IRM GRC SIG session on 1 May has Dr David Hillson talking about ABC meeting GRC - http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-grc-sig-session-on-1-may-has-dr-david-hillson-talking-about-abc-meeting-grc/

http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-grc-sig-session-on-1-may-has-dr-david-hillson-talking-about-abc-meeting-grc/

You can now book your place for the next IRM GRC Special Interest Group (SIG) session on 1 May at http://bit.ly/1dMZgIv

This session continues our exploration into risk culture and the possible role it plays in effectively orchestrating governance, risk and compliance activities.

It covers David’s latest thinking on risk culture, followed by a discussion about its relevance to GRC, or not.  Specifically it examines the links between risk culture and GRC implementation, based on the A-B-C Model (ie Attitudes-Behaviour-Culture).

Some people see GRC as a set of external Behaviours, but of course these are driven by individual Attitudes as well as not by focusing only on the external B, but by also addressing the A and C – right?

Overview:

Everyone knows that culture is important – but why?  What about risk culture?  What should you do if your project or organisation is too “risk-averse”?

Starting from first principles, this presentation unpacks the key characteristics of culture, explaining what it is – and what it is not.  Culture arises from repeated Behaviour – if we do the same things over and over again we will develop a shared approach to “how we do things around here”.  But behaviour is based on our underlying Attitudes – how we think shapes our actions.  This gives us the A-B-C model of culture: Attitudes shape Behaviour which forms Culture.  There are also feedback loops as the prevailing Culture also influences how we think and act.

The A-B-C model is also true of our approach to risk.  If we want to develop a risk-mature culture, we need to behave in an appropriate way towards risk.  But this in turn will be driven by our risk attitudes.

This presentation explores the central role of risk attitude as a key underlying driver of risk behaviour and risk culture, and shows how to change risk culture by actively managing risk attitude.

Biography:

Dr David Hillson is The Risk Doctor, and Director of The Risk Doctor Partnership. He is recognised internationally as a leading thinker and expert practitioner in risk management. He writes and speaks widely on the topic, with nine books and many papers.

David Hillson has been working in the area of risk culture, risk appetite and risk attitude for about a decade, and has published his ground-breaking insights on these topics in a range of books.

You can book your place NOW using this link: http://bit.ly/1dMZgIv, either for a place in London at the offices of RBS or via our Audio/Weblink.

More… http://bit.ly/1dMZgIv

 

Panellist at MetricStream Operational Risk Roundtable event in London - http://www.chaordicsolutions.co.uk/blog/from-our-risk-management-consultants/panellist-at-metricstream-operational-risk-roundtable-event-in-london/

http://www.chaordicsolutions.co.uk/blog/from-our-risk-management-consultants/panellist-at-metricstream-operational-risk-roundtable-event-in-london/

Our Senior Partner, Robert J Toogood, will be panellist at MetricStream Operational Risk Roundtable event in London.

Extract from MetricStream Press Release:

MetricStream, the market leader in enterprise-wide Governance, Risk, and Compliance (GRC) solutions, will co-host a roundtable with HCL on Operational Risk Management in London on October 15, 2013.  Leading research analysts and subject matter experts on operational risk will convene at the event to share their ideas, views, and best practices when it comes to today’s biggest issues and challenges in operational risk management.  The event will also highlight innovative ways to build a sustainable operational risk management culture, driven by the proven capabilities of advanced integrated risk management technology solutions.

Our dynamic, volatile, and global marketplace is fraught with risks, rising customer expectations, a flurry of complex regulations, disruptive technologies, and mounting competition.  On top of that, internal and external challenges such as fraud, human error, natural and man-made damage to physical assets, and system failures also threaten business viability and business performance.  Today, effective operational risk management is not just a business necessity, but a strategic imperative.  Embedding an effective operational risk management program into the day-to-day business operations can help avoid substantial organizational loss.  This can also enable businesses to collaborate, transcend silos, and correlate information that provides risk insight that can guide strategic business decision-making at the executive management level.

