Methodologies & Models
The following 18 items are listed by date.
June 7, 2010 Six Elements of Infrastructure for Public Company Readiness The six elements of infrastructure is a useful tool for categorizing issues, understanding where problems are occurring within the organization, and drawing conclusions to form the basis for recommendations. Consider these elements when designing a new process or assessing an existing process. This example focuses on aspects of an initial public offering (IPO). CONTENT AREA: Methodologies & Models TOPICS: Close the Books, Financial Reporting, IT Strategy, Internal Audit, Self-Assessment, IT Controls, Entity-Level Control July 6, 2009 Enhanced Telecom Operations Model (eTOM) Process Classification Scheme This conceptual view of an example Enhanced Telecom Operation Model (eTOM) process classification scheme (PCS) addresses the major business process areas of strategy, infrastructure & product, operations and enterprise management, and just as importantly, the supporting functional process areas. Read this document to learn more about the fundamental knowledge of telecommunication customer needs and all functionalities necessary for the acquisition, enhancement and retention of a relationship with a customer. CONTENT AREA: Methodologies & Models TOPICS: Communications Industry, Technology, IT Audit, IT Strategy, Telecommunications, Internal Audit, Risk Management & Assessment, Best Practices, GRC December 22, 2008 Stock Compensation Processes and Controls – Six Elements of Infrastructure The Six Elements of Infrastructure is a useful tool for categorizing issues, understanding where problems are occurring within the organization, and drawing conclusions to form the basis for recommendations. These elements should be considered when designing a new process or assessing an existing process. This example of the Six Elements focuses on key aspects to build strong internal controls around the stock compensation process. CONTENT AREA: Methodologies & Models TOPICS: Accounting/Finance, Human Resources, Payroll, Internal Controls October 1, 2007 Process Classification Scheme (PCS) The Process Classification Scheme (PCS) is a framework that helps organize information about a company, according to relevant business and/or industry processes, and defines the individual functions of a business that should take place at the strategic, operational and tactical levels. Depicting each function as a defined process or sub-process helps promote a common language and provides a “roadmap” to help identify processes and related risks and potential controls that may be applicable to the organization. Note: The PCS is not an all-inclusive list of existing business processes. Companies should customize the PCS (processes and associated sub-processes) to fit the facts, circumstances and culture of the organization. CONTENT AREA: Methodologies & Models TOPICS: Internal Audit, Risk Management & Assessment, Benchmarking, Best Practices, Internal Controls, GRC March 26, 2007 Six Elements of Infrastructure The Six Elements of Infrastructure is a useful tool for categorizing issues, understanding where problems are occurring within the organization, and drawing conclusions to form the basis for recommendations. These elements should be considered when designing a new process or assessing an existing process. You can use the Six Elements in conjunction with the Capability Maturity Model (CMM) to determine the needed improvements in process capability. CONTENT AREA: Methodologies & Models TOPICS: Benchmarking, Best Practices, Performance Management/Measurement, Process-Level Control March 19, 2007 Capability Maturity Model (CMM) The Capability Maturity Model (CMM) is a framework that describes an improvement path from an ad-hoc, immature process to a mature, disciplined process focused on continuous improvement. The CMM defines the state of a process using a common language which is based on the Carnegie Mellon Software Engineering Institute Capability Maturity Model. The CMM consists of a continuum of five process maturity levels, enabling process owners to rate the state, or maturity, of a given process as Initial, Repeatable, Defined, Managed or Optimizing. CONTENT AREA: Methodologies & Models TOPICS: Benchmarking, Best Practices, Performance Management/Measurement, Project Management, Enterprise Risk Management, Process-Level Control, Change Management, GRC January 2, 2006 Protiviti's Sarbanes-Oxley Section 404 Compliance Initiatives Methodology Protiviti has developed a phased approach to the execution of Sarbanes-Oxley Section 404 compliance. The approach is facilitated by project management, knowledge sharing, communication and continuous improvement. It applies the COSO Internal Control – Integrated Framework by taking both an entity-level and a process-level view of the business. This document provides a high level overview of Protiviti’s approach. CONTENT AREA: Methodologies & Models TOPICS: Sarbanes-Oxley Act, Compliance, Section 404 - Internal Control Reporting, Internal Controls, IT Controls, Project Management, Process-Level Control, Entity-Level Control, GRC February 21, 2005 Protiviti Risk ModelSM The Protiviti Risk Model is a comprehensive organizing framework for defining and understanding potential business risks. The model categorizes business risk into three main areas: Environment Risk, Process Risk, and Information for Decision-Making Risk. CONTENT AREA: