Compliance Audit Section Manual

TITLE: SUB – TITLE:

COMPLIANCE TO REGULATORY AGENCIES STUDY FOR THE IMPLEMENTATION OF ENTERPRISE – WIDE RISK MANAGEMENT / IT RISK ASSESSMENT TO IDENTIFY, CLASSIFY, ASSESS AND CONTROL OPERATIONAL RISKS, PLANNING AND IMPLEMENTING RISK MITIGATION STRATEGIES FOR THE IDENTIFIED RISKS.

OBJECTIVES:

PROCEDURES: 1. Study the concepts of enterprise-wide risk management/IT risk assessment; 2. Learn other related topics such as ISO 31,000, COSO ERM, NIST 800-37 and additional ERM frameworks and standards; 3. During the course of obtaining understanding, identify critical areas that are needed to be addressed in application of ERM; 4. Identify risk tolerance and appetite for operational decision making; 5. Relate the application of operational risk management process; 6. Formulate an ERM/IT Risk Assessment feasibility study to analyze extensively how the system will work in the Association and to further analyze the risks and benefits of implementing ERM/IT Risk Assessment, and the advantages and disadvantages; 7. Outline the necessity of implementing an ERM/IT Risk Assessment in the Association; 8. Consider the cost of implementing an ERM/IT Risk Assessment;; 9. Interview stakeholders on their views in the implementation of ERM/IT Risk Assessment; 10. Write a feasibility report to capture the findings, recommendations and alternatives to implementing ERM/IT Risk Assessment; and 11. Submit this to CAS, Supervisor for review and endorsement to Head, IAO for approval.

AFP Mutual Benefit Association, Inc. – Internal Audit Office

Sign up to vote on this title
UsefulNot useful