Learn how to design, implement. operate and certify a compliance program under the new ISO 37301. Join the IE Law School professors, Alvaro Arjona l Ph.D, Jesica Hita Ruiz, Fabio G. Pérez-Bryan and me, to get a toolbox with facilitators, guidance, reference policies, checklist and other practical references.
8 modules - 12 hours - Sept 27th and 28th - Online
- Requirements, terms scope, elements and certification and consultancy market
- Practical impact. main changes, benchmark, and introduced components
- Adequacy for criminal law compliance in Spain (UNE 19601) and in LatAm
- Processes from risk analysis to reporting and evaluation
- Implementation of requirements
- Recommendations and facilitators for implementation.
- Roadmap with evidence to certify
- Documentation review program for implementation assurance
- Methodology for testing compliance controls and documentation reviews
Thanks to Sibel Abdulovska, Paula Abascal Gutierrez-Colomer and Maria Serrano for the flawless coordination of the course.
Lean more: https://lnkd.in/gezyzmgn
#ISO37301 #CCO #compliance #audit #certification #ISO37002
Get an overview of what compliance management means, the common categories of compliance in businesses as well as how software solutions can support your Organisational and Regulatory compliance journey.
To know more, visit corporater.com/compliance
Get an overview of what compliance management means, the common categories of compliance in businesses as well as how software solutions can support your Organisational and Regulatory compliance journey.
To know more, visit corporater.com/compliance
Global Manager Group has prepared presentation to provide information regarding ISO 37001 documentation requirements for Anti-Bribery Management System Certification. It described all primary documents like manual, procedures, policy, audit checklist, etc in details.
For further information about ISO 37001:2016 documentation requirements visit @ https://www.globalmanagergroup.com/
ISO 37001:2016 is used for Anti-Bribery Management System. This publication is about readymade documentation kit which can be used as completed tool for documentation process and it defines requirements of various documents during ISO 37001:2016 Certification.
For more details visit our website: https://www.globalmanagergroup.com/
Firstly, it will be clarify some of the misunderstandings of some of the fundamental audit concepts and principals that are implemented during the audit or planning of the audit program, focusing on audit guidelines, auditor principles, audit process principles and types of audits. Furthermore, gaining understanding of the management and preparation of an ISO 9001 audit through audit program pillars, good audit practices and prepared work documents and checklists. Outline how to conduct and close an ISO 9001 audit in a professional manner with the precise audit review.
Main points covered:
• Fundamental audit concepts and principles
• Managing an ISO 9001 audit program
• Preparation of an ISO 9001 audit
• Conduct of an ISO 9001 audit & Closing the audit
Presenter:
This webinar was presented by Kefah El-Ghobbas, PECB Certified Trainer and Organizational Development expert and operations manager at TURBO CARBO.
Link of the recorded session published on YouTube:https://youtu.be/kK8pAc3QM5E
Over a million organizations in 170 countries have adopted ISO 9001:2015 as their quality management standard. Many more are pursuing this certification. Why? Because ISO 9001 helps your company assure quality, save money and customers expect it. ISO 9001 applies to all types of organizations.
This presentation can be used to brief your employees, new hires and potential auditees so as to create awareness of the ISO 9001:2015 standard. Alternatively, the presentation may be used to supplement your materials for the training of QA professionals and internal auditors.
It covers the what and why of ISO 9001, the QMS clause structure, the audit approach and also offers practical tips on how to handle an audit session. When you are done teaching this material to your employees, they will be much more informed and comfortable with ISO 9001.
LEARNING OBJECTIVES
1. Provide background knowledge on ISO 9001
2. Gain an overview of ISO 9001 structure and the certification process
3. Understand the audit approach
4. Gather useful tips on handling an audit session
CONTENTS
1. Overview of ISO 9001
2. ISO 9001 Structure
3. ISO 9001 Certification Process
4. Audit Approach
5. Handling an Audit Session
To download this complete presentation, please go to: https://www.oeconsulting.com.sg
Global Manager Group has prepared presentation to provide information regarding ISO 37001 documentation requirements for Anti-Bribery Management System Certification. It described all primary documents like manual, procedures, policy, audit checklist, etc in details.
For further information about ISO 37001:2016 documentation requirements visit @ https://www.globalmanagergroup.com/
ISO 37001:2016 is used for Anti-Bribery Management System. This publication is about readymade documentation kit which can be used as completed tool for documentation process and it defines requirements of various documents during ISO 37001:2016 Certification.