Methodologies & Models TOPICS: Corporate Governance, Enterprise Risk Management, Financial and Credit Risk, Risk Management & Assessment, Sarbanes-Oxley Act, Taxation, GRC April 17, 2003 Business Continuity Management Methodology Business continuity management (BCM) is best addressed by using a proven methodology. The methodology should be based upon the risks related to an organization’s key business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise. This seven-phased BCM methodology adheres to industry best practices and can be tailored to companies of all sizes. CONTENT AREA: Methodologies & Models TOPICS: Business Continuity Management, Risk Management & Assessment, Security, GRC March 29, 2002 Fraud/Integrity Risk Methodology This methodology is a flexible framework upon which internal audit teams can build. It outlines an approach for addressing integrity risk within an organization, focusing exclusively on the Integrity Risk section of the Process Risk category of the Protiviti Risk Model. The methodology addresses key questions in this risk assessment process such as current management of and measurement of integrity risk. CONTENT AREA: Methodologies & Models TOPICS: Ethics, Fraud, Internal Audit April 26, 2001 Business Self-Assessment Methodology Business Self-Assessment is Protiviti's dynamic self-assessment approach that leverages organizational knowledge to improve business performance at the entity or process level. Utilizing risk as its foundation, BSA uniquely integrates the assessment of strategic objectives, risks, controls and process-improvement opportunities. CONTENT AREA: Methodologies & Models TOPICS: Best Practices, Internal Audit, Performance Management/Measurement, Risk Management & Assessment, Self-Assessment, Entity-Level Control, Audit Planning, GRC January 16, 2001 COBIT® Framework Control Objectives for Information and Related Technology (COBIT) is a management tool for IT. It has been developed by ISACA as an accepted standard for good IT security and control practices. It is intended for use by management, IT auditors, and control and security practitioners. COBIT defines what needs to be done to implement an effective control structure. CONTENT AREA: Methodologies & Models TOPICS: Technology, Internal Controls, Security, IT Audit, Operations Security January 16, 2001 Entity Level Internal Audit Methodology The entity level business process audit methodology focuses on understanding and analyzing the business. This understanding is primarily used to identify the target processes and risks during the audit planning process. Tools are provided to help with each phase is the process. CONTENT AREA: Methodologies & Models TOPICS: Best Practices, Internal Audit, Internal Audit Administration, IT Audit, Entity-Level Control January 10, 2001 Process Level Internal Audit Methodology Once a process has been identified for an audit or review, this methodology provides guidance and tools for the phases to be performed during the review process. Process level reviews should focus on business risks and on improving process performance. This tool addresses The IIA Standards, information technology, and fraud. CONTENT AREA: Methodologies & Models TOPICS: Best Practices, Internal Audit, Audit Reporting, Internal Audit Administration, Process-Level Control November 16, 2000 Framework for Facilitated Self Assessment Meetings This tool provides a detailed framework for internal auditors and others who are planning to conduct a facilitated self-assessment session. This framework is intended to introduce and describe a common facilitation framework to help deliver the highest-quality results. Each phase described includes a checklist of key issues to address throughout the self-assessment process. CONTENT AREA: Methodologies & Models TOPICS: Best Practices, Internal Audit, Risk Management & Assessment, Self-Assessment, GRC November 13, 2000 Enterprise Business Risk Management Process - Overview Framework Enterprise business risk management is illustrated broadly in this framework. It is a continuous process of establishing risk management objectives, assessing risks within the context of established tolerances, developing strategies and implementing risk management processes, and monitoring and reporting upon those processes. CONTENT AREA: Methodologies & Models TOPICS: Enterprise Risk Management, Risk Management & Assessment, GRC November 13, 2000 Information Security Framework The Protiviti Risk Model helps to source and size these risks, and creates a common language for the organization to discuss and determine different acceptable risk levels. Only after vital business risks have been identified can security solutions be evaluated and implemented. CONTENT AREA: Methodologies & Models TOPICS: Technology, Risk Management & Assessment, Security, IT Infrastructure, Security Management Practices, GRC November 13, 2000 Internal Audit Quality Assurance Review Methodology This methodology outlines a process for performing a quality assurance review of the internal audit function. It allows the QAR team to gain insight into performance gaps and operations of the internal auditing department. Also included are links to tools, surveys and other resources to help accomplish a quality assurance process. CONTENT AREA: Methodologies & Models TOPICS: Best Practices, Internal Audit, Performance Management/Measurement, Internal Audit Administration, Quality Assessment Review
|