Más contenido relacionado Similar a Corporate Governance Frameworks (20) Más de Operational Excellence Consulting (20) Corporate Governance Frameworks1. © Operational Excellence Consulting. All rights reserved.
This presentation is a collection of PowerPoint diagrams and
templates used to convey 20 different governance, risks and
compliance frameworks and models.
Corporate Governance
Frameworks
Diagrams and Templates of Governance, Risks &
Compliance Frameworks & Models
2. © Operational Excellence Consulting. All rights reserved. 2
Contents
1. OECD Principles of Corporate Governance
2. International Corporate Governance Network (ICGN) Global Governance Principles
3. Corporate Governance Principles for Banks (Basel Committee on Banking Supervision)
4. International Finance Corporation (IFC) Corporate Governance Methodology
5. COSO 2013 Framework: Internal Control – Integrated Framework
6. Sarbanes-Oxley Act (SOX)
7. UK Corporate Governance Code
8. COBIT 2019
9. NIST Cybersecurity Framework V1.1
10. Payment Card Industry Data Security Standard (PCI DSS) V4.0
11. IT Infrastructure Library (ITIL 4)
12. Factor Analysis of Information Risk (FAIR) Model (V3.0)
13. ISO 31000:2018 Risk Management
14. ISO/IEC 38500:2015 Governance of IT for the organization
15. ISO/IEC 27001:2022 Information Security Management System
16. ISO 22301:2019 Business Continuity Management Systems (BCMS)
17. ISO 37001:2016 Anti-Bribery Management Systems
18. ISO 37301:2021 Compliance Management Systems
19. ISO 19011:2018 Auditing Management Systems
20. Balanced Scorecard
NOTE: This is a PARTIAL PREVIEW.
To download the complete presentation, please
visit: https://www.oeconsulting.com.sg
3. © Operational Excellence Consulting. All rights reserved. 3
The Six Principles of Corporate Governance were developed by OECD to help
OECD and Non-OECD governments in their efforts to create legal and regulatory
frameworks for corporate governance in their countries
The six OECD Principles are:
1. Ensuring the basis of an effective corporate governance framework
2. The rights of shareholders and key ownership functions
3. The equitable treatment of shareholders
4. The role of stakeholders in corporate governance
5. Disclosure and transparency
6. The responsibilities of the board
Source: OECD
The Six OECD Principles of Corporate Governance
4. © Operational Excellence Consulting. All rights reserved. 4
The ICGN is a leading authority on corporate governance, and its principles serve as
guidelines for companies, investors, and other stakeholders to foster sound
corporate governance practices
Source: ICGN
The ICGN Global Governance Principles
Leadership and independence
2
Composition and appointment
3
Corporate culture
4
Remuneration
5
Board role responsibilities
1
Corporate reporting
7
Internal and external audit
8
Shareholder rights
9
Shareholder meetings
10
Risk oversight
6
5. © Operational Excellence Consulting. All rights reserved. 5
The 13 principles developed by the Basel Committee on Banking Supervision
(BCBS) provide a framework within which banks and supervisors should operate to
achieve robust and transparent risk management and decision-making
Source: BCBS, 2015
The Basel Framework – The 13 Principles
The 13 Principles Description
Principle 1 Emphasizes the board’s overall responsibility for the bank.
Principle 2 Specifies requirements for board qualifications and composition.
Principle 3 Describes the appropriate board structure and practices.
Principle 4 Sets guidance regarding banks’ senior management.
Principle 5 Covers the governance of group structures.
Principle 6 Sets guidance for the risk management function.
Principle 7 Covers risk identification, monitoring and controlling.
Principle 8 Sets guidance for risk communication.
Principle 9 Covers the compliance function.
Principle 10 Sets guidance for internal audit.
Principle 11 Explains how a bank’s compensation structure should support sound corporate
governance.
Principle 12 Covers disclosure and transparency of a bank’s governance to its shareholders,
depositors, other stakeholders and market participants.
Principle 13 Describes the role of supervisors in fostering sound corporate governance.
