Governance, Risk and Compliance (GRC)

November 19-20, 2015

It is a significant responsibility for an organization to implement and maintain a GRC Framework. Today’s organizations have implemented selected components of a GRC framework, but the challenge still remains: Which strategies need to be implemented to have a completely integrated GRC approach?

In this two-day, interactive seminar attendees will learn how to implement a best-in-class GRC Integrated Framework in an organization. Attendees will learn what the Audit Committee and boards are seeking from their executives about GRC. You will learn how to work with executive management to set the appropriate “tone” for ethics, compliance, investigations and fraud reporting, and the management of governance risks. Participants will learn how to successfully leverage every part of your organization to be part of the Chief Risk Office. You will also learn the steps to take to make the internal audit function a strategic part of the GRC framework. Attendees will be provided with the tools and best practices you need to implement an integrated GRC model in your organization.

Day One

  1. GRC: First, Answering the Important Questions
  • What is it?
  • Why is it important?
  • Why are we here? The defining moments!
  • Who is involved?
  • What are the roles and responsibilities?
  1. Understanding Governance Risks: The GRC Model
  • Different drivers in corporate governance
  • Focus on “risks”: Thinking like the CCO and CRO
  • The “four cornerstones” of a corporate governance framework: The board,
  • Executive management, internal auditors, and external auditors
  • The board and audit committee: Stewards for governance reform
  • Executive management and tone at the top
  • The four key components
  • The GRC framework and model
  1. Analysing the Tone at the Top and ToneintheMiddle
  • What does tone at the top really mean? Tone-in-the-Middle?
  • Who sets the tone at the top
  • How to assess and determine an organization’s tone
  • Performing a "quick tone at the top" assessment
  • Responsibilities of management
  • Dealing with a tone that is unacceptable
  • Right vs. wrong: Consistency
  • Real-world “tone-at-the-top” scenarios: A behavioural model
  • Drill down - assessing the “tone-at- top” at the Middle Management level
  1. Always Start with Risk: GRC Focus on Managing Risks
  • Determining your tolerance to risk and your organization's
  • Establishing the ERM Program and required sponsorship
  • Linking ERM to the annual planning process
  • Ownership/responsibility/accountability
  • Defining level 1 and level 2 risks: A different application of the risk pyramid
  • Adopting a risk culture and the types of risk assessments that need to be performed
  • Answering an important question: Do you need a risk policy?
  • Transference of risk
  • Applying the risk process to major events: Acquisitions and divestitures
    determining the risks and obstacles in the way of achieving a financial plan
  • Strategic view for Internal Audit: Annual evaluation of the ERM approach
  • Best practice reporting: Who, what, when
  • Best practices for the CRO: What should be in your GRC framework

Day Two

  1. Compliance and Regulatory Matters: The Core Strategy
  • Forming the compliance committee and charter
  • Assessing the impact of laws and regulations: Through the eyes of a regulator
  • The regulatory risk assessment
  • Identifying and using your organization’s subject matter experts
  • Building a best in class compliance organization
  • SOX considerations: Entity and transaction level
  • Developing the "playbook”
  • Attacking policies and procedures: Policy and procedures sub-committee
  • Effective compliance program roll-out - discipline vs. recognition
  • Effective use of tools and technology
  • Best in class reporting: Who, what, when
  • The “theme” for the compliance component
  • Best practices for the CROs: What should be in your GRC framework
  1. Ethics: Values and Behaviour
  • forming the ethics committee and charter
  • Establishing a code of ethics and business conduct
  • Developing a separate and distinct conflict of interest statement
  • Social responsibility issues: Maintaining your public image
  • The starting point: Hiring ethical employees
  • HR policies and procedures: What’s important
  • Performance appraisals: A different view
  • Conducting ethics investigations
  • The independent hotline
  • Leverage technology: Analysing the trends
  • Best in class reporting: Who, what, when
  • The “theme” for the ethics component
  • Best practices for the CROs: What should be in your GRC framework
  1. Investigations and Fraud Reporting: Standing Your Ground
  • Establishing a fraud policy and an anti-fraud program
  • The fraud risk assessment
  • Communication channels and one central point of contact for all allegations and investigations
  • The protocols for an effective investigation
  • Success through constant internal communication
  • Once a fraud occurs: Evaluating controls and the connection to SOX
  • Leveraging technology" analysing the trends and getting ahead of a fraud
  • Reporting: Who, what, when
  • The “theme” for the investigation and fraud reporting component
  • Best practices for the CROs: What should be in your GRC framework
  1. Key Strategy: Implementing the CCO/CRO and Monitoring Activities
  • The organization: Who should be involved and their roles and responsibilities
  • The connection to/working with operations, legal, accounting, IT, etc...Truly breaking down the silos!
  • Leveraging existing self-monitoring activities and infrastructure: Implementing control self-assessment
  • Monitoring activities: Linking to the internal audit and the annual business plan, and which audits need to be done for each component
  • Making internal audit a strategic part of GRC: That’s what this office will do
  • Evaluating the corporate governance program
  • Suggesting changes: Getting sustained results

About the Instructor . . .

Dr. Hernan Murdock, CIA, CRMA

Hernan Murdock is a Vice President, Audit Division for MIS Training Institute. Before joining MIS he was the Director of Training at Control Solutions International, where he oversaw the company’s training and employee development program. Prior to that, he was a Senior Project Manager leading audit and consulting projects for clients in the manufacturing, transportation, high tech, education, insurance and power generation industries. Dr. Murdock also worked at Arthur Andersen, Liberty Mutual and KeyCorp.

Dr. Murdock is a senior lecturer at Northeastern University where he teaches management, leadership and ethics. He is the author of 10 Key Techniques to Improve Team Productivity and Using Surveys in Internal Audits, both published by the IIA Research Foundation. He has also written articles and book chapters on whistleblowing programs, international auditing, mentoring programs, fraud, deception, corporate social responsibility, and behavioral profiling. He has conducted audits and consulting projects, delivered seminars and invited talks, and made numerous presentations at internal audit, academic and government functions in North America, Latin America, Europe and Africa.