Documente Academic
Documente Profesional
Documente Cultură
!@#
Context
Retrospective views of the Post global financial crisis, have Operational Challenges
global financial crisis risk, control and assurance
functions taken their eyes off the
ball?
Governance Capital |Growth | ROE
Unauthorised Trader
Risk Appetite Cost + Control
Financial Crime / Anti-money
Risk Management Laundering
Regulatory Reform
Miss-selling and Conduct Issues
Incentivisation
Customer
Major corporate events / incidents
Culture Technology
Market drivers
Regulatory and stakeholder Inefficient, silod processes of Cost pressure on Financial
pressure for enhanced governance, organically grown assurance Institutions in an environment of
risk management and internal functions of 2nd and 3rd Line of rising regulatory capital and
control frameworks. defense reducing ROE
Increased demand to demonstrate to Integrate different assurance Better risk management at lower
the different regulators how external functions, close gaps, eliminate costs.
requirements are embedded into the overlaps and anchor risk and control
organisation (e.g. Use Test). management in the business.
assurance from origination to
disclosure
Stakeholder
Expectations
Corporate
Governance
Regulators
(incl BCBS)
Political
(G20/FSB)
Professional
Bodies (IIA)
Capital
Markets
Capital &
Client Banking Multiple and inconsistent
Strategic Liquidity Product Support
advisory & transactional assessments represent
Management mgmt & development processes
sales processes burden for business and
planning COO functions
BoardBoard
of Directors Alignment of
committees across the
Board
Audit Committee Risk Committee Compensation Committee board as well as
integrated and
consistent reporting
Rep
Integrated reporting
Integrated
Efficient Risk & Control
scoping Mgmt framework in 2nd
and 3rd line of defense
Internal control system C
(ICS)
Integrated
assessments
Integrated assessment
& consistent
Capital &
Client Banking assessment as well as
Strategic Liquidity Product Support clear Risk & Control
advisory & transactional
management mgmt & development processes ownership in 1st line of
sales processes
planning defense (business)
Risk management
Alignment of roles and responsibilities across risk assurance functions in 2nd and 3rd line of
defense to close gaps and eliminate overlaps
Harmonization of risk and control management frameworks one single framework including company
wide risk catalogue (risk universe) and risk taxonomy, uniform rating scales and integrated reporting and
issue tracking formats
Organisation wide, consistent understanding of risk & control expectations
Internal controls
Increase ownership of risk and control management in the business (first line of defense)
Reduction of granularity by focusing on the most significant risks and key controls
Reduction of total costs in risk and control operations (e.g. by eliminating overlaps)
Strong sponsorship across the BoD and Multidisciplinary project team with
! !
Executive Management based on a clear significant experience in risk management,
business case and alignment with strategy compliance, financial reporting, IT and
other related disciplines
Ernst & Young has developed a Smart Control approach that helps companies realize reductions in the cost of
controls, enable growth and keep the business safe
Transforming the control leverage model reduces the cost of execution, rebalances the mix of control types and
increases the overall value of control activities
Control transformation
Leverage existing management activities
Smart Control
Automated controls
Configured in ERP system
IT-dependent (exception and edit reports) Balanced
control mix
Require little to no human intervention
Transactional controls
Controls operating at regional or specific locations
Require significant human intervention or operations Value of the
Operates at the transaction-level activity for the
business adding
or protecting
Ernst & Youngs Smart Control approach is a well-defined work plan that leverages normative process and control models and data
analysis to help clients build a business case and implement a plan for controls transformation.
2 Create
zero-based
controls
1 Understand the
opportunity
framework
4 Embed low-cost,
effective
sustainable
3 Leverage
existing or
invest in new
operating model
technology
enablers
Create clarity, alignment and Create a business case and Create a functional operating model
commitment in the business execution plan Execute new control capabilities
Understand the current state of the Design a zero-based controls applying a cost-effective
control environment including the framework aligned to process operating model
proficiency of risk management objectives Document revised control model
functions Evaluate technology enablers and Execute, monitor and remediate new
Understand control cost drivers and integrate into existing technology controls
compare to benchmarks infrastructure Measure return on investment
Align business case to overall
enterprise strategy
Zero-based controls framework a single, global, streamlined set of controls aligned to risks that matter, leveraging
technology and implementing continuous monitoring capabilities
Arethe responsibilities and expectations for control and assurance clearly articulated in
Board level, frameworks, policies, mandates?
Is the portfolio of controls responsive to the risk being taken and assumed?
Rating
1 Strongly disagree
5 Strongly agree
Attributes of your control environment 1 2 3 4 5
Controls spend
Board and management are structured to provide effective oversight and management of risk
Communication to stakeholders is consistent and effective
The assignment of responsibilities for risk and control activities is timely and consistent
Elements assessed below 3 (agree) may be indicative of an opportunity for improvement to confirm your control environment is well designed, understood and
operating effectively. Leading control environments affirm agreement to strong agreement with each of the elements presented in this questionnaire.
Rating
1 Strongly disagree
5 Strongly agree
Attributes of your control environment 1 2 3 4 5
Process execution
Internal controls make process execution more effective
Metrics and reporting are used to monitor process effectiveness
Elements assessed below 3 (agree) may be indicative of an opportunity for improvement to confirm your control environment is well designed, understood and operating effectively.
Leading control environments affirm agreement to strong agreement with each of the elements presented in this questionnaire.