6. © Operational Excellence Consulting. All rights reserved. 6
The COSO Internal Control – Integrated Framework is a widely adopted framework
for designing, implementing and evaluating internal control for organizations
COSO 2013 Framework: Internal Control – Integrated Framework
Source: COSO 2013 Framework, Internal Control – Integrated framework
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring Activities
7. © Operational Excellence Consulting. All rights reserved. 7
Sarbanes-Oxley Act (SOX): Empowering C-Level Executives for Trustworthy
Financials and Sustainable Growth
Sarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX)
Purpose
§ Enacted in 2002 to restore investor confidence after accounting scandals like Enron and WorldCom
§ Regulates financial reporting and corporate governance to enhance transparency and accountability
Key Provisions
§ Section 302: CEO and CFO certify accuracy of financial statements and disclosures
§ Section 404: Management assesses and reports on internal controls' effectiveness
§ Section 802: Criminalizes altering, destroying, or falsifying records, with penalties up to 20 years in
prison
Impact
§ Improved financial reporting accuracy and reliability
§ Enhanced board independence and oversight
§ Increased disclosure and transparency for stakeholders
Source: Adapted from SOX
8. © Operational Excellence Consulting. All rights reserved. 8
UK Corporate Governance Code outlines best practices for board leadership,
remuneration, accountability, and stakeholder engagement
UK Corporate Governance Code
UK Corporate Governance Code
Purpose
§ Sets standards for corporate governance and promotes transparency, accountability, and investor
confidence
§ Developed by the Financial Reporting Council (FRC) to guide UK-listed companies
Key Principles
Board Leadership and Effectiveness:
§ Emphasizes separation of CEO and Chair roles
§ Encourages diverse board composition and regular performance evaluations
Remuneration:
§ Links executive pay to company performance and long-term success
§ Requires transparent reporting on remuneration policies and outcomes
Accountability and Audit:
§ Focuses on board responsibility for risk oversight and internal controls
§ Mandates regular engagement with auditors to ensure audit quality
Source: Adapted from UK Corporate Governance Code
9. © Operational Excellence Consulting. All rights reserved. 9
COBIT is a leading framework for the governance and management of enterprise IT
and is based on six principles of enterprise IT governance
Source: Based on ISACA
1. Provide
Stakeholder
Value
4. Governance
Distinct From
Management
2. Holistic
Approach
5. Tailored to
Enterprise
Needs
3. Dynamic
Governance
System
6. End-to-End
Governance
System
COBIT 2019 Governance System Principles
10. © Operational Excellence Consulting. All rights reserved. 10
The NIST Cybersecurity Framework (V1.1) is a voluntary framework that consists of
standards, guidelines and best practices to manage cybersecurity risk
Source: Based on NIST
NIST Cybersecurity Framework (V1.1)
NIST
CYBERSECURITY
FRAMEWORK
11. © Operational Excellence Consulting. All rights reserved. 11
The PCI Data Security Standards cover technical and operational system
components included in or connected to cardholder data
PCI DSS V4.0 – The 12 Requirements
Goals PCS DSS Requirements
Build and Maintain a Secure
Network and Systems
1. Install and maintain network security controls
2. Apply secure configurations to all system components
Protect Account Data
3. Protect stored account data
4. Protect cardholder data with strong cryptography during transmission
over open, public networks
Maintain a Vulnerability
Management Program
5. Protect all systems and networks from malicious software
6. Develop and maintain secure systems and software
Implement Strong Access Control
Measures
7. Restrict access to system components and cardholder data by
business need to know
8. Identify users and authenticate access to system components
9. Restrict physical access to cardholder data
Regularly Monitor and Test
Networks
10. Log and monitor all access to system components and
cardholder data
11. Test security of systems and networks regularly
Maintain an Information Security
Policy
12. Support information security with organizational policies and
programs
Source: PCI Security Standards Council (PCI SSC)
12. © Operational Excellence Consulting. All rights reserved. 12
ITIL 4 has defined Four Dimensions of Service Management that are critical to the
effective and efficient delivery of value to customers and other stakeholders in the
form of products and services
Factors
Every dimension is affected
by multiple factors
Economical
factors
Political
factors
Environmental
factors
Social
factors
Legal
factors
Technological
factors
2
Information &
technology
1
Organizations
& people
Partners
& suppliers
3
Value streams
& processes
4
Products &
services
Value
Source: Based on AXELOS. Copyright AXELOS.
The Four Dimensions of Service Management
13. © Operational Excellence Consulting. All rights reserved. 13
Factor Analysis of Information Risk (FAIR) is the only international standard
quantitative model for information security and operational risk
The FAIR Model
Source: Based on the FAIR Institute
RISK
Loss Event
Frequency
Loss Magnitude
Threat Event
Frequency
Vulnerability Primary Loss Secondary Loss
Contact
Frequency
Probability
of Action
Threat
Capability
Resistance
Strength
Secondary
Loss
Event
Frequency
Secondary
Loss
Magnitude
Random
Regular
Intentional
Value
Level of
Effort
Risk
Skills
§ Knowledge
§ Experience
Resources
§ Time
§ Materials
14. © Operational Excellence Consulting. All rights reserved. 14
