thomson reuters n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
THOMSON REUTERS PowerPoint Presentation
Download Presentation
THOMSON REUTERS

Loading in 2 Seconds...

play fullscreen
1 / 20

THOMSON REUTERS - PowerPoint PPT Presentation


  • 135 Views
  • Uploaded on

THOMSON REUTERS. Implementation Case Study—Embracing a Common, Integrated Approach to Audit, Risk and Compliance. AGENDA. Introductions Governance, Risk, and Compliance – Defined Computershare Case Study Business case to pursue integrated GRC Defining the org structure

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'THOMSON REUTERS' - clara


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
thomson reuters

THOMSON REUTERS

Implementation Case Study—Embracing a Common, Integrated Approach to Audit, Risk and Compliance

agenda
AGENDA
  • Introductions
  • Governance, Risk, and Compliance – Defined
  • Computershare Case Study
    • Business case to pursue integrated GRC
    • Defining the org structure
    • Common language of risk and control
    • Methodology
    • Lessons learned
thomson reuters overview

Tax &

Accounting

Healthcare and Science

Legal

12,900 Employees

$3.5B in Revenue

4,500 Employees

$1.1B in Revenue

4,000 Employees

$0.9B in Revenue

  • Westlaw relied upon by 98% of the world’s major law firms
  • Checkpoint used by 100% of the top 100 US accounting firms
  • Scientific: used by over 20 million researchers
  • Healthcare: informing decisions affecting over 150M lives
THOMSON REUTERS OVERVIEW
  • We are the world’s leading source of workflow solutions for businesses and professionals, with 2008 revenues of $13.4 billion
  • Through two divisions we serve high-end professional and business customers:

Markets Division

Professional Division

26,500 Employees

$7.9B in Revenue

  • Provides financial applications for over half a million professionals globally
current state siloed assurance functions
CURRENT STATE:SILOED ASSURANCE FUNCTIONS

Major assurance functions currently operate in isolated silos

Challenges

Operational Risk

EnterpriseRisk

Financial Controls

IT Governance

Internal Audit

Compliance

  • Redundant systems and processes
  • Poor visibility and reporting
  • Lack of a common language for risk and control
  • No common methodology
a pragmatic view of grc
A PRAGMATIC VIEW OF GRC

What GRC is Not

  • A discrete process, technology, or profession
  • Organizational department
  • A single technology solution
  • ERM
  • The solution to all audit, risk and compliance problems

What GRC Is

  • A common discipline to be embraced across silos
  • Collaboration between departments
  • Purpose built solutions sharing a common framework
  • Context for ERM
  • Pursuit for improving audit, risk and compliance processes
the five points of grc collaboration
THE FIVE POINTS OF GRC COLLABORATION

Shared context: Organization and process structure

Common language of risk and control

Common methodology

Enterprise-wide reporting

GRC convergence technology

1 shared context and organizational structure
1. SHARED CONTEXT AND ORGANIZATIONAL STRUCTURE
  • Organizational Structure
  • Business unit
  • Legal entity
  • Geographic area
  • Country
  • Product line
  • Service line
  • IT assets
  • Process Hierarchy
  • Mega process
  • Major Process
  • Process
  • Sub-process
  • The context must reflect the organization and how value is added – not what is being audited:
    • The organization and its key components, relationships and capabilities
    • The business processes reflecting how value is added
  • All context information is shared. Everyone knows what everyone knows.
2 common language of risk and control
2. COMMON LANGUAGE OF RISK AND CONTROL

Charles Darwin

… during the 1700’s, European naturalists began collecting thousands of specimens of newly discovered species during voyages to Africa, Asia and America. This influx of new species led to the systemization of naming conventions and methodologies for reporting findings. Without standard naming conventions or scientific methodologies, scientists from different disciplines would have no way of sharing discoveries and compiling knowledge.

