The full scope of services within the Continuous Auditing / Continuous Monitoring (CACM) Methodology Guide is not permissible for SEC audit clients and IFAC PIE clients and their affiliates. CACM services are generally permissible for IFAC non-PIE audit clients subject to evaluating engagement circumstances using the conceptual framework (i.e. threats and safeguards approach) as outlined in the Global Quality & Risk Management Manual Chapter 11. Refer to the contents of the Independence guidance on slides 11-20 of the CACM Methodology Guide for detailed guidance. The Independence guidance was updated in 2013. The remaining content is unchanged. Continuous Auditing / Continuous Monitoring to Manage Risk and Performance The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
27
Embed
Continuous Auditing / Continuous Monitoring to Manage Risk ...Continuous Auditing The collection of audit evidence and indicators, by an internal or external auditor, on IT systems,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The full scope of services within the Continuous Auditing / Continuous Monitoring (CACM) Methodology Guide is not permissible for SEC audit clients and IFAC PIE clients and their affiliates. CACM services are generally permissible for IFAC non-PIE audit clients subject to evaluating engagement circumstances using the conceptual framework (i.e. threats and safeguards approach) as outlined in the Global Quality & Risk Management Manual Chapter 11. Refer to the contents of the Independence guidance on slides 11-20 of the CACM Methodology Guide for detailed guidance. The Independence guidance was updated in 2013. The remaining content is unchanged.
Continuous Auditing /Continuous Monitoring
to Manage Risk and Performance
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.
Appetite for CA/CMBackground on CA/CMCA/CM OverviewDrivers Influencing CA/CM StrategiesAn Illustration of CA/CMWhy implement CA/CM?–Challenges and Requirements for Implementation–How do we get Started?–Implementation of CA/CMDimensions of CA/CMEnabling with TechnologySample Implementation ModelThe Value PropositionKey Success Factors of CA/CMHow can KPMG help?
An Illustration of CA/CMLet’s Put This Into Perspective - Quick example
Risk – quality of customer balances
Continuous Auditing–Alert the internal audit department when:• credit limit exceeded by more than 10 percent AND• credit limit has been exceeded for more than 15 days AND• no payments made by the customer, AND• new shipment made to customer.
Continuous Monitoring–alert when credit limit exceeded by 5 percent–alert when changes made to customer limits in master file.
Both strategies give management indicators of issues that arearising, allowing for pro-active, rather than reactive actions
Continuous Monitoring–vendor address matches a commercial mail receiving agency
–multiple, similar vendor names with different vendor IDs in vendor master file
–vendor Taxpayer ID matches an Employee Social Security Number (SSN)
–vendor telephone number appears to be a mobile telephone number.
Continuous Auditing–alert the internal audit department when: • address matching risk profile (seasonal, prison, CMRA, etc.), AND/OR• labeled as a “one-time” vendor, AND/OR• taxpayer ID matches employee SSN, AND/OR • telephone number matches an employee.
An Illustration End-to-End CA/CM Process from technical perspective
Data servers
Tool ManagerLine Manager
Database
Database
Mailserver
Auditor
Audit Work
papers
CA/CM tool
Web server
CM Dashboard
CA DashboardCreaterules
1
4
5
3
2
1. Rules created in CA/CM tool2. Rules run against databases3. E-mail alerts to auditors/management4. CA/CM tool populates web server5. Dashboard provides summary and drill down capability for auditors/management
… which will help Internal Audit to add more value to the business
Reduced Complexity• reduction of complexity through global process
standardization, thereby easing review• appropriate setting and consistency of
materiality thresholds• automated exception report production – focus
on the real issues• regulatory compliance can be audited.
Enhanced Controls• corrections of errors moved closer to the “source”• enhanced visibility of Internal Audit within the
business and improved deterrence effect• assist in providing valuable insight to controls
effectiveness and business process risks associated with outsourced business processes
• ability to audit the “monitoring” function from an Internal Audit perspective, providing an additional layer of governance.
Earlier Information• improved speed of reporting to the business• reduced surprises, problems do not build up• enhanced leverage of system functionality • identification of misuse and misconduct• identification of errors earlier and when issues
are fresh • ability to proceed with root cause analysis for
errors, policy violations, fraud and misconduct in a more timely manner.
