SlideShare a Scribd company logo

ICAM Our Vision

Jonathan McGuinness
Jonathan McGuinness

The document describes logITmatix's Internal Controls and Audit Management System (ICAM). ICAM is a database-driven system that provides a single login portal for legal and compliance functions across an enterprise. It allows for centralized control and audit management, issue tracking, and reporting. ICAM integrates internal controls, ensures segregation of duties, and supports a three lines of defense risk governance model. The system provides efficiencies over document-based systems and helps companies comply with increasing regulatory requirements.

1 of 6
Download to read offline
logITmatix Our Vision of a Future Landscape Internal Controls and Audit Management System Legal & Compliance Portal Legal & Compliance Portal Control Audit Cross Border Incident External Management Management Travel Mgmt Management Mandates Control Definition Audit/Review Management Client related Regulatory Public Directorships Task Assignment Findings Management Non-Client related Financial Private Directorships Multi Dimension Issue Tracking Secondary Occupations Monitoring & Reporting Activity Implementation Single system login for all Legal & Compliance related matters Enterprise-wide alignment of initiatives Full consideration of divisional/ regional/ functional characteristics Powerful reporting and monitoring Co-existence with complementary tools Efficient and powerful Legal & Compliance Portal platform
Internal Controls and Audit Management System The solution for you? Need for action Key developments Increasing statutory regulations demanding Increased regulatory pressure to demonstrate transparency across enterprises. effective supervision Pending business requirements not realizable Clear intention to strengthen supervision to protect on existing platform or no existing control the enterprise from adverse effects governance infrastructure. Need to leverage daily control activities to achieve Audit management needs robust integration efficiency gains in maintaining compliance with into enterprise application. regulatory requirements The solution is ICAM Use implementation of ICAM to lay the groundwork for a enterprise-wide supervisory control platform Use implementation of ICAM Audit management module to offer generic control issue tracking Extend beyond divisional / regional / functional boundaries to provide global solution
Database driven not Document driven Database architecture not document management ICAM uses a framework that encompases a powerful database architecture and Java application platform solution, that is easily scaleable, which allows you to quickly find the information you need. Database driven systems are more powerful than simple document based systems. All key information, such as findings, issues, implementation progress, execution activities, signoffs and history are all contained in an Oracle database which bring efficiencies to the documentation and review progress. Database driven systems such as ICAM allow for real time team based use by thousands of users, providing ease of use with a modern interactive Web based interface to facilitate storage, retrieval, sorting or filtering of information.
Risk Convergence in ICAM Laws, Regulations and Corporate Governance Policies Structures Relevant laws & regulations are adapted ICAM is designed to operate in line with and embedded into the application as a standard control governance structures company wide policy framework. ICAM and enables enterprise-wide oversight of allows systematic mapping of relevant divisional/ regional or matrix policies to control objectives and organisations. consequently to underlying control activities. Deficiencies and Issues Internal Controls Issues identified in the enterprise are Detailed specification and raised, documented, assigned, handled, classification of controls ensures and archived in ICAM. Issues can include full compliance with laws, internal or external audit regulations, and policies. In addition it recommendations and these can all be fully supports the achievement of strategic linked to the internal control framework. and tactic goals.
Risk Management Governance “Three Lines of Defence” Model 1st Line of Defence 2nd Line of Defence 3rd Line of Defence Top Management Risk Management Audit and Front Office Best Practice Promote strong risk Oversight Functions Auditors and Directors culture within the combining compliance Independent oversight enterprise and risk management with enforcement Promote a culture Separate ability of adhering to pre- risk management from Ability to link business defined limits to risk control and risk with process manage the risk Oversee Frontline with and IT knowledge exposure regard to risk and Ensures the 3 lines of Continual monitoring compliance defence operate of risks and exposure effectively and according to best practice Risk
Segregation of Duties Internal Controls and Segregation of Duties Societe Generale, $7 billion in losses: Operations expert moved to trading desk, taking some jobs with him. Barings Bank, $1 billion in losses: Operations and trading managed by the same individual. Lehman Brothers, $0.3 billion in losses: Sales manager took over certain simple operations functions. Daiwa, $1.1 billion in losses: Same scenario as Societe Generale. Allied Irish Bank, $0.7 billion in losses: Risk limit reporting under control of trader. Tyco, $0.3 billion in losses: Three top executives colluded and board of directors exercised ineffective supervision. Orange County, $1.6 billion in losses: Trader seen as the unquestioned maestro, while back office was underpowered to understand his trading procedures. Why SoD ? Required by Sarbanes Oxley With good SoD it requires 2 or more employees Proven management technique that organisations for irregularities to occur without detection of all sizes can benefit Organise to achieve adequate segregation of duties Primary objective is the prevention of fraud – see ISACA’s Segregation of Duties Control matrix and errors Define general categories of functions to be separated ICAM supports and enhances SoD Structured segregation of duties via dynamic role assignment Enables management oversight of duties Fully supports the ISACA’s Segregation of Duties Control matrix Reports SoD anomalies

