PMPAbdul Khader Shahadaf TH
 
Presentation project freq shop dt
Presentation project freq shop dtPresentation project freq shop dt
Presentation project freq shop dtndpr
 
Risk based thinking
Risk based thinkingRisk based thinking
Risk based thinkingRamasubramanian S
 
Expectation from qms lecture 5
Expectation from qms lecture 5Expectation from qms lecture 5
Expectation from qms lecture 5Abdul Basit
 
All You Need to Know about the Firm’s Risk Assessment Process
All You Need to Know about the Firm’s Risk Assessment ProcessAll You Need to Know about the Firm’s Risk Assessment Process
All You Need to Know about the Firm’s Risk Assessment ProcessInternational Federation of Accountants
 
Rsm Introduction
Rsm IntroductionRsm Introduction
Rsm Introductionerry wardhana
 
IAASB Quality Management Webinar Series: Webinar One
IAASB Quality Management Webinar Series: Webinar OneIAASB Quality Management Webinar Series: Webinar One
IAASB Quality Management Webinar Series: Webinar OneInternational Federation of Accountants
 
Free PMP Sample Q & A
Free PMP Sample Q & AFree PMP Sample Q & A
Free PMP Sample Q & AOSP International LLC
 
Fundamentals of testing SQA
Fundamentals of testing SQAFundamentals of testing SQA
Fundamentals of testing SQAnethisip13
 
Free PMP Sample Q & A
Free PMP Sample Q & AFree PMP Sample Q & A
Free PMP Sample Q & AOSP International LLC
 
IAASB Quality Management Webcast Series: Webcast Three
IAASB Quality Management Webcast Series: Webcast ThreeIAASB Quality Management Webcast Series: Webcast Three
IAASB Quality Management Webcast Series: Webcast ThreeInternational Federation of Accountants
 
Patrick Carroll Consulting Limited
Patrick Carroll Consulting LimitedPatrick Carroll Consulting Limited
Patrick Carroll Consulting LimitedPatrick Carroll
 
Quality Assurance and Technical IA
Quality Assurance and Technical IAQuality Assurance and Technical IA
Quality Assurance and Technical IAWayne Poggenpoel
 
Strategy Execution - An Introduction to Project Management
Strategy Execution - An Introduction to Project ManagementStrategy Execution - An Introduction to Project Management
Strategy Execution - An Introduction to Project ManagementESI14
 
Barela Edward GBW REVIEW Spring 2015
Barela Edward GBW REVIEW Spring 2015Barela Edward GBW REVIEW Spring 2015
Barela Edward GBW REVIEW Spring 2015Edward Barela
 
Free PMP Sample Q & A
Free PMP Sample Q & AFree PMP Sample Q & A
Free PMP Sample Q & AOSP International LLC
 
8.1 Cost of Quality
8.1 Cost of Quality8.1 Cost of Quality
8.1 Cost of QualityDavidMcLachlan1
 
software engineering
software engineeringsoftware engineering
software engineeringshreeuva
 
Andrea Rayner
Andrea RaynerAndrea Rayner
Andrea RaynerAndrea Rayner
 
Soft mgmt
Soft mgmtSoft mgmt
Soft mgmtRishav Upreti
 
IC-Services
IC-ServicesIC-Services
IC-Servicesjmedica
 
Risk Based Quality Management System Auditing
Risk Based Quality Management System AuditingRisk Based Quality Management System Auditing
Risk Based Quality Management System AuditingAQSS-USA
 
Sec what you need to know
Sec what you need to knowSec what you need to know
Sec what you need to knowcomplianceonline123
 
I 9 compliance- how to avoid errors
I 9 compliance- how to avoid errorsI 9 compliance- how to avoid errors
I 9 compliance- how to avoid errorscomplianceonline123
 

More Related Content

What's hot

Expectation from qms lecture 5
Expectation from qms lecture 5Expectation from qms lecture 5
Expectation from qms lecture 5Abdul Basit
 
Fundamentals of testing SQA
Fundamentals of testing SQAFundamentals of testing SQA
Fundamentals of testing SQAnethisip13
 
Patrick Carroll Consulting Limited
Patrick Carroll Consulting LimitedPatrick Carroll Consulting Limited
Patrick Carroll Consulting LimitedPatrick Carroll
 
Quality Assurance and Technical IA
Quality Assurance and Technical IAQuality Assurance and Technical IA
Quality Assurance and Technical IAWayne Poggenpoel
 
Strategy Execution - An Introduction to Project Management
Strategy Execution - An Introduction to Project ManagementStrategy Execution - An Introduction to Project Management
Strategy Execution - An Introduction to Project ManagementESI14
 
