1 / 11

Compliance as a Cornerstone

Compliance as a Cornerstone. Overview. inKairos Global provides our clients with a Compliance Framework that enables them to better manage their compliance objectives. Our approach and methodology provides the following advantages:. Improved Continuity of Business (CoB) Improved IT Security

rangle
Download Presentation

Compliance as a Cornerstone

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compliance as a Cornerstone

  2. Overview inKairos Global provides our clients with a Compliance Framework that enables them to better manage their compliance objectives. Our approach and methodology provides the following advantages: • Improved Continuity of Business (CoB) • Improved IT Security • Improved concept communication and implementation • Improved visibility of Business effectiveness • Consistently lower auditing costs • Improved alignment between Business, IT, and Compliance groups • Eliminates grey areas between Business Processes and Technology • Eliminates grey areas between Business Processes and People

  3. Previous Clients With expertise in Business and IT compliance, inKairos has worked on a wide variety of projects across many different industries. Our clients include • One of the world’s largest government retail companies • One of the world’s largest financial institutions • One of the world’s largest technology companies • One of the world’s largest telecom companies • One of the world’s largest security companies • One of Texas’ largest healthcare institutions • Numerous smaller companies across many industries, retail, direct sales, construction, and medical • We recently led compliance initiatives for 13 businesses spread across nine European countries.

  4. Fail Fail Recovery Cycle Succeed Our Specialty We specialize in supporting companies as they evolve: • During rapid success, support organizations enter a Recovery Cycle in an attempt to adapt to Current State changes. • During struggles, support organizations are forced into a Crisis Cycle • Our methodology enables us to anticipate, adapt, improvise, and overcome. The STaRS Model Realignment Turn Around Fail Shut Down/Divestiture Growth Cycle Crisis Cycle Succeed Fail Sustaining Success Start Up Succeed Growth Cycle Succeed

  5. Auditing LandscapeSubjective vs. Objective Auditing • External audits were intended to be truly objective. However, many auditing firms performed subjective audits because they desired “client happiness” more than auditing accuracy. • The resulting corporate scandals forced auditing firms to be more objective, which creates constant change within the auditing landscape. • To navigate this landscape, organizations should • Maintain a State of Readiness to prepare for compliance standards that change annually • Communicate Compliance concepts consistently and accurately • Ensure short-term compliance initiatives are aligned with long-term objectives (tactical vs. strategic) The Appearance of Due Diligence is a tremendous risk for any company – and especially for those who must formally sign compliance documents and other legal papers.

  6. OCEGHolistic Principles Culture Organization/ Personnel Process Technology A strong culture helps to guide corporate conduct when formal structures are weak or absent. Qualified personnel must be responsible for program oversight, strategy, and operation. A program must address several key process areas and topics to ensure they are effective, efficient, and responsive. An underlying system and technology architecture should enable the process. Organizations should seek to leverage existing investments where possible. Culture C1 – Ethical Culture C2 – Risk Culture C3 – Governance Culture C4 – Workforce Culture Organization OI – Leadership/ Champions O2 – Oversight Personnel O3 – Strategic Personnel O4 – Org Personnel Process PI - Process Prevent/ Protect/ Prepare Plan/ Organize Monitor/ Evaluate Respond/ Improve PO1 – Scope and ObjectivesPO2 – Business Model and Context PO3 – Boundary and IdentificationPO4 – Event InformationPO5 – Risk AssessmentPO6 – Program and Strategy PR1 – Controls/ Policies/ ProceduresPR2 – Code of Conduct PR3 – Training and EducationPR4 – Workforce ManagementPR5 – Physical InfrastructurePR6 – Risk Sharing and InsurancePR7 – Preparedness and Practice Ongoing Monitoring MI1 – Control Assurance and Audit MI2 – Hotline and Helpline Reporting Periodic Evaluation E1 – Evaluation Planning & Reporting E2 – Effectiveness Evaluation E3 – Program Performance Evaluation RI1 – Issue ManagementRI2 – Special Investigation RI3 – Crisis ResponseRI4 – Discipline & DisclosureRI5 – Remediation and Improvement Information/ Influence I1 – Information/ Records Mgmt I2 – Communication I3 – Internal Reporting I4 – External Reporting & Filings Technology TI – IT Security T2 – IT CoB T3 – IT Governance Compliance Focal Areas C1 – Enterprise Information Mgmt C2 – Application C3 – Telecom C4 – Infrastructure

  7. COSOThe “Why?” • Monitoring – assessment of control system over time • Information & Communication – access and approval flow of information • Control Activities – policies/procedures that ensure directives are carried out • Risk Assessment – identification and analysis of risks to achieving objectives • Control Environment – sets the tone, influencing control consciousness – business rules of engagement COSO stands for the Committee of Sponsoring Organizations of the Treadway Commission.

  8. CoBITThe “What?” Business Objectives IT Governance COBIT IT Control Procedures & Processes Defined Within The 4 Domains P01 Define a strategic IT Plan P02 Define the information architecture P03 Determine the technological direction P04 Define the IT organization and relationships P05 Manage the IT investment P06 Communicate management aims and directions P07 Manage human resources P08 Ensure compliance with external resources P09 Assess risk P010 Manage projects P011 Manage quality COBIT M1 Monitor the Process M2 Assess Internal Control Adequacy M3 Obtain Independent assurance M4 Provide for Independent Audit Information Effectiveness Efficiency Confidentiality Integrity Availability Reliability Compliance Monitoring Planning & Organization IT Resources DS1 Define and manage service levels DS2 Manage 3rd party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and allocate costs DS7 Educate and train users DS8 Assist and Advise Customers DS9 Manage the configuration DS10 Manage problems and incidents DS11 Manage data DS12 Manage facilities DS13 Manage operations People Application systems Technology Facilities Data Delivery & Support Acquisition & Implementation AI1 Assess automated solutions AI2 Acquire and maintain application software AI3 Acquire and maintain technology infrastructure AI4 Develop and maintain procedures AI5 Install and accredit systems AI6 Manage changes

  9. Enterprise Compliance StrategyFrom Strategic Objective to Tactical Initiative

  10. Our Competitive AdvantageDeliverable-based Consulting The deliverable-based consulting concept means you pay only for what you need, when you need it. This concept is not new, but is unique among professional services firms. Time Cost Scope • The deliverable-based pricing concept is frequently used for landscaping projects, home repair, automotive work, and other common services. • Deliverable-based consulting enables our clients to identify the scope of a task, choose the required delivery date, and meet the desired financial investment.

  11. Low Costs Low Risk High High Low High Conclusion inKairos is committed to reaching compliance objectives, whether those objectives are centered around conceptual understanding or more specific projects for finance, business, and IT. • Deliverable-based consulting requires no long-term commitments and prevents expensive, unproductive efforts. • A shared internal methodology ensures efficient teamwork, consistent communication, and optimal effectiveness. inKairos provides the services of the Big Four consulting firms, but we do it more efficiently. Our approach enables us to provide services with lower cost and less risk. inKairos Potential Value

More Related