SlideShare a Scribd company logo

Centralized operations – Risk, Control, and Compliance

PECB
PECB

The webinar covers: • Centralized operation models (shared services) • The benefits case • Options for managing risk, control and compliance in centralized operations Presenter: This session was presented by Steve Tremblay, Senior ITSM Consultant and Trainer at ExcelsaTech, and a PECB Certified Trainer. Link of the recorded session published on YouTube: https://youtu.be/LaLWI_ULjjU

Education
1 of 33
ISO 31000 – Centralized Operations – Risk, Control, and Compliance Steve Tremblay, Senior ITSM Consultant/Trainer B.Sc., PMP, ITIL Master, DPSM, CGEIP, COBIT, Kepner-Tregoe, ISO/IEC 20000 Consultant Manager, ISO/IEC 27001, ISO/IEC 27002 & RESILIA March 07, 2016
Steve Tremblay Consultant and Trainer Steve Tremblay is executive ITSM consultant and trainer at ExcelsaTech, and a PECB Certified trainer. 613-720-9646 http://www.limkedin .com/in/stevetremblay www.exelsatech.com stevetremblay@excelsatech.com http://twitter.com/blog/excelsatech
Agenda Brief overview of the ISO 31000 Standard content What is Risk Management? Centralized operation models (shared services) The benefits case Options for managing risks, controls, and compliance in centralized operations Conclusion 3
What is Risk? 4 Source: (Alternet, 2015)
What are consequences of Risks? 5 Source: (Alternet, 2015)
What is Risk? 6 Source: (Alternet, 2015)
What are consequences of Risks? 7 Source: (Dallas Morning News, 2014)
How can we deal with Risks? The Classic Four: Avoid, Reduce, Transfer or Retain 8 Reduce TransferRetain Avoid Probability Impact No – Minor – Medium – Serious - Extreme Very High High Medium Low Very Low Source: (DeLoach, 2003)
Overview of the ISO 31000 – Risk Management Standard content
ISO 31000 – Risk Management – Principles and guidelines Clause 1 – Scope (of the standard) Clause 2 – Terms and definitions (related to risk management) Clause 3 – Principles Clause 4 – Framework Clause 5 – Process Annex A – Attributes of enhanced risk management 10
ISO 31000 – Clause 4 (The Framework) 11 Mandate and commitment Design of framework for managing risk Implementing risk management Continual improvement of the framework Monitoring and review of the framework
What is Risk Management?
Risk Management Coordinated activities to direct and control an organization with regard to risk (as defined in ISO 31000) “Risk is defined as the probability of an event and its consequences.” “Risk management is the practice of using processes, methods and tools for managing these risks.” 13
ISO 31000 – Clause 5 (The Process) 14 Risk Assessment Establishing the context Risk identification Risk analysis Risk evaluation Risk treatment Communication and consultation Monitoring and review
Centralized operation models (shared services)
Centralized operations – Risk, Control, and Compliance In these times of continued global economic uncertainty, cost reduction and effective risk management remain key imperatives. Centralized operations become an obvious and tempting option but it must be done properly to ensure maintaining proper risk management, control and compliance. 16
Today’s challenges for organizations Organizations are required to manage a multitude of challenges, such as: • Slow growth in markets • Challenges in realizing the full growth potential in emerging markets and managing the risks of operating in these markets • Commodity price volatility • Opportunities and threats of new technologies, the digital age, the cloud model, etc • The ever-changing and increasing burden of regulatory compliance 17
Organizations’ common response One now almost standard response has been the use of new, more centralized operating models in the shape of shared services, offshoring (to areas such as India, Eastern Europe and South America), and co-sourcing with and outsourcing to third-party providers. This need to centralize and reduce the cost of back- office processes and transactions is a common standard expectation nowadays. Historically, Risk, Control and Compliance functions have been less willing to embrace these new, more centralized operating models. 18
The trend in leading organizations They are challenging the status quo of their risk, control, and compliance operating models. They are looking at ways in which they too can contribute to cost reduction while enhancing risk management, control, and compliance practices. 19
The benefits case
Different centralized operating models National Shared Service Regional Shared Service Offshore Hub & Spoke It can be Outsource of Co-source 21
