Boards of directors are expected to provide oversight and challenge for the compliance program. To assist them, compliance professionals need to provide more sophisticated reporting based on observable facts. Fortunately, this is one of the biggest payoffs of the Resolver regulatory compliance management tool. Learn how Resolver can facilitate your board reporting and align to the challenges of a modern regulatory environment.
This guideline takes you through a step-by-step guide on how to conduct a money laundering business risk assessment. The slides consider each core division of an aml risk assessment.
Non Performing Loans (NPL‘s) – how to handle and optimizeLászló Árvai
NPL portfolios across Europe
2.
• Outcome and treatment in the AQR test of ECB
3.
• Relevance for banks‘ equity and P&L account
4.
• Possible solution strategies: restructure, liquidate, sale
5.
• Sale of NPL‘s
6.
• NPL‘s of corporates, real estate and retail
7.
• Most successful recoveries for corporate loans
This guideline takes you through a step-by-step guide on how to conduct a money laundering business risk assessment. The slides consider each core division of an aml risk assessment.
Non Performing Loans (NPL‘s) – how to handle and optimizeLászló Árvai
NPL portfolios across Europe
2.
• Outcome and treatment in the AQR test of ECB
3.
• Relevance for banks‘ equity and P&L account
4.
• Possible solution strategies: restructure, liquidate, sale
5.
• Sale of NPL‘s
6.
• NPL‘s of corporates, real estate and retail
7.
• Most successful recoveries for corporate loans
Risk management is an integral part of business management. This set of principles was developed by the industry for the industry. They have been drafted to make them so practical that they will resonate with any financial organization.
In this article how risk management in banks is an important concept, what type of risks banks faces and how they curb it through risk management model is described
Concept Of Risk Management PowerPoint presentation SlidesSlideTeam
This deck consists of total of twenty four slides. It has PPT slides highlighting important topics of Concept Of Risk Management Powerpoint Presentation Slides. This deck comprises of amazing visuals with thoroughly researched content. Each template is well crafted and designed by our PowerPoint experts. Our designers have included all the necessary PowerPoint layouts in this deck. From icons to graphs, this PPT deck has it all. The best part is that these templates are easily customizable. Just click the DOWNLOAD button shown below. Edit the colour, text, font size, add or delete the content as per the requirement. Download this deck now and engage your audience with this ready made presentation
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
Risk assessments are the primary component when planning, executing and delivering value in an internal audit. They are the building blocks of your internal audit activities and operational audit program. Sonia Luna CPA, CIA, CEO of Aviva Spectrum and Monica Raffety, CIA
Senior Manager, Financial Controls at Kaiser Permanente will help you to:
Understand risk assessment tools available
Learn how and when to apply risk assessment techniques
Leverage different forms of quantitative and qualitative analysis techniques
Learn when to deviate from risk assessment templates with a memo or scoring
Understand what external auditors, management and the Board need to know when executing a risk assessment.
Understand how risk assessment impact the internal audit activities, from walkthroughs to testing
Risk management is an integral part of business management. This set of principles was developed by the industry for the industry. They have been drafted to make them so practical that they will resonate with any financial organization.
In this article how risk management in banks is an important concept, what type of risks banks faces and how they curb it through risk management model is described
Concept Of Risk Management PowerPoint presentation SlidesSlideTeam
This deck consists of total of twenty four slides. It has PPT slides highlighting important topics of Concept Of Risk Management Powerpoint Presentation Slides. This deck comprises of amazing visuals with thoroughly researched content. Each template is well crafted and designed by our PowerPoint experts. Our designers have included all the necessary PowerPoint layouts in this deck. From icons to graphs, this PPT deck has it all. The best part is that these templates are easily customizable. Just click the DOWNLOAD button shown below. Edit the colour, text, font size, add or delete the content as per the requirement. Download this deck now and engage your audience with this ready made presentation
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
Risk assessments are the primary component when planning, executing and delivering value in an internal audit. They are the building blocks of your internal audit activities and operational audit program. Sonia Luna CPA, CIA, CEO of Aviva Spectrum and Monica Raffety, CIA
Senior Manager, Financial Controls at Kaiser Permanente will help you to:
Understand risk assessment tools available
Learn how and when to apply risk assessment techniques
Leverage different forms of quantitative and qualitative analysis techniques
Learn when to deviate from risk assessment templates with a memo or scoring
Understand what external auditors, management and the Board need to know when executing a risk assessment.
