Mon, Mar 18, 2024
Tools and Insights for Effective Corporate Governance and Compliance

Tools

The following tools were published on KnowledgeLeader this week:

Assessing the Effectiveness of a Process or Program Guide

This sample guide can be used for evaluating the design effectiveness of a process or program and developing a subsequent test plan for assessing its operating effectiveness. Procedures outlined in this sample include assessing the understanding of the process or program (e.g., code of conduct, whistleblower, self-assessment, human resources, generic policies and procedures) and asking relevant people about their understanding of the process or program and reconciling it with management’s communication plan.

Process and Activity-Level Controls Assessment Guide

This sample document can be used as a guide to assessing controls at the process or activity level. Example steps include selecting the priority elements, understanding the processes, sourcing the risks, documenting the key controls, assessing the control design, and validating the control operation and reporting. The following key questions should be considered when executing these steps: What are the risks of a material misstatement? Where are those risks? What are the key controls? Who owns the key controls?

PCI Review Audit Work Program

This audit program sample can be used by organizations to process PINs; create cryptographic keys; and administer, load and transmit secure keys. In this sample, all keys and key components are generated using an approved random or pseudo-random process, compromise of the key-generation process is not possible without collusion between at least two trusted individuals, documented procedures exist and are demonstrably in use for all key generation processing.

IT Automated Controls Policy

Define your company’s internal control testing processes and the testing frequency of its automated controls. Under this policy, the IT department is responsible for maintaining this procedure, and the documentation control department is responsible for maintaining its configuration; at a minimum, this procedure will be reviewed by the IT department annually, or as needed, for process improvements and changes.

Equal Employment Opportunity Policy

Organizations can utilize this policy sample to establish guidelines and procedures common to understanding and identifying their equal opportunity process.According to this policy, the company believes that all people are entitled to equal employment opportunity (EEO) and does not discriminate against its employees or applicants because of race, color, religion, sex, pregnancy, national origin, ancestry, age, marital status, physical handicap or medical condition.

Request for Proposal: Sarbanes-Oxley Compliance

This tool contains three sample requests for proposals (RFPs) that can be used by organizations seeking a qualified service provider to implement Sarbanes-Oxley compliance services. This document can be used as a general guide to understand the structure and strategy for an RFP for SOX compliance services. Organizations should continuously update and monitor the processes included in this document to ensure that it reflects business operations.

Publications 

KnowledgeLeader has also published several publications this week.

Cornell Professor of Trade Policy: Digital Revolution Will Transform Currencies — and the World

Eswar Prasad is the Tolani senior professor of Trade Policy at Cornell University, as well as a senior fellow at the Brookings Institution, where he holds the New Century Chair in International Economics and a research associate at the National Bureau of Economic Research.  In this interview, Prasad and VISION by Protiviti Editor-in-Chief Joe Kornik sat down to discuss his latest book, the digital revolution and the future of money.

Sanctions: Not Just a Financial Institution Issue

For banks, sanctions-related enforcement actions and large financial penalties over many years have made clear the cost of noncompliance with sanctions obligations. In this whitepaper, we summarize five components of an effective sanctions compliance program and explore how companies can manage sanctions compliance risk.

Philosophical Dimensions of Information and Ethics in the Internet of Things (IoT) Technology

In the context of the Internet of Things (IoT) technology, the process of information generation, use, and its afferent and efferent flows in various smart devices, applications and services are critical for the creation of a vibrant and dynamic IoT ecosystem. This article discusses the techno-philosophical aspects of IoT technology, covering the aspects of attention, subjectivity, objectivity and happiness.

Recommended Resources 

This list of recommended resources from the web may be of interest to you. Click each link to learn more. 

  1. Sustainable Operations: How Leaders Can Achieve ESG Goals With Waste Reduction Solutions
  2. Finance Employee Defrauded for $25M by Deepfake CFO
  3. Governance Intelligence Webinar Dives Into Complicated World of Entity Management

 

0 Comments