… during the early 20th century, assurance specialists identified thousands of (SOX and other) risks, controls, issues and action plans …

3 common methodology
3. COMMON METHODOLOGY

Common methodology exists when silos share each others work and build on it

  • Defining, rating and reviewing the risk and control framework of an organization is consistent not only within a particular assessment group but also across groups.
  • Assurance groups are not duplicating
  • Process owners are not inappropriately burdened by multiple or even conflicting directives from the various assurance groups or their senior management.
enterprise wide reporting
10ENTERPRISE WIDE REPORTING
  • Compare trends across the organization over time
  • Compare business units at a point in time
  • Compare one company to another
  • Improve ERM scores by rating agencies – lower costs
  • Fewer crises, more stability, higher multiples
computershare case study our background
COMPUTERSHARE CASE STUDYOUR BACKGROUND
  • Computershare is the leading financial market services and technology provider for the global securities industry.
  • We provide services and solutions to listed companies, investors, employees, exchanges and other financial institutions.
  • Computershare services include:
    • Transfer agency
    • Employee share
    • plans
    • Document
    • management
    • Market intelligence
    • Cross border listing
    • Depository interests
    • Financial markets
    • software
computershare case study our grc functions
COMPUTERSHARE CASE STUDY OUR GRC FUNCTIONS

Computershare currently employs the following:

  • ORM Profile
    • For the business management of the risk function in our organization
  • Audit Profile
    • For Internal Audit to evaluate the control activities in our organization
  • IT Governance Profile
    • To bridge the gap between IT and the business through Risk Assessment and Internal Audit
  • Compliance Profile
    • To leverage the Compliance function across all levels and areas of our organization
computershare case study our goals
COMPUTERSHARE CASE STUDY OUR GOALS
  • Align external rules and regulations with our internal business process models
  • Measure the impact of external requirements on our day to day business processes
    • Identifying Compliance risks presented
    • Assessing internal controls in place to mitigate those risks
  • Report on Compliance in conjunction with Business, Risk and Audit functions
computershare case study our goals1

Opera-tional Risk

EnterpriseRisk

Financial Controls

IT Governance

Internal Audit

Compliance

COMPUTERSHARE CASE STUDY OUR GOALS
  • Effectively blend the Compliance function with the various business functions across the organization to create efficiencies by:
    • Knocking down the walls between departments and minimizing cross functional boundaries to reveal that governance-related functions touch all business areas
    • Encouraging business managers to realize a collective responsibility for Compliance requirements
computershare case study our challenges
COMPUTERSHARE CASE STUDY OUR CHALLENGES…
  • The Compliance function tends not to be centralized, presenting difficulties when implementing across all business areas.
  • Creating short term and long term efficiencies through the integration of the Compliance function
    • Ensuring the cohesion of the Governance, Risk and Compliance functions!
computershare case study our challenges1
COMPUTERSHARE CASE STUDY OUR CHALLENGES…
  • The implementation of the Compliance module does not change ownership or accountability of relevant rules and regulations.
  • Communicating the applicability of Compliance requirements across the organization.
    • Everyone owns a piece!
computershare case study and our potential successes
COMPUTERSHARE CASE STUDY …AND OUR POTENTIAL SUCCESSES
  • The alignment of Compliance requirements to our business processes provides focus on the tangibility of our governance-related functions.
  • The central repository for all external rules and regulations promotes the collaboration of all assurance groups across the globe.
computershare case study and our potential successes1
COMPUTERSHARE CASE STUDY …AND OUR POTENTIAL SUCCESSES
  • The addition of the Compliance profile allows us to leverage the system to create a standard language and common methodology across all regions and business functions.
  • The reporting tools used in the ORM and Audit profiles can be further utilized in the Compliance profile for enterprise-wide reporting.
question and answer
QUESTION AND ANSWER

If you have any questions, please feel free to contact:

Mike Rost

Paisley

+1 763.450.4706

mike.rost@thomsonreuterscom

Susan Panzer

Computershare

+1 781.575.2505

susan.panzer@computershare.com