SlideShare una empresa de Scribd logo

Corporate Governance Frameworks

Operational Excellence Consulting
Operational Excellence Consulting

[To download this presentation, visit: https://www.oeconsulting.com.sg/training-presentations] This presentation is a collection of PowerPoint diagrams and templates used to convey 20 different governance, risks and compliance frameworks and models. (Please note that these are diagrams and charts that are to be used in your own business or classroom presentations. These are not instructional slides.) INCLUDED FRAMEWORKS/MODELS: 1. OECD Principles of Corporate Governance 2. International Corporate Governance Network (ICGN) Global Governance Principles 3. Corporate Governance Principles for Banks (Basel Committee on Banking Supervision) 4. International Finance Corporation (IFC) Corporate Governance Methodology 5. COSO 2013 Framework: Internal Control – Integrated Framework 6. Sarbanes-Oxley Act (SOX) 7. UK Corporate Governance Code (formerly known as the UK Combined Code) 8. COBIT 2019 9. NIST Cybersecurity Framework v1.1 10. Payment Card Industry Data Security Standard (PCI DSS) v4.0 11. IT Infrastructure Library (ITIL 4) 12. Factor Analysis of Information Risk (FAIR) Model (v3.0) 13. ISO 31000:2018 Risk Management 14. ISO/IEC 38500:2015 Governance of IT for the organization 15. ISO/IEC 27001:2022 Information Security Management System 16. ISO 22301:2019 Business Continuity Management Systems 17. ISO 37001:2016 Anti-Bribery Management Systems 18. ISO 37301:2021 Compliance Management Systems 19. ISO 19011:2018 Auditing Management Systems 20. Balanced Scorecard