ISO 31000:2018 is a generic risk management standard which can be used by both
public and private organizations and by groups, associations and enterprises of all
kinds
Source: International Organization for Standardization
Risk
Evaluation
Risk
Analysis
Risk
Identification
Risk Assessment
Risk Treatment
Scope, Context, Criteria
COMMUNICATION
&
CONSULTATION
MONITORING
&
REVIEW
RECORDING & REPORTING
ISO 31000:2018 Risk Management Process
15. © Operational Excellence Consulting. All rights reserved. 15
ISO/IEC 27001:2022 is a global standard on Information Security Management
Systems (ISMS)
Source: Based on ISO
ISO/IEC 27001:2022 Key Clause Structure (4-10)
PLAN DO CHECK ACT
4. Context of the
organization
5. Leadership 6. Planning 7. Support 8. Operation 9. Performance
evaluation
10. Improvement
4.1 Understanding the
organization and its
context
5.1 Leadership and
commitment
6.1 Actions to address
risks and opportunities
7.1 Resources 8.1 Operational planning
and control
9.1 Monitoring,
measurement, analysis
and evaluation
10.1 Nonconformity and
corrective action
4.2 Understanding the
needs and expectations
of interested parties
5.2 Policy 6.2 Information security
objectives and planning
to achieve them
7.2 Competence 8.2 Information security
risk assessment
9.2 Internal audit 10.2 Continual
improvement
4.3 Determining the
scope of the ISMS
5.3 Organizational roles,
responsibilities and
authorities
7.3 Awareness 8.3 Information security
risk treatment
9.3 Management review
4.4 Information Security
Management System
7.4 Communication
7.5 Documented
information
16. © Operational Excellence Consulting. All rights reserved. 16
The ISO 37001:2016 Anti-Bribery Management Systems Key Clause Structure (4-10)
PLAN DO CHECK ACT
4. Context of the
organization
5. Leadership 6. Planning 7. Support 8. Operation 9. Performance
evaluation
10. Improvement
4.1 Understanding the
organization and its context
5.1 Leadership and
commitment
6.1 Actions to address risks
and opportunities
7.1 Resources 8.1 Operational planning
and control
9.1 Monitoring,
measurement, analysis and
evaluation
10.1 Nonconformity and
corrective action
4.2 Understanding the
needs and expectations of
stakeholders
5.2 Anti-bribery policy 6.2 Anti-bribery objectives
and planning to achieve
them
7.2 Competence 8.2 due diligence 9.2 Internal audit 10.2 Continual
improvement
4.3 Determining the scope
of the anti-bribery
management system
5.3 Organizational roles,
responsibilities and
authorities
7.3 Awareness and training 8.3 Financial controls 9.3 Management review
4.4 Anti-bribery
management system
7.4 Communication 8.4 Non-financial controls 9.4 Review by anti-bribery
compliance function
4.5 Bribery risk
management
7.5 Documented
information
8.5 Implementation of anti-
bribery controls by
controlled orgns & by
business associates
8.6 Anti-bribery
commitments
8.7 Gifts, hospitality,
donations and similar
benefits
8.8 Managing inadequacy
of anti-bribery controls
8.9 Raising concerns
8.10 Investigating & dealing
with bribery
ISO 37001:2016 – Key Clause Structure (4-10)
Source: Based on International Organization for Standardization
17. © Operational Excellence Consulting. All rights reserved. 17
ISO 37301:2021 specifies requirements and guidance for establishing and maintaining
compliance management systems with a focus on ethical behavior and risk-based approaches
ISO 37301:2021 – Elements of a Compliance Management System
Source: Based on International Organization for Standardization
PRINCIPLES
INTEGRITY | GOOD GOVERNANCE | PROPORTIONALITY | TRANSPARENCY | ACCOUNTABILITY |
SUSTAINABILITY
OBJECTIVES
INTEGRITY | CULTURE | CONFORMITY | REPUTATION | VALUE | ETHICS
ORGANIZATION & ITS CONTEXT
LEGAL | SOCIAL | CULTURAL | DIGITALIZATION | FINANCE | STRUCTURE | ENVIRONMENT |
INTERESTED PARTIES
COMMITMENT AT ALL
LEVELS
DETERMINING THE SCOPE
COMPLIANCE POLICY
ROLES & RESPONSIBILITIES
OBLIGATIONS & RISKS
SUPPORT
COMPETENCE & AWARENESS
COMMUNICATION & TRAINING
OPERATION
CONTROLS & PROCEDURES
DOCUMENTATION
INTERNAL AUDIT
MANAGEMENT REVIEW
MONITORING & MEASUREMENT
RAISING AWARENESS
INVESTIGATION PROCESS
MANAGING NONCOMPLIANCE
CONTINUAL IMPROVEMENT
CHECK DO
PLAN
ACT
LEADERSHIP
GOVERNANCE
CULTURE
LEADERSHIP
GOVERNANCE
CULTURE
18. © Operational Excellence Consulting. All rights reserved. 18
The ISO 19011:2018 standard contains guidance on managing an audit program, the
principles of auditing, and the evaluation of individuals responsible for managing
the audit programs
ISO 19011:2018 – Principles of Auditing
Source: Based on International Organization for Standardization
19. © Operational Excellence Consulting. All rights reserved. 19
Balanced Scorecard: Enhancing Corporate Governance with Strategic Alignment
and Performance Management
FINANCIAL
BUSINESS PROCESSES
Vision
and
Strategy
To succeed financially, how
should we appear to our
shareholders?
LEARNING & GROWTH
CUSTOMERS
To achieve our vision, how will
we sustain our ability to change
and improve?
To achieve our vision, how
should we appear to our
customers?
To satisfy our shareholders and
customers, what business
processes must we excel at?
Source: Kaplan & Norton
Balanced Scorecard
20. © Operational Excellence Consulting. All rights reserved. 20
Operational Excellence Consulting is a management training and consulting
firm that assists organizations in improving business performance and
effectiveness. Based in Singapore, the firm’s mission is to create business
value for organizations through innovative design and operational
excellence management training and consulting solutions. For more
information, please visit www.oeconsulting.com.sg