For more details visit our website: https://www.globalmanagergroup.com/
Firstly, it will be clarify some of the misunderstandings of some of the fundamental audit concepts and principals that are implemented during the audit or planning of the audit program, focusing on audit guidelines, auditor principles, audit process principles and types of audits. Furthermore, gaining understanding of the management and preparation of an ISO 9001 audit through audit program pillars, good audit practices and prepared work documents and checklists. Outline how to conduct and close an ISO 9001 audit in a professional manner with the precise audit review.
Main points covered:
• Fundamental audit concepts and principles
• Managing an ISO 9001 audit program
• Preparation of an ISO 9001 audit
• Conduct of an ISO 9001 audit & Closing the audit
Presenter:
This webinar was presented by Kefah El-Ghobbas, PECB Certified Trainer and Organizational Development expert and operations manager at TURBO CARBO.
Link of the recorded session published on YouTube:https://youtu.be/kK8pAc3QM5E
Over a million organizations in 170 countries have adopted ISO 9001:2015 as their quality management standard. Many more are pursuing this certification. Why? Because ISO 9001 helps your company assure quality, save money and customers expect it. ISO 9001 applies to all types of organizations.
This presentation can be used to brief your employees, new hires and potential auditees so as to create awareness of the ISO 9001:2015 standard. Alternatively, the presentation may be used to supplement your materials for the training of QA professionals and internal auditors.
It covers the what and why of ISO 9001, the QMS clause structure, the audit approach and also offers practical tips on how to handle an audit session. When you are done teaching this material to your employees, they will be much more informed and comfortable with ISO 9001.
LEARNING OBJECTIVES
1. Provide background knowledge on ISO 9001
2. Gain an overview of ISO 9001 structure and the certification process
3. Understand the audit approach
4. Gather useful tips on handling an audit session
CONTENTS
1. Overview of ISO 9001
2. ISO 9001 Structure
3. ISO 9001 Certification Process
4. Audit Approach
5. Handling an Audit Session
To download this complete presentation, please go to: https://www.oeconsulting.com.sg
Las auditorías de calidad son aquellas en las que se evalúa la eficacia del sistema de gestión de calidad de la organización. Normalmente, se auditan sistemas de gestión de la calidad conformes a la norma UNE-EN-ISO 9001:2008 puesto que esta es la norma mundial que describe los requisitos de un sistema de gestión de la calidad, no obstante, también existen otros estándares propios de sectores particulares (por ejemplo ISO/TS 16949:2009 para el sector de la automoción) o de determinadas actividades (por ejemplo UNE 13816 de calidad en el transporte público de pasajeros).
La norma UNE-EN ISO 19011 proporciona orientación sobre los principios de auditoría, la gestión de programas de auditoría, la realización de auditorías de sistemas de gestión de la calidad y ambiental, así como sobre la competencia de los auditores.
¿Para qué... ?
Las auditorías de calidad ofrecen a las organizaciones confianza sobre la eficacia de su sistema de gestión de la calidad y su capacidad para cumplir los requisitos del cliente. Igualmente, las organizaciones pueden acceder a la obtención de certificados de gestión de la calidad a través de un proceso de auditoría de calidad que lleva a cabo una entidad certificadora.