Event speakers include Piyush Pant, Vice President of Strategic Markets at MetricStream, Cedric Merahi, Risk Management Specialist at ActivSi, David Paris, Global Solutions Partner at HCL, Philip Martin, Chief Executive at Enterprise Risk Advisors, and Robert Toogood, Senior Partner at Chaordic Solutions.  Hosted in association with HCL, the roundtable will feature two different panel discussions – Role of Operational Risk Management within the Enterprise Risk Management Structure and Incorporating Operational Risk Intelligence into Strategic Business Decisions.  These sessions will underscore the need for organizations to gain complete control over operational risks, which have the potential to impact other risk areas, and jeopardize an organization’s operations and reputation.

IRM GRC SIG session on 13 September discussing ethical aspects of corporate governance regulation and guidance - http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-grc-sig-session-on-13-september-discussing-ethical-aspects-of-corporate-governance-regulation-and-guidance/

http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-grc-sig-session-on-13-september-discussing-ethical-aspects-of-corporate-governance-regulation-and-guidance/

You can now book your place for the next IRM GRC SIG Keep-in-Touch call on 13 September at https://irmgrcsigseptember.eventbrite.co.uk

The purpose of this month’s informal Keep-in-Touch session is to review and discuss feedback on the recently published report entitled “Review of the Ethical Aspects of Corporate Governance Regulation and Guidance in the EU”, available for download from this location:

http://www.ibe.org.uk/userfiles/op8_corpgovineu.pdf

The report is being shared as it relates to some of our recent SIG discussions about the importance of governance/leadership in supporting an effective orchestration/integration of governance, risk and compliance within an organisation.

More … http://theirm.org/events/GRC_SIG.htm

===========================================================

More information from original FERMA email press release:

Questions of ethics, or the ‘right way to run a business’, are inherent in all aspects of corporate governance, including the way the board conducts itself. Ethical choices are relevant to the business strategies that boards pursue and the way that they direct and structure the business to achieve them.

A new report, A Review of the Ethical Aspects of Corporate Governance Regulation and Guidance in the EU published today by the Institute of Business Ethics, in association with ecoDa, the European Directors’ Association, examines corporate governance policy debates and frameworks.

Its findings draw attention to a notable lack of explicit reference to ethical imperatives, and so raise questions about why this is the case, whether this should be addressed and how.

This Occasional Paper explores the extent to which, in legislation, frameworks and codes for corporate governance across the EU and within its member states, there are explicit statements or requirements for business to be governed in line with ethical principles or commitments.

Julia Casson, author of the report, said: “We began this report wanting to understand whether there was guidance for companies in governance policies, at national and EU level, on ethical business practice. Although we did find similarities in corporate governance requirements around practice and certain issues, there seems to be a general lack of ethical language in corporate governance provisions. This is in spite of the fact that boards are expected to set the values which will guide their company’s operations.”

For some key governance issues that boards have been expected to address, the explicit driver is most often given in terms of what is ‘good for business’ rather than engagement with any moral imperative. This is the case even though what is generally viewed as unethical behaviour, including at the most senior levels, has led to business failure on numerous occasions. The link has yet to be explicitly made in corporate governance discourse that what is ethical is very often good for business, or at least that what is unethical generally impacts negatively on business.

At the member state level, the beginnings of a greater focus on board behaviour and conduct can be seen, especially in guidance for directors.

Some governance codes contain ‘various rules of conduct’ ( i.e. commitment, leadership, discretion, independent judgment, integrity, acting in the corporate interest and acting in the interests of stakeholders) and refer to behaviours required by boards.

Patrick Zurstrassen, Chairman of ecoDa said: “The purpose of governance can be said to be to encourage companies to make robust decisions, manage risk properly and account to those that provide their capital. To complete this approach, it is essential to get individual board members with a great sense of ethics and a collective mindset in line with the company’s values”

Philippa Foster Back OBE, Director of the IBE said: “Attention to ethics is increasingly a core feature of boardroom agendas. Many companies recognise business ethics, sustainability and social responsibility, and also boardroom ethics, as characterising the right way to run a business as well as being essential for long term success. This is in spite of the apparent lack of explicit engagement at EU level with ethical principles in corporate governance guidance, and the limited requirement, or indeed encouragement, that boards operate with high ethical standards,.”

More … http://www.ibe.org.uk/index.asp?upid=52&msid=8

IRM GRC SIG event on 25 July has implementation barrier focus - http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-sig-event-on-25-july-has-implementation-barriers-focus/

http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-sig-event-on-25-july-has-implementation-barriers-focus/

You can now book your place for the next IRM GRC SIG event on 25 July at http://irmgrcsigjuly13.eventbrite.co.uk

 

The main focus of this session is to reflect on what we have discovered so far, and to discuss in more detail what we now think the barriers are to implementing a more coordinated approach to GRC.