Barela Edward GBW REVIEW Spring 2015
Barela Edward GBW REVIEW Spring 2015Barela Edward GBW REVIEW Spring 2015
Barela Edward GBW REVIEW Spring 2015Edward Barela
 
software engineering
software engineeringsoftware engineering
software engineeringshreeuva
 
IC-Services
IC-ServicesIC-Services
IC-Servicesjmedica
 
Risk Based Quality Management System Auditing
Risk Based Quality Management System AuditingRisk Based Quality Management System Auditing
Risk Based Quality Management System AuditingAQSS-USA
 

What's hot (20)

Risk based thinking
Risk based thinkingRisk based thinking
Risk based thinking
 
Expectation from qms lecture 5
Expectation from qms lecture 5Expectation from qms lecture 5
Expectation from qms lecture 5
 
All You Need to Know about the Firm’s Risk Assessment Process
All You Need to Know about the Firm’s Risk Assessment ProcessAll You Need to Know about the Firm’s Risk Assessment Process
All You Need to Know about the Firm’s Risk Assessment Process
 
Rsm Introduction
Rsm IntroductionRsm Introduction
Rsm Introduction
 
IAASB Quality Management Webinar Series: Webinar One
IAASB Quality Management Webinar Series: Webinar OneIAASB Quality Management Webinar Series: Webinar One
IAASB Quality Management Webinar Series: Webinar One
 
Free PMP Sample Q & A
Free PMP Sample Q & AFree PMP Sample Q & A
Free PMP Sample Q & A
 
Fundamentals of testing SQA
Fundamentals of testing SQAFundamentals of testing SQA
Fundamentals of testing SQA
 
Free PMP Sample Q & A
Free PMP Sample Q & AFree PMP Sample Q & A
Free PMP Sample Q & A
 
IAASB Quality Management Webcast Series: Webcast Three
IAASB Quality Management Webcast Series: Webcast ThreeIAASB Quality Management Webcast Series: Webcast Three
IAASB Quality Management Webcast Series: Webcast Three
 
Patrick Carroll Consulting Limited
Patrick Carroll Consulting LimitedPatrick Carroll Consulting Limited
Patrick Carroll Consulting Limited
 
Quality Assurance and Technical IA
Quality Assurance and Technical IAQuality Assurance and Technical IA
Quality Assurance and Technical IA
 
Strategy Execution - An Introduction to Project Management
Strategy Execution - An Introduction to Project ManagementStrategy Execution - An Introduction to Project Management
Strategy Execution - An Introduction to Project Management
 
Barela Edward GBW REVIEW Spring 2015
Barela Edward GBW REVIEW Spring 2015Barela Edward GBW REVIEW Spring 2015
Barela Edward GBW REVIEW Spring 2015
 
Free PMP Sample Q & A
Free PMP Sample Q & AFree PMP Sample Q & A
Free PMP Sample Q & A
 
8.1 Cost of Quality
8.1 Cost of Quality8.1 Cost of Quality
8.1 Cost of Quality
 
software engineering
software engineeringsoftware engineering
software engineering
 
Andrea Rayner
Andrea RaynerAndrea Rayner
Andrea Rayner
 
Soft mgmt
Soft mgmtSoft mgmt
Soft mgmt
 
IC-Services
IC-ServicesIC-Services
IC-Services
 
Risk Based Quality Management System Auditing
Risk Based Quality Management System AuditingRisk Based Quality Management System Auditing
Risk Based Quality Management System Auditing
 

Viewers also liked

I 9 compliance- how to avoid errors
I 9 compliance- how to avoid errorsI 9 compliance- how to avoid errors
I 9 compliance- how to avoid errorscomplianceonline123
 
Out in the open protecting your privacy in the digital age
Out in the open protecting your privacy in the digital ageOut in the open protecting your privacy in the digital age
Out in the open protecting your privacy in the digital agecomplianceonline123
 
Reaching Clean Power Plan Goals at No Cost: Securing the Smart Grid’s Potential
Reaching Clean Power Plan Goals at No Cost: Securing the Smart Grid’s PotentialReaching Clean Power Plan Goals at No Cost: Securing the Smart Grid’s Potential
Reaching Clean Power Plan Goals at No Cost: Securing the Smart Grid’s Potentialcomplianceonline123
 
510K Table of Contents - Medical Device Description
510K Table of Contents - Medical Device Description510K Table of Contents - Medical Device Description
510K Table of Contents - Medical Device Descriptioncomplianceonline123
 