Understand how risk assessment impact the internal audit activities, from walkthroughs to testing
According to Worldometers' estimates for 2022, New Zealand has a population of roughly 4.9 million people. Christianism is the predominant religion in the nation, and English and Maori are the two most widely spoken languages.
New Zealanders typically think of themselves as being accepting of new concepts, diversity, and change. Most New Zealanders are proud of the historically predominately liberal social attitudes in their nation (for instance, New Zealand was the first nation in the world to grant women the right to vote). Most New Zealanders make an effort to be understanding and tolerant of most differences.
Presentation by Vincent Tophoff, IFAC Senior Technical Manager and J. Stephen McNally, Campbell Soup Company Finance Director and Comptroller at the IMA Annual Conference and Exposition, June 2014
Proactive Internal Auditing -- The Key to Improving Your Quality SystemSafetyChain Software
Auditing against a standard like ISO 9001 or one of the GFSI schemes isn’t easy and is rarely effective without the proper training, guidance, and tools. IJ Arora, CEO of Quality Management International Inc. (QMII) provides tips on the Internal Auditing process.
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
Nimonik has seen a wide variety of internal Health, Safety, Environmental and Quality (HSEQ) audit programs. They seem to come in all shapes and sizes! Each company tends to focus on different risks and controls.
Whether your organization conforms to ISO 19011 or another internal audit standard, re-focusing your internal audit program on your risks, controls, and operational reality is a key driver for operational excellence.
On March 14th, John Wolfe shared insights from over 20 years as a hands-on HSE Director and as the Sr. Director of Operations Integrity Audit for a global Oil & Gas company. John outlined the attributes of an outstanding Internal audit program. He showed you how you can build out a program tailored to your operations and add tremendous value to your business.
Compliagent is a consulting firm with a singular mission – guiding our healthcare provider clients in designing, managing and maintaining compliance infrastructure.
Serving over one-hundred healthcare facilities, providers, and business associates, we view compliance as an opportunity to partner with our healthcare provider clients to mitigate regulatory risk proactively and to build stronger organizations in a cost-effective way, ultimately leading to profitability increases and cost savings.
Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...SAMTRAC International
Across most industries, governance, compliance and risk management, health and safety management, environmental management, and other related disciplines have been dealt with in silos, without little or no integration. This approach will be discussed during this presentation along with possible solutions.
How to Prove the Value of Security InvestmentsResolver Inc.
The role of a corporate security professional is complicated. You know that your job has been done when no one knows that you’ve done your job, you give people the confidence to take risks knowing that there is someone to protect them, and you act as the backstop in the case of a once in a lifetime catastrophic event like a terrorist attack or natural disaster. While all these things are true, they are very hard to qualify and quantify.
The good news? You don’t need these variables to make your case, but you can definitely make a case based on the more mundane incidents that happen all the time.
This presentation walks you through the exercise of qualifying and quantifying what you do every day to keep your organization protected from security risks. It will help you clearly communicate the source and magnitude of the value of security investments to your leadership, giving them the confidence that you will get that return!
Content was created by Resolver and presented by Security Management, an ASIS publication, on April 4th as a live webinar.
On December 6th, 2018, Resolver and The Risk Management Society (RIMS) hosted a webinar titled, Proving the Value of Your ERM Program. 215 risk professionals attended and participated in a benchmarking survey. These are the results.
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
Risk Vision explores the best practices and ROI of the most successful business risk-centric vulnerability management programs. Watch the full webcast here: https://youtu.be/gW_ZAFpTK20
Taking a Data-Driven Approach to Business ContinuityResolver Inc.
When it comes to business continuity, we all know that data is king. Reporting on metrics is one of the few ways to truly know that what you’re doing works, but for many, this is a huge challenge. Learn the top 7 metrics that you should be reporting on in your BC/DR program and share strategies and tools to collect these metrics from other departments in your organization.
Dr. Reid Meloy is a forensic psychologist and the co-creator of the Workplace Assessment of Violence Risk (WAVR-21) and Terrorist Radicalization Assessment Protocol (TRAP-18) instruments. In this session, Dr. Meloy will discuss the warning signs of lone actor terrorist threats in a corporate setting through the lens of the TRAP-18 (Terrorist Radicalization Assessment Protocol) methodology. Such indicators are considered proximal warning behaviors for targeted violence, and have been shown to be both reliable and valid measures of terrorism risk.