Empresariales
1 de 20
© Operational Excellence Consulting. All rights reserved. This presentation is a collection of PowerPoint diagrams and templates used to convey 20 different governance, risks and compliance frameworks and models. Corporate Governance Frameworks Diagrams and Templates of Governance, Risks & Compliance Frameworks & Models
© Operational Excellence Consulting. All rights reserved. 2 Contents 1. OECD Principles of Corporate Governance 2. International Corporate Governance Network (ICGN) Global Governance Principles 3. Corporate Governance Principles for Banks (Basel Committee on Banking Supervision) 4. International Finance Corporation (IFC) Corporate Governance Methodology 5. COSO 2013 Framework: Internal Control – Integrated Framework 6. Sarbanes-Oxley Act (SOX) 7. UK Corporate Governance Code 8. COBIT 2019 9. NIST Cybersecurity Framework V1.1 10. Payment Card Industry Data Security Standard (PCI DSS) V4.0 11. IT Infrastructure Library (ITIL 4) 12. Factor Analysis of Information Risk (FAIR) Model (V3.0) 13. ISO 31000:2018 Risk Management 14. ISO/IEC 38500:2015 Governance of IT for the organization 15. ISO/IEC 27001:2022 Information Security Management System 16. ISO 22301:2019 Business Continuity Management Systems (BCMS) 17. ISO 37001:2016 Anti-Bribery Management Systems 18. ISO 37301:2021 Compliance Management Systems 19. ISO 19011:2018 Auditing Management Systems 20. Balanced Scorecard NOTE: This is a PARTIAL PREVIEW. To download the complete presentation, please visit: https://www.oeconsulting.com.sg
© Operational Excellence Consulting. All rights reserved. 3 The Six Principles of Corporate Governance were developed by OECD to help OECD and Non-OECD governments in their efforts to create legal and regulatory frameworks for corporate governance in their countries The six OECD Principles are: 1. Ensuring the basis of an effective corporate governance framework 2. The rights of shareholders and key ownership functions 3. The equitable treatment of shareholders 4. The role of stakeholders in corporate governance 5. Disclosure and transparency 6. The responsibilities of the board Source: OECD The Six OECD Principles of Corporate Governance
© Operational Excellence Consulting. All rights reserved. 4 The ICGN is a leading authority on corporate governance, and its principles serve as guidelines for companies, investors, and other stakeholders to foster sound corporate governance practices Source: ICGN The ICGN Global Governance Principles Leadership and independence 2 Composition and appointment 3 Corporate culture 4 Remuneration 5 Board role responsibilities 1 Corporate reporting 7 Internal and external audit 8 Shareholder rights 9 Shareholder meetings 10 Risk oversight 6
© Operational Excellence Consulting. All rights reserved. 5 The 13 principles developed by the Basel Committee on Banking Supervision (BCBS) provide a framework within which banks and supervisors should operate to achieve robust and transparent risk management and decision-making Source: BCBS, 2015 The Basel Framework – The 13 Principles The 13 Principles Description Principle 1 Emphasizes the board’s overall responsibility for the bank. Principle 2 Specifies requirements for board qualifications and composition. Principle 3 Describes the appropriate board structure and practices. Principle 4 Sets guidance regarding banks’ senior management. Principle 5 Covers the governance of group structures. Principle 6 Sets guidance for the risk management function. Principle 7 Covers risk identification, monitoring and controlling. Principle 8 Sets guidance for risk communication. Principle 9 Covers the compliance function. Principle 10 Sets guidance for internal audit. Principle 11 Explains how a bank’s compensation structure should support sound corporate governance. Principle 12 Covers disclosure and transparency of a bank’s governance to its shareholders, depositors, other stakeholders and market participants. Principle 13 Describes the role of supervisors in fostering sound corporate governance.
© Operational Excellence Consulting. All rights reserved. 6 The COSO Internal Control – Integrated Framework is a widely adopted framework for designing, implementing and evaluating internal control for organizations COSO 2013 Framework: Internal Control – Integrated Framework Source: COSO 2013 Framework, Internal Control – Integrated framework Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities
© Operational Excellence Consulting. All rights reserved. 7 Sarbanes-Oxley Act (SOX): Empowering C-Level Executives for Trustworthy Financials and Sustainable Growth Sarbanes-Oxley Act (SOX) Sarbanes-Oxley Act (SOX) Purpose § Enacted in 2002 to restore investor confidence after accounting scandals like Enron and WorldCom § Regulates financial reporting and corporate governance to enhance transparency and accountability Key Provisions § Section 302: CEO and CFO certify accuracy of financial statements and disclosures § Section 404: Management assesses and reports on internal controls' effectiveness § Section 802: Criminalizes altering, destroying, or falsifying records, with penalties up to 20 years in prison Impact § Improved financial reporting accuracy and reliability § Enhanced board independence and oversight § Increased disclosure and transparency for stakeholders Source: Adapted from SOX
© Operational Excellence Consulting. All rights reserved. 8 UK Corporate Governance Code outlines best practices for board leadership, remuneration, accountability, and stakeholder engagement UK Corporate Governance Code UK Corporate Governance Code Purpose § Sets standards for corporate governance and promotes transparency, accountability, and investor confidence § Developed by the Financial Reporting Council (FRC) to guide UK-listed companies Key Principles Board Leadership and Effectiveness: § Emphasizes separation of CEO and Chair roles § Encourages diverse board composition and regular performance evaluations Remuneration: § Links executive pay to company performance and long-term success § Requires transparent reporting on remuneration policies and outcomes Accountability and Audit: § Focuses on board responsibility for risk oversight and internal controls § Mandates regular engagement with auditors to ensure audit quality Source: Adapted from UK Corporate Governance Code
© Operational Excellence Consulting. All rights reserved. 9 COBIT is a leading framework for the governance and management of enterprise IT and is based on six principles of enterprise IT governance Source: Based on ISACA 1. Provide Stakeholder Value 4. Governance Distinct From Management 2. Holistic Approach 5. Tailored to Enterprise Needs 3. Dynamic Governance System 6. End-to-End Governance System COBIT 2019 Governance System Principles
© Operational Excellence Consulting. All rights reserved. 10 The NIST Cybersecurity Framework (V1.1) is a voluntary framework that consists of standards, guidelines and best practices to manage cybersecurity risk Source: Based on NIST NIST Cybersecurity Framework (V1.1) NIST CYBERSECURITY FRAMEWORK