Social media risks rules policies procedures
Social media risks rules policies proceduresSocial media risks rules policies procedures
Social media risks rules policies procedurescomplianceonline123
 
A Step-by-Step Guide for Method Validation
A Step-by-Step Guide for Method ValidationA Step-by-Step Guide for Method Validation
A Step-by-Step Guide for Method Validationcomplianceonline123
 

Viewers also liked (9)

Sec what you need to know
Sec what you need to knowSec what you need to know
Sec what you need to know
 
I 9 compliance- how to avoid errors
I 9 compliance- how to avoid errorsI 9 compliance- how to avoid errors
I 9 compliance- how to avoid errors
 
Out in the open protecting your privacy in the digital age
Out in the open protecting your privacy in the digital ageOut in the open protecting your privacy in the digital age
Out in the open protecting your privacy in the digital age
 
Reaching Clean Power Plan Goals at No Cost: Securing the Smart Grid’s Potential
Reaching Clean Power Plan Goals at No Cost: Securing the Smart Grid’s PotentialReaching Clean Power Plan Goals at No Cost: Securing the Smart Grid’s Potential
Reaching Clean Power Plan Goals at No Cost: Securing the Smart Grid’s Potential
 
Export contols basics
Export contols basicsExport contols basics
Export contols basics
 
510K Table of Contents - Medical Device Description
510K Table of Contents - Medical Device Description510K Table of Contents - Medical Device Description
510K Table of Contents - Medical Device Description
 
Social media risks rules policies procedures
Social media risks rules policies proceduresSocial media risks rules policies procedures
Social media risks rules policies procedures
 
A Step-by-Step Guide for Method Validation
A Step-by-Step Guide for Method ValidationA Step-by-Step Guide for Method Validation
A Step-by-Step Guide for Method Validation
 
Understanding 21 cfr part 11
Understanding 21 cfr part 11Understanding 21 cfr part 11
Understanding 21 cfr part 11
 

Similar to Auditing your grc programs

Internal Audit’s Evolving Role in Corporate GRC Strategy
Internal Audit’s Evolving Role in Corporate GRC StrategyInternal Audit’s Evolving Role in Corporate GRC Strategy
Internal Audit’s Evolving Role in Corporate GRC StrategyDavid Fernandes
 
Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit complianceonline123
 
Insights on grc grc technology au1488
Insights on grc grc technology au1488Insights on grc grc technology au1488
Insights on grc grc technology au1488Ashwin Kumar
 
External quality assessment presentation august 29 2013
External quality assessment presentation august 29 2013External quality assessment presentation august 29 2013
External quality assessment presentation august 29 2013Jerry Montes
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 
dt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformationdt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_TransformationMark Micallef
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCognizant
 
The role of the new ISO 9001:2015 leadership requirements in companies
The role of the new ISO 9001:2015 leadership requirements in companiesThe role of the new ISO 9001:2015 leadership requirements in companies
The role of the new ISO 9001:2015 leadership requirements in companiesPECB
 
Covering Your Bases McDonald
Covering Your Bases McDonaldCovering Your Bases McDonald
Covering Your Bases McDonaldEDR
 
Developing Standards for Enterprise Schedule Quality
Developing Standards for Enterprise Schedule QualityDeveloping Standards for Enterprise Schedule Quality
Developing Standards for Enterprise Schedule QualityAcumen
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301PECB
 
Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301PECB
 
Program management scope management
Program management scope managementProgram management scope management
Program management scope managementJulen Mohanty
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxMohamed Fazil M
 
A brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management SystemA brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management SystemSARWAR SALAM
 
The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
 
A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC Aelum Consulting
 

Similar to Auditing your grc programs (20)

Internal Audit’s Evolving Role in Corporate GRC Strategy
Internal Audit’s Evolving Role in Corporate GRC StrategyInternal Audit’s Evolving Role in Corporate GRC Strategy
Internal Audit’s Evolving Role in Corporate GRC Strategy
 
Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit
 
Insights on grc grc technology au1488
Insights on grc grc technology au1488Insights on grc grc technology au1488
Insights on grc grc technology au1488
 
External quality assessment presentation august 29 2013
External quality assessment presentation august 29 2013External quality assessment presentation august 29 2013
External quality assessment presentation august 29 2013
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
dt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformationdt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformation
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC Strategy
 
The role of the new ISO 9001:2015 leadership requirements in companies
The role of the new ISO 9001:2015 leadership requirements in companiesThe role of the new ISO 9001:2015 leadership requirements in companies
The role of the new ISO 9001:2015 leadership requirements in companies
 
SFC Plan of engagement
SFC Plan of engagementSFC Plan of engagement
SFC Plan of engagement
 
