Compliance office responsibilities
Download
1 / 50

Compliance Office Responsibilities - PowerPoint PPT Presentation


  • 117 Views
  • Updated On :

Compliance Office Responsibilities. Make compliance a part of everyday activities of the institution Monitor the various compliance program activities Communicate with the chief executive officer and others regarding compliance program activities Establish a compliance function.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Compliance Office Responsibilities' - unity


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Compliance office responsibilities l.jpg
Compliance Office Responsibilities

  • Make compliance a part of everyday activities of the institution

  • Monitor the various compliance program activities

  • Communicate with the chief executive officer and others regarding compliance program activities

  • Establish a compliance function


Making compliance a part of everyday activities l.jpg
Making Compliance a Part of Everyday Activities

  • Awareness communication avenues

  • Risk-based plan and compliance manual

  • Training tools and delivery mechanisms

  • Monitoring plans and assurance processes

  • Confidential reporting mechanism

  • Reporting procedures


Monitor compliance program activities l.jpg
Monitor Compliance Program Activities

  • Training

  • “A” list risk monitoring plans

  • Non-compliance

  • Program


Communicate with executive management l.jpg
Communicate with Executive Management

  • Instances of non-compliance that require executive action

  • Risk-based plan

  • Monitoring activities

  • Compliance Committee meeting minutes

  • Compliance program self-assessment


Four elements required for managing compliance a risks l.jpg
Four Elements required for Managing Compliance “A” Risks

  • Responsible party

  • Monitoring plan

  • Specialized training plan

  • Reporting plan

    Each high risk must have all 4 elements.


Responsible party must exhibit each of the following l.jpg
Responsible party must exhibit each of the following:

  • Exclusive responsibility for managing the risk

  • Knowledge to manage the risk

  • Authority to manage the risk


Specialized training plan l.jpg
Specialized Training Plan

Identifies—

  • Who is trained

  • Level of knowledge transferred

  • Frequency of training

  • Provider of training



Reporting plan should include l.jpg
Reporting Plan should include:

 Activity to be reported

—Supervisory control activities detailed in monitoring plan

—Training activity detailed in training plan

 Items to be reported for each activity, such as number of transactions examined or number of employees trained

 Frequency of reporting for each activity

 Who receives the report for each activity


Supervisory control activities to be reported l.jpg
Supervisory control activities to be reported:

• The number or percentage of execution events or transactions in the universe and number examined

• The number or percentage of execution events or transactions that failed the control attribute

• The identified causes of failure

• The action taken to mitigate repetitive failure

• The need for process improvement

• The need to escalate the consequence of non-compliance to mitigate repetitive non-compliance


Examples l.jpg
Examples:

  • Number of purchase contracts reviewed from the universe of contracts

  • Number of purchase contracts that did not satisfy the competitive bidding process

  • Identified causes of failure - such as, personal preference of requestor

  • Action taken - such as, provided training to all buyers

  • Process changes - such as modify computer program to include RFP# and Award Designation

  • Second instance for requestor - need to remove budget spending authority


Compliance committee purpose l.jpg
Compliance Committee Purpose

  • To provide the senior executive level

    decision-making function for the compliance program


Compliance committee duties and responsibilities l.jpg
Compliance Committee Duties and Responsibilities

  • Provide guidance and direction including policy decisions

  • Allocate resources

  • Ensure that appropriate action is taken for instances of non-compliance


Compliance committee composition l.jpg
Compliance Committee Composition

  • Size

  • Management Level

  • Line Management v. Staff Management


Compliance committee support mechanisms l.jpg
Compliance Committee Support Mechanisms

  • Compliance Function

    • Compliance Coordinator and staff

    • Monitor & assist high risk responsible parties

    • Perform training and risk assessment

  • Working Group

    • High risk area representatives

    • Perform specific tasks, as assigned by the compliance officer, that would normally be performed by the compliance function staff


Employee group insurance risk self assessment l.jpg
Employee Group Insurance Risk Self-Assessment


Collaborative assurance philosophy l.jpg
Collaborative Assurance Philosophy

  • Risk Management is the responsibility of every employee

  • Risk Management Assurance is provided by all levels of the organization

  • A Risk Self-Assessment is the basis for all risk management and risk management assurance activities



Risk management components l.jpg
Risk Management Components

  • Define a common risk management process

  • Assess Risk

  • Manage Risk

  • Learn and renew

Make risk management

a part of everyday activities


Risk self assessment the tool l.jpg
Risk Self-Assessment The Tool

1. Identify Goals and Objectives

2. Convert to Activities or Processes

3. Inventory Risks

4. Measure Risks

5. Prioritize Risks


Goals and objectives l.jpg
Goals and Objectives

  • Strategic Plan

  • Annual Operating Plans

  • Work Unit Goals and Objectives


Slide22 l.jpg

1. Establish

Organization

Objectives

2.