© Operational Excellence Consulting. All rights reserved. 11 The PCI Data Security Standards cover technical and operational system components included in or connected to cardholder data PCI DSS V4.0 – The 12 Requirements Goals PCS DSS Requirements Build and Maintain a Secure Network and Systems 1. Install and maintain network security controls 2. Apply secure configurations to all system components Protect Account Data 3. Protect stored account data 4. Protect cardholder data with strong cryptography during transmission over open, public networks Maintain a Vulnerability Management Program 5. Protect all systems and networks from malicious software 6. Develop and maintain secure systems and software Implement Strong Access Control Measures 7. Restrict access to system components and cardholder data by business need to know 8. Identify users and authenticate access to system components 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Log and monitor all access to system components and cardholder data 11. Test security of systems and networks regularly Maintain an Information Security Policy 12. Support information security with organizational policies and programs Source: PCI Security Standards Council (PCI SSC)
© Operational Excellence Consulting. All rights reserved. 12 ITIL 4 has defined Four Dimensions of Service Management that are critical to the effective and efficient delivery of value to customers and other stakeholders in the form of products and services Factors Every dimension is affected by multiple factors Economical factors Political factors Environmental factors Social factors Legal factors Technological factors 2 Information & technology 1 Organizations & people Partners & suppliers 3 Value streams & processes 4 Products & services Value Source: Based on AXELOS. Copyright AXELOS. The Four Dimensions of Service Management
© Operational Excellence Consulting. All rights reserved. 13 Factor Analysis of Information Risk (FAIR) is the only international standard quantitative model for information security and operational risk The FAIR Model Source: Based on the FAIR Institute RISK Loss Event Frequency Loss Magnitude Threat Event Frequency Vulnerability Primary Loss Secondary Loss Contact Frequency Probability of Action Threat Capability Resistance Strength Secondary Loss Event Frequency Secondary Loss Magnitude Random Regular Intentional Value Level of Effort Risk Skills § Knowledge § Experience Resources § Time § Materials
© Operational Excellence Consulting. All rights reserved. 14 ISO 31000:2018 is a generic risk management standard which can be used by both public and private organizations and by groups, associations and enterprises of all kinds Source: International Organization for Standardization Risk Evaluation Risk Analysis Risk Identification Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING ISO 31000:2018 Risk Management Process
© Operational Excellence Consulting. All rights reserved. 15 ISO/IEC 27001:2022 is a global standard on Information Security Management Systems (ISMS) Source: Based on ISO ISO/IEC 27001:2022 Key Clause Structure (4-10) PLAN DO CHECK ACT 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 4.1 Understanding the organization and its context 5.1 Leadership and commitment 6.1 Actions to address risks and opportunities 7.1 Resources 8.1 Operational planning and control 9.1 Monitoring, measurement, analysis and evaluation 10.1 Nonconformity and corrective action 4.2 Understanding the needs and expectations of interested parties 5.2 Policy 6.2 Information security objectives and planning to achieve them 7.2 Competence 8.2 Information security risk assessment 9.2 Internal audit 10.2 Continual improvement 4.3 Determining the scope of the ISMS 5.3 Organizational roles, responsibilities and authorities 7.3 Awareness 8.3 Information security risk treatment 9.3 Management review 4.4 Information Security Management System 7.4 Communication 7.5 Documented information
© Operational Excellence Consulting. All rights reserved. 16 The ISO 37001:2016 Anti-Bribery Management Systems Key Clause Structure (4-10) PLAN DO CHECK ACT 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 4.1 Understanding the organization and its context 5.1 Leadership and commitment 6.1 Actions to address risks and opportunities 7.1 Resources 8.1 Operational planning and control 9.1 Monitoring, measurement, analysis and evaluation 10.1 Nonconformity and corrective action 4.2 Understanding the needs and expectations of stakeholders 5.2 Anti-bribery policy 6.2 Anti-bribery objectives and planning to achieve them 7.2 Competence 8.2 due diligence 9.2 Internal audit 10.2 Continual improvement 4.3 Determining the scope of the anti-bribery management system 5.3 Organizational roles, responsibilities and authorities 7.3 Awareness and training 8.3 Financial controls 9.3 Management review 4.4 Anti-bribery management system 7.4 Communication 8.4 Non-financial controls 9.4 Review by anti-bribery compliance function 4.5 Bribery risk management 7.5 Documented information 8.5 Implementation of anti- bribery controls by controlled orgns & by business associates 8.6 Anti-bribery commitments 8.7 Gifts, hospitality, donations and similar benefits 8.8 Managing inadequacy of anti-bribery controls 8.9 Raising concerns 8.10 Investigating & dealing with bribery ISO 37001:2016 – Key Clause Structure (4-10) Source: Based on International Organization for Standardization
© Operational Excellence Consulting. All rights reserved. 17 ISO 37301:2021 specifies requirements and guidance for establishing and maintaining compliance management systems with a focus on ethical behavior and risk-based approaches ISO 37301:2021 – Elements of a Compliance Management System Source: Based on International Organization for Standardization PRINCIPLES INTEGRITY | GOOD GOVERNANCE | PROPORTIONALITY | TRANSPARENCY | ACCOUNTABILITY | SUSTAINABILITY OBJECTIVES INTEGRITY | CULTURE | CONFORMITY | REPUTATION | VALUE | ETHICS ORGANIZATION & ITS CONTEXT LEGAL | SOCIAL | CULTURAL | DIGITALIZATION | FINANCE | STRUCTURE | ENVIRONMENT | INTERESTED PARTIES COMMITMENT AT ALL LEVELS DETERMINING THE SCOPE COMPLIANCE POLICY ROLES & RESPONSIBILITIES OBLIGATIONS & RISKS SUPPORT COMPETENCE & AWARENESS COMMUNICATION & TRAINING OPERATION CONTROLS & PROCEDURES DOCUMENTATION INTERNAL AUDIT MANAGEMENT REVIEW MONITORING & MEASUREMENT RAISING AWARENESS INVESTIGATION PROCESS MANAGING NONCOMPLIANCE CONTINUAL IMPROVEMENT CHECK DO PLAN ACT LEADERSHIP GOVERNANCE CULTURE LEADERSHIP GOVERNANCE CULTURE
© Operational Excellence Consulting. All rights reserved. 18 The ISO 19011:2018 standard contains guidance on managing an audit program, the principles of auditing, and the evaluation of individuals responsible for managing the audit programs ISO 19011:2018 – Principles of Auditing Source: Based on International Organization for Standardization
© Operational Excellence Consulting. All rights reserved. 19 Balanced Scorecard: Enhancing Corporate Governance with Strategic Alignment and Performance Management FINANCIAL BUSINESS PROCESSES Vision and Strategy To succeed financially, how should we appear to our shareholders? LEARNING & GROWTH CUSTOMERS To achieve our vision, how will we sustain our ability to change and improve? To achieve our vision, how should we appear to our customers? To satisfy our shareholders and customers, what business processes must we excel at? Source: Kaplan & Norton Balanced Scorecard
© Operational Excellence Consulting. All rights reserved. 20 Operational Excellence Consulting is a management training and consulting firm that assists organizations in improving business performance and effectiveness. Based in Singapore, the firm’s mission is to create business value for organizations through innovative design and operational excellence management training and consulting solutions. For more information, please visit www.oeconsulting.com.sg