Al terminar el curso, el participante conocerá los lineamientos para la realización de una auditoría del sistema de gestión de calidad, así como su utilidad en el desarrollo de la organización
Overview of the potential risks and challenges associated with the development and deployment of AI systems, as well as the recommended controls and best practices to mitigate them. The presentation covers the following topics:
Design risks: These are the risks related to the design and specification of the AI system, such as lack of clarity, alignment, or validation of the objectives, assumptions, or constraints of the system. Some of the factors that contribute to these risks are:
Inadequate or ambiguous problem definition
Unrealistic or conflicting expectations or requirements
Insufficient or inappropriate testing or evaluation methods
Lack of transparency or explainability of the system’s logic or behavior
Some of the recommended controls for these risks are:
Define the problem and the scope of the system clearly and explicitly
Involve relevant stakeholders and experts in the design process
Use appropriate methods and metrics to test and evaluate the system’s performance and robustness
Document and communicate the system’s objectives, assumptions, limitations, and uncertainties
Provide mechanisms to explain or justify the system’s outputs or decisions
Data risks: These are the risks related to the data used to train, test, or operate the AI system, such as data quality, availability, security, or privacy issues. Some of the factors that contribute to these risks are:
Incomplete, inaccurate, or outdated data
Biased, unrepresentative, or irrelevant data
Unauthorized access, modification, or disclosure of data
Violation of data protection laws or ethical principles
Some of the recommended controls for these risks are:
Collect, store, and manage data in a secure and compliant manner
Ensure data quality, validity, and reliability through data cleaning, verification, and auditing
Ensure data diversity, representativeness, and relevance through data sampling, augmentation, and analysis
Protect data privacy and confidentiality through data anonymization, encryption, or aggregation
Respect data rights and consent of data subjects and providers
Operation risks: These are the risks related to the operation and maintenance of the AI system, such as system failure, malfunction, or misuse. Some of the factors that contribute to these risks are:
Hardware or software errors or defects
Environmental or contextual changes or uncertainties
Adversarial or malicious attacks or manipulations
Unintended or harmful consequences or impacts
Some of the recommended controls for these risks are:
Monitor and update the system regularly and proactively
Adapt and calibrate the system to changing or uncertain conditions or scenarios
Detect and prevent potential threats or vulnerabilities
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...Hernan Huwyler, MBA CPA
Prof. Hernan Huwyler's slideshare discusses in detail five key actions that organizations can take to reduce compliance costs. These actions are designed to help organizations increase their compliance efficiency, reduce compliance risks, and lower compliance costs.
The first action proposed by Prof. Hernan Huwyler is to designate local managers as compliance representatives in business units. This helps to amplify control while reducing the compliance function's structure. By designating local managers as compliance representatives, organizations can have a more effective compliance structure with fewer resources. Local managers can act as compliance ambassadors and help ensure that the organization's compliance policies and procedures are followed in their business units.
The second action proposed is to quantify compliance risks and price potential claims, compensations, fraud, and revenue losses due to noncompliance. By quantifying compliance risks, organizations can better understand the potential costs of non-compliance and allocate resources accordingly. This can also help organizations prioritize their compliance efforts and ensure that they are focusing on the most significant compliance risks.
The third action is to assign the testing of compliance controls to process owners and outsourcing service providers. This helps to distribute the responsibility for compliance testing and can reduce the workload of the compliance function. By assigning compliance testing to process owners, organizations can ensure that compliance controls are tested regularly, and issues are identified and addressed promptly.
The fourth action proposed is to embed efficient controls in clearly articulated procedures. By embedding controls in procedures, organizations can ensure that compliance requirements are met consistently and effectively. Efficient controls can help organizations streamline compliance processes and reduce compliance costs.
Finally, the fifth action is to add requirements for compliance skills when recruiting legal and financial managers in business units. This helps to ensure that compliance is a consideration when recruiting new managers. By ensuring that managers have the necessary compliance skills, organizations can better integrate compliance into their business operations and reduce the risk of non-compliance.
In addition to these five actions, the slideshare also suggests other recommendations, such as delegating compliance consultations, audits, and due diligence, benchmarking the scope of risk assessments, and implementing policies to simplify wording and articulation of procedures. Additionally, the slideshare recommends coordinating actions with business units to assess, implement, measure, and reward cost reduction initiatives. By following these recommendations, organizations can reduce their compliance costs while maintaining effective compliance programs.
This Slideshare presentation by Professor Hernan Huwyler discusses a model to quantify compliance, legal, and contractual risks. It highlights the importance of understanding the impact of uncertainty on objectives and identifies mandatory and voluntary compliance objectives. The presentation discusses different techniques to quantify risks, such as heatmaps, risk matrices, common malpractice, scores, and escalation matrices, and the problems with these techniques, such as biases, incomplete data, and aggregation issues. The presentation proposes a compliance risk modeling approach, which involves understanding the distribution of events, consequences, impact, causes, and frequency of risks. It suggests using different probability distributions, such as log-normal, Pareto, normal, Poisson, Bernoulli, and triangular, to model risks. The presentation also discusses the chain of events that can lead to different types of losses, including penalties, compensations, fines, sanctions, legal and remediation costs, loss of customers, marketing depreciation, loss of licenses, and stock price. It explains different techniques to model losses, such as graphs, decision trees, Monte Carlo simulations, and calibrated estimates. Finally, the presentation highlights the importance of using different sources of risk data, including internal and external data, paid compensations, fines, and credits, fraud losses, legal fees, and complaints, and industry studies, enforcement trackers, and case analysis. It also provides examples of business cases related to compliance objectives and contractual clauses that set penalties for non-compliance. The presentation concludes with a demo of the proposed model to quantify compliance, legal, and contractual risks.