An Intro to Resolver's Compliance ApplicationResolver Inc.
The velocity and volume of regulatory changes suggests that the environment is continuously becoming more complex. As new laws are enacted, organizations must adapt the way they conduct business. In this presentation you will learn how a software tool can help reduce compliance exposure by assessing ethical and legal risks, identifying process gaps, and reporting critical compliance developments to executives and the board.
Information Security Best Practices: Keeping Your Company's Data SafeResolver Inc.
As a cloud-first software vendor, you trust us to manage your critical data. Protecting it is job zero. How do we do it? Attend this session to learn the details of Resolver’s Information Security Program and learn some practices you can apply to your organization.
Security Trends: From "Silos" to Integrated Risk ManagementResolver Inc.
Learn about the recent trend that sees security practitioners moving away from a traditional “siloed” approach to problem solving that relies heavily on unique individual responsibilities and expertise. By breaking down information “silos” and employing a multi-disciplinary approach to problem solving, organizations can achieve better results through more efficient and effective risk management.
Modelling your Business Processes with Resolver CoreResolver Inc.
How can Resolver work for you? Take a look at some internal processes of the participants in the room, how to intelligently map them to look for greater efficiency, and then how to integrate those processes right into Resolver Core. Learn how to use design thinking to improve your department’s work, and how Resolver can adapt to meet even the most esoteric workflows.
It should come as no surprise that we practice what we preach! In this session, learn how Resolver uses Core to support its internal risk and information security practices like SOC 2 compliance and vendor risk management. Walk away with best practices on how to protect what matters in your own organization.
Scammed: Defend Against Social EngineeringResolver Inc.
Do you know how to identify and respond to cyberattacks? As the size, severity and frequency of hacks continues to grow, A-LIGN President Gene Geiger looks to assist organizations in managing and minimizing the risk of cyberattacks. This presentation will evaluate different security trends and risks, review a client environment and account compromise through social engineering, and provide practical advice on how to avert your organization from becoming compromised. As hackers become increasingly savvy at accessing accounts and sensitive information, this session will help your organization build a security foundation to avoid becoming another target.
This presentation reviews the current data breach landscape, reviewing examples of real-world breaches; security trends and risks, including the consequences of a data breach; a case study of a social engineering attack; Actionable prevention tips and IT audits to secure your organization
A Peek at adidas Group's Integrated Risk & Security Management StrategyResolver Inc.
Ever wonder how a multinational corporation pulls off integrated risk and incident management? This session will be presented by guest speakers and Resolver users Dennis Glisson and Ken Bohnert, members of the adidas Group’s Profit Protection Team. From IT security and profit protection to incident and investigations management, you'll get a peek into the adidas Group’s team structures, strategies, and the tools used to achieve an enterprise-wide integrated risk and security management strategy at adidas.
An Intro to Resolver's Resilience ApplicationResolver Inc.
In 2017, Resolver acquired Global AlertLink, an industry leading platform for business continuity, disaster recovery and emergency management. This presentation will walk you through a data breach scenario and showcase an integrated approach to response with cyber and physical security, disaster recovery, business continuity, and crisis management.
This presentation will contrast traditional risk assessment with some emerging techniques that use internal and market risk event (incident ) data to drive a more accurate risk model.
How to Achieve a Fully Integrated Approach to Business ResilienceResolver Inc.
How does risk, business continuity, disaster recovery, emergency planning and corporate security all align to create a truly resilient organization? When disaster strikes, how should all these functions come together to minimize the impact of the disruption? In this session, we will share strategies and tips to break down the silos between these critically important teams and discuss how you can achieve a fully integrated approach to business resilience.
An Intro to Resolver's Risk ApplicationResolver Inc.
As you know, mitigating risk is a crucial part of maintaining your organization’s health. But what’s your next step in ensuring the risks you’ve identified are actually being managed? In this presentation, you will learn the following aspects of an integrated approach to risk assessments and risk management: delegating responsive action and tracking action plan progress with automated reminders, easy re-assessment with or without a group workshop, trending, and alerts and analytics over time through web-based dashboards.