IMPORTANT: as this session is being kindly hosted in the new Canary Wharf offices of Shell, it is essential for security reasons that if you intend to attend the event in person that you book your place by no later than 17:00 UK time on Monday, 22 July 2013: http://irmgrcsigjuly13.eventbrite.co.uk; the deadline for booking virtual tickets (for participation by Audio and WebLink) is 48 hours later at 17.00 UK time on Wednesday.

I sincerely hope you can participate in the session, either in person or virtually. In the meantime, if you have any queries or questions about this event or any other aspect of our SIG activities then do not hesitate to contact me.

Best Wishes, Robert
Chair, IRM GRC SIG

Email: robert_toogood@chaordicsolutions.co.uk

Risk-awareness can be hindered by tension between business and risk officers - http://www.chaordicsolutions.co.uk/blog/from-our-risk-management-consultants/risk-awareness-can-be-hindered-by-tension-between-business-and-risk-officers/

http://www.chaordicsolutions.co.uk/blog/from-our-risk-management-consultants/risk-awareness-can-be-hindered-by-tension-between-business-and-risk-officers/

Risk-awareness can be hindered by tension between business and risk officers: but senior risk committees can help.

 

Extract from Economist Intelligence Unit Press Release:

A survey of institutional investors conducted by the Economist Intelligence Unit reveals a disconnect between business and risk functions at many institutions. Whereas a majority (52%) of non-risk staff thinks the risk function exists primarily to fulfill regulatory obligations, only 30% of risk professionals think this. Moreover, less than two-thirds of all respondents (61%) think that their organisations’ business managers have a clear understanding of the role of risk managers, and just 16% strongly agree that they do. Those in the risk function are less confident that this is the case—just 56% agree (and only 12% strongly agree).

These are among the key findings of a new report published today: Closing the communication gap: How institutional investors are building risk-aware cultures. The report, commissioned by State Street, is based on a survey of 297 institutional investors. It examines the quality of information that the business receives from the risk function, how effectively the risk function communicates with other areas of the business, whether the risk function is well understood, how well managers and staff are incentivised to achieve risk objectives, and how these characteristics compare globally.

Other findings of the research include:

Reputational risk ranks alongside market risk as a key concern. Institutional investors now rank risks to their reputation alongside risk arising from market volatility as their highest priority, with 56% of respondents identifying it among the top-three risks facing their organisations. This is ahead of investment risk (46%), regulatory risk (34%) and counterparty risk (24%). This finding reflects the response of investment organisations to the financial crisis and a series of scandals since that have blighted the public perception of the financial services sector.

Few think the quality of internal risk information – especially in Asia – is very good. Only 30% of survey respondents overall rate the information they receive from internal sources about risks that relate to their job as very good, a figure that falls to just 20% in Asia. A larger proportion of employees at institutions headquartered in North America, 36%, rate the quality of the risk information they receive as very good. This presumably reflects the increased demands of regulators and investors, as lessons are learned in the wake of the financial crisis—and also the level of investment in risk-management technology designed to enhance and integrate risk reporting.

Risk committees provide the bedrock for more cohesive risk frameworks. While correlation cannot prove causation, the survey suggests that the presence of a senior risk committee or a governance body that brings together senior risk, compliance and audit people is the foundation of better risk-awareness throughout the enterprise. Some 83% of respondents at firms with risk committees say managing risk is the highest priority for their organisation, compared with just 64% of those without a risk committee. Additionally, 87% of institutions with a senior risk committee rank internal information on major risks as good or very good, compared to just 63% of those without such a committee. Two-thirds of respondents at institutions with a senior risk committee think that business managers have a clear understanding of the role of risk managers, compared to 47% in those without such a committee. Finally, 68% of those with a risk committee agree that “the risk function helps produce better investment outcomes” compared to 51% of those without such a committee.