Covering Your Bases McDonald
Covering Your Bases McDonaldCovering Your Bases McDonald
Covering Your Bases McDonald
 
Developing Standards for Enterprise Schedule Quality
Developing Standards for Enterprise Schedule QualityDeveloping Standards for Enterprise Schedule Quality
Developing Standards for Enterprise Schedule Quality
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
 
Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301
 
Strategic PMO - Align Projects to Corporate Strategy
Strategic PMO - Align Projects to Corporate StrategyStrategic PMO - Align Projects to Corporate Strategy
Strategic PMO - Align Projects to Corporate Strategy
 
Program management scope management
Program management scope managementProgram management scope management
Program management scope management
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptx
 
A brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management SystemA brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management System
 
The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field
 
A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC A New Era of Compliance: Innovations in ServiceNow GRC 
A New Era of Compliance: Innovations in ServiceNow GRC 
 
module_1.pptx
module_1.pptxmodule_1.pptx
module_1.pptx
 

More from complianceonline123

Fda adverse event reporting requirements for otc drugs
Fda adverse event reporting requirements for otc drugsFda adverse event reporting requirements for otc drugs
Fda adverse event reporting requirements for otc drugscomplianceonline123
 
Excel spreadsheets how to ensure 21 cfr part 11 compliance
Excel spreadsheets how to ensure 21 cfr part 11 complianceExcel spreadsheets how to ensure 21 cfr part 11 compliance
Excel spreadsheets how to ensure 21 cfr part 11 compliancecomplianceonline123
 
Aml non bank finanacial institutions
Aml non bank finanacial institutionsAml non bank finanacial institutions
Aml non bank finanacial institutionscomplianceonline123
 
Gdp how to manage documentation lifecycle
Gdp how to manage documentation lifecycleGdp how to manage documentation lifecycle
Gdp how to manage documentation lifecyclecomplianceonline123
 
FLSA Exemptions: How to Identify Exempt Employees
FLSA Exemptions: How to Identify Exempt EmployeesFLSA Exemptions: How to Identify Exempt Employees
FLSA Exemptions: How to Identify Exempt Employeescomplianceonline123
 
Method Validation: What Are Its Key Parameters
Method Validation: What Are Its Key ParametersMethod Validation: What Are Its Key Parameters
Method Validation: What Are Its Key Parameterscomplianceonline123
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rulecomplianceonline123
 
Understanding Its Suspicious Activity Reporting (SAR) Requirement
Understanding Its Suspicious Activity Reporting (SAR) RequirementUnderstanding Its Suspicious Activity Reporting (SAR) Requirement
Understanding Its Suspicious Activity Reporting (SAR) Requirementcomplianceonline123
 

More from complianceonline123 (20)

Fda adverse event reporting requirements for otc drugs
Fda adverse event reporting requirements for otc drugsFda adverse event reporting requirements for otc drugs
Fda adverse event reporting requirements for otc drugs
 
Fmla ada overlap
Fmla ada overlapFmla ada overlap
Fmla ada overlap
 
Hipaa enforcement examples
Hipaa enforcement examplesHipaa enforcement examples
Hipaa enforcement examples
 
Excel spreadsheets how to ensure 21 cfr part 11 compliance
Excel spreadsheets how to ensure 21 cfr part 11 complianceExcel spreadsheets how to ensure 21 cfr part 11 compliance
Excel spreadsheets how to ensure 21 cfr part 11 compliance
 
Retail loss
Retail lossRetail loss
Retail loss
 
Hipaa privacy rule
Hipaa privacy ruleHipaa privacy rule
Hipaa privacy rule
 
Fda warning letters
Fda warning lettersFda warning letters
Fda warning letters
 
Dietary supplement
Dietary supplementDietary supplement
Dietary supplement
 
Basics of internal audit
Basics of internal auditBasics of internal audit
Basics of internal audit
 
Free trade zones
Free trade zonesFree trade zones
Free trade zones
 
Aml non bank finanacial institutions
Aml non bank finanacial institutionsAml non bank finanacial institutions
Aml non bank finanacial institutions
 
Gdp how to manage documentation lifecycle
Gdp how to manage documentation lifecycleGdp how to manage documentation lifecycle
Gdp how to manage documentation lifecycle
 
Workplace harrasment
Workplace harrasmentWorkplace harrasment
Workplace harrasment
 
Good documentation practices
Good documentation practicesGood documentation practices
Good documentation practices
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
Flsa what you need to know
Flsa what you need to knowFlsa what you need to know
Flsa what you need to know
 