Data integrity is integral to both effective incident management and to a successful integrated risk management process. As a former Unit Chief in the FBI Counterterrorism Division, Steve was responsible for managing the FBI Terrorist Watchlist and led efforts to resolve problems identified in several internal audits which ultimately updated and improved the accuracy of the database. In this presentation, learn how he leveraged his experience at the FBI to improve data integrity in his role at Discover Financial Services.
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
Did you know that 63% of data breaches are linked to third party access, and this number is on the rise? This presentation explores the increasing priority of Third Party Risk Management (TPRM) in today’s marketplace. Learn why TPRM should play a critical role in your overall Corporate Risk Management Strategy and best practices for how to implement a successful TPRM program in your own organization.
An Intro to Resolver's InfoSec Application (RiskVision)Resolver Inc.
In 2017, Resolver acquired RiskVision—a recognized leader in integrated risk management software for security operations. In this presentation you will learn how to prioritize efforts around risk mitigation and response to cyber threats. You’ll also learn where we’re heading on the product roadmap and how it will drive your IT efficiency even further and make it easier to share real-time information with your C-suite, board, and other stakeholders.
Leveraging Change Leadership to Find Success in your IRM ProgramResolver Inc.
Making the decision to implement a change across your organization and actually seeing that change take effect are two separate challenges, with the latter often being much harder to achieve. This is where change management comes into play. Change management is a proven success strategy for disseminating the changes you want made within and throughout your organization - so everyone is ‘bought-in’. As an expert in organizational leadership, culture, and coaching Amanda demonstrates how you can leverage change management and change leadership to ensure your integrated risk management process is adopted across your organization.
Artificial intelligence (AI) offers new opportunities to radically reinvent the way we do business. This study explores how CEOs and top decision makers around the world are responding to the transformative potential of AI.
The case study discusses the potential of drone delivery and the challenges that need to be addressed before it becomes widespread.
Key takeaways:
Drone delivery is in its early stages: Amazon's trial in the UK demonstrates the potential for faster deliveries, but it's still limited by regulations and technology.
Regulations are a major hurdle: Safety concerns around drone collisions with airplanes and people have led to restrictions on flight height and location.
Other challenges exist: Who will use drone delivery the most? Is it cost-effective compared to traditional delivery trucks?
Discussion questions:
Managerial challenges: Integrating drones requires planning for new infrastructure, training staff, and navigating regulations. There are also marketing and recruitment considerations specific to this technology.
External forces vary by country: Regulations, consumer acceptance, and infrastructure all differ between countries.
Demographics matter: Younger generations might be more receptive to drone delivery, while older populations might have concerns.
Stakeholders for Amazon: Customers, regulators, aviation authorities, and competitors are all stakeholders. Regulators likely hold the greatest influence as they determine the feasibility of drone delivery.
Senior Project and Engineering Leader Jim Smith.pdfJim Smith
I am a Project and Engineering Leader with extensive experience as a Business Operations Leader, Technical Project Manager, Engineering Manager and Operations Experience for Domestic and International companies such as Electrolux, Carrier, and Deutz. I have developed new products using Stage Gate development/MS Project/JIRA, for the pro-duction of Medical Equipment, Large Commercial Refrigeration Systems, Appliances, HVAC, and Diesel engines.
My experience includes:
Managed customized engineered refrigeration system projects with high voltage power panels from quote to ship, coordinating actions between electrical engineering, mechanical design and application engineering, purchasing, production, test, quality assurance and field installation. Managed projects $25k to $1M per project; 4-8 per month. (Hussmann refrigeration)
Successfully developed the $15-20M yearly corporate capital strategy for manufacturing, with the Executive Team and key stakeholders. Created project scope and specifications, business case, ROI, managed project plans with key personnel for nine consumer product manufacturing and distribution sites; to support the company’s strategic sales plan.
Over 15 years of experience managing and developing cost improvement projects with key Stakeholders, site Manufacturing Engineers, Mechanical Engineers, Maintenance, and facility support personnel to optimize pro-duction operations, safety, EHS, and new product development. (BioLab, Deutz, Caire)
Experience working as a Technical Manager developing new products with chemical engineers and packaging engineers to enhance and reduce the cost of retail products. I have led the activities of multiple engineering groups with diverse backgrounds.
Great experience managing the product development of products which utilize complex electrical controls, high voltage power panels, product testing, and commissioning.