Regular dialogue between the front office and the risk function is associated with better investment outcomes. Those institutions that think their risk function produces better investment outcomes are also those where there is more likely to be regular dialogue between the risk function and the front office about the selection of assets and other investment matters (including counterparty risk). Some 84% of those that agree that the risk function helps produce better investment outcomes say such dialogue occurs regularly (and 35% strongly agree), while this is true of only 49% of those that do not think the risk function produces better investment outcomes (7% strongly agree).

Risk objectives are not always incentivised at senior levels. While at 88% of all investment organisations provide executive board members with some sort of risk target, at less than half (46%) are they financially rewarded for meeting them. Incentives for other functions vary, but in all cases targets are more likely to be applied than incentives. Investment professionals in North America are more likely to be incentivised than elsewhere, with 76% financially rewarded for meeting risk targets or objectives compared with 61% in Europe. Additionally, those institutions that associate risk with better investment outcomes are more likely to reward any function for meeting its risk objective or target.

The findings are based on a survey conducted in the first quarter of 2013 of 297 employees of investment institutions.

52% of respondents are either executive board members or C-level executives and 30% are vice-presidents, senior vice-presidents or department heads.

29% of respondents are portfolio managers, 21% are risk professionals, 18% are from operations and general management and 13% are from sales and product development.

48% of respondents are from asset managers, 35% are from asset owners (including insurers, pension funds and sovereign wealth funds) and 18% are from intermediaries.

39% of respondents come from investment institutions headquartered in the Asia-Pacific region, 33% are from Europe, 19% are from North America and 9% are from other regions.

© 2011 The Economist Intelligence Unit Limited. All rights reserved.

More … http://www.managementthinking.eiu.com/closing-communication-gap.html

 

 

IRM GRC SIG Q&A session with Norman Marks on 30 May 2013 - http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-grc-sig-qa-session-with-norman-marks-on-30-may-2013/

http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-grc-sig-qa-session-with-norman-marks-on-30-may-2013/

This is a special event not on the IRM GRC SIG’s previously published programme … and is an unexpected opportunity to spend some extended time with Norman Marks, who is an Honorary Fellow of the Institute of Risk Management for his contribution to the risk management field.

Some more background about Norman: he has been a practitioner and thought leader in internal audit, risk management, compliance and ethics for a long time. During his career, he has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Norman makes the point that in theory, he has now retired from SAP, where he was an evangelist for “better run business”, risk management, internal audit, GRC and related business processes such as business analytics. However, he continues to blog, write, and speak – and mentor individuals when he can.

The session is scheduled for 13:30 to 15:30 London/UK time.  You can book your place using this link: http://irmgrcsigmay213.eventbrite.co.uk/#

The way the SIG is running the particular event is that, due to space and other restrictions, a few of the Steering Group members will meet face-to-face with Norman in London but we open up the discussions to everyone else in the SIG via an audio link.

If you have specific quesitons you would like to ask Norman please send them to me ASAP at my normal email address of robert_toogood@chaordicsolutions.co.uk by no later than end of business on 24 May so we can collate, finalise the agenda and share with Norman in advance of our session.

I hope you will be able to join us for what will be a very informative and lively debate. In the meantime, you can read more about Norman here on his website: http://normanmarks.wordpress.com/about/

Presentation deck from recent IRM GRC SIG session now available for download - http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/presentation-deck-from-recent-irm-grc-sig-session-now-available-for-download/

http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/presentation-deck-from-recent-irm-grc-sig-session-now-available-for-download/

Last week, I chaired a really interesting Institute of Risk Management (IRM) GRC SIG session in London… speakers representing blue-chip organisations like Shell, WorldPay and Raytheon as well as industry recognised GRC pundit, Michael Rasmussen, all shared their real-life experiences of implementing a coordinated approach to governance, risk management and compliance.  The presentation deck we used can be downloaded from the SIG’s website at http://theirm.org/events/GRC_SIG.htm.