Recomendados

Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
Corporate Compliance Seminars
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptxPPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
ssuserd1791e
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
International Federation of Accountants
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
suhaskokate
 
COBIT
COBITCOBIT
COBIT
ERUMSULAYMAN1
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
Markus Yaldu
 

Recomendados

Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
Corporate Compliance Seminars
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptxPPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
ssuserd1791e
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
International Federation of Accountants
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
suhaskokate
 
COBIT
COBITCOBIT
COBIT
ERUMSULAYMAN1
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
Markus Yaldu
 
COSO Deck
COSO DeckCOSO Deck
COSO Deck
Ron Steinkamp
 
COBIT5-IntroductionS
COBIT5-IntroductionSCOBIT5-IntroductionS
COBIT5-IntroductionS
samaila istifanus Amlai
 
IBM Maximo and ISO 55000
IBM Maximo and ISO 55000IBM Maximo and ISO 55000
IBM Maximo and ISO 55000
Helen Fisher
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
Pedro Garcia Repetto
 
02-cobit5-introduction.ppt
02-cobit5-introduction.ppt02-cobit5-introduction.ppt
02-cobit5-introduction.ppt
ElonMotta
 
2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)
2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)
2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)
Uto Ukpanah
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
Christian F. Nissen
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
TRANANHQUAN4
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
aqel aqel
 
Eurosec'2008 christophe feltus
Eurosec'2008 christophe feltusEurosec'2008 christophe feltus
Eurosec'2008 christophe feltus
Luxembourg Institute of Science and Technology
 
PRIVATE SECTOR CODE -2016
PRIVATE SECTOR CODE -2016PRIVATE SECTOR CODE -2016
PRIVATE SECTOR CODE -2016
magus67
 
Mongolia National Corp Gov Implementation RT presentation_20april2012_dy
Mongolia National Corp Gov Implementation RT presentation_20april2012_dyMongolia National Corp Gov Implementation RT presentation_20april2012_dy
Mongolia National Corp Gov Implementation RT presentation_20april2012_dy
Demir Yener
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
Spyros Ktenas
 
Cobit Foundation Training
Cobit Foundation TrainingCobit Foundation Training
Cobit Foundation Training
vyomlabs
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
Sam Mandebvu
 
Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013
SARVJEET KAUSHAL
 
990025 p executive-summary-final-may20
990025 p executive-summary-final-may20990025 p executive-summary-final-may20
990025 p executive-summary-final-may20
Thoriq Rivaldi
 
ISO 37301:2021 (Compliance Management Systems) Awareness Training
ISO 37301:2021 (Compliance Management Systems) Awareness TrainingISO 37301:2021 (Compliance Management Systems) Awareness Training
ISO 37301:2021 (Compliance Management Systems) Awareness Training
Operational Excellence Consulting
 
18.11.2013 International business standard on transparency, Jelena Pesic
18.11.2013 International business standard on transparency, Jelena Pesic 18.11.2013 International business standard on transparency, Jelena Pesic
18.11.2013 International business standard on transparency, Jelena Pesic
The Business Council of Mongolia
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
Erwin Morales
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
Operational Excellence Consulting
 
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness TrainingISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
Operational Excellence Consulting
 

Más contenido relacionado

Similar a Corporate Governance Frameworks

2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)
2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)
2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)
Uto Ukpanah
 
PRIVATE SECTOR CODE -2016
PRIVATE SECTOR CODE -2016PRIVATE SECTOR CODE -2016
PRIVATE SECTOR CODE -2016
magus67
 
ISO 37301:2021 (Compliance Management Systems) Awareness Training
ISO 37301:2021 (Compliance Management Systems) Awareness TrainingISO 37301:2021 (Compliance Management Systems) Awareness Training
ISO 37301:2021 (Compliance Management Systems) Awareness Training
Operational Excellence Consulting
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
Erwin Morales
 

Similar a Corporate Governance Frameworks (20)

COSO Deck
COSO DeckCOSO Deck
COSO Deck
 
COBIT5-IntroductionS
COBIT5-IntroductionSCOBIT5-IntroductionS
COBIT5-IntroductionS
 
IBM Maximo and ISO 55000
IBM Maximo and ISO 55000IBM Maximo and ISO 55000
IBM Maximo and ISO 55000
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
 
02-cobit5-introduction.ppt
02-cobit5-introduction.ppt02-cobit5-introduction.ppt
02-cobit5-introduction.ppt
 
2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)
2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)
2016 ICSAN MCPE Understanding the Financial Reporting Council (FRC)
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
 
Eurosec'2008 christophe feltus
Eurosec'2008 christophe feltusEurosec'2008 christophe feltus
Eurosec'2008 christophe feltus
 
PRIVATE SECTOR CODE -2016
PRIVATE SECTOR CODE -2016PRIVATE SECTOR CODE -2016
PRIVATE SECTOR CODE -2016
 
Mongolia National Corp Gov Implementation RT presentation_20april2012_dy
Mongolia National Corp Gov Implementation RT presentation_20april2012_dyMongolia National Corp Gov Implementation RT presentation_20april2012_dy
Mongolia National Corp Gov Implementation RT presentation_20april2012_dy
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 
Cobit Foundation Training
Cobit Foundation TrainingCobit Foundation Training
Cobit Foundation Training
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
 
Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013Coso internal control frameword executive summary_2013
Coso internal control frameword executive summary_2013
 
990025 p executive-summary-final-may20
990025 p executive-summary-final-may20990025 p executive-summary-final-may20
990025 p executive-summary-final-may20
 
ISO 37301:2021 (Compliance Management Systems) Awareness Training
ISO 37301:2021 (Compliance Management Systems) Awareness TrainingISO 37301:2021 (Compliance Management Systems) Awareness Training
ISO 37301:2021 (Compliance Management Systems) Awareness Training
 
