Governance, Risk, - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Governance, Risk,

Description:

of your Large Consultant and Boutique alternatives . without compromise. Boutique: Responsive client service. Lack of SEC restrictions ... – PowerPoint PPT presentation

Number of Views:92
Avg rating:3.0/5.0
Slides: 20
Provided by: michae388
Category:

less

Transcript and Presenter's Notes

Title: Governance, Risk,


1
May 1, 2006 New Jersey IIA Chapter Software
Expo
  • Governance, Risk, Compliance Protiviti
    DemonstrationPresenter Michael Mask
  • Associate Director
  • Risk Technology Solutions Group

2
Protiviti Who We Are
Protiviti Offices and Resources Atlanta,
GA Boston, MA Chicago, IL Cincinnati,
OH Cleveland, OH Dallas, TX Denver, CO Ft.
Lauderdale, FL Houston, TX Kansas City, MO Los
Angeles, CA Milwaukee, WI Minneapolis, MN New
York City, NY Orlando, FL Philadelphia,
PA Phoenix, AZ Pittsburgh, PA Salt Lake City,
UT San Francisco, CA San Jose, CA Seattle, WA St.
Louis, MO Tampa, FL Vienna, VA Toronto,
Canada Australia Asia Europe South America
  • Who We Are
  • Protiviti is an independent risk consulting and
    internal audit company that offers a full
    spectrum of internal audit services and specific
    operational risk competencies, delivered by way
    of proven methodologies and supporting
    technology.
  • What We Do
  • We provide the following services to our clients

Business Risk
Technology Risk
Internal Audit
Business Risk Consulting Event-Related Financial
Risk Governance/Sarbanes-Oxley Operational
Risk Credit Risk Treasury Basel II
Internal Audit Co-Sourcing Outsourcing Internal
Audit Transformation Quality Assurance
Reviews Risk Assessment
Technology Risk Consulting Applications Business
Continuity Data Mining Infrastructure Privacy Proj
ect Risk Management Security
3
An Integrated Governance Risk Compliance Platform
Protiviti Governance Portal (PGP) Overview
4
An Integrated Governance Risk Compliance Platform
Protiviti Governance Portal (PGP) Overview
5
The PGP Directs Individuals to Their Areas of
Responsibility
PGP Overview
My Portal Tailor user experience for specified
responsibilities
  • Shared Governance Activities
  • Monitor and resolve action plans through a
    single, on-line platform
  • Execute workflow-driven tasks across multiple
    governance activities
  • Measure risk and performance indicators linked to
    key RCMs, risks, controls, objectives, risk
    categories and financial elements
  • The My Portal area creates a user-specific
    collection of tasks, reports, summaries and owned
    activities
  • In much the same way that the Protiviti
    Governance Portal functions as an organized
    repository of an organizations governance data,
    the My Portal tab functions as a framework for an
    individuals governance data
  • Each users view can easily be expanded or
    contracted based on their user profile
  • Sarbanes-Oxley (SarbOx PortalTM)
  • Perform tests and review owned controls
  • Operational Risk Management (ORM PortalTM)
  • - Assess enterprise risk event categories
  • Manage risks via dashboard reporting

Self-Assessment (TSATM) - Conduct all aspects of
a self-assessment including test validation,
review, and sign-off
IA Portal (TSATM) - Facilitate audit activities
from planning and risk assessment to electronic
workpaper management
Available in ORM Portal
6
Foundational Frameworks
PGP Overview
Common Frameworks Provide Organizing Principles
of an Integrated System
CREATE
RISK EVENT MODEL
  • The association of business processes with
    organizational units provides an analytical
    framework supporting varying analysis including
    documentation, risk and control analysis and risk
    event assessment.
  • This analysis can be related to financial
    reporting to support SOX exercises or to
    enterprise risks to support broader risk
    management practices.