The Benefits 1. Cost to serve Minimizing the time and resources devoted to risk, controlling and compliance activities to reduce back-office costs and maximizing those devoted to front-office and market-facing activities. 2. Risk management and compliance The effective management of risks and compliance needs (risks and compliance needs understood, controls in place, risks and compliance monitored) — as defined within an agreed risk appetite. 3. Scalability The ability to integrate acquisitions and manage divestments swiftly and cost-effectively through the rapid deployment of a common risk, controls and compliance framework with monitoring capabilities. 22
The Benefits 4. Agility The ability to flex risk and controlling activities and tolerances set as the inherent risks faced by organizational change. This would take into account new risks, as well as the changing profile of existing/known risks. 5. Transparency Provision of management information related to risk, controls and compliance that enables decision making through clarity of risk gaps to be addressed, and controls and compliance breaches that require remediation. 23
Options for managing risks, controls, and compliance in centralized operations
Options for this centralized operation model Establishing the right centralized operating model for risk, control and compliance capabilities starts with defining: a)what are the activities underpinning these capabilities; and b)where within an organization should they reside. 25
Centralized operating model for risks, controls, and compliance 26 Strategic Operational Financial Compliance Assess Improve Monitor RISKS Approach Risks, Controls, and Compliance coverage Oversight Operations and business units ------ Dev., IT, Fin/Acct., HR, Legal, etc. Executive management Board Audit Committee Risk Committee Management assurance functions ------ Internal Controls, Compliance, Risk Independent assurance functions ------ Internal audit, External audit 1st line of defense 2nd line of defense 3rd line of defense Ownership
Suggested sources for more details: ISO 31000: Principles and Guidelines on Implementation ISO 31010: Risk Management – Risk Assessment Techniques ISO 73: Risk Management – Vocabulary Conclusion If you don't actively attack risks, they will actively attack you!!
Dealing effectively with Risks Every organization should consider what types of risk assessments are relevant to its objectives. The scope of risk assessment that management chooses to perform depends upon priorities and objectives. Risk must be managed at the enterprise level in an integrated way. Risk Management should be integrated into the business process in a way that provides timely and relevant information to management. For risk assessment to be a continuous process, it must be owned by the business and be embedded within the business cycle, starting with strategic planning, carrying through to business process and execution, and ending in evaluation. Risk treatments must be identified and implement as required. Risk can then be managed as part of day-to-day decision making, in a manner consistent with the organization’s risk appetite and tolerance. 28
Excelsa Technologies Consulting Inc. Steve Tremblay, President stevetremblay@excelsatech.com www.excelsatech.com THE END
PECB offering on ISO 31000 30 Risk Management plays a vital role in an organization’s performance. Companies increasingly focus on identifying risks and managing them before they affect their business. PECB offer an inclusive range of ISO 31000 Risk Management training courses, which can be found below:
Excelsa Technologies Consulting Inc. WHO WE ARE?
Our company Excelsa Technologies Consulting Inc. is a trusted independent advisor, helping organizations maximize efficiencies and increase value to their IT services. We specialize in the delivery of Information Technology Service Management (ITSM) and Information Security Management (ISM) consulting and training services, using best practices such as the Information Technology Infrastructure Library (ITIL® ), TIPA® , TOGAF® , COBIT® , and standards such as ISO/IEC 20000, 27001, 38500, ISO 31000 and others. At Excelsa Technologies Consulting Inc., our team includes a network of the most accredited consultants and trainers in the IT industry. 32 ITIL® is a registered trade mark of AXELOS Limited.
33 ?? QUESTIONS THANK YOU 613-720-9646 stevetremblay@excelsatech.com www.exelsatech.com http://www.limkedin .com/in/stevetremblay http://twitter.com/blog/excelsatech