The summary is about an upcoming Safety Roundtable event on the topic of "Ditch your heat maps" presented by Professor Hernan Huwyler, MBA CPA. The event aims to help attendees transform their approach to safety risk management by moving away from subjective measures such as colours, adjectives, and heat maps, and instead focusing on a data-driven model to quantify and manage operational risks.
The event emphasizes the importance of using data and financial information to inform decision making in order to minimize biases and justify investments. Attendees will gain insights on a quantitative model that will help them measure, visualize, and manage operational risks, as well as tips to reduce risk, enhance insurance and protection, and control investment.
The event is relevant to anyone interested in risk management, insurance, and safety, and aligns with ISO 31000, the international standard for risk management. The event includes a Q&A session at the end, providing attendees with the opportunity to ask questions and share their perspectives.
Overall, the Safety Roundtable event promises to be a valuable opportunity to learn from Professor Hernan Huwyler's insights, network with other professionals interested in risk management, and gain practical knowledge on how to improve safety risk management practices using a data-driven approach.
Obtaining resources, planning actions, and budgeting are essential for any organization's successful compliance management. Compliance management is the practice of ensuring that a company adheres to regulatory requirements and internal policies. This summary will explore key considerations for planning compliance initiatives, evaluating regulatory requirements, stakeholder needs, and developing a timeline of activities. It will also cover how to detect corruption and fraud schemes, control representation expenses, and prevent over-invoicing. Finally, we will discuss fraud impact and controls and how to demonstrate the return on investment in compliance.
To begin with, it is crucial to obtain resources to initiate compliance management. The compliance team should have adequate resources to ensure that the organization is compliant with regulatory requirements. The resources should include trained personnel, financial resources, software, and hardware, among others. After obtaining resources, the next step is planning actions and budgeting. Planning should involve various stakeholders and departmental heads to ensure that all areas of the organization are covered. Planning actions and budgeting should include developing a compliance plan, identifying potential compliance risks, and developing mitigation strategies.
While planning compliance initiatives, it is essential to evaluate the regulatory horizon, stakeholder needs, open items, and new strategies. The regulatory horizon involves understanding the regulatory landscape, identifying new regulations, and monitoring the existing ones. Stakeholder needs involve understanding the needs of all stakeholders, including shareholders, customers, and employees. Open items are compliance issues that are unresolved, and new strategies are measures that an organization intends to take to comply with regulations.
Developing a timeline of activities to address certifications and audit needs is critical. A timeline helps to ensure that an organization is compliant with regulations within the stipulated timeline. The timeline should involve developing a compliance plan, identifying potential compliance risks, and developing mitigation strategies. It should also include training employees on compliance, conducting regular internal audits, and reviewing the compliance plan to ensure that it is up to date.
Demonstrating the return on investment in compliance is essential. A return on investment (ROI) helps to justify the resources that an organization invests in compliance. Demonstrating ROI involves identifying the costs of compliance management, such as personnel, software, and hardware costs. It also involves identifying the benefits of compliance management, such as reducing the risk of regulatory fines and reputation damage.
Compliance risk is the risk of failing to comply with laws, regulations, standards, and guidelines that organizations are subject to. Noncompliance risks can lead to legal, financial, and reputational consequences. Compliance officers play a critical role in identifying, assessing, and managing compliance risks. Compliance risks can also present opportunities for organizations to improve their practices, enhance their reputation, and gain a competitive advantage.
ISO 37301 is a standard that provides guidance on compliance management systems. The standard defines compliance risk as the risk of noncompliance with laws, regulations, and other requirements that an organization is obligated to comply with. Compliance risks can arise from internal and external factors, such as changes in laws and regulations, new business operations, third-party relationships, and cultural differences. ISO 37301 emphasizes the importance of managing compliance risks through a systematic and proactive approach that includes risk assessment, risk treatment, monitoring, and review.
Compliance officers serve as trusted advisors to senior management and provide guidance and support in compliance planning and decision-making. Compliance officers need to have a deep understanding of the organization's operations, risks, and culture to identify and manage compliance risks effectively. Compliance officers should also have strong communication and interpersonal skills to build relationships with stakeholders, including senior management, employees, regulators, and other external parties.