FINANCIAL MODEL
L I N K
PROCESS MODEL
ORGANIZATION MODEL
Information Technology MODEL
PROJECT EVENT MODEL
7
Common Features - Documentation
PGP Overview
Document management features make the PGP a
powerful document management repository
  • Upload multiple files and/or URLs to documents
  • Check in/Check out feature prevents numerous
    users from editing the same document at the same
    time
  • Maintain the integrity of documents by retaining
    version history
  • Track changes made to Document Evaluations and
    Attributes in Change History
  • Maintain multiple versions of the same document,
    select a previous version to be the current
    version

8
Common Features Risk and Control Matrices
PGP Overview
The Risk Control Matrix Tool - analyze
Objective, Risk and Controls
  • Quick Reports allow users to obtain rich
    information and provide a high level view of RCM
    content
  • The RCM is a tool within a tool
  • It allows for sophisticated analysis of
    objectives, risks and controls
  • A library can be used to baseline risk and
    control activities
  • Discipline is rewarded when reporting
  • Review, Action Plans, Notes, Tasks, Attachments
    History facilitate resolution

9
Common Features Action Plans
PGP Overview
Identify, track, and resolve action items
  • Gather and track action items in a single
    application providing management visibility into
    key issues across multiple risk management
    efforts
  • Assign resolution or review responsibility to
    individuals or user groups such as an internal
    control group
  • Notify users via email when action plans are
    created, edited or deleted
  • Capture response and resolution steps
  • Associate action plans with objectives, risks, or
    controls
  • Build out additional tasks around action plans to
    delegate responsibilities

10
Dynamic Reports
Reporting Overview
Report from across control activities, risk
assessments and loss events via a single
application
  • Crystal-based reporting engine allows
    organizations to develop reports to meet their
    unique needs over time, without requiring
    modification to code
  • User Reports Drill-down dashboards contained
    within My Portal that present information based
    on individual users owned organizational units
  • Quick Reports Provide printable information
    while performing analysis in a given area of the
    system
  • Filterable Reports Provide flexible filtering
    options to support specified analysis

11
User-Defined Searches
Reporting Overview
Support specific reporting analysis via
user-defined searches
  • The system contains over 40 searches that allow
    for development of user-defined search criteria
    across a range of topics
  • Select and sort fields to include in the report
  • Select filter criteria
  • Save search as public or private search
  • Drill directly to search results
  • Export search results to develop specific and
    detailed analysis using familiar tools such as
    Excel

12
Project Team and Executive Dashboards
Reporting Overview
Provide holistic, multi-perspective views of SOX
evaluations performed
  • Dashboards aggregate RCM process, objective,
    risk, and control evaluations by Financial
    Reporting Element, Process Classification, and
    Organizational Unit.
  • The dashboards allow users to drill into more
    specific information. For example, if
    Organization 1 displays 4 ineffectively operating
    controls, users can drill directly to a list of
    ineffectively operating controls. From the list
    of ineffectively operating controls, users can
    then drill directly to a particular control in
    question.

13
SarbOx Overview
SarbOx Overview
Organization Model
The system allows for documentation and detailed
risk and control analysis that can be aggregated
via multiple perspectives Financial Reporting,
Business Process, and Organizational Hierarchies.

Documentation
Financial Model
Process Model (PCS)
Risk and ControlMatrix
  • Common tasks performed in building these models
    under Protivitis risk-based approach are
  • Identify control units
  • Identify and prioritize all financial reporting
    elements
  • Identify business processes that affect financial
    reporting
  • Perform process risk assessment
  • Link processes to related organizational units
    and financial reporting elements
  • Determine overall process criticality based on
    process risk and priority of related financial
    elements
  • Process criticality is a key determinant of the
    level of process documentation and control
    testing in a true risk-based approach
  • Documentation may include
  • Process Maps
  • Policies Procedures
  • Process Narratives
  • Key Performance Indicators
  • Job Aids
  • Checklists
  • Does not include a mapping tool.