Greater Efficiency• audit by exception• automate components of the audit program,
audit tests or review procedures• known control gaps and deficiencies can be
continuously audited• reduced wait times for data• reduction of low value-added work• improved maintenance of a dynamic and relevant
risk profile• automate manual processes• reduced travel costs by automation of testing.
CA can help enhance organizational value and offers a broad range of potential benefits . . .
… which results in more focused time to add value to the business
Reduced Complexity• greater visibility as to how processes are
functioning• appropriate setting and consistency of
thresholds• regulatory compliance can be monitored• ability to standardize process measures across
locations• demonstrate good governance – use leading
edge approach.
Enhanced Controls• corrections of errors moved closer to the
“source”• automated controls• control gaps and deficiencies can be
monitored for circumvention and/or exploitation
• ERP system and/or business process limitations and deficiencies can be addressed
• automated fraud prevention and detection activities.
Earlier Information• improved speed of information delivery to the
business• reduced surprises, problems do not build up• netter information for decision making • ability to progress with root cause analysis for
errors, policy violations, fraud and misconduct in a more timely manner.
Greater Efficiency• reduction of work duplication • increased use of automation • enhanced ability to identify and correct errors• more time for value adding analysis instead of
error correction• reduced manual SOX testing• reduced travel costs by automation of testing
and remote monitoring.
CM can help enhance organizational value and offers a broad range of potential benefits . . .
Challenges• thought Leadership - lack of content (e.g.,
business process specific, industry specific)
• people - lack of deep industry and functional specialization (e.g., Governance, Risk and Compliance specialization; Fraud and Forensic Investigative specialization)
• reliability, accessibility, and availability of data
• consistency of business processes
• change management - impact of changing embedded processes, resistance to change.
Requirements• technology intensive - virtual real time
monitoring requires sophisticated technology
• thorough business process and industry content knowledge
• knowledge of and linkage to enterprise risk exposures
• senior management sponsorship.
The full scope of services is not permitted for audit clients or their affiliates. See detailed guidance regarding independence on slides 9 and 10 of the methodology guide.
To be removed before printing: Services provided within the “Design” phase are prohibited for SEC audit clients. Services provided within the “Implement”, “Execute” and “Evaluate” phases are restricted for SEC audit clients. Refer to the CA/CM Methodology Guide for further
information as well as local office risk management policies and guidelines.
The full scope of services is not permitted for audit clients or their affiliates. See detailed guidance regarding independence on slides 9 and 10 of the methodology guide.
Our approach is designed to provide an efficient, consistent and repeatable process…
Plan Design ImplementAssess Execute Evaluate
Current state assessment
CA/CM implementation plan
Needs and requirements
summaryINITIATIVES
FUTURE – DO WELL
• Working in partnership with the business we will define and deliver Vodafone’s management information requirements, implementing a robust governance process to ensure continuous business information integrity, relevance and value
• < 1 per month per OpCo• 100%• Real time• 100% commonality• Milestones achieved on time and to budget
TARGETS
REQUIREDPLANNED
• Creation of MI function• Definition and communication
of role of finance in management information
• Define data ownership/source/ policy
• Define group, global and OpCo data and info needs
• Effective MI governance function
• Clarification and effective communication of matrix management roles and responsibilities
• Select IT infrastructure and platform
• Build solution
• Group Technology single billing system
• Common chart of accounts
• Many country based piecemeal projects
• Global Performance Management project
• Global HR Scorecards• Spend analysis vendor • One Vodafone• DCC (Data Centre
Consolidation)
• Hyperion committee• Local OpCo data
warehouses
CURRENTTODAY’S ENVIRONMENT
MEASURES
• Reduced level of ad hoc reporting• New report requests referred to MI
function• Speed of data delivery• Commonality of data definitions across
Vodafone• Execution of plan to deliver
People• Dedicated management information function• Clearly defined role for finance in management informationContent and governance• Strong governance process for management information• Linked to strategic value drivers• Agreed criteria for content• Content optimised on cost and value• Single, trusted view of performanceSystems• Single group wide, global data warehouse• Automated extraction, transformation and loading of dataFunctionality• Delivery of product/segment/customer profitability reporting• Delivery of real time management information (daily/weekly/monthly)