Best Wishes, Robert
Chair, IRM GRC SIG

Email: robert_toogood@chaordicsolutions.co.uk

Personal Website: www.robertjtoogood.com

Tel: +44 (0)1983 617241
LinkedIn: http://uk.linkedin.com/in/roberttoogood

 

IRM GRC SIG event on 25 April has OCEG focus - http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-grc-sig-event-on-25-april-has-oceg-focus/

http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/irm-grc-sig-event-on-25-april-has-oceg-focus/

I am pleased to announce that you can now book your place for the next IRM GRC SIG event on 25 April at http://irmgrcsigapril13.eventbrite.co.uk

The main focus of this session is to hear “real-life” stories from users/businesses that have previously implemented or are currently implementing an OCEG “Principled Performance” and/or Capability Model based approach to Governance, Risk Management and Compliance.…. and the agenda is currently looking like this:

1. Welcome, Housekeeping and Session Guidelines

2. General Update/News

3. Case Study: GRC at Shell

4. Introduction: OCEG, Principled Performance and GRC Capability Model

5. Case Study: OCEG at Heineken International BV

6. Break

7. Case Study: OCEG at Raytheon

8. Review and Conclusions

9. AOB

10. Next Session

11. Close

IMPORTANT: as this session is being kindly hosted in the new Canary Wharf offices of Shell, it is essential for security reasons that if you intend to attend the event in person that you book your place by no later than 17:00 UK time on Tuesday, 22 April: http://irmgrcsigapril13.eventbrite.co.uk

I sincerely hope you can participate in the session, either in person or virtually. In the meantime, if you have any queries or questions about this event or any other aspect of our SIG activities then do not hesitate to contact me.

Best Wishes, Robert
Chair, IRM GRC SIG

Email: robert_toogood@chaordicsolutions.co.uk

Holistic vendor assessment using ERP/procurement data - http://www.chaordicsolutions.co.uk/blog/from-our-risk-management-consultants/holistic-vendor-assessment-using-erpprocurement-data/

http://www.chaordicsolutions.co.uk/blog/from-our-risk-management-consultants/holistic-vendor-assessment-using-erpprocurement-data/

Holistic vendor assessment using ERP/procurement data: reducing unanticipated costs by managing associated risks.

 

Extract from Corporate Compliance Insights – Joe DeVita:

Companies don’t have as many walls as they used to. In an effort to reduce costs, improve efficiency and flexibility, and leverage new technologies and expertise, most large companies today have engaged hundreds or even thousands of third-party vendors to provide products and services. From handling IT, payroll, and accounting to manufacturing, marketing, and selling a company’s products, third-party vendors are now woven deep into the fabric of companies’ most vital functions.

While all organi ations monitor vendor performance against the terms of their contracts and service level agreements (SLAs), many fail to put adequate resources into assessing and managing the risks associated with those vendors. This can leave the organi ation open to service or supply-chain interruptions if a vendor fails, experiences a technical or process breakdown, or is impacted by a crisis event — like, for instance, last October’s Hurricane Sandy. The list of risks goes on an on, from data breaches to regulatory noncompliance to risks associated with security, stability, and operational or cultural practices in the vendor’s country of origin. Vendor risk is receiving ever-greater scrutiny from boards, regulators, auditors, and other stakeholders, and managing these risks effectively is a must, both to satisfy those stakeholders and as a matter of simple good sense: When you’re up a ladder, you want to know the person holding the bottom has a steady grip.

Effective vendor risk management takes a holistic, strategy-driven view across the universe of an organi ation’s vendor relationships. It sets up a structure to promote consistency, accountability, and effective controls over all stages of the vendor lifecycle, from the risk-assessment stage, to vendor selection and due-diligence, to contracting, to ongoing relationship management. The range of risks across this universe is potentially huge, as is the sheer number of vendors with which a large company might have relationships. Getting a consistent vendor risk management structure in place and then taking the reins might seem like a Herculean task. But it doesn’t have to be.

Start with the numbers. A global firm might have as many as 100,000 vendor relationships, but when you start examining the individual strategic value of those vendors, the core numbers drop precipitously. Office supply vendors? Not critical. Janitorial services? Not critical. Coffee and vending machine suppliers? Not critical, except maybe late at night. Once you strip away vendors whose products and services have negligible impact on the company’s strategic direction and operations, you’re left with a small number that are truly important, and maybe only half of those provide absolutely critical functions in which your organi ation cannot afford interruption: IT, legal, health and benefits, payroll, outsourced production of products or elements required in your production cycles, etc. These are the vendors on which you need visibility. What are they doing? How are they doing it? What are the risks to which they’re susceptible? Are they stable and secure? If they fail, what’s your plan for replacing them?

