NORTH AMERICA EMEA ASIA
All programs BankAudit 2013 InfoSec World Conference & Expo 2013 SuperStrategies Conference & Expo 2013 The Conference on Big Data Security
All programs The Audit Directors & Managers Symposium The MIS Audit Leadership Institute The MIS CAE Master's Program
ABOUT MIS INTERNAL AUDIT IT AUDIT INFO SECURITY IN-HOUSE TRAINING  
 
     Conferences            >      Seminars            >      Symposia            >      Webinars      Online Self Study      Training Weeks      In-House Training      Certificate Programs>      Exhibiting Info      Ways to Save      Request Info      Event Downloads      White Papers      Call for Instructors      Contact MIS      Site Map
Internal Audit IT Audit Info Security
Internal Audit IT Audit Info Security
Governance, Risk, and Compliance - OAP352 
Real-World Solutions for Creating a Best-Practice GRC Framework
Learning Level: Advanced
CPEs: 24 Fee: $2,050.00
Focus and Features Who Should Attend Agenda Register
Agenda

What You Will Learn
1. GRC: First, Answering the Important Questions
- what is it? 
- why is it important?
- why are we here? The defining moments!
- who is involved?
- what are the roles and responsibilities?

2. Understanding Governance Risks: The GRC Model
- different drivers in corporate governance
- focus on “risks”: thinking like the CCO and CRO
- the “four cornerstones” of a corporate governance framework: the board, executive management, internal auditors, and external auditors
- The board and audit committee: stewards for governance reform
- Executive management and tone at the top
- The four key components
- The GRC framework and model

3. A Strategic Look: Expectations and Challenges in Building and Implementing the GRC Framework and Model
- understanding your organization
- what to expect: traditional roadblocks
- impact of the organization’s political environment
- who should be the program sponsor and that person’s role
- making GRC a strategic objective for the organization

4. Analyzing the Tone at the Top
- what does tone at the top really mean?
- who sets the tone at the top
- how to assess and determine an organization’s tone
- performing a "quick tone at the top" assessment
- responsibilities of management
- dealing with a tone that is unacceptable
- right vs. wrong: consistency
- real-world “tone-at-the-top” scenarios: a behavioral model

5. GRC - Four Key Components and Your Roadmap to Success
- compliance and regulatory matters
- ethics
- investigations and fraud reporting
- managing risks: levels 1 and 2 
- the diagnosis: outlining the important questions to ask
- designing and executing the right program for your organization
- current state: actions needed to implement GRC best practices
- reporting: who, what, and when
- creating the “theme(s)” for each component
- raising awareness and communication programs

 6. Always Start with Risk: GRC Focus on Managing Risks
- determining your tolerance to risk and your organization's
- establishing the ERM Program and required sponsorship
- linking ERM to the annual planning process
- ownership/responsibility/accountability
- defining level 1 and level 2 risks: a different application of the risk pyramid
- adopting a risk culture and the types of risk assessments that need to be performed
- answering an important question: do you need a risk policy?
- transference of risk
- applying the risk process to major events: acquisitions and divestitures
- determining the risks and obstacles in the way of achieving a financial plan
- strategic view for Internal Audit: annual evaluation of the ERM approach
- reporting: who, what, when
- best practices for CROs/CCOs: what should be in your GRC framework

7. Compliance and Regulatory Matters: The Core Strategy
- forming the compliance committee and charter
- assessing the impact of laws and regulations: through the eyes of a regulator 
- the regulatory risk assessment
- identifying and using your organization’s subject matter experts
- SOX considerations: entity and transaction level
- developing the "playbook” 
- attacking policies and procedures: policy and procedures sub-committee
- effective compliance program roll-out
- effective use of tools and technology
- reporting: who, what, when
- the “theme” for the compliance component
- best practices for CROs/CCOs: what should be in your GRC framework

8. Ethics: Values and Behavior
- forming the ethics committee and charter
- establishing a code of ethics and business conduct
- developing a separate and distinct conflict of interest statement
- social responsibility issues: maintaining your public image
- the starting point: hiring ethical employees: what needs to be done
- HR policies and procedures: what’s important
- performance appraisals: a different view
- conducting ethics investigations
- leverage technology: analyzing the trends
- reporting: who, what, when
- the “theme” for the ethics component
- best practices for CROs/CCOs: what should be in your GRC framework

9. Investigations and Fraud Reporting: Standing Your Ground
- establishing a fraud policy and an anti-fraud program
- the fraud risk assessment
- communication channels and one central point of contact for all allegations and investigations
- the protocols for an effective investigation
- success through constant internal communication
- once a fraud occurs: evaluating controls and the connection to SOX
- leveraging technology" analyzing the trends and getting ahead of a fraud
- reporting: who, what, when
- the “theme” for the investigation and fraud reporting component
- best practices for CROs/CCOs: what should be in your GRC framework

10. Key Strategy: Implementing the Chief Risk Office/Chief Compliance Office
- defining the Chief Risk Office/Chief Compliance Office
- the organization: who should be involved; roles and responsibilities
- the connection to/working with operations, legal, accounting, IT
- leveraging existing self-monitoring activities and infrastructure: implementing control self assessment
- making internal audit a strategic part of GRC: that’s what this office will do
- monitoring activities: linking to the internal audit and the annual business plan and which audits need to be done for each component
- evaluating the corporate governance program
- suggesting changes: getting sustained results
- communicating and working with the external auditor
- best practices for CROs/CCOs: how to implement this important office

11. Pulling It All Together
- the journey
- scaling GRC to the size of your business
- considerations: what to implement 1st, 2nd, 3rd, etc. 
- linking technology to the GRC Framework
- a best practice: GRC framework snapshot

 
REGISTRATION QUESTIONS?
For questions about your registration, government and team discounts, or multiple registrations, please call Linda Ronconi at (508) 879-7999, ext. 501 or e-mail mis@misti.com.

IN-HOUSE SEMINARS
This seminar is available in-house. For more information about bringing this or other MIS seminars to your organization, please call Mimi Hatch at (410) 692-2465 or e-mail mhatch@misti.com.

 


Dates/Locations
May 15 - 17, 2013
New York
October 30 - November 1, 2013
New York