Assess Risk

3.

Choose Mitigation Strategy

A.

Identify

B.

Measure

C.

Prioritize

Assessing Risks


Brainstorming the technique l.jpg
Brainstorming The Technique

  • People involved in the process or activity

  • Identify activities performed to achieve goals and objectives

  • Inventory risks associated with each activity





Mitigation strategies l.jpg
Mitigation Strategies

  • Accept - no mitigation

  • Avoid - do not do the activity

  • Transfer - contract out/manage contract

  • Control - internal mitigation actions

  • Exploit - do something else



What is it l.jpg
What is It?

A model of both

periodic and on-going assurance regarding the

management of risks.


What are its benefits l.jpg
What are its Benefits?

  • Governance Benefits

    • Appropriate Assurance on all Risks

    • Fewer Surprises

  • Management Benefits

    • Real-time assessment

    • Ownership

  • Internal Audit Benefits

    • Increased Coverage

    • Value-added effort


Slide35 l.jpg

Assurance Continuum

Model for the 21st Century

Collaborative Assurance

(Governance and Management Control Processes)

I----------I

Periodic Assurance

I----------I

(Governance Control Processes)

I------------ On-going Assurance ------------I

(Management Control Processes)

Internal Audit Controls

Internal Audit Controls

Execution Controls

Supervisory Controls

Oversight Controls

Pre-operations design review of on-going assurance

During execution of event or transaction

Immediately after execution of event or transaction

Soon after execution of event or transaction

Post-operations audit of execution of on-going assurance



Slide37 l.jpg

Levels of Internal Control

Involvement

In Process

ITEMSAFFECTED

None

Isolated

Items

Internal

Audit

Little

Exception

Reports

Some

Sample

of

Transactions

Oversight Controls

Totally

Supervisory Controls

Every

Transaction

Execution Controls

UT System

Audit Office

David B. Crawford

07/28/99

Real

Time

Soon

After

Periodically

Annually

TIME


Execution controls operating controls l.jpg
Execution Controls (Operating Controls)

  • Embedded in day-to-day operations

    • Policies and procedures

    • Segregation of Duties

    • Reconciliations/Comparisons

  • Performed on every event/transaction

  • Performed by the generators of the event/transaction

  • Performed in ‘real time’, as the event/transaction is executed


Supervisory controls monitoring controls l.jpg
Supervisory Controls (Monitoring Controls)

  • Re-application of operating controls

    • Supervisory Review; Quality Assurance; Self Assessment

  • Performed very soon after the generation of the event/transaction

  • Performed by line management or staff positions who do not originate the event/transaction

  • Performed on a sample of the total number of events/transactions


Oversight controls executive controls l.jpg
Oversight Controls (Executive Controls)

  • Exception reports, status reports, analytical reviews, variance analysis

  • Performed by representatives of executive management

  • Performed on information provided by supervisory management

  • Performed within a short period (weeks/months) after the event/transaction is originated


Internal audit controls governance controls l.jpg
Internal Audit Controls (Governance Controls)

  • Audit of the design of controls not the operation of controls

  • Performed either before the event/transaction is originated or long after

  • Performed by staff with no involvement in the operations

  • Performed on individual events/transactions for discovery only


Operational examples levels of control in the coso model locs l.jpg
Operational Examples Levels of Control in the COSO Model (LOCs)



Managing risk l.jpg
Managing Risk

  • Use the Risk Management Plan

  • Assign Responsibility

    • Risk Management Responsibility

    • Oversight Control Responsibility

  • Develop the following plans:

    • Monitoring

    • Specialized training

    • reporting

    • Pre-defined set of consequences for non-compliance with risk management plan


Monitoring plan l.jpg
Monitoring Plan

  • Execution Controls

  • Supervisory Controls

  • Oversight Controls



Specialized training plan47 l.jpg
Specialized Training Plan

  • Knowledge required to manage risk

  • Who needs that knowledge

  • How to transfer knowledge

  • How to measure effectiveness of transfer


Collaborative assurance learning and renewing l.jpg
Collaborative Assurance: Learning and Renewing

  • Gap analysis and Action Plans

  • “Play it again Sam!”


Gap analysis and action plans l.jpg
Gap Analysis and Action Plans

  • Self-assessments

  • Supervisory Controls

  • Oversight Controls

  • Internal Auditing


Play it again sam l.jpg
Play It Again Sam!

General Purpose Process (A - E)

Detailed Process (1 - 9)

B.

Identify

Risk Areas

C.

Assess

Risk

A.

Objectives

E.

Learning

D.

Risk Response

(Source: Adapted from TBS Integrated Risk Management Framework)