Now, how do you parse your list of vendors, separating the wheat from the chaff, documenting the differences, and moving toward effectively managing risks around your critical vendors? As in much else today, a big part of the answer lies within your ERP platform, which can become the source for data on your procurement, your supply chain, and your critical joint business relationships. Being able to pull and analy e that information within your ERP system can give you the first cut of data you’ll need to begin ranking your vendors by their importance to your organi ation. From there, you can begin leveraging a governance, risk, and compliance (GRC) tool to focus your resources toward comprehensively monitoring your most critical vendor relationships.

Conducting a spend analysis is a good first step. Such an effort will provide visibility into where the company’s vendor dollars are going, what services or products it’s getting for its money, where its vendors are located, whether a particular service or product is solely or primarily sourced from a single vendor, and so on. Such information, gathered and stored in a database, provides companies with a flexible tool with which to analy e vendor risk.

Initiating a spend analysis program involves first extracting spend data from your ERP system and any other relevant locations within the organi ation (procurement applications, expense reports, manual spreadsheets, etc.), aggregate this data into a single database, then clean and normali e the data to remove errors, standardi e vendor names and abbreviations, and map services and products to a widely accepted set of classification codes (such as the United Nations Standard Products and Services Code, or UNSPSC). Analy ing this information will allow you to create a list of important vendors, from which point you can assign resources to make a deeper assessment and determine those that are absolutely critical to the organi ation.

Rankings of vendor criticality determine the frequency and scope of the due diligence each vendor relationship requires. Core vendors might be assessed annually, providing information on their financials, credit rating, insurance, performance metrics, and controls, and completing a due diligence survey/self-assessment that addresses questions of information and software security, physical security, data access, etc. Adding this information to your database provides the raw material from which to generate risk insight and rankings. Examining vendors by industry classification or product, for instance, can show which vendors might be susceptible to certain industry-specific risks (talent shortages, commodity supply issues, etc.). Examining by geographies may show a concentration of critical vendors in a region prone to political instability or natural disaster. Examining by security protocols may point up vendors with inadequate data privacy controls, or where the security of physical assets is soft.

In addition to vendor surveys, information might also come from internal performance data, public external sources, and elsewhere, so doing the legwork to assemble, clean, normali e, and populate this data will be no simple task, even after you’ve pared your focus down to your critical vendors. But technology can help, providing tools to manage and automate your vendor GRC processes and your ongoing vendor relationships.

The use of automated vendor analysis is growing. Using tools that automatically extract data from source systems helps you classify and enrich data in your database and makes it easy to leverage dashboards to analy e spend data, contract compliance, performance against pre-determined service or delivery metrics, and compliance with standards related to labor practices, environmental impacts, supplier management, and so on.. Complete vendor risk management software solutions are available that can help companies:

- Assess and analy e vendor risks, define controls, track key risk indicators, and get visibility into risks via scorecards and dashboard reports.

- Create and manage comprehensive vendor profiles, execute vendor surveys/self-assessments (and track responses), manage vendor policies, and manage information on vendor cost, innovation, quality, customer complaints, loss incidents, etc.

- Measure vendor performance against the company’s business goals and rate them for comparative analysis vis-à-vis competing vendors.

- Achieve automation of various processes, including generating e-mails to vendors asking them to fill out surveys, etc.

- Achieve early detection and proactive management of developments such as missed SLAs, unfulfilled contractual commitments, deteriorating vendor financial condition, market events that might affect the vendor, and vendor practices (e.g., use of child labor) that could open up your organi ation to reputational risk by association.

Collating the vendor information stored in company ERP/procurement systems and using vendor risk management software to mine and enrich that data allows companies to more easily narrow their risk management focus to critical vendors, monitor the overall health and performance of those vendors, and make sure everything is proceeding according to plan, contract, and SLAs — or not. The goal is securing an early and more complete understanding of your company’s vendor relationships, which may help to reduce unanticipated costs related to regulatory fees, reputational damages, and unintended natural events.

Joe DeVita is a partner with PricewaterhouseCoopers, based in the New York Metro area, and leads the governance, risk and compliance (GRC) technology practice for PwC.

