integrated assurance overview … · the compliance program evaluates the effectiveness of the...
TRANSCRIPT
1Enterprise Compliance
Integrated Assurance Overview
Integrated Assurance Overview
Presented toRisk and Audit Committee
November 19, 2019
Agenda Item 7a, Attachment 1 Page 1 of 8
2Enterprise Compliance
Integrated Assurance Overview
CalPERS Integrated Assurance Model
Board of Administration / Risk & Audit Committee
Executive and Senior Leadership
Program Area Management and
Employees
First Line of Defense
Internal Audit
Second Line of Defense Third Line of Defense
Compliance
Risk Management
Financial Controls
Information Security
Regulator
External Audit
• Identify and build the risk universe
• Implement and maintain controls
• Consider risk in operational decision-making
• Report on adequacy of risk mitigation
• Establish risk management processes
• Ensure compliance with framework
• Collect and analyze risk information
• Assess risk environment• Provide independent
assurance on internal control system
• Communicate residual or unacceptable risk exposure for remediation
Source: Institute of Internal Auditors; CEB analysis
Agenda Item 7a, Attachment 1 Page 2 of 8
3Enterprise Compliance
Integrated Assurance Overview
Maintain Policy Governance
Maintain Delegation of Authority Governance
Design Compliance Policies and Procedures
GovernanceGovernance serves as a guide and sets out rules and operational guidance on how to run an organization.
It applies to what an organization does, how it is done, when it is done, and by whom.
Based on Gartner Ignition Diagnostic for Compliance & Ethics
Agenda Item 7a, Attachment 1 Page 3 of 8
4Enterprise Compliance
Integrated Assurance Overview
Culture trumps compliance.
Measure CalPERS Culture
Promote a Culture of Integrity
Maintain Reporting Channels
Intake and Triage Employee Reports
Culture and Ethics
Based on Gartner Ignition Diagnostic for Compliance & Ethics
Agenda Item 7a, Attachment 1 Page 4 of 8
5Enterprise Compliance
Integrated Assurance Overview
Develop and Deliver Compliance
TrainingMeasure Training
Effectiveness
Develop and Deliver
Communications Content
Training and CommunicationCompliance departments responsible for ethics must create effective training and communications relevant to their intended audiences.
Based on Gartner Ignition Diagnostic for Compliance & Ethics
Agenda Item 7a, Attachment 1 Page 5 of 8
6Enterprise Compliance
Integrated Assurance Overview
Track the Legal and
Regulatory Environment
Assess Legal and
Compliance Risk
Monitor Compliance
Risk Exposure
Test and Audit
Compliance
Build Risk Specific
Mitigation Plans
Monitoring and Testing Compliance
Based on Gartner Ignition Diagnostic for Compliance & Ethics
Agenda Item 7a, Attachment 1 Page 6 of 8
7Enterprise Compliance
Integrated Assurance Overview
The compliance program evaluates the effectiveness of the program through metrics. It benchmarks and reports that information to key stakeholders.
Reporting
Based on Gartner Ignition Diagnostic for Compliance & Ethics
Agenda Item 7a, Attachment 1 Page 7 of 8
8Enterprise Compliance
Integrated Assurance Overview
Compliance and Ethics Supports CalPERS Objectives
Governance
CalPERS PerformanceAgency Reputation
Financial PerformanceOperational Excellence1
Trai
ning
and
Com
mun
icat
ion
Cultu
re a
nd E
thic
s
Mon
itorin
g an
d Te
stin
g
Repo
rtin
g
1 10 Truths About Corporate Culture, Gartner, 2017
Agenda Item 7a, Attachment 1 Page 8 of 8