The level of compliance risk varies depending on the nature, complexity, and scale of an organization's operations. Compliance risks can be classified into three levels: low, medium, and high. Low-risk compliance activities are routine and have little impact on the organization's operations or reputation. Medium-risk compliance activities are more complex and involve higher stakes, such as regulatory compliance, data privacy, and anti-corruption. High-risk compliance activities involve significant legal, financial, and reputational consequences, such as anti-money laundering, anti-bribery, and sanctions compliance.
Compliance risks can also present opportunities for organizations to improve their practices, enhance their reputation, and gain a competitive advantage. For example, a company that implements strong data privacy practices can enhance customer trust and loyalty. A company that complies with anti-corruption laws can reduce legal and reputational risks and attract socially responsible investors. Compliance officers should work with senior management to identify and leverage compliance risks as opportunities to create value for the organization.
Compliance risk, noncompliance, ISO 37301, compliance officer, trusted advisor, risk level, opportunities, regulatory risks, obligations, ethical risks, inherent risks, residual risks, risk-taking, tolerance, control level, sustainability
Support Ukraine from compliance 🇺🇦 Join our free special webinar to get practical tips on how to
- adjust due diligence to address new global sanctions, export controls, and trade restrictions
- identify third parties, beneficial owners, shell companies, and assets related to Russia and Belarus
- activate exit plans and force major clauses
- address changes in the expectations of stakeholders to cancel operations, payments, financing, investing, and partnerships
- apply measures to support affected employees and the Ukrainian people
- prepare for possible Russian cyber and commercial attacks
👉 Enroll the webinar for free https://lnkd.in/gJR27Dci
#compliance #export #russianthreat #ukraine #complianceofficer #riskmanagement #sanctions #UkrainiansWillResist #business #investment #corporateresponsibility #businessethics #HR #people #investing #payments #payments #cyber #webinar
Minimising Privacy Risk from A Global DPO Perspective https://www.copenhagencompliance.com/2021/dpoday/agenda.htmlDPO, CISO, Controller or Processor? – (And the Risk Of Mixing Roles)
Minimising the Aggregate Privacy Risk Vs Contract Sharing
Using A Data Processor Modular DPIA And Data Flow
Leveraging Binding Corporate Rules as Data Processor
Prof. Hernan Huwyler, CPA, MBA
Master in Sustainability Leadership Sustainability Risks Prof Hernan HuwylerHernan Huwyler, MBA CPA
Course on sustainability risk management for the Master in Sustainability and Corporate Social Responsibility Leadership at the Universidad Complutense de Madrid. I will provide the students with tips, tools, and models to assess and manage operational, compliance, integrity, governance, solvency, profitability environmental, climate change, and supply chain risks as part of a sustainability and social responsibility program.
Respond to new ALM obligations
Identify the key compliance changes for scope, subjects and operations
Facilitate the design and execution of compliance checks on payment methods and the use of virtual currencies
Evaluate gaps in processes to update controls and procedures
Consider the impact on corporate criminal liability using the new ISOs 37301 and 37002
Register virtual asset service providers
Assess new compliance and operational risks
Identify scenarios of risks and vulnerabilities on new crime typologies
Prevent risks of anonymous transfers and the use of prepaid cards
Manage risks on high value operations and art trade
Integrate risks to know your customer and money laundering
Detect and report suspected operations
Compare control practices regarding new requirements
Update the decision matrices on alerts
Adjust customer due diligence process
Implement the use of the lists of politically exposed persons
Report discrepancies with the public register of effective owners
Implementation of new technologies
Evaluate the prerequisites regarding quality of data and capabilities for compliance solutions
Evaluate solutions to automate and digitize processes related to robotics
Use machine learning applications for reporting suspicious transactions
Recommend practices for implementing analytics solutions on text and data
I am invited to speak at the Iberoamerican Compliance Conference hosted by the Universidad Complutense de Madrid (Argentina + web, Jun 29/Jun 1, Spanish). I will deliver a master class on quantitative vs. qualitative assessments of compliance risks. It will be exciting to meet great compliance colleagues and friends as Zulma Escalante, Eduardo Navarro Villaverde, Javier Puyol Montero, Silvina Bacigalupo, Daiana C., Carlos J. Díaz Navarrete, Félix Pablo Crous, Lic. Graciela Garay, Macarena Retamosa, Miguel Soler Ruiz-Boada, Nieves Cifuentes Valero, Sebastian Daniel Barletta, virginia olivieri and other fellows.
https://lnkd.in/e_qfztj
Register https://lnkd.in/e-iAMgM
#compliance #riskmanagement #ECI2021 #ECIArgentina2021 #UCM
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?Hernan Huwyler, MBA CPA
I am excited to discuss how organizations need to be prepared before implementing machine learning with Jason Maude at the Machine Learning in Financial Services event hosted by Arena International Events Group (June 30, online). We will provide recommendations to develop the conditions to successfully implement artificial intelligence projects. Thanks to Rebecca Mayoh for the event coordination.