CRITICAL OBJECTIVE:-
INSIGHTFUL MANAGEMENT INFORMATION
INITIATIVES
FUTURE – DO WELL
• Working in partnership with the business we will define and deliver Vodafone’s management information requirements, implementing a robust governance process to ensure continuous business information integrity, relevance and value
• < 1 per month per OpCo• 100%• Real time• 100% commonality• Milestones achieved on time and to budget
TARGETS
REQUIREDPLANNED
• Creation of MI function• Definition and communication
of role of finance in management information
• Define data ownership/source/ policy
• Define group, global and OpCo data and info needs
• Effective MI governance function
• Clarification and effective communication of matrix management roles and responsibilities
• Select IT infrastructure and platform
• Build solution
• Group Technology single billing system
• Common chart of accounts
• Many country based piecemeal projects
• Global Performance Management project
• Global HR Scorecards• Spend analysis vendor • One Vodafone• DCC (Data Centre
Consolidation)
• Hyperion committee• Local OpCo data
warehouses
CURRENTTODAY’S ENVIRONMENT
MEASURES
• Reduced level of ad hoc reporting• New report requests referred to MI
function• Speed of data delivery• Commonality of data definitions across
Vodafone• Execution of plan to deliver
People• Dedicated management information function• Clearly defined role for finance in management informationContent and governance• Strong governance process for management information• Linked to strategic value drivers• Agreed criteria for content• Content optimised on cost and value• Single, trusted view of performanceSystems• Single group wide, global data warehouse• Automated extraction, transformation and loading of dataFunctionality• Delivery of product/segment/customer profitability reporting• Delivery of real time management information (daily/weekly/monthly)
CRITICAL OBJECTIVE:-
INSIGHTFUL MANAGEMENT INFORMATION
Gap analysis
5) Standardize systems including implementing global ERP
31.3.10
6) Sarbanes Oxley
4) Finance shared services
3) Developing a great team
2) Simplify business planning
1) Management information
31.3.1131.3.0931.3.0831.3.0731.3.06
5) Standardize systems including implementing global ERP
31.3.10
6) Sarbanes Oxley
4) Finance shared services
3) Developing a great team
2) Simplify business planning
1) Management information
31.3.1131.3.0931.3.0831.3.0731.3.06
GPM Value Drivers
Feasibility Study incl Tool
Selection
ContentRe-engineering
Group Planning Tool
Selection
Common IntegratedGlobal Planning Tool
Implement CommonOperating Model including
Business partners
Feasibility Study
ImplementGovernance
Process
AppointmentsFinance Transformation DirectorFinance People Lead
Design
AppointmentChief Information Officer
Review & Improve
Talent Mgmt
Career Paths
Op-CoPlanning Tool
Implementation
Op-CoPlanning Tool
Implementation
Op-CoPlanning Tool
Implementation
AppointmentsGlobal Lead TeamsBenchmarking/ Revenue Assurance/ Investment Appraisal
AppointmentSingle OwnerBusiness Planning
Build
Integrate &Test Pilot
LargeOp-CoPlan
1st Large Op-Co
Migration
1st SmallOp-Co
Migration
2nd LargeOp-Co
Migration
3rd Large Op-Co
Migration
4th LargeOp-Co
Migration
2nd SmallOp-Co
Migration
3rd SmallOp-Co
Migration
5thSmall
Migration
6thSmall
Migration
7thSmall
Migration
8thSmall
Migration
9thSmall
Migration
AppointmentProcess owners
SoXRemediation
SoXTesting
SoXDocumentation& Walkthroughs
ERP Design
ERP Build
Integration Test
PartnerSelection
Migration& Go Live
ImpStrategy
Migration& Go LivePilot
SSC SoXCompliance
Full SoX SSCCompliance
Define Common Reporting Library
SourceData
Build Global MIEnvironment
Migrate GPM & HyperionInto
Common Environment
Improve Amount, Frequency
& Sophistication Of MI
Data maps and dictionaries
Set-up for data extraction activities
Selected CA/CM tools
Exception reports
Reluctance to use high savings tools
30%
40%
50%
60%
70%
80%
90%
Domesticoutsourcing
Off shoring
Shared service centres
Process optimisation
Service channels
% s
eein
g as
impo
rtan
t
Average savings
% seeing as importantAverage savings
9.50
9.00
8.50
8.00
7.50
7.00
6.50
6.00
5.50
5.00
Risk assessment
Insignificant
Minor
Moderate
Major
Remote Unlikely Possible Likely Almost certain
1f3e
4c
4e4f
4j
1c
1d1e
2b
3g
3b 3d3f
3a
3h
4b
4d
4g
4h
4i
5a
5c
1a2c
2a
5b
3j
3i3c
1b
4a
Catastrophic
Risk Con
sequence
Insignificant
Minor
Moderate
Major
Remote Unlikely Possible Likely Almost certain
1f3e
4c
4e4f
4j
1c
1d1e
2b
3g
3b 3d3f
3a
3h
4b
4d
4g
4h
4i
5a
5c
1a2c
2a
5b
3j
3i3c
1b
4a
Catastrophic
Risk Con
sequence
Risk SCANA ServicesSCE&GPSNC EnergySEMI SCPC SCANA CommPrime SouthInappropriate credit measurement-Financial losses can result from counterparty failure to meet financial or operational contract terms.