18.11.2013 International business standard on transparency, Jelena Pesic
18.11.2013 International business standard on transparency, Jelena Pesic 18.11.2013 International business standard on transparency, Jelena Pesic
18.11.2013 International business standard on transparency, Jelena Pesic
 
Coso 2013 icfr executive summary
Coso 2013 icfr executive summaryCoso 2013 icfr executive summary
Coso 2013 icfr executive summary
 

Más de Operational Excellence Consulting

The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
Operational Excellence Consulting
 
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness TrainingISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
Operational Excellence Consulting
 
ISO 37000:2021 (Governance of Organizations) Awareness Training
ISO 37000:2021 (Governance of Organizations) Awareness TrainingISO 37000:2021 (Governance of Organizations) Awareness Training
ISO 37000:2021 (Governance of Organizations) Awareness Training
Operational Excellence Consulting
 
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating PerformanceSix Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
Operational Excellence Consulting
 
Kaizen Event Guide: Transforming Challenges into Opportunities
Kaizen Event Guide: Transforming Challenges into OpportunitiesKaizen Event Guide: Transforming Challenges into Opportunities
Kaizen Event Guide: Transforming Challenges into Opportunities
Operational Excellence Consulting
 
Kaizen: Elevating Continuous Improvement for Success
Kaizen: Elevating Continuous Improvement for SuccessKaizen: Elevating Continuous Improvement for Success
Kaizen: Elevating Continuous Improvement for Success
Operational Excellence Consulting
 
Strategic Planning: A3 Hoshin Planning Process
Strategic Planning: A3 Hoshin Planning ProcessStrategic Planning: A3 Hoshin Planning Process
Strategic Planning: A3 Hoshin Planning Process
Operational Excellence Consulting
 
A3 Problem Solving Process & Tools
A3 Problem Solving Process & ToolsA3 Problem Solving Process & Tools
A3 Problem Solving Process & Tools
Operational Excellence Consulting
 
Digital Strategic Business Planning Methodology
Digital Strategic Business Planning MethodologyDigital Strategic Business Planning Methodology
Digital Strategic Business Planning Methodology
Operational Excellence Consulting
 
Root Cause Analysis (RCA)
Root Cause Analysis (RCA)Root Cause Analysis (RCA)
Root Cause Analysis (RCA)
Operational Excellence Consulting
 
Business Process Reengineering (BPR)
Business Process Reengineering (BPR)Business Process Reengineering (BPR)
Business Process Reengineering (BPR)
Operational Excellence Consulting
 
5 Steps of Problem Solving
5 Steps of Problem Solving5 Steps of Problem Solving
5 Steps of Problem Solving
Operational Excellence Consulting
 
Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Seven Advanced Tools of Quality (Seven Advanced QC Tools)Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Operational Excellence Consulting
 
Seven Basic Tools of Quality (Seven Basic QC Tools)
Seven Basic Tools of Quality (Seven Basic QC Tools)Seven Basic Tools of Quality (Seven Basic QC Tools)
Seven Basic Tools of Quality (Seven Basic QC Tools)
Operational Excellence Consulting
 
Problem Solving & Visualization Tools
Problem Solving & Visualization ToolsProblem Solving & Visualization Tools
Problem Solving & Visualization Tools
Operational Excellence Consulting
 
PDCA Problem Solving Process & Tools
PDCA Problem Solving Process & ToolsPDCA Problem Solving Process & Tools
PDCA Problem Solving Process & Tools
Operational Excellence Consulting
 
8D Problem Solving Process & Tools
8D Problem Solving Process & Tools8D Problem Solving Process & Tools
8D Problem Solving Process & Tools
Operational Excellence Consulting
 
Digital Transformation Process Poster
Digital Transformation Process PosterDigital Transformation Process Poster
Digital Transformation Process Poster
Operational Excellence Consulting
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
Operational Excellence Consulting
 
Four Steps of Jidoka Poster
Four Steps of Jidoka PosterFour Steps of Jidoka Poster
Four Steps of Jidoka Poster
Operational Excellence Consulting
 

Más de Operational Excellence Consulting (20)

The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness TrainingISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
 
ISO 37000:2021 (Governance of Organizations) Awareness Training
ISO 37000:2021 (Governance of Organizations) Awareness TrainingISO 37000:2021 (Governance of Organizations) Awareness Training
ISO 37000:2021 (Governance of Organizations) Awareness Training
 
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating PerformanceSix Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
 
Kaizen Event Guide: Transforming Challenges into Opportunities
Kaizen Event Guide: Transforming Challenges into OpportunitiesKaizen Event Guide: Transforming Challenges into Opportunities
Kaizen Event Guide: Transforming Challenges into Opportunities
 
Kaizen: Elevating Continuous Improvement for Success
Kaizen: Elevating Continuous Improvement for SuccessKaizen: Elevating Continuous Improvement for Success
Kaizen: Elevating Continuous Improvement for Success
 
Strategic Planning: A3 Hoshin Planning Process
Strategic Planning: A3 Hoshin Planning ProcessStrategic Planning: A3 Hoshin Planning Process
Strategic Planning: A3 Hoshin Planning Process
 
A3 Problem Solving Process & Tools
A3 Problem Solving Process & ToolsA3 Problem Solving Process & Tools
A3 Problem Solving Process & Tools
 