Created project scope, business case, ROI for multiple capital projects to support electrotechnical assembly and CPG goods. Identified project cost, risk, success criteria, and performed equipment qualifications. (Carrier, Electrolux, Biolab, Price, Hussmann)
Created detailed projects plans using MS Project, Gant charts in excel, and updated new product development in Jira for stakeholders and project team members including critical path.
Great knowledge of ISO9001, NFPA, OSHA regulations.
User level knowledge of MRP/SAP, MS Project, Powerpoint, Visio, Mastercontrol, JIRA, Power BI and Tableau.
I appreciate your consideration, and look forward to discussing this role with you, and how I can lead your company’s growth and profitability. I can be contacted via LinkedIn via phone or E Mail.
Jim Smith
678-993-7195
jimsmith30024@gmail.com
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...CIOWomenMagazine
This person is none other than Oprah Winfrey, a highly influential figure whose impact extends beyond television. This article will delve into the remarkable life and lasting legacy of Oprah. Her story serves as a reminder of the importance of perseverance, compassion, and firm determination.
The Team Member and Guest Experience - Lead and Take Care of your restaurant team. They are the people closest to and delivering Hospitality to your paying Guests!
Make the call, and we can assist you.
408-784-7371
Foodservice Consulting + Design
5. The Board and Regulatory Compliance
▪ Corporate statutes generally provide that it is the responsibility
of the board to supervise the management of the corporation
Leading Cases:
▪ In Re Caremark International Inc. Derivative Litigation
▪ Stone v. Ritter
▪ Directors must be reasonably informed concerning the
corporation
6. The Board and Regulatory Compliance
Directors must assure themselves that:
▪ Information and reporting systems exist
▪ These systems are reasonably designed to provide senior
management and the board with timely, accurate information
sufficient to allow them to reach informed judgments
concerning compliance with law
7. The Board and Regulatory Compliance
▪ The board must exercise a good faith judgment that the
corporation’s information and reporting system is adequate in
both concept and design
▪ Once these systems are implemented, the board must take
steps to monitor or oversee their operations
9. Basel Committee Corporate Governance Guidance
The Board:
▪ Is responsible for overseeing the management of compliance risk
▪ Should establish a compliance function and approve the bank’s
policies and processes for identifying, assessing, monitoring and
reporting and advising on compliance risk
The Compliance Function:
▪ Should advise the board on the bank’s compliance with
applicable laws, rules and standards and keep them informed of
developments in the area
10. Basel Committee Corporate Governance Guidance
Goal of Risk Reporting
▪ Information should be communicated to the board in a timely,
accurate and understandable manner
▪ While the board should be sufficiently informed, reports should
avoid voluminous information that makes it difficult to identify
key issues
▪ Information should be prioritised and presented in a concise, fully
contextualised manner
11. Basel Committee Corporate Governance Guidance
Report to the Board
▪ Senior management should, with the assistance of the
compliance function, at least once a year, report to the board on
the management of compliance risk
▪ The report should be made in such a manner as to assist board
members to make an informed judgment on whether compliance
risk is being managed effectively
12. Basel Committee Corporate Governance Guidance
The head of compliance should report on a regular basis to senior
management on:
▪ The compliance risk assessment conducted during the period,
including any changes in the compliance risk profile
▪ Relevant measurements such as performance indicators
▪ Identified breaches and/or deficiencies
▪ Corrective measures recommended to address them and
corrective measures already taken
14. Oversight Functions
Role of Functions
▪ Provide independent and objective assessments to the
directors to allow them to fulfill their responsibilities
▪ Identify, measure, and report on the FRFI’s risks
▪ Assess the effectiveness of the FRFI’s risk management and
internal controls
▪ Determine whether the FRFI’s operations, results and risk
exposures are consistent with the FRFI’s risk appetite.