Join here https://lnkd.in/ec6qP4A
#machinelearning #compliance
I am writing an article on the most common challenges to comply with the #ISO37301 for the IE Law School. What are the elements of your compliance management system that you plan to improve?
#compliance
I enjoyed presenting on effective controls for software development with Matthew Crabbe and QA Financial. I am pushing the concept of "cyber compliance" to define internal and external requirements for IT assets such as software, data, hardware, services, contracts, and licenses. Cyber compliance is rapidly expanding from licenses, privacy and contracts with IT vendors to outsourcing, software development and business continuity of essential services providers, cloud in particular.
#riskmanagement #compliance #itcontrol #CISO #cybersecurity
My classes on IT risk management. Recommendations do you expect to cover in a course on IT risk management and governance?
#riskmanagement #risk #governance #cybersecurity #security #informationsecurity #ciso #ITgovernance #ITRIsk #cyberrisk
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerHernan Huwyler, MBA CPA
I am honored and humbled to have been given the opportunity to discuss practices to address cyber risks at the 2021 STRONGER conference hosted by CyberSaint Security (Sep 28, online). I will discuss the building blocks to quantify and communicate risks to protect IT assets, processes, and services. Thanks to Ethan Bresnahan for the flawless preparation of the event.
You are welcome to register here https://lnkd.in/eitKYDsX
#cybersecurity #security #datasecurity #infosec #riskmanagement #ciso #stronger2021
It was a pleasure to moderate a workshop to assess cyber security risks hosted by Strategy Insights. We discussed options and practices to quantify confidentiality, integrity, and availability risks with delegates of the big players in the pharma, banking, retailing, and service sectors in the Nordics.
Thanks to Anna Rose Poyntz, Finlay Wilson, and Edgar Baier for the event coordination.
Round tables https://lnkd.in/e_m5eTW5
#cybersecurity #compliance #strategy #banking #ciso #riskmanagement
More than 121 governance specialists joined Copenhagen Compliance, GRC and GDPR Solutions to discuss how boards are addressing innovation and transformation challenges. I provided tips for board members to effectively deal with digital transformation.
Thanks to Kersi Porbunderwala and Olga Maitland for the coordination of the event.
Join the next event on corporate culture https://lnkd.in/eMg4anP3
#digitaltransformation #innovation #transformation #leadership #CorpGov #corporategovernance
Anna Lucia Alfaro Dardón, Harvard MPA/ID. The international successful Case Study of Banco de Desarrollo Rural S.A. in Guatemala - a mixed capital bank with a multicultural and multisectoral governance structure, and one of the largest and most profitable banks in the Central American region.
INCAE Business Review, 2010.
Anna Lucía Alfaro Dardón
Dr. Ivan Alfaro
Dr. Luis Noel Alfaro Gramajo
PREVENCION DELITOS RELACIONADOS COM INT.pptxjohnsegura13
Concientizar y sensibilizar a los funcionarios, sobre la importancia de promover la seguridad en sus operaciones de comercio internacional, mediante la unificación de criterios relacionados con la trazabilidad de sus operaciones.
Entre las novedades introducidas por el Código Aduanero (Ley 22415 y Normas complementarias), quizás la más importante es el articulado referido a la determinación del Valor Imponible de Exportación; es decir la base sobre la que el exportador calcula el pago de los derechos de exportación.
Anna Lucia Alfaro Dardón, Harvard MPA/ID.
Opportunities, constraints and challenges for the development of the small and medium enterprise (SME) sector in Central America, with an analytical study of the SME sector in Nicaragua. - focused on the current supply and demand gap for credit and financial services.