Recommended

Building an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRCBuilding an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRC
Tuan Phan
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
Mahesh Patwardhan
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRCanand choudhary
 
Risk Taker Product Presentation V1.0 7th January 2008
Risk Taker Product Presentation V1.0 7th January 2008Risk Taker Product Presentation V1.0 7th January 2008
Risk Taker Product Presentation V1.0 7th January 2008Carl Booth
 
it grc
it grc it grc
it grc
9535814851
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Frameworkbarnetdh
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Managing Compliance
Managing ComplianceManaging Compliance
Managing Compliance
SecPod Technologies
 

Recommended

Building an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRCBuilding an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRC
Tuan Phan
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
Mahesh Patwardhan
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRCanand choudhary
 
Risk Taker Product Presentation V1.0 7th January 2008
Risk Taker Product Presentation V1.0 7th January 2008Risk Taker Product Presentation V1.0 7th January 2008
Risk Taker Product Presentation V1.0 7th January 2008Carl Booth
 
it grc
it grc it grc
it grc
9535814851
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Frameworkbarnetdh
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Managing Compliance
Managing ComplianceManaging Compliance
Managing Compliance
SecPod Technologies
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
FixNix Inc.,
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Humberto Bruno Pontes Silva
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
Unified11
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
Craig Willetts ISO Expert
 
Agiliance Risk Vision
Agiliance Risk VisionAgiliance Risk Vision
Agiliance Risk Visionagiliancecommunity
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Is awareness government
Is awareness governmentIs awareness government
Is awareness governmentHamisi Kibonde
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Resolver Inc.
 
Discover 100 Job Descriptions in Risk and Compliance Management and what it t...
Discover 100 Job Descriptions in Risk and Compliance Management and what it t...Discover 100 Job Descriptions in Risk and Compliance Management and what it t...
Discover 100 Job Descriptions in Risk and Compliance Management and what it t...
Compliance LLC
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
Maxime CARPENTIER
 
what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?
Ascent World
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
Ahmed Riad .
 
Awareness iso 37001 2016 danang implementation
Awareness iso 37001 2016 danang implementationAwareness iso 37001 2016 danang implementation
Awareness iso 37001 2016 danang implementation
Danang suryo Wardhono
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Testing
TestingTesting
Testinglorenceman
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
AlliedConSapCourses
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Carl Booth
 
Agiliance Risk Vision
Agiliance Risk VisionAgiliance Risk Vision
Agiliance Risk Vision
agiliancecommunity
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 

More Related Content

What's hot

Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
FixNix Inc.,
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
Unified11
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
Craig Willetts ISO Expert
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Is awareness government
Is awareness governmentIs awareness government
Is awareness governmentHamisi Kibonde
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Resolver Inc.
 
