Under Control - Governance Across the Enterprise

Table of contents

About the Authors

Contributors

Acknowledgments

Introduction

CHAPTER 1 The Rise of Governance

What Does Governance Really Mean?

The Drivers for Governance

The Rise of Risk

It’s a Regulatory Jungle Out There

The Cost of Compliance

Globalization and Complexity

The Challenge of Information Silos

A New, Unified Approach,

Conclusion

CHAPTER 2 Governance Today

The Goals of Governance

Governance Stakeholders

Governance in the Real World

Conclusion

CHAPTER 3 Policy Management

Identifying Business Requirements

Creating Policies

Establishing Controls

Monitoring and RemediatingCompliance Controls

A Life-Cycle Example

Conclusion

CHAPTER 4 Risk Management

The Rise of Risk Management

Elements of Successful ERM

Assign a Clear Risk Management Process Owner

Utilize a Common Risk Management Framework

Use Industry Best Practices

Integrate Risk Management with Business Processes

Develop a Culture of Openness

Make It Clear That Risk Management Is“Everyone’s Job”

The Risk Management Process:A Bird’s-Eye View

Risk Management Roles

What Constitutes Risk?

The Importance of Strategic Risk

Risk Management Process: Key Phases

Setting Risk Management Policies and Procedures

Identifying Risks

Techniques for Initial Risk Identification

Risk Taxonomies and Libraries

Assessing Risks

Addressing Risks

Monitoring Risks

Conclusion

CHAPTER 5 Risk Governance and the Board of Directors

The Role of the Board as It Relates to Governance

The Board and the Financial Crisis

Experience as a Catalyst for Change

Evolution of Boards

Best Practices

1. Ensure the Chairman-CEO Split

2. Utilize the Board’s Experience

3. Get over the “Directing vs. Managing” Conundrum

4. Leverage Your Committees, in General

A. Audit Committee

B. Compensation and Human Resources Committee

C. Corporate Governance Committee

D. Compliance and Risk Committee

5. Leverage the Compliance and Risk Committee, in Particular

6. Create the Role of the Chief Risk Officer

7. Standardize Your Risk Framework

8. Watch How You Pass the [Risk] Baton

9. Build a Culture of Compliance

10. Assess Board Performance

Conclusion

CHAPTER 6 Governance of Risk and Compliance

Organizing for Risk

Partnering with the Business

Aligning the Organization for an Integrated Approach to Risk

Developing a Holistic Vision of Controls Monitoring and Reporting

Executive and Board Involvement

Conclusion

CHAPTER 7 IT Governance, Risk, and Compliance

IT and GRC—Perfect Together

IT GRC Roles

The Challenge of Risk vs. Cost

IT Compliance Controls

IT GRC Principles

Use Best Practices

Proactive Control Design

Determine the Maturity of Your Controls

Automate Controls

Rationalize Your Controls

Clearly Identify Control Owners

Define Risk Metrics

Communicating the Compliance Message

Conclusion

CHAPTER 8 Governance and Portfolio Management

Bringing It All Together

Comparing Apples to Apples

Optimizing Your Most Valuable Asset

Doing Things Right: Managing Performance and Risk

Communicating Customer Value

Reaping the ROI of PPM

Getting Started with Best Practice Frameworks and Methodologies

Conclusion

CHAPTER 9 The Regulatory Environment

The Shifting Regulatory Landscape

Navigating the U.S. Regulatory Environment

Regulatory Approaches

A Regulatory Model

Regulation Awareness

Key Strategies to Manage Regulatory Compliance

Get Involved Before Regulations Are Adopted

Transparency Is the Key to Success

Understand Your Transnational Regulation Issues

Automate Compliance Management

Centralize Compliance Information

Get the Right Information to the Right People

Secure Executive Support

Conclusion

CHAPTER 10 Governance and Finance

The Role of Finance

Traditional Finance

The Evolution of Finance

Managing Interdependencies

Guiding Optimization of Decisions

Creating Intersections

Goals of the Finance Organization

Creating the Proper Environment

Managing Technologies

Systematizing Governance

Transformation of the Finance Organization

Keeping Pace in the Regulatory Race

A Streamlined Approach Is Mandated

Challenges and Opportunities

Conclusion

CHAPTER 11 Information Governance

Information Governance Basics

The Components of Information Governance

Goals of Information Governance

Driving Forces for Information Governance

Social Implications of Information Governance

The Benefits of Good Information Governance

Information Governance and Discovery

Information Governance and Information Technology

Information Governance and Cloud Computing

An Information Government Framework

Seven Steps to Achieving Good Information Governance

Getting Started

The Mandate is Clear: Gain Control over Information

Conclusion

CHAPTER 12 Governance and Sustainability

Sustainability Alignment Factors

Investing in Sustainability

Building a Sustainability Program

Define Strategy

Build the Program

Align Support

Select a Starting Point

Practice Good Governance

Carbon Trading Is Coming

IT and Sustainability

Conclusion

APPENDIX A Corporate Governance Principles of CA, Inc.

General

Role and Functions of the Board

Director Qualifications

Director Independence

Payments To/From the Company

Indebtedness

Charitable Contributions

Directorships

Less Than 10% Equity Interest

Other

Size of Board

Period of Board Service

Director Selection Process

Former CEOs and Other Employee’s Board Membership

Meetings

Board Leadership

Board Self-Assessment

Board Compensation

Stock Ownership Guideline for Non-Employee Directors

Counsel and Other Advisors

Access to Management and Outside Counsel and Auditors

Director Orientation and Education

Board Committees

Communications with Stockholders andOther Interested Parties

Management Development and Succession Planning

Executive Stock Ownership Guidelines

These Principles

APPENDIX B Compliance and Risk Committee Charter of CA,Inc.

General

Composition

Authority and Responsibilities

Delegation of Authority

Counsel and Other Delegation of Authority

Meetings

Reports to the Board

Committee Self-Assessment

Committee Charter

INDEX