Digital Strategic Business Planning Methodology
Digital Strategic Business Planning MethodologyDigital Strategic Business Planning Methodology
Digital Strategic Business Planning Methodology
 
Root Cause Analysis (RCA)
Root Cause Analysis (RCA)Root Cause Analysis (RCA)
Root Cause Analysis (RCA)
 
Business Process Reengineering (BPR)
Business Process Reengineering (BPR)Business Process Reengineering (BPR)
Business Process Reengineering (BPR)
 
5 Steps of Problem Solving
5 Steps of Problem Solving5 Steps of Problem Solving
5 Steps of Problem Solving
 
Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Seven Advanced Tools of Quality (Seven Advanced QC Tools)Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Seven Advanced Tools of Quality (Seven Advanced QC Tools)
 
Seven Basic Tools of Quality (Seven Basic QC Tools)
Seven Basic Tools of Quality (Seven Basic QC Tools)Seven Basic Tools of Quality (Seven Basic QC Tools)
Seven Basic Tools of Quality (Seven Basic QC Tools)
 
Problem Solving & Visualization Tools
Problem Solving & Visualization ToolsProblem Solving & Visualization Tools
Problem Solving & Visualization Tools
 
PDCA Problem Solving Process & Tools
PDCA Problem Solving Process & ToolsPDCA Problem Solving Process & Tools
PDCA Problem Solving Process & Tools
 
8D Problem Solving Process & Tools
8D Problem Solving Process & Tools8D Problem Solving Process & Tools
8D Problem Solving Process & Tools
 
Digital Transformation Process Poster
Digital Transformation Process PosterDigital Transformation Process Poster
Digital Transformation Process Poster
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
 
Four Steps of Jidoka Poster
Four Steps of Jidoka PosterFour Steps of Jidoka Poster
Four Steps of Jidoka Poster
 

Último

Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
discovermytutordmt
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Delhi Call girls
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
Roland Driesen
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 

Último (20)

Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 

Corporate Governance Frameworks

  • 1. © Operational Excellence Consulting. All rights reserved. This presentation is a collection of PowerPoint diagrams and templates used to convey 20 different governance, risks and compliance frameworks and models. Corporate Governance Frameworks Diagrams and Templates of Governance, Risks & Compliance Frameworks & Models
  • 2. © Operational Excellence Consulting. All rights reserved. 2 Contents 1. OECD Principles of Corporate Governance 2. International Corporate Governance Network (ICGN) Global Governance Principles 3. Corporate Governance Principles for Banks (Basel Committee on Banking Supervision) 4. International Finance Corporation (IFC) Corporate Governance Methodology 5. COSO 2013 Framework: Internal Control – Integrated Framework 6. Sarbanes-Oxley Act (SOX) 7. UK Corporate Governance Code 8. COBIT 2019 9. NIST Cybersecurity Framework V1.1 10. Payment Card Industry Data Security Standard (PCI DSS) V4.0 11. IT Infrastructure Library (ITIL 4) 12. Factor Analysis of Information Risk (FAIR) Model (V3.0) 13. ISO 31000:2018 Risk Management 14. ISO/IEC 38500:2015 Governance of IT for the organization 15. ISO/IEC 27001:2022 Information Security Management System 16. ISO 22301:2019 Business Continuity Management Systems (BCMS) 17. ISO 37001:2016 Anti-Bribery Management Systems 18. ISO 37301:2021 Compliance Management Systems 19. ISO 19011:2018 Auditing Management Systems 20. Balanced Scorecard NOTE: This is a PARTIAL PREVIEW. To download the complete presentation, please visit: https://www.oeconsulting.com.sg
  • 3. © Operational Excellence Consulting. All rights reserved. 3 The Six Principles of Corporate Governance were developed by OECD to help OECD and Non-OECD governments in their efforts to create legal and regulatory frameworks for corporate governance in their countries The six OECD Principles are: 1. Ensuring the basis of an effective corporate governance framework 2. The rights of shareholders and key ownership functions 3. The equitable treatment of shareholders 4. The role of stakeholders in corporate governance 5. Disclosure and transparency 6. The responsibilities of the board Source: OECD The Six OECD Principles of Corporate Governance
  • 4. © Operational Excellence Consulting. All rights reserved. 4 The ICGN is a leading authority on corporate governance, and its principles serve as guidelines for companies, investors, and other stakeholders to foster sound corporate governance practices Source: ICGN The ICGN Global Governance Principles Leadership and independence 2 Composition and appointment 3 Corporate culture 4 Remuneration 5 Board role responsibilities 1 Corporate reporting 7 Internal and external audit 8 Shareholder rights 9 Shareholder meetings 10 Risk oversight 6
  • 5. © Operational Excellence Consulting. All rights reserved. 5 The 13 principles developed by the Basel Committee on Banking Supervision (BCBS) provide a framework within which banks and supervisors should operate to achieve robust and transparent risk management and decision-making Source: BCBS, 2015 The Basel Framework – The 13 Principles The 13 Principles Description Principle 1 Emphasizes the board’s overall responsibility for the bank. Principle 2 Specifies requirements for board qualifications and composition. Principle 3 Describes the appropriate board structure and practices. Principle 4 Sets guidance regarding banks’ senior management. Principle 5 Covers the governance of group structures. Principle 6 Sets guidance for the risk management function. Principle 7 Covers risk identification, monitoring and controlling. Principle 8 Sets guidance for risk communication. Principle 9 Covers the compliance function. Principle 10 Sets guidance for internal audit. Principle 11 Explains how a bank’s compensation structure should support sound corporate governance. Principle 12 Covers disclosure and transparency of a bank’s governance to its shareholders, depositors, other stakeholders and market participants. Principle 13 Describes the role of supervisors in fostering sound corporate governance.
  • 6. © Operational Excellence Consulting. All rights reserved. 6 The COSO Internal Control – Integrated Framework is a widely adopted framework for designing, implementing and evaluating internal control for organizations COSO 2013 Framework: Internal Control – Integrated Framework Source: COSO 2013 Framework, Internal Control – Integrated framework Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities
  • 7. © Operational Excellence Consulting. All rights reserved. 7 Sarbanes-Oxley Act (SOX): Empowering C-Level Executives for Trustworthy Financials and Sustainable Growth Sarbanes-Oxley Act (SOX) Sarbanes-Oxley Act (SOX) Purpose § Enacted in 2002 to restore investor confidence after accounting scandals like Enron and WorldCom § Regulates financial reporting and corporate governance to enhance transparency and accountability Key Provisions § Section 302: CEO and CFO certify accuracy of financial statements and disclosures § Section 404: Management assesses and reports on internal controls' effectiveness § Section 802: Criminalizes altering, destroying, or falsifying records, with penalties up to 20 years in prison Impact § Improved financial reporting accuracy and reliability § Enhanced board independence and oversight § Increased disclosure and transparency for stakeholders Source: Adapted from SOX
  • 8. © Operational Excellence Consulting. All rights reserved. 8 UK Corporate Governance Code outlines best practices for board leadership, remuneration, accountability, and stakeholder engagement UK Corporate Governance Code UK Corporate Governance Code Purpose § Sets standards for corporate governance and promotes transparency, accountability, and investor confidence § Developed by the Financial Reporting Council (FRC) to guide UK-listed companies Key Principles Board Leadership and Effectiveness: § Emphasizes separation of CEO and Chair roles § Encourages diverse board composition and regular performance evaluations Remuneration: § Links executive pay to company performance and long-term success § Requires transparent reporting on remuneration policies and outcomes Accountability and Audit: § Focuses on board responsibility for risk oversight and internal controls § Mandates regular engagement with auditors to ensure audit quality Source: Adapted from UK Corporate Governance Code
  • 9. © Operational Excellence Consulting. All rights reserved. 9 COBIT is a leading framework for the governance and management of enterprise IT and is based on six principles of enterprise IT governance Source: Based on ISACA 1. Provide Stakeholder Value 4. Governance Distinct From Management 2. Holistic Approach 5. Tailored to Enterprise Needs 3. Dynamic Governance System 6. End-to-End Governance System COBIT 2019 Governance System Principles
  • 10. © Operational Excellence Consulting. All rights reserved. 10 The NIST Cybersecurity Framework (V1.1) is a voluntary framework that consists of standards, guidelines and best practices to manage cybersecurity risk Source: Based on NIST NIST Cybersecurity Framework (V1.1) NIST CYBERSECURITY FRAMEWORK