Anna Lucía Alfaro Dardón
Dr. Ivan Alfaro
4. ISO 37301 sobre auditoria
Requerimiento de auditar el sistema de gestión
de cumplimiento
auditorías internas
cronograma de auditorías repetitivas
sobre los atributos de control de la ISO
Balance entre dos objetivos
Diseño efectivo de los controles en políticas
– mitigar riesgos de incumplimiento
– cubrir los requerimientos de la ISO
Cumplimiento efectivo de los controles
5. ISO 37301 sobre auditoria
Programa de auditoria de los sistemas
Alcance funcional, de unidades de
negocios y geográfico
Planeamiento y frecuencia de revisiones
– Riesgos y no conformidades pasadas
Roles y responsabilidades
Métodos de auditoría
Reportes
6. ISO 37301 sobre auditoria
Programa de auditoria
Objetivos > Impacto en el reporte
– Diseño o cumplimiento
– Aseguramiento interno o externo
Criterio
– Requerimientos > leyes, regulaciones
– Políticas > Contratos con 3Ps
Alcance
– Periodo, entidades, operaciones
– Autoevaluación e testeo independiente
7. ISO 37301 sobre auditoria
Objetivos de auditoria
prioridades de la dirección
propósitos comerciales
requerimientos del sistema de gestión
requerimientos contractuales, regulatorios y
legales
necesidad de evaluación al proveedor
requerimientos del cliente
necesidades de otras partes interesadas
riesgos para la organización
8. Hoja de ruta > ISO 19011:2018
Seleccionar el auditor
Compliance officer > impacto en las
otras tareas del programa de
compliance
Auditor interno > coordinación
Auditor de despacho independiente
o certificadora > planear el contrato
e incompatibilidades
1
9. Hoja de ruta > ISO 19011:2018
Hacer un planeamiento inicial
Identificar controles según su riesgo
Revisar resultados de auditorías anteriores
Identificar cambios en ambiente
Entender los requerimientos y operatoria
Armar el equipo con las competencias
necesarias
Dotar presupuesto
2
10. Hoja de ruta > ISO 19011:2018
Presentación a interesados
Reunirse con interesados para validar el
alcance
Presentar al auditor líder como el canal de
comunicación
Compartir y validar el programa de auditoria
Coordinar inicio y final de los trabajos
Determinar reglas de protección de
documentación
Solicitar información
3
11. Hoja de ruta > ISO 19011:2018
Preparación del plan de auditoria
Armado de listas de verificación y
planes de muestreo
Armado de hojas de testeo modelo
Reunión de apertura para comunicar
objetivos, confirmar plan y presentar
equipo
4
12. Hoja de ruta > ISO 19011:2018
Evaluar controles
Entrevistas
Evaluación de documentación
Inspecciones
Seleccionar muestras
Comparar los criterios contra la
evidencia
Comunicar estados y avances
5
13. Hoja de ruta > ISO 19011:2018
Discutir hallazgos
Validar si son no conformidades
Revalidar los hechos
Evaluar la causa raíz
Revisar por pares o supervisor
Evaluar tendencias de
incumplimientos
6
14. Hoja de ruta > ISO 19011:2018
Reportar conclusiones de auditoria
Determinar la factibilidad de hacer una
conclusión (e.g. toda la información)
Revisar la retención de documentación de
testeo
Reunión de cierre
Negociar planes de remediación
Hacer seguimiento de remediaciones
Evaluar la calidad y satisfacción
7
15. ISO 37301 sobre auditoria
Requer
imiento
+
10k
Aprob
A
Aprob
A y B
Doc
B
Requerimientos
Especificaciones, permisos,
prohibiciones, tiempos límites y
documetnación según cada condición
de unsa transacción
Traducidos de “Legales” a reglas
Estructurados en los sistemas
Doc
A
Proceso de negocio
Flujo de datos, controles, tiempos
de proceso y documentación
16. ISO 37301 sobre auditoria
Requer
imiento
+
10k
Aprob
A
Aprob
A y B
Doc
B
Output
Excepciones a las normas
Causas raíz
Priorización y valuación
deincumplimientos
Bases de no conformidades
Planes de remediación
Doc
A
Input
Priorización de atributos
Universo de operaciones
Validación del universo
Selección de muestras
18. Auditoria del sistema
Auditorías internas a intervalos
planificados
para proporcionar información sobre la
implementación y el cumplimiento de
los requisitos propios de la
organización para su sistema de
gestión del compliance
los requisitos de la ISO 37301
19. Auditoría
Proceso sistemático e independiente
para obtener las evidencias y evaluarlas
de manera objetiva
con el fin de determinar el grado en el
que se cumplen los criterios de auditoría
Interna > de primera parte
externa > de segunda o tercera parte
20. Auditoría
Testear
Análisis por compliance de operaciones
de alto riesgo
Monitorear
Supervisión permanente que las
operaciones se analizan cómo
funcionan los elementos del sistema de
compliance, el monitoreo se hace dentro
de la función a través de aprobaciones
21. Criterio de auditoría
conjunto de requisitos usados como
referencia frente a la cual se compara la
evidencia objetiva
Requisitos
legales o reglamentarios
políticas, procedimientos, instrucciones
obligaciones contractuales
22. Evidencia de la auditoría
registros, declaraciones de hechos o
cualquier otra información
que es pertinente para los criterios de
auditoría y que es verificable
La ISO 19011 contiene directrices para la
auditoría de los sistemas de gestión
23. Controles de cumplimiento
Controles eficaces para asegurar que se
cumplen las obligaciones de compliance
y que se previenen, o se detectan y
corrigen, los no cumplimientos de
compliance.
