Database Reference
In-Depth Information
The following figure displays the risk assessment and controls verification approach
at InFission:
Survey/
Interview
Management
Establish
Program Office
Select Controls
Framework
Review Prior
Year
Documentation
Rate Current
Year Risks
Verify Controls
Establishing Program Office
InFission Program office is critical for achieving risk management objectives. First
and foremost, the program office has the executive management leadership that
provides the sponsorship, authorization, and ensures the tone at the top . The program
office establishes the controls framework, conducts the risk assessment, manages the
test plan for control verification, assigns the resources, and monitors all activities to
ensure the appropriate oversight necessary for internal and external communication.
The InFission Risk Program Office consists of the steering committee, full time
internal control managers, and part-time field control coordinators. The GRC
Manager and Intelligence applications enable the program office to establish a
well-structured approach to support key functions to manage risk assessment
plans and track control verification activities through workflows, as well as
provide reporting and dashboards to monitor and communicate progress.
InFission Program Office is responsible for regulatory compliance risks such as
misstatement of financial results under the US Sarbanes Oxley Act of 2002 (SOX),
operational risks such as manufacturing defects, financial risks such as duplicate
vendor payments, IT risks such as unauthorized access to ERP systems, and
enterprise risks such as market risks. While this structure requires more resources
and costs dedicated to managing enterprise risks, there are many benefits that justify
such an approach where all management risk assessment, and control verification
activities can be managed more effectively by a single authority, the Compliance
Program Management Office ( CPMO ). In such a structure, the CPMO relies on the
management control self assessment, to keep executive management appraised of
any control deficiencies using a consistent risk management framework.
 
Search WWH ::




Custom Search