More … http://www.corporatecomplianceinsights.com/looking-within-leveraging-your-erp-data-into-a-platform-for-vendor-risk-management/

Are you willing to share your OCEG “Principled Performance” related experiences at the next IRM GRC SIG session in April? - http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/are-you-willing-to-share-your-oceg-principled-performance-related-experiences-at-the-next-irm-grc-sig-session-in-april/

http://www.chaordicsolutions.co.uk/blog/irm-grc-special-interest-group/are-you-willing-to-share-your-oceg-principled-performance-related-experiences-at-the-next-irm-grc-sig-session-in-april/

The recently formed IRM GRC SIG is currently planning its next face-to-face session that will be held in London (and via the web) on the afternoon of 25 April 2013.

The focus of this session will to hear “real-life” stories from users/businesses that have previously implemented or are currently implementing an OCEG “Principled Performance” based approach to Governance, Risk Management and Compliance.

So are YOU willing to share any experiences in this area? If so, please let either me know me know via email at robert_toogood@chaordicsolutions.co.uk.

More … http://www.theirm.org/events/GRC_SIG.htm

EU modernising company law and corporate governance

EU modernising company law and corporate governance: in attempt to ensure companies are competitive and sustainable.

 

Extract from EU Europa Press Release – 12 December 2012:

European company law and corporate governance should make sure that companies are competitive and sustainable. The Commission’s analysis and consultations over the last two years clearly indicate that further improvements can be made, by encouraging and facilitating long-term shareholder engagement, by increasing the level of transparency between companies and their shareholders and by simplifying cross-border operations of European undertakings.

On the basis of its reflection and the results of the consultations, the Commission identified several lines of action in the area of company law and corporate governance that are fundamental to putting in place modern legislation for sustainable and competitive companies.

Internal Market and Services Commissioner Michel Barnier said: “This Action Plan on company law and corporate governance sets out the way forward: shareholders should receive additional rights, but also fully assume their responsibilities to make sure that the company remains competitive over the longer term. Companies should also become more transparent in several respects. This will contribute to effective governance of companies.”

Key elements of the action plan:

1. Increasing the level of transparency between companies and their shareholders in order to improve corporate governance. This will include in particular:

1.1 Increasing companies’ transparency as regards their board diversity and risk management policies;

1.2 Improving corporate governance reporting;

1.3 Better identification of shareholders by issuers;

1.4 Strengthening transparency rules for institutional investors on their voting and engagement policies.

2. Initiatives aimed at encouraging and facilitating long-term shareholder engagement, such as:

2.1 More transparency on remuneration policies and individual remuneration of directors, as well as a shareholders’ right to vote on remuneration policy and the remuneration report;

2.2 Better shareholders’ oversight on related party transactions, i.e. dealings between the company and its directors or controlling shareholders;

2.3 Creating appropriate operational rules for proxy advisors (i.e. firms providing services to shareholders, notably voting advice), especially as regards transparency and conflicts of interests;

2.4 Clarification of the ‘acting in concert’ concept to make shareholder cooperation on corporate governance issues easier;

2.5 Investigating whether employee share ownership can be encouraged.

3. Initiatives in the field of company law to support European businesses and encourage their growth and competitiveness:

3.1 Further investigation on a possible initiative on the cross-border transfer of seats for companies;

3.2 Facilitating cross-border mergers;

3.3 Clear EU rules for cross-border divisions;

3.4 Follow-up of the European Private Company statute proposal (IP/08/1003) with a view to enhancing cross-border opportunities for SMEs;

3.5 An information campaign on the European Company/European Cooperative Society Statute;

3.6 Targeted measures on groups of companies, i.e. recognition of the concept of the interest of the group and more transparency regarding the group structure.

In addition, the action plan foresees merging all major company law directives into a single instrument. This would make EU company law more accessible and comprehensible and reduce the risk of future inconsistencies.

Background

The Commission’s ‘Europe 2020’ Strategy (see IP/10/225) calls for improvement of the business environment in Europe. EU company law and corporate governance rules for companies, investors and employees must be adapted to the needs of today’s society and to the changing economic environment. European company law and corporate governance should make sure that companies are competitive and sustainable.

With its 2011 Green Paper on EU corporate governance (IP/11/404) the Commission initiated an in-depth reflection to evaluate the effectiveness of the current corporate governance rules for European companies. It also carried out an on-line public consultation on the future of European company law which generated a large number of responses by a wide variety of stakeholders (IP/12/149).

See also MEMO/12/972

More ... http://europa.eu/rapid/press-release_IP-12-1340_en.htm?locale=en