Diseñados para facilitar el cumplimiento
de las obligaciones de compliance
específicas de las actividades
Integrados en los procesos como
procedimientos, sistemas y contratos
24. Controles de cumplimiento
código de conducta, políticas y
procedimientos comunicados
informes de excepciones y
autorizaciones
la segregación de funciones
procesos automatizados
plan anual de compliance
planes de desempeño de empleados
evaluaciones y auditorias de compliance
25. Controles de cumplimiento
Visitas in situ
Entrevistas con la gestión y operaciones
Revisión de respuestas a reclamaciones
Cuestionarios de autoevaluación
Revisiones hechas por colegas (peer reviews)
Revisiones de documentación
Análisis de tendencia
Entrevistas de salida
Problemas y tendencias de la línea de denuncia
26. Fuentes sobre cumplimiento
los registros de control de procesos y
registros de actividad
el personal > canales de denuncias
los clientes > reclamos
las terceras partes > encuestas
los proveedores
los contratistas
los reguladores
27. Programa de auditoría interna
La organización debe planificar,
establecer, implementar y mantener
programas de auditoría que incluyan
la frecuencia, los métodos,
responsabilidades, requisitos de
planificación e informes
considerando la importancia de los
procesos involucrados y los resultados
de las auditorías previas
28. Programa de auditoría interna
Requisitos de cada auditoria
definir los criterios, los objetivos y el
alcance
seleccionar los auditores objetivos e
imparciales
Comunicar los resultados de las
auditorías a los gerentes pertinentes y a
la dirección incluyendo compliance, la
alta dirección y el órgano de gobierno
30. Sistema de supervisión del programa
Implementar líneas de reportes con
indicadores
Construir un sistema de delegación de
autoridad con aprobaciones
Evaluar la capacidad de los gerentes de
entender los requerimientos
Evaluar el coste del monitoreo y la
cantidad de operaciones a seguir
Evaluar tener un programa de
autoevaluación de controles
31. Revisión por la dirección
El órgano de gobierno y la alta dirección
deben
revisar el sistema de gestión del
compliance de la organización a
intervalos planificados,
para asegurarse de su idoneidad,
adecuación y eficacia continuas
32. Revisión por la dirección
el estado de las acciones de las revisiones
previas
los cambios en las cuestiones externas e
internas y en las necesidades de las partes
interesadas
la información sobre el desempeño del
compliance incluyendo no conformidades y acciones
correctivas, el seguimiento y los resultados de las mediciones, y
los resultados de las auditorías
las oportunidades de mejora continua
33. Alcance de revisión por la dirección
la adecuación de la política
de compliance
la independencia de
compliance
cumplimiento de los objetivos
de compliance
la adecuación de los
recursos
la adecuación de la
evaluación de riesgos de
compliance
la eficacia de los controles e
indicadores de desempeño
existentes
la comunicación por parte de
las personas que plantean
inquietudes, partes
interesadas, que incluye
opiniones y quejas, las
investigaciones y la eficacia
del sistema de informes
34. Acción por no conformidades
controlar y corregir
responder a las consecuencias
eliminar las causas para evitar
reincidencias
evaluar situaciones similares
revisar la eficacia de las acciones
correctivas tomadas
hacer cambios necesarios en el sistema de
gestión del compliance