Periodic monitoring of credit exposures; Credit guidelines approved by RMCPeriodic monitoring of credit exposures, Credit guidelines approved by RMC; Regulatory rules; Standard contact terms; Netting agreements; Collateral and letters of credit; Credit reserves
Periodic monitoring of credit exposures, Credit guidelines approved by RMC; Regulatory rules; Standard contact terms; Netting agreements; Collateral and letters of credit; Credit reserves
Periodic monitoring of credit exposures, Credit guidelines approved by RMC; Regulatory rules; Standard contact terms; Netting agreements; Collateral and letters of credit; Credit reserves
Periodic monitoring of credit exposures, Credit guidelines approved by RMC; Regulatory rules; Standard contact terms; Netting agreements; Collateral and letters of credit; Credit reserves
Periodic monitoring of credit exposures, Credit guidelines approved by RMC; Regulatory rules; Standard contact terms; Collateral and letters of credit; Credit reserves
Periodic monitoring of credit exposures, Credit guidelines approved by RMC; Regulatory rules; Standard contact terms; Collateral and letters of credit; Credit reserves
Excessive concentration risk-Financial losses can result from excessive concentration of credit exposure to a specific counterparty, region or market segment.
Periodic measurement of counterparty credit exposures for all companies by the CDD; Credit guidelines approved by RMC; Reporting of exposures to RMC
N/A N/A Periodic measurement of counterparty credit exposures for all companies by the CDD; Credit guidelines approved by RMC; Reporting of exposures to RMC
N/A Periodic measurement of counterparty credit exposures for all companies by the CDD; Credit guidelines approved by RMC; Reporting of exposures to RMC
Periodic measurement of counterparty credit exposures for all companies by the CDD; Credit guidelines approved by RMC; Reporting of exposures to RMCInappropriate credit collateral management-Financial losses can result from failure to collect adequate collateral or to recall posted collateral.
None Management by credit & collections group based on credit scoring and arrearsManagement by credit & collections group based on credit scoring and arrears
Management by credit & collections group based on credit scoring and arrearsManagement by credit & collections group based on credit scoring and arrears
Management by credit & collections group based on credit scoring and arrearsManagement by credit & collections group based on credit scoring and arrears
Inappropriate credit contract terms and conditions- Financial losses can result from failure to develop, review and maintain adequate contract credit provisions.
CCD reviews procurement and sales contract terms for all companies; Legal contract licensing group tracks contract legal terms; Use of standardized contracts with approved creditworthiness clause provisions
CCD reviews procurement and sales contract terms for all companies; Legal contract licensing group tracks contract legal terms; Use of standardized contracts with approved creditworthiness clause provisions
CCD reviews procurement and sales contract terms for all companies; Legal contract licensing group tracks contract legal terms; Use of standardized contracts with approved creditworthiness clause provisions
CCD reviews procurement and sales contract terms for all companies; Legal contract licensing group tracks contract legal terms; Use of standardized contracts with approved creditworthiness clause provisions
CCD reviews procurement and sales contract terms for all companies; Legal contract licensing group tracks contract legal terms; Use of standardized contracts with approved creditworthiness clause provisions
CCD reviews procurement and sales contract terms for all companies; Legal contract licensing group tracks contract legal terms; Use of standardized contracts with approved creditworthiness clause provisions
CCD reviews procurement and sales contract terms for all companies; Legal contract licensing group tracks contract legal terms; Use of standardized contracts with approved creditworthiness clause provisions
Controls Assessment
• confirm and prioritize areas to be addressed
• define measures and thresholds
• assist client with selecting the best CA/CM tool(s)
• confirm implementation plan.