Recommended

Insurance Industry 2016: PwC Top Issues
Insurance Industry 2016: PwC Top Issues Insurance Industry 2016: PwC Top Issues
Insurance Industry 2016: PwC Top Issues PwC
 
Principles of insurance
Principles of insurancePrinciples of insurance
Principles of insuranceProf. Devrshi Upadhayay
 
Life insurance basics
Life insurance basicsLife insurance basics
Life insurance basicsTanmay Mohanty
 
Introduction to insurance
Introduction to insuranceIntroduction to insurance
Introduction to insuranceKULDEEP MATHUR
 
insurance ppt
insurance pptinsurance ppt
insurance pptRohit Singh
 
Types of insurance_power_point_presentation_1.10.1.g1
Types of insurance_power_point_presentation_1.10.1.g1Types of insurance_power_point_presentation_1.10.1.g1
Types of insurance_power_point_presentation_1.10.1.g1b34farmer
 
insurance
insuranceinsurance
insuranceMukta Singh
 
Risk financing
Risk financingRisk financing
Risk financingRione Drevale
 

Recommended

Insurance Industry 2016: PwC Top Issues
Insurance Industry 2016: PwC Top Issues Insurance Industry 2016: PwC Top Issues
Insurance Industry 2016: PwC Top Issues PwC
 
Principles of insurance
Principles of insurancePrinciples of insurance
Principles of insuranceProf. Devrshi Upadhayay
 
Life insurance basics
Life insurance basicsLife insurance basics
Life insurance basicsTanmay Mohanty
 
Introduction to insurance
Introduction to insuranceIntroduction to insurance
Introduction to insuranceKULDEEP MATHUR
 
insurance ppt
insurance pptinsurance ppt
insurance pptRohit Singh
 
Types of insurance_power_point_presentation_1.10.1.g1
Types of insurance_power_point_presentation_1.10.1.g1Types of insurance_power_point_presentation_1.10.1.g1
Types of insurance_power_point_presentation_1.10.1.g1b34farmer
 
insurance
insuranceinsurance
insuranceMukta Singh
 
Risk financing
Risk financingRisk financing
Risk financingRione Drevale
 
The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000
The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000
The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000Maitrayee Pathak
 
P&C insurance basics v2
P&C insurance basics v2P&C insurance basics v2
P&C insurance basics v2techcanvassacademy
 
Types of insurance
Types of insuranceTypes of insurance
Types of insuranceDawniealaine
 
Cloud computing for enterprise
Cloud computing for enterpriseCloud computing for enterprise
Cloud computing for enterprisePravin Asar
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
How Insurance Company works
How Insurance Company worksHow Insurance Company works
How Insurance Company worksImran Udas
 
Chapter 3: Organization of insurer
Chapter 3: Organization of insurerChapter 3: Organization of insurer
Chapter 3: Organization of insurerMarya Sholevar
 
A study on the growth of indian insurance sector
A study on the growth of indian insurance sectorA study on the growth of indian insurance sector
A study on the growth of indian insurance sectoriaemedu
 
Presentation on life insurance
Presentation on life insurancePresentation on life insurance
Presentation on life insuranceAli Iqbal
 
Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)Alex Todd
 
Principles of insurance
Principles of insurancePrinciples of insurance
Principles of insuranceIndrajeet Kamble
 
insurance sector ppt
insurance sector pptinsurance sector ppt
insurance sector pptJay Shah
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
Insurance and risk management
Insurance and risk managementInsurance and risk management
Insurance and risk managementMeenushreeGowda
 
Rejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentRejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentnlmccready
 
14 role of insurance
14 role of insurance14 role of insurance
14 role of insurancemaynardteacher
 
Insurance contract
Insurance contractInsurance contract
Insurance contractNagindas Khandwala College
 
Insurance Sector in India ppt
Insurance Sector in India pptInsurance Sector in India ppt
Insurance Sector in India pptMANISH KUMAR CHAUHAN
 
Ch 4 underwriting policy and practice
Ch 4 underwriting policy and practiceCh 4 underwriting policy and practice
Ch 4 underwriting policy and practiceDanish Shahid
 
Insurance Contract
Insurance ContractInsurance Contract
Insurance ContractRisky Kusuma Hartono
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...
Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...
Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...Nicolas Brousse
 

More Related Content

What's hot

The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000
The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000
The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000Maitrayee Pathak
 
Types of insurance
Types of insuranceTypes of insurance
Types of insuranceDawniealaine
 
Cloud computing for enterprise
Cloud computing for enterpriseCloud computing for enterprise
Cloud computing for enterprisePravin Asar
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
How Insurance Company works
How Insurance Company worksHow Insurance Company works
How Insurance Company worksImran Udas
 
Chapter 3: Organization of insurer
Chapter 3: Organization of insurerChapter 3: Organization of insurer
Chapter 3: Organization of insurerMarya Sholevar
 
A study on the growth of indian insurance sector
A study on the growth of indian insurance sectorA study on the growth of indian insurance sector
A study on the growth of indian insurance sectoriaemedu
 
Presentation on life insurance
Presentation on life insurancePresentation on life insurance
Presentation on life insuranceAli Iqbal
 
Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)Alex Todd
 
insurance sector ppt
insurance sector pptinsurance sector ppt
insurance sector pptJay Shah
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
Insurance and risk management
Insurance and risk managementInsurance and risk management
Insurance and risk managementMeenushreeGowda
 
Rejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentRejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentnlmccready
 
Ch 4 underwriting policy and practice
Ch 4 underwriting policy and practiceCh 4 underwriting policy and practice
Ch 4 underwriting policy and practiceDanish Shahid
 

What's hot (20)

The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000
The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000
The Insurance Act 1938 and The Insurance Regulatory Authority Act 2000
 
P&C insurance basics v2
P&C insurance basics v2P&C insurance basics v2
P&C insurance basics v2
 
Types of insurance
Types of insuranceTypes of insurance
Types of insurance
 
Cloud computing for enterprise
Cloud computing for enterpriseCloud computing for enterprise
Cloud computing for enterprise
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
How Insurance Company works
How Insurance Company worksHow Insurance Company works
How Insurance Company works
 
Chapter 3: Organization of insurer
Chapter 3: Organization of insurerChapter 3: Organization of insurer
Chapter 3: Organization of insurer
 
A study on the growth of indian insurance sector
A study on the growth of indian insurance sectorA study on the growth of indian insurance sector
A study on the growth of indian insurance sector
 
Presentation on life insurance
Presentation on life insurancePresentation on life insurance
Presentation on life insurance
 
Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)Governance, Risk, Compliance & Trust (OCEG graphics removed)
Governance, Risk, Compliance & Trust (OCEG graphics removed)
 
Principles of insurance
Principles of insurancePrinciples of insurance
Principles of insurance
 
insurance sector ppt
insurance sector pptinsurance sector ppt
insurance sector ppt
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
 
Insurance and risk management
Insurance and risk managementInsurance and risk management
Insurance and risk management
 
Rejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentRejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatment
 
14 role of insurance
14 role of insurance14 role of insurance
14 role of insurance
 
Insurance contract
Insurance contractInsurance contract
Insurance contract
 
Insurance Sector in India ppt
Insurance Sector in India pptInsurance Sector in India ppt
Insurance Sector in India ppt
 
Ch 4 underwriting policy and practice
Ch 4 underwriting policy and practiceCh 4 underwriting policy and practice
Ch 4 underwriting policy and practice
 
Insurance Contract
Insurance ContractInsurance Contract
Insurance Contract
 

Viewers also liked

Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...
Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...
Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...Nicolas Brousse
 
Scalone dokumenty (21)
Scalone dokumenty (21)Scalone dokumenty (21)
Scalone dokumenty (21)gemix gemix
 
Production & operations management
Production & operations managementProduction & operations management
Production & operations managementshart sood
 

Viewers also liked (6)

Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber Attacks
 
Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...
Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...
Bringing Business Awareness to Your Operation Team (Nagios World Conference 2...
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
Scalone dokumenty (21)
Scalone dokumenty (21)Scalone dokumenty (21)
Scalone dokumenty (21)
 
operations management
operations managementoperations management
operations management
 
Production & operations management
Production & operations managementProduction & operations management
Production & operations management
 

Similar to Centralized operations – Risk, Control, and Compliance

PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxsdfghj21
 
I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxwrite4
 
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystem
Designing Enhanced Supervision for the Evolving Wealth Management EcosystemDesigning Enhanced Supervision for the Evolving Wealth Management Ecosystem
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystemaccenture
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Relevance of ISO 31000 for risk professionals.pptx
Relevance of ISO 31000 for risk professionals.pptxRelevance of ISO 31000 for risk professionals.pptx
Relevance of ISO 31000 for risk professionals.pptxCaptSameerSharma
 
Enterprise Risk Management | ISO 31000 Implementation training
Enterprise Risk Management | ISO 31000 Implementation training Enterprise Risk Management | ISO 31000 Implementation training
Enterprise Risk Management | ISO 31000 Implementation training himalya sharma
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
Developing an Effective Enterprise Risk Capability
Developing an Effective Enterprise Risk CapabilityDeveloping an Effective Enterprise Risk Capability
Developing an Effective Enterprise Risk CapabilityContinuity and Resilience
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Nidhi Gupta
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Nidhi Gupta
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureSuresh Kanniappan
 