15. Oversight Functions
Heads of the Oversight Functions Should:
▪ Have sufficient stature and authority within the organization
▪ Be independent from operational management
▪ Have unfettered access and a direct reporting line to the
board or the appropriate board committee
16. Role of the Board
Board must regularly review and discuss:
▪ FRFI’s exposure to material regulatory compliance risk
▪ Significant RCM policies
▪ CCO reports and Internal Audit or other independent review
function reports, as appropriate
▪ Progress in implementing remedial actions taken with respect to
instances of material non-compliance or control weakness, and
▪ Effectiveness of compliance oversight
17. Responsibilities of the CCO
The CCO should be responsible for:
▪ Assessing the adequacy of, adherence to and effectiveness of
the FRFI’s day-to-day controls
▪ Providing an opinion to the board whether, based on the
independent monitoring and testing conducted, the RCM
controls are sufficiently robust to achieve compliance with the
applicable regulatory requirements enterprise-wide
▪ The opinion should be supported by sufficient pertinent
information that is verified or reasonably verifiable
18. What is the Basis for the Opinion?
Self-Assessments and Testing
Depending on available resources opinion can be based on:
▪ Self-assessments from accountable executives
(guided or ad hoc)
▪ Hands-on compliance testing
19. Is the Opinion Subjective or Objective?
Compliant Versus Effective Program
Even programs that incorporate a significant testing program can
result in subjective opinions.
▪ Why?
▪ Testing can never cover the universe of risks
20. Inputs Require Subjective Measurement
Program Effectiveness
▪ Although the equation is simple:
Inherent Risk – Control effectiveness = Residual Risk
▪ Assessing the components often requires a subjective
assessment
Example: Monitoring is a component of an effective control
How much monitoring is enough?
22. Three Critical Areas
Three areas where measurement is essential:
▪ Risk Assessments
▪ Issue Classification
▪ KPIs and KRIs
23. Risk Assessments
▪ Identifies not only what are the biggest risks but why they are the
biggest
▪ Risk Assessments:
Provide a basis for resource decisions
▪ How many
▪ What kind
▪ Educate management and the board about the nature and level of
risk
24. What are the benefits
Input in many critical compliance steps
▪ Resourcing and allocation
▪ Control assessment
▪ Issue priority
▪ Reporting
▪ Monitoring
25. Developing a Measurement System
▪ What is the potential universe of data?
▪ Are the requirements straightforward or complex?
▪ Are the regulations stable or constantly changing?
▪ Are our products stable or do they constantly change?
▪ Do we control all of the processes or have they been outsourced?
27. Likelihood Scores
Complexity of Regulation
(High) Regulation imposes multiple requirements or detailed analysis
(Medium) Multiple requirements but the analysis is straightforward
(Low) Straightforward requirement
Complexity of Business
(High) Complex and involves the application of specialized skill
(Medium) Moderate degree of complexity and skill
(Low) Straightforward business not requiring advanced training or
skill
28. Impact Scores
Business objective subject to regulatory requirement
(High) Core objective
(Medium) Business unit objective
(Low) Local objective
Degree of impact on business objective
(High) Would prevent or materially alter achievement of objective
(Medium) May significantly delay or impact cost of achievement of objective
(Low) Nominal impact to timing or cost of achieving objective
29. Scoring Grid
RISK ASSESSMENT CHART
RISK SCORING
0 TO 4 TRIVIAL TO LOW RISK
5 TO 14 MODERATE TO MAJOR RISK
16 OR HIGHER HIGH TO SEVERE RISK
30. Benefits of Scorecard
▪ Risks identified on the basis of some empirical data
▪ Mix of objective and subjective data provides a more accurate
assessment
▪ Accumulation of several subjective elements reduces the impact
of judgment
31. Issue Reporting
▪ Tendency is to report issues as if they were all the same
magnitude
▪ Size the Compliance Gap
▪ Examples
Major Control Issue
Significant Control Issue
Minor Control Issue
▪ Incorporate inherent risk score
▪ Size of Gap + Inherent Risk Score = Issue Priority
32. KPIs
▪ Example: How are the 3 lines of defense functioning?
▪ Performance issue with framework as too many issues
identified by regulators
33. KRIs
▪ Example: New Initiatives
▪ Number of initiatives rated as high risk
▪ Indicates potential risk of non-compliance as number of new
initiatives may exceed ability to absorb
34. KRIs
▪ Example: Regulatory Change
▪ Number of New Regulations
▪ Indicates potential risk of non-compliance as amount of
regulatory change may exceed ability to absorb
35. KRIs
▪ Example: Compliance Monitoring/Audit
▪ Percent of High Risk Requirements Subject to Monitoring
▪ Indicates potential risk of non-compliance as monitoring
inadequate
36. What Do Boards Really Want to Know?
What they want to know:
▪ Is the organization in compliance?
What they should want to know:
▪ Why do you think the organization is in compliance?