-
/
. . . . . .
-
. . . . . (Best Practice) () .
PAC .
( ) ( )
PAC .
( )
-
.
() . . . . . .
.
Best Practices
-
. (Good Corporate Governance) (CSR)
.
. /
-
/
OECD (Shenzhen Stock Exchange : SZSE) (Australia Securities
Exchange : ASX) (Bursa Malaysia)
..
(State Enterprise Performance Appraisal: SEPA)
. .
() : .-.
-
:
-/+
:
()
. . . * . . . / . . CG CSR*
-
()
. . .
() : .-.
-
. ( )
. ( )
.. ( )
:
-
-
-
(Statement of Directions : SOD) SWOT
- /
-
- ( - )
- ( ) ( )
..
( ) :
-
. ( )
:
.. .. .. .. .
. ( ) ..
( )
:
-
-
. () () EVM
. .
. .
-
. (Economic Profit) () /
. .
. .
.. ( )
:
/
-
. / ( )
:
- - -
- -
-
( ) -
- - -
. ( )
-
:
( )
.
( )
..
:
- (Management Discussion and Analysis : MD&A)
) () )
-
)
)
) ()
-
)
) )
-
)
)
) )
) /
( )
) () / () () ()
-
) (Connected Transactions)
-
.
.
.
.
- .
: . (Connected Transactions)
-
-
-
.
( . .% NTA ( asset ))( . % NTA )
. (Conflict of interest)
) -
)
) (CSR)
)
.. website
:
() website
-
. (Corporate Governance : CG) (Corporate Social Responsibility :
CSR) ( )
.. ( )
:
(Compliance Unit) Compliance Unit .
.
.
. (Conflict of Interest)
-
.. (CSR) ( )
... (CSR)
... (CSR)
(CSR)
-
...
...
(CSR) (CSR) (Output) (CSR) (Outcome) (Impact) (CSR Report) . (
)
. (Self-assessment) / ( )
:
( )
-
. Introduction Program ( )
.. ( )
:
-
-
-
..
-
.. ( )
:
- - - -
() : .-.
-
:
/ /
/
-
. /
.
. (IT Governance)
-
COSO ERM
/
/// (I/L)
/// risk appetite risk tolerance
. . /// . . . . . (Value Creation) . . Portfolio View of Risk .
Integrated Governance, Risk and Compliance
-
:
/
. .
. /
// ( ) (/ // )
. .
)
-
)
) ( = x )
) ) )
. (Risk Based Internal Control)
.
.
-
- ( x )
-
.
.
-
:
/// (I/L)
. .
.
. () (Inherent Risk) / /
. /// ( ) / ( )
. (I/L) .
)
-
)
) ( = x )
) / ) (Residual Risk)
) ( (Financial Risk) (Operational Risk) (Business Risk) (Event
Risk) Strategic Risk /Operational Risk/ Financial Risk Compliance
Risk (S-O-F-C)
. / Risk Map ( Risk Map )
. (I/L) (Risk Boundary)
-
. . (
/ /) .
.
. ( = x )
. / ) (Residual Risk)
.
-
: .
. . .
. /// . /
( ) ( )
.
. /
.
. (Risk Boundary)
-
.
. /
. Risk appetite risk tolerance .
() (Risk Appetite) (Risk Tolerance) Risk Appetite Risk Tolerance
// (Business Objective)
. Business Objective Risk Appetite/Risk Tolerance Strategic
Risk/Operational Risk/ Financial Risk Compliance Risk (S-O-F-C)
. Risk Appetite
. Risk Tolerance Risk Tolerance
. . ////
. Risk Map
-
.. Risk Owner
.. Risk Owner
.. Risk Owner
.. Risk Map
.. Risk Map Risk Owner Risk Map Risk Map
-
. . IT ITG CIO
. IT /
One Stop Service
. IT
. (Business Continuity Management : BCM) (Business Impact
Analysis : BIA) BCM ( IT, IT Related Non-IT ) (Business Impact
Analysis : BIA)
-
. IT IT (IT Strategy Committee) Committee CIO
. IT IT
. IT
. IT IT IT /
-
. ISO
. IT (IT Risk Management) IT Risk
. /// / / / /
.
- - /
-
. / .
-
. face to face
.
. (Value Enhancement) .
Risk Owner
. / (Growth, Return) // / / Value Driver / Value Driver
-
(Value Creation) (Learning Organization) Peter Senge
Peter Senge . Systems Thinking // . Personal Mastery . Mental
Models . Building shared vision . Team learning //
. (/ )
-
(Risk Appetite Risk Tolerance)
. /
. Performance Evaluation / /
. / Risk Profile Risk Profile
. (Deploy) Risk Appetite
-
. (Value Creation) (Value) Value .