Discover 100 Job Descriptions in Risk and Compliance Management and what it t...
Discover 100 Job Descriptions in Risk and Compliance Management and what it t...Discover 100 Job Descriptions in Risk and Compliance Management and what it t...
Discover 100 Job Descriptions in Risk and Compliance Management and what it t...
Compliance LLC
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
Maxime CARPENTIER
 
what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?
Ascent World
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
Ahmed Riad .
 
Awareness iso 37001 2016 danang implementation
Awareness iso 37001 2016 danang implementationAwareness iso 37001 2016 danang implementation
Awareness iso 37001 2016 danang implementation
Danang suryo Wardhono
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
AlliedConSapCourses
 

What's hot (19)

Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 
Agiliance Risk Vision
Agiliance Risk VisionAgiliance Risk Vision
Agiliance Risk Vision
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
Is awareness government
Is awareness governmentIs awareness government
Is awareness government
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
 
Discover 100 Job Descriptions in Risk and Compliance Management and what it t...
Discover 100 Job Descriptions in Risk and Compliance Management and what it t...Discover 100 Job Descriptions in Risk and Compliance Management and what it t...
Discover 100 Job Descriptions in Risk and Compliance Management and what it t...
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
 
what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
 
Awareness iso 37001 2016 danang implementation
Awareness iso 37001 2016 danang implementationAwareness iso 37001 2016 danang implementation
Awareness iso 37001 2016 danang implementation
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
 
Testing
TestingTesting
Testing
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 

Similar to ICAM Our Vision

Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Carl Booth
 
Agiliance Risk Vision
Agiliance Risk VisionAgiliance Risk Vision
Agiliance Risk Vision
agiliancecommunity
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
 
SecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaSSecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaS
xmeteorite
 
SecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaSSecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaS
xmeteorite
 
Mc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions ServicesMc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions ServicesLinkedInLeo
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 
Agiliance Whitepaper - Six Key Steps
Agiliance Whitepaper - Six Key StepsAgiliance Whitepaper - Six Key Steps
Agiliance Whitepaper - Six Key Steps
agiliancecommunity
 
Achieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationAchieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationJordi Planas Manzano
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
NehaKamboj10
 
A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance
MetricStream Inc
 
Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry
MetricStream Inc
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
JunaidAhmed976315
 
3. financial controllership
3. financial controllership3. financial controllership
3. financial controllershipJudy Ricamara
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
Dan Aldridge, ERP Software Evangelist, LION
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking
 

Similar to ICAM Our Vision (20)

Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2
 
Agiliance Risk Vision
Agiliance Risk VisionAgiliance Risk Vision
Agiliance Risk Vision
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
SecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaSSecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaS
 
SecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaSSecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaS
 
Mc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions ServicesMc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions Services
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & Cost
 
Agiliance Wp Key Steps
Agiliance Wp Key StepsAgiliance Wp Key Steps
Agiliance Wp Key Steps
 
Agiliance Whitepaper - Six Key Steps
Agiliance Whitepaper - Six Key StepsAgiliance Whitepaper - Six Key Steps
Agiliance Whitepaper - Six Key Steps
 
Sarbanes oxley compliance
Sarbanes oxley complianceSarbanes oxley compliance
Sarbanes oxley compliance
 
Achieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationAchieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And Automation
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
 
Grc and is audit
Grc and is auditGrc and is audit
Grc and is audit
 
A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance
 
Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
3. financial controllership
3. financial controllership3. financial controllership
3. financial controllership
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance Requirements
 

