Risk Oversight Regulations

Risk oversight expectations are escalating — and boards and senior management are under increasing pressure to respond.   At Risk Oversight Inc, we provide innovative, cost-effective solutions and training to help your company stay on top of the latest regulatory expectations.   

• Risk Oversight Regulatory Expectations for the U.S.

• Risk Oversight Regulatory Expectations for Canada

• Other Governance, Risk & Compliance Regulatory Expectations

 

Risk Oversight Regulatory Expectations for the U.S.

Risk oversight expectations are escalating—and boards are under increasing pressure to respond.

At Risk Oversight Inc, we provide innovative, cost-effective solutions and training to help your company stay on top of the latest regulatory expectations. With recent U.S regulations highlighting the need for increased attention to risk oversight.

Issuing Body	Risk Oversight Requirement	Link	RO Services
			↑ Back to the top
Securities & Exchange Commission (SEC) Speech by Carlo di Florio, Director, Office of Compliance Inspections and Examinations, U.S. Securities and Exchange Commission CCOutreach Seminar (February 2011)	Comments include: Boards should generally understand how risk management is embedded in key business processes and decision-making, including how business units ensure they are in accordance with the risk appetite and tolerances set by the board and senior management of the whole organization. How key risk management, control and compliance functions are structured and resourced. How senior management ensures effective oversight of ERM and embedding risk management in key business processes. How internal audit processes independently verify and provide the board and senior management with assurance regarding the operating effectiveness of risk management, compliance and control functions. How the board of directors (if one exists in the organization) is staffed and structured to ensure it can effectively set risk parameters, foster an effective risk management culture, and oversee risk-based compensation systems, and effectively oversee the risk profile of the firm.	Visit Link	Risk Oversight Gap Assessments Risk Oversight Support Packages Enterprise Risk Management (ERM) Risk and Control Self-Assessment SOX/GRC/ERM Software Implementation
Securities & Exchange Commission (SEC) Proxy Disclosure Enhancements (2009)	Requires disclosure of the board’s role in risk oversight and, to the extent that risks arising from a company’s compensation policies and practices are reasonably likely to have a material adverse effect on the company, disclose such policies and practices as they relate to risk management. Companies face a variety of risks, including credit risk, liquidity risk, and operational risk. As we noted in the Proposing Release, similar to disclosure about the leadership structure of a board, disclosure about the board’s involvement in the oversight of the risk management process should provide important information to investors about how a company perceives the role of its board and the relationship between the board and senior management in managing the material risks facing the company.	Visit Site	Risk Oversight Gap Assessments Risk Oversight Support Packages Enterprise Risk Management (ERM) Risk and Control Self-Assessment SOX/GRC/ERM Software Implementation
New York Stock Exchange (NYSE) Final Rules (2003)	Discuss policies with respect to risk assessment and risk management. While it is the job of the CEO and senior management to assess and manage the company’s exposure to risk, the audit committee must discuss guidelines and policies to govern the process by which this is handled.	View PDF	Risk Oversight Gap Assessments Risk Oversight Support Packages Enterprise Risk Management (ERM) Risk and Control Self-Assessment SOX/GRC/ERM Software Implementation

Risk Oversight Regulatory Expectations for Canada

Expectations in risk oversight are escalating—and boards are under increasing pressure to respond.

At Risk Oversight Inc, we provide  innovative, cost-effective solutions and training  to help your company stay on top of the latest regulatory expectations.

With recent U.S. regulations highlighting the need for increased attention to risk oversight in Canada, there may be many more stringent expectations to come.

Canadian regulations relating to board risk oversight include the following:

Issuing Body and Regulation Area	Description of Risk Oversight Requirement	Link	RO Services
			↑ Back to the top
Canadian Securities Administrators (CSA) National Policy (NP) 58- 201: Corporate Governance Guidelines (2005)	The board should adopt a written mandate in which it explicitly acknowledges responsibility for the stewardship of the issuer, including responsibility for activities such as: adopting a strategic planning process and approving, on at least an annual basis, a strategic plan which takes into account, among other things, the opportunities and risks of the business; the identification of the principal risks of the issuer’s business, and ensuring the implementation of appropriate systems to manage these risks; the issuer’s internal control and management information systems.	Visit Site	Risk Oversight Gap Assessments Risk Oversight Support Packages Enterprise Risk Management (ERM) Risk and Control Self-Assessment SOX/GRC/ERM Software Implementation
Toronto Stock Exchange (TSX) Guide to Good Disclosure for NP 58-201 (2005)	Suggested additional voluntary disclosure by TSX includes describing principal risks identified by the board; the process that the board or committee follows to evaluate risk; the structures and procedures in place to manage identified and potential risks; and if the board has adopted a specific approach to corporate social responsibility. It also suggests voluntary disclosure relating to internal controls, such as discussing whether the board assumes responsibility for implementing appropriate internal control and management information systems to ensure that it can carry out its responsibilities, describing how the board or committee reviews internal control and management information systems, and discussing how frequently the board or committee reviews these systems.	View PDF	Risk Oversight Gap Assessments Risk Oversight Support Packages Enterprise Risk Management (ERM) Risk and Control Self-Assessment SOX/GRC/ERM Software Implementation

Other Governance, Risk And Compliance Regulatory Expectations

Pressure is escalating, not just in board oversight, but other areas of public company governance, risk and compliance expectations, as well.

At Risk Oversight Inc, we provide innovative, cost-effective solutions and training on board risk oversight regulatory expectations—and many other regulatory areas that companies should keep on top of.

Regulations relating to governance, risk and compliance include the following:

Issuing Body and Regulation Area	Description of Risk Oversight Requirement	Link	RO Services
Internal Audit -New York Stock Exchange (NYSE) Final Rules (2003)	Each listed company must have an internal audit function to provide management and the audit committee with ongoing assessments of the company’s risk management processes and system of internal control. A company may choose to outsource this function to a third party service provider other than its independent auditor.	View PDF	Factional Chief Audit Executive/Chief Risk Officer Internal Audit Outsourcing/Cosourcing Internal Audit Quality Assurance Reviews Internal Audit Software Implementation Support
Internal Controls over Financial Reporting (ICOFR) -U.S. Listed Companies, Accelerated Filers -Sarbanes-Oxley (SOX) 404(a)(b) (2002)	CEO/CFO must certify the effectiveness of Internal Controls Over Financial Reporting (ICOFR) or disclose material deficiencies. Company’s external auditor must certify the effectiveness of ICOFR or disclose material deficiencies.	View PDF	U.S. Sarbanes-Oxley 404 Implementation & Reviews
Internal Controls over Financial Reporting (ICOFR) -U.S. Listed Companies, Non Accelerated -Sarbanes-Oxley (SOX) 404(a) (2002)	CEO/CFO must certify the effectiveness of ICOFR. No external audit opinion is required.	View PDF	U.S. Sarbanes-Oxley 404 Implementation & Reviews
Internal Controls over Financial Reporting (ICOFR) -Canada, National Instrument 52-109 (2007)	Internal Controls over Financial Reporting (ICOFR) Officers must certify that the company has an effective system over financial reporting or disclose material weaknesses.	View Link	Canada 52-109 Implementation & Reviews
Anti-Corruption -U.S. Foreign Corrupt Practices Act (FCPA) (also applies to foreign companies on U.S. stock exchanges) (1977) -Canadian Corruption of Foreign Public Officials Act (CFPOA) -UK Bribery Act (2011)	The U.S. has enacted and is vigorously enforcing The Foreign Corrupt Practices Act. There are a wide range of controls companies are expected to have in place to ensure compliance with this legislation and massive penalties if U.S. Justice determines an impacted company has not complied. Canada and the U.K. also have similar laws.	View Link	FCPA/Anti-Bribery Due Diligence & Reviews Fraud Risk Assessments
Anti-Money Laundering (AML) -All Canadian Financial Institutions – AML Compliance, December (2008)	Ontario Superintendent of Financial Institutions (OSFI) has defined specific expectations related to control systems in Guideline B-8 Deterring and Detecting Money Laundering and Terrorist Financing.	View PDF	Anti-Money Laundering (AML) Fraud Risk Assessments
Alberta Oil & Gas Companies -Enhanced Production Audit Program (EPAP) (2011)	Effective 2011, oil and gas companies that operate in Alberta have to comply with Directive 76: Operator Declaration Regarding Measurement and Reporting Requirements and the EPAP Operator’s Handbook. This new directive parallels SOX 404/NP 52-109 for external financial reporting customized for oil and gas measurement and reporting.	View PDF	Oil & Gas Loss Control Enhanced Production Audit Program (EPAP) Joint Venture/Royalty/Contract Audits