Similar to Centralized operations – Risk, Control, and Compliance (20)

PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docx
 
I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docx
 
Risk management erm
Risk management ermRisk management erm
Risk management erm
 
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystem
Designing Enhanced Supervision for the Evolving Wealth Management EcosystemDesigning Enhanced Supervision for the Evolving Wealth Management Ecosystem
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystem
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Relevance of ISO 31000 for risk professionals.pptx
Relevance of ISO 31000 for risk professionals.pptxRelevance of ISO 31000 for risk professionals.pptx
Relevance of ISO 31000 for risk professionals.pptx
 
Enterprise Risk Management | ISO 31000 Implementation training
Enterprise Risk Management | ISO 31000 Implementation training Enterprise Risk Management | ISO 31000 Implementation training
Enterprise Risk Management | ISO 31000 Implementation training
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summary
 
Developing an Effective Enterprise Risk Capability
Developing an Effective Enterprise Risk CapabilityDeveloping an Effective Enterprise Risk Capability
Developing an Effective Enterprise Risk Capability
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance Brochure
 

More from PECB

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 

More from PECB (20)

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Recently uploaded

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 

Recently uploaded (20)

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 

Centralized operations – Risk, Control, and Compliance

  • 1. ISO 31000 – Centralized Operations – Risk, Control, and Compliance Steve Tremblay, Senior ITSM Consultant/Trainer B.Sc., PMP, ITIL Master, DPSM, CGEIP, COBIT, Kepner-Tregoe, ISO/IEC 20000 Consultant Manager, ISO/IEC 27001, ISO/IEC 27002 & RESILIA March 07, 2016
  • 2. Steve Tremblay Consultant and Trainer Steve Tremblay is executive ITSM consultant and trainer at ExcelsaTech, and a PECB Certified trainer. 613-720-9646 http://www.limkedin .com/in/stevetremblay www.exelsatech.com stevetremblay@excelsatech.com http://twitter.com/blog/excelsatech
  • 3. Agenda Brief overview of the ISO 31000 Standard content What is Risk Management? Centralized operation models (shared services) The benefits case Options for managing risks, controls, and compliance in centralized operations Conclusion 3
  • 4. What is Risk? 4 Source: (Alternet, 2015)
  • 5. What are consequences of Risks? 5 Source: (Alternet, 2015)
  • 6. What is Risk? 6 Source: (Alternet, 2015)
  • 7. What are consequences of Risks? 7 Source: (Dallas Morning News, 2014)
  • 8. How can we deal with Risks? The Classic Four: Avoid, Reduce, Transfer or Retain 8 Reduce TransferRetain Avoid Probability Impact No – Minor – Medium – Serious - Extreme Very High High Medium Low Very Low Source: (DeLoach, 2003)
  • 9. Overview of the ISO 31000 – Risk Management Standard content
  • 10. ISO 31000 – Risk Management – Principles and guidelines Clause 1 – Scope (of the standard) Clause 2 – Terms and definitions (related to risk management) Clause 3 – Principles Clause 4 – Framework Clause 5 – Process Annex A – Attributes of enhanced risk management 10
  • 11. ISO 31000 – Clause 4 (The Framework) 11 Mandate and commitment Design of framework for managing risk Implementing risk management Continual improvement of the framework Monitoring and review of the framework
  • 12. What is Risk Management?
  • 13. Risk Management Coordinated activities to direct and control an organization with regard to risk (as defined in ISO 31000) “Risk is defined as the probability of an event and its consequences.” “Risk management is the practice of using processes, methods and tools for managing these risks.” 13
  • 14. ISO 31000 – Clause 5 (The Process) 14 Risk Assessment Establishing the context Risk identification Risk analysis Risk evaluation Risk treatment Communication and consultation Monitoring and review
  • 16. Centralized operations – Risk, Control, and Compliance In these times of continued global economic uncertainty, cost reduction and effective risk management remain key imperatives. Centralized operations become an obvious and tempting option but it must be done properly to ensure maintaining proper risk management, control and compliance. 16
  • 17. Today’s challenges for organizations Organizations are required to manage a multitude of challenges, such as: • Slow growth in markets • Challenges in realizing the full growth potential in emerging markets and managing the risks of operating in these markets • Commodity price volatility • Opportunities and threats of new technologies, the digital age, the cloud model, etc • The ever-changing and increasing burden of regulatory compliance 17