• roll out implementation plan
• set-up for data extraction activities
• assist with other ongoing program activities through the implementation.
• run queries and routines
• assist with identification of root cause of exceptions/results
• assist with training available resources.
Activ
ities
Phas
ePo
tent
ial D
eliv
erab
les
• gather relevant information
• perform risk assessment
• perform current state assessment
• perform gap analysis
• assist with drafting the desired state.
• conduct a post implementation assessment
• identify potential improvements
•Discuss control gaps and weaknesses.
Post implementation
assessment
Insignificant
Minor
Moderate
Major
Remote Unlikely Possible Likely Almost certain
1f
3e4c
4e4f
4j
1c
1d1e
2b
3g
3b 3d3f
3a
3h
4b
4d
4g
4h
4i
5a
5c
1a2c
2a
5b
3j
3i3c
1b
4a
Catastrophic
Risk
Con
sequ
ence
Insignificant
Minor
Moderate
Major
Remote Unlikely Possible Likely Almost certain
1f
3e4c
4e4f
4j
1c
1d1e
2b
3g
3b 3d3f
3a
3h
4b
4d
4g
4h
4i
5a
5c
1a2c
2a
5b
3j
3i3c
1b
4a
Catastrophic
Risk
Con
sequ
ence
Engagement letter Lessons learned
INITIATIVES
FUTURE – DO WELL
• Working in partnership with the business we will define and deliver Vodafone’s management information requirements, implementing a robust governance process to ensure continuous business information integrity, relevance and value
• < 1 per month per OpCo• 100%• Real time• 100% commonality• Milestones achieved on time and to budget
TARGETS
REQUIREDPLANNED
• Creation of MI function• Definition and communication
of role of finance in management information
• Define data ownership/source/ policy
• Define group, global and OpCo data and info needs
• Effective MI governance function
• Clarification and effective communication of matrix management roles and responsibilities
• Select IT infrastructure and platform
• Build solution
• Group Technology single billing system
• Common chart of accounts
• Many country based piecemeal projects
• Global Performance Management project
• Global HR Scorecards• Spend analysis vendor • One Vodafone• DCC (Data Centre
Consolidation)
• Hyperion committee• Local OpCo data
warehouses
CURRENTTODAY’S ENVIRONMENT
MEASURES
• Reduced level of ad hoc reporting• New report requests referred to MI
function• Speed of data delivery• Commonality of data definitions across
Vodafone• Execution of plan to deliver
People• Dedicated management information function• Clearly defined role for finance in management informationContent and governance• Strong governance process for management information• Linked to strategic value drivers• Agreed criteria for content• Content optimised on cost and value• Single, trusted view of performanceSystems• Single group wide, global data warehouse• Automated extraction, transformation and loading of dataFunctionality• Delivery of product/segment/customer profitability reporting• Delivery of real time management information (daily/weekly/monthly)
CRITICAL OBJECTIVE:-
INSIGHTFUL MANAGEMENT INFORMATION
INITIATIVES
FUTURE – DO WELL
• Working in partnership with the business we will define and deliver Vodafone’s management information requirements, implementing a robust governance process to ensure continuous business information integrity, relevance and value
• < 1 per month per OpCo• 100%• Real time• 100% commonality• Milestones achieved on time and to budget
TARGETS
REQUIREDPLANNED
• Creation of MI function• Definition and communication
of role of finance in management information
• Define data ownership/source/ policy
• Define group, global and OpCo data and info needs
• Effective MI governance function
• Clarification and effective communication of matrix management roles and responsibilities
• Select IT infrastructure and platform
• Build solution
• Group Technology single billing system
• Common chart of accounts
• Many country based piecemeal projects
• Global Performance Management project
• Global HR Scorecards• Spend analysis vendor • One Vodafone• DCC (Data Centre
Consolidation)
• Hyperion committee• Local OpCo data
warehouses
CURRENTTODAY’S ENVIRONMENT
MEASURES
• Reduced level of ad hoc reporting• New report requests referred to MI
function• Speed of data delivery• Commonality of data definitions across
Vodafone• Execution of plan to deliver
People• Dedicated management information function• Clearly defined role for finance in management informationContent and governance• Strong governance process for management information• Linked to strategic value drivers• Agreed criteria for content• Content optimised on cost and value• Single, trusted view of performanceSystems• Single group wide, global data warehouse• Automated extraction, transformation and loading of dataFunctionality• Delivery of product/segment/customer profitability reporting• Delivery of real time management information (daily/weekly/monthly)
CRITICAL OBJECTIVE:-
INSIGHTFUL MANAGEMENT INFORMATION
12 A
M
4 A
M
8 A
M
12 P
M
4 P
M
8 P
M
• determine client objectives with key stakeholders
• prepare engagement approach with team
• kick-off the project.
