30LRLABOR LEARNERSREFERENCE Labor Day Coupon On SALE Now

30LRLABOR LEARNERSREFERENCE Labor Day Coupon On SALE Now

Coupon Code : 30LRLABOR

30% Discount on all products sitewide sale
We are available 24×7. Any questions?

support@learnersreference.com

AWS Certified Associate Exams On Sale



Sarbanex-Oxley SOX Act 2002

Sarbanex-Oxley SOX Act 2002, is an act from U.S government as a measure towards restoring the public confidence in publicly listed companies.It was in 2002 that bankruptcy of three major corporations Enron, Worldcom, Global Crossing happened.
So, it was felt that there should be some legislation auditing the function of companies listed publicly in U.S.A.As a measure SOX legislation was formulated.It focusses on improving the structure for corporate governance and control.SOX act comprises of the following key provisions:
1) Creation of a new regulator
2) Certification by CEO’s and CFO’s
3) Ban on non-audit consulting services
4) Independence of audit committee
Operational risk framework of an organization can be built upon the principles published in Basel in February, 2003. In this article organization refers to banks.
1) Board Approval – Operational risk should be defined and approved. Board of directors should be aware of the major aspects of the bank’s operational risk. Operational risk should be categorized as a distinct risk category and should be managed. Framework should provide firm-wide definition of operational risk (enterprise risk management). Just like risk management in project management, operational risk should be identified, assessed (quantified), monitored and controlled(unavoidable)/mitigated(effect can be reduced).
2) Independent internal audit – Firms operational risk framework should be subjected to effective and comprehensive internal audit by well trained competent staff. Board of directors should make this a practice. It should be noted that audit team is not responsible for the operational risk management. IT is the direct responsibility of Board of directors.
3) Management implementation – Senior management is responsible for implementing operational risk management framework. It should be approved by the board of directors. The framework should be implemented taking firmwide risk management into consideration. It should be implemented in a consistent fashion and all staff should be aware of their responsibility towards operational risk management. In addition, Senior management is responsible for developing policies, procedures, processes for managing operational risk in all of the banks products (credit loans), activities(credit, debit,transaction processing,overdraft,loan,structured financing), processes (CMM, SOXimplementation), systems(IT,depratments)
4) Risk identification and assessment – Risks in existing material products, activities,processes,systems should be identified. When planning for a new material product,process, activity, system it is responsibility of senior management to identify risks and create risk management plan which will be subsidiary plan of project management plan. It should be approved by board of directors. Risks should be identified and assesses subsequently.
5) Risk monitoring and reporting – Processes and systems should be implemented to monitor and report risk on a regular basis and senior managers and board of directors should be given this information so that they can make proactive decisions. In many corporations VaR (Value At Risk) has been used as a standard metric to measure risk. It is computed based on certain mathematical models. Recent September 2008 crash cases show that regular meetings to discuss status in addition to VaR metrics will be the best risk management tool. Goldman Sachs followed this procedure and they were able to withstand the crisis.
6) Risk mitigation and control Policies and procedures should be formulated and implemented to control/mitigate operational risk. Risk profiles should be created and reviewed on a regular basis. Periodic review of risk limitation and control strategies is needed.
7) Contingency and continuity planning – Contingency reserve in Project management terms is the amount set aside to meet known risks. Contingency plans and business continuity plans(BCP) should be well documented and set in place to ensure effective functioning of existing systems and limit losses in case of crisis.
8) Disclosure – Sufficient public disclosure is needed. This allows the market participant to assess their approach to operational risk management.

Operational Risk and Sarbanes Oxley SOX 404 Principles

Corporate firms operate under complex systems and processes. There are many instances wherein the system can fail. Risk associated with failure of system and people as a whole/ failure of people and systems is generally categorized as operational risk.In general, any risk other than market risk and credit risk is an operational risk.
Operational risk framework of an organization can be built upon the principles published in Basel in February, 2003. In this article organization refers to banks.
1) Board Approval – Operational risk should be defined and approved. Board of directors should be aware of the major aspects of the bank’s operational risk. Operational risk should be categorized as a distinct risk category and should be managed. Framework should provide firm-wide definition of operational risk (enterprise risk management). Just like risk management in project management, operational risk should be identified, assessed (quantified), monitored and controlled(unavoidable)/mitigated(effect can be reduced).
2) Independent internal audit – Firms operational risk framework should be subjected to effective and comprehensive internal audit by well trained competent staff. Board of directors should make this a practice. It should be noted that audit team is not responsible for the operational risk management. IT is the direct responsibility of Board of directors.
3) Management implementation – Senior management is responsible for implementing operational risk management framework. It should be approved by the board of directors. The framework should be implemented taking firmwide risk management into consideration. It should be implemented in a consistent fashion and all staff should be aware of their responsibility towards operational risk management. In addition, Senior management is responsible for developing policies, procedures, processes for managing operational risk in all of the banks products (credit loans), activities(credit, debit,transaction processing,overdraft,loan,structured financing), processes (CMM, SOXimplementation), systems(IT,depratments)
4) Risk identification and assessment – Risks in existing material products, activities,processes,systems should be identified. When planning for a new material product,process, activity, system it is responsibility of senior management to identify risks and create risk management plan which will be subsidiary plan of project management plan. It should be approved by board of directors. Risks should be identified and assesses subsequently
5) Risk monitoring and reporting – Processes and systems should be implemented to monitor and report risk on a regular basis and senior managers and board of directors should be given this information so that they can make proactive decisions. In many corporations VaR (Value At Risk) has been used as a standard metric to measure risk. It is computed based on certain mathematical models. Recent September 2008 crash cases show that regular meetings to discuss status in addition to VaR metrics will be the best risk management tool. Goldman Sachs followed this procedure and they were able to withstand the crisis
6) Risk mitigation and control Policies and procedures should be formulated and implemented to control/mitigate operational risk. Risk profiles should be created and reviewed on a regular basis. Periodic review of risk limitation and control strategies is needed
7) Contingency and continuity planning – Contingency reserve in Project management terms is the amount set aside to meet known risks. Contingency plans and business continuity plans(BCP) should be well documented and set in place to ensure effective functioning of existing systems and limit losses in case of crisis
8) Disclosure – Sufficient public disclosure is needed. This allows the market participant to assess their approach to operational risk management