  • 18. Organizations’ common response One now almost standard response has been the use of new, more centralized operating models in the shape of shared services, offshoring (to areas such as India, Eastern Europe and South America), and co-sourcing with and outsourcing to third-party providers. This need to centralize and reduce the cost of back- office processes and transactions is a common standard expectation nowadays. Historically, Risk, Control and Compliance functions have been less willing to embrace these new, more centralized operating models. 18
  • 19. The trend in leading organizations They are challenging the status quo of their risk, control, and compliance operating models. They are looking at ways in which they too can contribute to cost reduction while enhancing risk management, control, and compliance practices. 19
  • 21. Different centralized operating models National Shared Service Regional Shared Service Offshore Hub & Spoke It can be Outsource of Co-source 21
  • 22. The Benefits 1. Cost to serve Minimizing the time and resources devoted to risk, controlling and compliance activities to reduce back-office costs and maximizing those devoted to front-office and market-facing activities. 2. Risk management and compliance The effective management of risks and compliance needs (risks and compliance needs understood, controls in place, risks and compliance monitored) — as defined within an agreed risk appetite. 3. Scalability The ability to integrate acquisitions and manage divestments swiftly and cost-effectively through the rapid deployment of a common risk, controls and compliance framework with monitoring capabilities. 22
  • 23. The Benefits 4. Agility The ability to flex risk and controlling activities and tolerances set as the inherent risks faced by organizational change. This would take into account new risks, as well as the changing profile of existing/known risks. 5. Transparency Provision of management information related to risk, controls and compliance that enables decision making through clarity of risk gaps to be addressed, and controls and compliance breaches that require remediation. 23
  • 24. Options for managing risks, controls, and compliance in centralized operations
  • 25. Options for this centralized operation model Establishing the right centralized operating model for risk, control and compliance capabilities starts with defining: a)what are the activities underpinning these capabilities; and b)where within an organization should they reside. 25
  • 26. Centralized operating model for risks, controls, and compliance 26 Strategic Operational Financial Compliance Assess Improve Monitor RISKS Approach Risks, Controls, and Compliance coverage Oversight Operations and business units ------ Dev., IT, Fin/Acct., HR, Legal, etc. Executive management Board Audit Committee Risk Committee Management assurance functions ------ Internal Controls, Compliance, Risk Independent assurance functions ------ Internal audit, External audit 1st line of defense 2nd line of defense 3rd line of defense Ownership
  • 27. Suggested sources for more details: ISO 31000: Principles and Guidelines on Implementation ISO 31010: Risk Management – Risk Assessment Techniques ISO 73: Risk Management – Vocabulary Conclusion If you don't actively attack risks, they will actively attack you!!
  • 28. Dealing effectively with Risks Every organization should consider what types of risk assessments are relevant to its objectives. The scope of risk assessment that management chooses to perform depends upon priorities and objectives. Risk must be managed at the enterprise level in an integrated way. Risk Management should be integrated into the business process in a way that provides timely and relevant information to management. For risk assessment to be a continuous process, it must be owned by the business and be embedded within the business cycle, starting with strategic planning, carrying through to business process and execution, and ending in evaluation. Risk treatments must be identified and implement as required. Risk can then be managed as part of day-to-day decision making, in a manner consistent with the organization’s risk appetite and tolerance. 28
  • 29. Excelsa Technologies Consulting Inc. Steve Tremblay, President stevetremblay@excelsatech.com www.excelsatech.com THE END
  • 30. PECB offering on ISO 31000 30 Risk Management plays a vital role in an organization’s performance. Companies increasingly focus on identifying risks and managing them before they affect their business. PECB offer an inclusive range of ISO 31000 Risk Management training courses, which can be found below:
  • 32. Our company Excelsa Technologies Consulting Inc. is a trusted independent advisor, helping organizations maximize efficiencies and increase value to their IT services. We specialize in the delivery of Information Technology Service Management (ITSM) and Information Security Management (ISM) consulting and training services, using best practices such as the Information Technology Infrastructure Library (ITIL® ), TIPA® , TOGAF® , COBIT® , and standards such as ISO/IEC 20000, 27001, 38500, ISO 31000 and others. At Excelsa Technologies Consulting Inc., our team includes a network of the most accredited consultants and trainers in the IT industry. 32 ITIL® is a registered trade mark of AXELOS Limited.