The full scope of services is not permitted for audit clients or their affiliates. See detailed guidance regarding independence on slides 9 and 10 of the methodology guide.
What are the objectives? –IA, IA for Mgt or both–Strengthen IA data analytics.What are the anticipated areas of focus? –ERP? Non-ERP? Both?–Controls, transactions, macro analysis –Risk types? (e.g., fraud, performance, waste, regulatory compliance).How will the analysis be performed?–Embedded, extracted–Frequency: regular, repeatable, near real-time.
Required sophistication of analytic functionality–Rules, statistical, temporal, artificial intelligence.Exception handling–Alerts–Aggregation, prioritization, scoring–Assignment, investigation, resolution, documentation.Reporting and dashboard capabilitiesImpact on system performance (extraction)Required speed of analysis and hardware requirements (daily analytics)Cost
The Value PropositionBenefits of Implementing CA/CM
Board of Directors Management Internal AuditImproved insight into the business risks across the enterprise
Improved corporate governance
Potential for improved reporting to the board
Allows senior management to have greater visibility into the organization—enhancing its oversight capabilities
Improved corporate governance
Improved information for day-to-day decision making
Reduction of work duplication
Improved leverage of IT investment
Reducing surprises
Identification of ‘issues’ closer to occurrence
Better able to test a broader range of controls, including security, segregation of duties, and process level controls at a reduced cost and on a timely basis
Improved speed of reporting to the business
Improved information to focus audit efforts
Improved maintenance of risk profile
CA brings greater efficiency, enhanced controls, earlier information, and reduced complexity
executive involvement at all stages of the project including opportunity identification, selection, prioritization and sign-off
clear CM leadership roles to drive cultural change identification of control owners to report failures, escalate issues, etc.
Technology toolsand experienced resources
fact-based approach to identification, quantification and prioritization of CM opportunities selection of appropriate CM tools to contain costs and speed up communication experienced staff who can commence fieldwork immediately.
Establishedapproach to CM
global continuous monitoring framework and approach identification of key control check points methodology emphasizes risk and continuous improvement.
Well planned approach
detailed project initiation and work plan documents knowledge of and linkage to enterprise risk exposures organization’s risk profile is fundamental to the assessment and design of the CM approach.
Organizational alignment
incorporation of key line management within the CM project partnering with team members to help enable knowledge transfer senior industry and functional practitioners.
Executive education on the development of a business case Obtain buy-in by the Chief Audit Executive regarding approach Commitment to train internal resources
Provide root cause analysis capabilities for errors, policy violations, fraud and misconduct Identification of key control check points Methodology emphasizes continuous improvement
Detailed project initiation and work plan documents Organization’s risk profile is fundamental to the assessment and design of the CM approach Knowledge of and linkage to enterprise risk exposures
Senior executive support
Experienced resources and technology tools
Experienced staff who hit the ground running Thorough business process and industry content knowledge Selection of appropriate CA tools to contain costs and speed up communication
Established approach to CA
Well planned approach
Organizational alignment
Partnering with internal team members to help enable knowledge transfer Consistent alignment of goals, measures and incentives Audit the “monitoring” function from an Internal Audit perspective
Transition Planning
Balancing existing internal audit practices with CA Managing independence
KPMG’s response addresses these vital issuesCritical successfactors
Copyrights and Disclaimers may vary between applications. Please consult the GB&RC MicroWeb for specific policies. http://www.grm.kworld.kpmg.com/GBRC/resource/default.aspPlease delete this message prior to printing or presenting.