ICAM Our Vision

  • 1. logITmatix Our Vision of a Future Landscape Internal Controls and Audit Management System Legal & Compliance Portal Legal & Compliance Portal Control Audit Cross Border Incident External Management Management Travel Mgmt Management Mandates Control Definition Audit/Review Management Client related Regulatory Public Directorships Task Assignment Findings Management Non-Client related Financial Private Directorships Multi Dimension Issue Tracking Secondary Occupations Monitoring & Reporting Activity Implementation Single system login for all Legal & Compliance related matters Enterprise-wide alignment of initiatives Full consideration of divisional/ regional/ functional characteristics Powerful reporting and monitoring Co-existence with complementary tools Efficient and powerful Legal & Compliance Portal platform
  • 2. Internal Controls and Audit Management System The solution for you? Need for action Key developments Increasing statutory regulations demanding Increased regulatory pressure to demonstrate transparency across enterprises. effective supervision Pending business requirements not realizable Clear intention to strengthen supervision to protect on existing platform or no existing control the enterprise from adverse effects governance infrastructure. Need to leverage daily control activities to achieve Audit management needs robust integration efficiency gains in maintaining compliance with into enterprise application. regulatory requirements The solution is ICAM Use implementation of ICAM to lay the groundwork for a enterprise-wide supervisory control platform Use implementation of ICAM Audit management module to offer generic control issue tracking Extend beyond divisional / regional / functional boundaries to provide global solution
  • 3. Database driven not Document driven Database architecture not document management ICAM uses a framework that encompases a powerful database architecture and Java application platform solution, that is easily scaleable, which allows you to quickly find the information you need. Database driven systems are more powerful than simple document based systems. All key information, such as findings, issues, implementation progress, execution activities, signoffs and history are all contained in an Oracle database which bring efficiencies to the documentation and review progress. Database driven systems such as ICAM allow for real time team based use by thousands of users, providing ease of use with a modern interactive Web based interface to facilitate storage, retrieval, sorting or filtering of information.
  • 4. Risk Convergence in ICAM Laws, Regulations and Corporate Governance Policies Structures Relevant laws & regulations are adapted ICAM is designed to operate in line with and embedded into the application as a standard control governance structures company wide policy framework. ICAM and enables enterprise-wide oversight of allows systematic mapping of relevant divisional/ regional or matrix policies to control objectives and organisations. consequently to underlying control activities. Deficiencies and Issues Internal Controls Issues identified in the enterprise are Detailed specification and raised, documented, assigned, handled, classification of controls ensures and archived in ICAM. Issues can include full compliance with laws, internal or external audit regulations, and policies. In addition it recommendations and these can all be fully supports the achievement of strategic linked to the internal control framework. and tactic goals.
  • 5. Risk Management Governance “Three Lines of Defence” Model 1st Line of Defence 2nd Line of Defence 3rd Line of Defence Top Management Risk Management Audit and Front Office Best Practice Promote strong risk Oversight Functions Auditors and Directors culture within the combining compliance Independent oversight enterprise and risk management with enforcement Promote a culture Separate ability of adhering to pre- risk management from Ability to link business defined limits to risk control and risk with process manage the risk Oversee Frontline with and IT knowledge exposure regard to risk and Ensures the 3 lines of Continual monitoring compliance defence operate of risks and exposure effectively and according to best practice Risk
  • 6. Segregation of Duties Internal Controls and Segregation of Duties Societe Generale, $7 billion in losses: Operations expert moved to trading desk, taking some jobs with him. Barings Bank, $1 billion in losses: Operations and trading managed by the same individual. Lehman Brothers, $0.3 billion in losses: Sales manager took over certain simple operations functions. Daiwa, $1.1 billion in losses: Same scenario as Societe Generale. Allied Irish Bank, $0.7 billion in losses: Risk limit reporting under control of trader. Tyco, $0.3 billion in losses: Three top executives colluded and board of directors exercised ineffective supervision. Orange County, $1.6 billion in losses: Trader seen as the unquestioned maestro, while back office was underpowered to understand his trading procedures. Why SoD ? Required by Sarbanes Oxley With good SoD it requires 2 or more employees Proven management technique that organisations for irregularities to occur without detection of all sizes can benefit Organise to achieve adequate segregation of duties Primary objective is the prevention of fraud – see ISACA’s Segregation of Duties Control matrix and errors Define general categories of functions to be separated ICAM supports and enhances SoD Structured segregation of duties via dynamic role assignment Enables management oversight of duties Fully supports the ISACA’s Segregation of Duties Control matrix Reports SoD anomalies