FLSA Exemptions: How to Identify Exempt Employees
FLSA Exemptions: How to Identify Exempt EmployeesFLSA Exemptions: How to Identify Exempt Employees
FLSA Exemptions: How to Identify Exempt Employees
 
Method Validation: What Are Its Key Parameters
Method Validation: What Are Its Key ParametersMethod Validation: What Are Its Key Parameters
Method Validation: What Are Its Key Parameters
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rule
 
Understanding Its Suspicious Activity Reporting (SAR) Requirement
Understanding Its Suspicious Activity Reporting (SAR) RequirementUnderstanding Its Suspicious Activity Reporting (SAR) Requirement
Understanding Its Suspicious Activity Reporting (SAR) Requirement
 

Recently uploaded

Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...yalehistoricalreview
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27JSchaus & Associates
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012rehmti665
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolSERUDS INDIA
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28JSchaus & Associates
 
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...Garima Khatri
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…nishakur201
 
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...narwatsonia7
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...ResolutionFoundation
 
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Servicenarwatsonia7
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...narwatsonia7
 
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...ankitnayak356677
 
How the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists LawmakersHow the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists LawmakersCongressional Budget Office
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...ankitnayak356677
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfyalehistoricalreview
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证mbetknu
 
Club of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological CivilizationClub of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological CivilizationEnergy for One World
 
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...narwatsonia7
 

Recently uploaded (20)

Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnool
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28
 
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
 
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...
 
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
 
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
 
How the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists LawmakersHow the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists Lawmakers
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证
 
Club of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological CivilizationClub of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological Civilization
 
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCeCall Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
 
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
 
The Federal Budget and Health Care Policy
The Federal Budget and Health Care PolicyThe Federal Budget and Health Care Policy
The Federal Budget and Health Care Policy
 

Auditing your grc programs

  • 1.
  • 2. Governance, risk and compliance or GRC programs are complex – an organization has to use its GRC program to address the regulatory requirements expected of, among others, the following:  Enterprise Risk Management  COSO Internal Controls  Environmental Compliance (EPA rules)  Anti Trust  Anti Money Laundering  Anti Bribery/Corruption  Quality Management and Standards such as ISO 9000, 9001  Process Management such as Six Sigma  Anti Harassment  Human Capital  Whistle-blowing  HR Processes The areas listed above are just few of those that come under the purview of a robust GRC program.
  • 3.  Given the complex nature of regulations around the world today and the increasing risks of doing business, it is important that the GRC program in an organization is audited frequently. Most of the lapses in corporate governance occur due to outdated GRC programs that have not been audited and updated to reflect the current regulatory environment.  Internal audits of GRC programs allow management and the board to identify risks and areas that need strengthening and root out any non-compliance.  An audit can help evaluate the adequacy of the program’s design and effectiveness as well as new practices and technologies to be implemented.  Audits of the GRC program have to be carried out periodically – these should supplement an ongoing, daily evaluation of the effectiveness of the program, including monitoring of controls and responses.
  • 4. 1. Define evaluation scope, objectives, and the type of evaluation. 2. Define the level and type of assurance 3. Identify the evaluation team and skills required. 4. Develop evaluation plan. 5. Perform design adequacy evaluation. 6. Perform operational effectiveness evaluation. 7. Communicate evaluation results and ensure follow-up to address issues.
  • 5.  Before carrying out the audit, the risks need to be understood and assessed. Risk assessment is important in ensuring that the audit plan, program and specific tests that need to be carried out are appropriate and adequate. The risk assessment needs to be carried out while the audit is underway as well.  Some of the key risk factors in GRC program audits include: ◦ The scope and complexity of the program. ◦ The scope and complexity of the organization. ◦ The current regulatory environment. ◦ Breaking news and developments relevant to corporate governance. ◦ The experience of the GRC program management team. ◦ Implications of Sarbanes Oxley on the business. ◦ The day-to-day involvement and support of the management and board. ◦ The pace of updates and changes to the program’s efforts. ◦ The maturity of the program. ◦ The robustness of the GRC program’s project management processes.
  • 6.  Plan Your Audit Properly  Define Your Audit Scope and Objectives  Conduct Proper Risk Assessment  Ensure Audit Testing is Carried Out  Issue a Comprehensive Audit Report
  • 7. Want to learn more about audit, and best practices for auditing? ComplianceOnline webinars and seminars are a great training resource. Check out the following links:  How to Audit GRC Programs?  Role of the Audit Committee in Corporate Governance  Internal Audit's Role in Enterprise Risk Management  OCEG Approved GRC (Governance, Risk and Compliance) Professional Seminar  Auditing Technology and IT Investment Management