/ SWOT Opportunity SWOT
. (Learning Organization) (Learning Organization) Peter Senge
(Learning Organization)
. .
.
( = x ) Strategic Risk/Operational Risk/ Financial Risk
Compliance Risk (S-O-F-C)
-
. Risk Appetite Risk Appetite / Risk Appetite Risk Appetite Risk
Appetite Risk Appetite Risk Tolerance
. Portfolio View of Risk . /
.
. Corporate Governance - Risk management - Compliance (GRC) .
GRC
. / Corporate Governance, Risk Management Compliance (GRC)
compliance
. GRC
.
-
.
.
.
-
..
:
:
Committee of Sponsoring Organization of the Treadway Commission
COSO
-
. . . . .
. (Control Environment) ( ) . /
.
. /
-
(Check & Balance)
. Control Self Assessment
.
. ()
. (Risk Assessment)
(Risk Identification)
(Risk Analysis)
(Degree of Risks)
(Risk Management)
-
. (Control Activities) ( )
.
.
.
.
.
. (Information and Communications) . (Financial Information
System)
(Non-financial Information System)
.
-
.
. (Integrated)
. Intranet -
. (Monitoring) ( ) (Monitoring) . (Separate Evaluation)
(Control Self - Assessment) /
. (Independent Assessment) IA
-
:
. . . . . . . . . .
. ( ) / .
:
.
-
. ( ) :
. ( ) .
:
: /
:
-
: ()
. ( ) .
:
: - /
:
:
. ( )
-
. : Management Letter
. :
. ( ) .
:
. :
-
. : Core Competency Functional Competency Certified Internal
Auditor (CIA)
. ( ) - . :
-
. : / /
-
. ( ) .
: // / /Mandays // // / (Consulting) /
. : / (Flow Chart) ( (Mandays))
-
. :
. :
. ( ) . :
:
:
. :
-
. : /
. ( ) .
: (Improvement Program)
. /
-
. ( ) .
:
-
.. ..
-
:
. (IT Master Plan) . (Multiplier)
( ) . / (Improvement)
(.) GFMIS-SOE GFMIS-SOE . . .
-
. (IT Master Plan) ( ) . ( .) . ( .) : ( )
. ( ) .
.. MIS / EIS ( ) .. ( ) .. ( )
. .. (
) .. /
Early Warning System ( / ) ( )
.. (IT Governance Implementation) ( )
. ..
( )
.. (Computer Audit) ( )
.. / * ( )
-
*
..
. * .. Competency
(Competency Inventory) ( )
.. CEO / CFO / CIO ( )
.. ( )
*
. .. ( ) .. ( )
< .
.
.. / ( )
.. Share ( )
.. ( ) .. ( )
-
. .. (
) .. (
) .. Back Office Share (
) .. (Learning Organization)
( )
-
.
.
-
:
. . (HR Management) (HR Development) .
. ( )
(Qualitative) / (SWOT) (HR Benchmarking) (HR Strategy map)
(Quantitative) (Knowledge Management) (Learning Organization)
. (Human Resource Management: HRM) (Human Resource Development:
HRD) ( )
(Human Resource Management: HRM) . ( )
(Job analysis and Job description)
-
(Competency) (Demand and Supply) (Productivity) (Workflow
analysis) (Time and Motion study) (Retention)
. ( ) (Job Valuation)
. ( ) (Key Performance Indicator: KPI) (Competency)
(Human Resource Development: HRD) . ( )
(Core/Managerial/Functional Competency) (Training Needs
Assessment) (Training Roadmap) (Temporary & Outsourcing
Development) (Career management & planning) (Talent management)
(Succession plan) (Return on Investment in Training) ROI in
Training KM LO
-
. ( ) . ( )
// (Happy workplace) (Employee engagement)
. ( ) Code of Conduct (Conflict of Interest: COI) (HR
Governance)
. ( ) (Administrative tasks) (Internal process) (Strategic
planning)
. ( )
-
. ( ) (Strategic partner)
- Evaluation Methodology
(Form)
(Substance)
(Implementation)
(Result) / / / /
:
. (HR Benchmarking)
.
. (Career management & planning)
.
. / (Talent pipeline & development)
.
. Outsource (Temporary & Outsourcing development)
.
. // (Happy workplace) (Employee engagement)
.