Risk Control Library

Objectives Evaluation of Objective Achievement

Risks Evaluation of Control Design
Effectiveness Evaluation of Control Design
Operating Effectiveness

Controls Evaluation of Control Operating
Effectiveness

Control Testing Documentation
14
The Self Assessment Life Cycle
TSA Overview
Assessment Template
Deployed Assessment
Reporting
Assessment Lifecycle
Groups
Packages
Dashboards Reports Export
Assess
Questions
Assessors
Review
Group Review
Assessment Completion
Signoff
Objective
Risk
AP Review
TP Review
Best Practice
Group Review
Configuration
The groups primary function is to create a
domain of review, where a set of reviewer(s)
are limited to a pool of assessors. These
reviews can be performed by a single individual
or delegated to a maximum of 3 persons per group.
Action Plan
Action Plans
Test Plans
Test Plan
Required
Values
The administrator can build and re-use an
assessment template to periodically publish or
deploy an assessment. Each assessment can be
uniquely named, contain key messages and have
specific start and end dates for assessors and
reviewers. The primary activity is the assessor
window, which allows respondents to provide
feedback. Action and/or Test Plans may be created
based on the Question Configurations. If
initiated, these serve as to-dos that can be
documented and tracked as they move toward
conclusion. Review and Signoff introduce a
series of Quality Assurance activities.
A question may be designed or configured to
react to assessors feedback. Each
question-response combination can validate
behavior such as requiring answers or comments as
well as generating workflow.
15
ORM PortalTM Overview - RCSA
RCSA Overview
16
Internal Audit The Protiviti Way
IA Portal Overview
17
The Protiviti Story
Protiviti is a leading provider of independent
internal audit and business and technology risk
consulting services. Protiviti was formed in May
2002 when Robert Half International (RHI) hired
more than 650 experienced and highly qualified
partners and professionals formerly with Arthur
Andersen LLPs US internal audit and risk
consulting practices. These practices operated
separately from Andersens external audit and
attestation services. Today, Protiviti works with
over 25 of the Fortune 500, employs over 2,200
professionals in more than 45 locations
throughout North America, Latin America, Europe,
Asia and Australia. The firm retains the
intellectual capital used and developed by its
professionals over the past decade.
Our Market Positionand Future The name
Protiviti represents professionalism, integrity
and independence. Unlike most other risk
consulting practices, Protiviti has no
affiliation with an external audit firm, nor does
it provides any external audit services. This
offers us a key strategic advantage, as we can
offer the resources, quality, capabilities and
expertise of any large accounting firm without
regulatory or market concerns regarding conflicts
of interest.
About Our Parent Company Robert Half is a 3.3
billion public company with a 5 billion market
capitalization and 330 worldwide offices. It has
virtually no debt, a strong cash position and an
outstanding track record in growing businesses.
It is recognized as one of Forbes Most Admired
Companies.
18
Our Commitment to Technology Enabling Solutions
  • Protiviti recognized as strong performer in
    governance, risk and compliance platforms by
    Forester Research (The Forester WaveTM Q1 2006)
  • Since release in March 2003, the base of clients
    utilizing our technologies has steadily grown
  • Our solution is battle-tested. Client feedback
    has infused continuous development resulting in 5
    incremental versions of our SarbOx PortalTM, the
    foundation of Protivitis Governance Portal
  • To meet the needs of our clients seeking to
    evolve their governance programs, we developed
    and released the Protiviti Governance Portal, an
    integrated governance risk compliance platform,
    in April 2005
  • We continue to seek and incorporate our clients
    feedback into the solution, and will continue to
    extend the capabilities of our framework, as
    reflected with the current development of an
    integrated Internal Audit module
  • Our Vision
  • To be recognized as the premier global risk
    consulting and internal audit services company.
  • Our Mission
  • To constantly improve how businesses manage risk.
    We will develop deep competencies in people
    which enhance their value. We will bring
    unparalleled expertise to clients in risk
    management.
  • Our Core Values
  • professional
  • productive
  • proactive
  • objectiviti
  • creativiti
  • integriti

19
Protiviti Governance Portal Who to Contact
Other Information
We would be happy demonstrate our technology
tools and discuss how Protiviti can help you
create a sustainable compliance process. Scott
Gracyalny Managing Director, Risk Technology
Solutions 312.476.6381 Scott.Gracyalny_at_protiviti.c
om Scott Wisniewski Director, Risk Technology
Solutions 312.476.6302 Scott.Wisniewski_at_protiviti.
com Michael Mask Associate Director, Risk
Technology Solutions 312.476.6396 Michael.Mask_at_pro
tiviti.com
Write a Comment
User Comments (0)
About PowerShow.com