  • 11. © Operational Excellence Consulting. All rights reserved. 11 The PCI Data Security Standards cover technical and operational system components included in or connected to cardholder data PCI DSS V4.0 – The 12 Requirements Goals PCS DSS Requirements Build and Maintain a Secure Network and Systems 1. Install and maintain network security controls 2. Apply secure configurations to all system components Protect Account Data 3. Protect stored account data 4. Protect cardholder data with strong cryptography during transmission over open, public networks Maintain a Vulnerability Management Program 5. Protect all systems and networks from malicious software 6. Develop and maintain secure systems and software Implement Strong Access Control Measures 7. Restrict access to system components and cardholder data by business need to know 8. Identify users and authenticate access to system components 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Log and monitor all access to system components and cardholder data 11. Test security of systems and networks regularly Maintain an Information Security Policy 12. Support information security with organizational policies and programs Source: PCI Security Standards Council (PCI SSC)
  • 12. © Operational Excellence Consulting. All rights reserved. 12 ITIL 4 has defined Four Dimensions of Service Management that are critical to the effective and efficient delivery of value to customers and other stakeholders in the form of products and services Factors Every dimension is affected by multiple factors Economical factors Political factors Environmental factors Social factors Legal factors Technological factors 2 Information & technology 1 Organizations & people Partners & suppliers 3 Value streams & processes 4 Products & services Value Source: Based on AXELOS. Copyright AXELOS. The Four Dimensions of Service Management
  • 13. © Operational Excellence Consulting. All rights reserved. 13 Factor Analysis of Information Risk (FAIR) is the only international standard quantitative model for information security and operational risk The FAIR Model Source: Based on the FAIR Institute RISK Loss Event Frequency Loss Magnitude Threat Event Frequency Vulnerability Primary Loss Secondary Loss Contact Frequency Probability of Action Threat Capability Resistance Strength Secondary Loss Event Frequency Secondary Loss Magnitude Random Regular Intentional Value Level of Effort Risk Skills § Knowledge § Experience Resources § Time § Materials
  • 14. © Operational Excellence Consulting. All rights reserved. 14 ISO 31000:2018 is a generic risk management standard which can be used by both public and private organizations and by groups, associations and enterprises of all kinds Source: International Organization for Standardization Risk Evaluation Risk Analysis Risk Identification Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING ISO 31000:2018 Risk Management Process
  • 15. © Operational Excellence Consulting. All rights reserved. 15 ISO/IEC 27001:2022 is a global standard on Information Security Management Systems (ISMS) Source: Based on ISO ISO/IEC 27001:2022 Key Clause Structure (4-10) PLAN DO CHECK ACT 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 4.1 Understanding the organization and its context 5.1 Leadership and commitment 6.1 Actions to address risks and opportunities 7.1 Resources 8.1 Operational planning and control 9.1 Monitoring, measurement, analysis and evaluation 10.1 Nonconformity and corrective action 4.2 Understanding the needs and expectations of interested parties 5.2 Policy 6.2 Information security objectives and planning to achieve them 7.2 Competence 8.2 Information security risk assessment 9.2 Internal audit 10.2 Continual improvement 4.3 Determining the scope of the ISMS 5.3 Organizational roles, responsibilities and authorities 7.3 Awareness 8.3 Information security risk treatment 9.3 Management review 4.4 Information Security Management System 7.4 Communication 7.5 Documented information
  • 16. © Operational Excellence Consulting. All rights reserved. 16 The ISO 37001:2016 Anti-Bribery Management Systems Key Clause Structure (4-10) PLAN DO CHECK ACT 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 4.1 Understanding the organization and its context 5.1 Leadership and commitment 6.1 Actions to address risks and opportunities 7.1 Resources 8.1 Operational planning and control 9.1 Monitoring, measurement, analysis and evaluation 10.1 Nonconformity and corrective action 4.2 Understanding the needs and expectations of stakeholders 5.2 Anti-bribery policy 6.2 Anti-bribery objectives and planning to achieve them 7.2 Competence 8.2 due diligence 9.2 Internal audit 10.2 Continual improvement 4.3 Determining the scope of the anti-bribery management system 5.3 Organizational roles, responsibilities and authorities 7.3 Awareness and training 8.3 Financial controls 9.3 Management review 4.4 Anti-bribery management system 7.4 Communication 8.4 Non-financial controls 9.4 Review by anti-bribery compliance function 4.5 Bribery risk management 7.5 Documented information 8.5 Implementation of anti- bribery controls by controlled orgns & by business associates 8.6 Anti-bribery commitments 8.7 Gifts, hospitality, donations and similar benefits 8.8 Managing inadequacy of anti-bribery controls 8.9 Raising concerns 8.10 Investigating & dealing with bribery ISO 37001:2016 – Key Clause Structure (4-10) Source: Based on International Organization for Standardization
  • 17. © Operational Excellence Consulting. All rights reserved. 17 ISO 37301:2021 specifies requirements and guidance for establishing and maintaining compliance management systems with a focus on ethical behavior and risk-based approaches ISO 37301:2021 – Elements of a Compliance Management System Source: Based on International Organization for Standardization PRINCIPLES INTEGRITY | GOOD GOVERNANCE | PROPORTIONALITY | TRANSPARENCY | ACCOUNTABILITY | SUSTAINABILITY OBJECTIVES INTEGRITY | CULTURE | CONFORMITY | REPUTATION | VALUE | ETHICS ORGANIZATION & ITS CONTEXT LEGAL | SOCIAL | CULTURAL | DIGITALIZATION | FINANCE | STRUCTURE | ENVIRONMENT | INTERESTED PARTIES COMMITMENT AT ALL LEVELS DETERMINING THE SCOPE COMPLIANCE POLICY ROLES & RESPONSIBILITIES OBLIGATIONS & RISKS SUPPORT COMPETENCE & AWARENESS COMMUNICATION & TRAINING OPERATION CONTROLS & PROCEDURES DOCUMENTATION INTERNAL AUDIT MANAGEMENT REVIEW MONITORING & MEASUREMENT RAISING AWARENESS INVESTIGATION PROCESS MANAGING NONCOMPLIANCE CONTINUAL IMPROVEMENT CHECK DO PLAN ACT LEADERSHIP GOVERNANCE CULTURE LEADERSHIP GOVERNANCE CULTURE
  • 18. © Operational Excellence Consulting. All rights reserved. 18 The ISO 19011:2018 standard contains guidance on managing an audit program, the principles of auditing, and the evaluation of individuals responsible for managing the audit programs ISO 19011:2018 – Principles of Auditing Source: Based on International Organization for Standardization
  • 19. © Operational Excellence Consulting. All rights reserved. 19 Balanced Scorecard: Enhancing Corporate Governance with Strategic Alignment and Performance Management FINANCIAL BUSINESS PROCESSES Vision and Strategy To succeed financially, how should we appear to our shareholders? LEARNING & GROWTH CUSTOMERS To achieve our vision, how will we sustain our ability to change and improve? To achieve our vision, how should we appear to our customers? To satisfy our shareholders and customers, what business processes must we excel at? Source: Kaplan & Norton Balanced Scorecard
  • 20. © Operational Excellence Consulting. All rights reserved. 20 Operational Excellence Consulting is a management training and consulting firm that assists organizations in improving business performance and effectiveness. Based in Singapore, the firm’s mission is to create business value for organizations through innovative design and operational excellence management training and consulting solutions. For more information, please visit www.oeconsulting.com.sg