MaGo – Internal review of the governance system
MaGo – Internal review of the governance system
Internal review of the governance system- The entire management evaluates the business organization regularly (§ 23 Para. 2 VAG), whereby the cycle of the evaluation is to be determined according to the risk profile, and ensures that the necessary changes are implemented at short notice. The assessment of individual areas of the business organization can be carried out by the member of management responsible for this. However, the entire management must know the result of this evaluation as part of the overall responsibility and control the resulting implementation. The regular assessment of the entire business organization must be ensured by means of an audit plan or similar instruments. The result of the assessment and the implementation of necessary changes must be documented.
MaGo – Internal review of the governance system
In order to be able to make this assessment, every manager must at least understand the significant risks to which the company is exposed.
In the assessment, the management takes into account the findings that the internal audit function has gained during the review of the business organization to be carried out by it, as well as the findings that the other key functions have come to in the performance of their tasks. If necessary, the management draws on further internal information and knowledge from other areas of the company. In particular, management assesses whether the risk strategy and management of the company are coordinated and consistent with the business strategy and whether the business organization supports the goals of the business and risk strategy.
The management determines the occasions for extraordinary assessments of the business organization.
MaGo – Internal review of the governance system- If you´re interested in this topic, the following seminars might be just right for you!
Certified Compliance Officer (S+P) course
Are you newly appointed as a compliance officer in a non-financial company? With the Certified Compliance Officer course, the S+P Entrepreneur Forum conducts training to become a certified Compliance Officer (S+P). This certified program offers well-founded training at the highest level with top-class speakers with practical experience – with maximum reference to entrepreneurial practice.
Your added value with the S+P certification program:
Our certification offer with a focus on your company:
- Fast and direct implementation instructions from practice for practice
- Modular structure of the certification
- Flexible scheduling of the individual modular building blocks
- The S+P Tool Box provides you with assistance for safe implementation in your own company practice
- Sample guidelines, assessment tools and checklists guide you in putting what you have learned into practice.
Your practical implementation is our goal and with the certification offer we pave the way for you.
Book the Certified Compliance Officer (S+P) course. Convenient and easy with the online seminar form and product no. A 14.
IT Compliance Manager
Are you fit & proper as an IT compliance manager? With the New IT Compliance Manager course, participants learn the following technical skills:
- Implementing IT compliance securely
- IT governance: Risk analysis to determine the need for IT protection
- Obligations in data protection : Actively control interfaces between compliance, information security, money laundering prevention and data protection
Book the New IT Compliance Manager course conveniently and easily with the online seminar form and product no. A16.
Target group for the New IT Compliance Manager course
- Board members and managing directors at banks, financial service providers, capital investment and fund companies, leasing and factoring companies
- Executives and specialists from the areas of information security management, outsourcing controlling, risk controlling, compliance, data protection and internal auditing
MaGo – Internal review of the governance system- Your advantage over the New IT Compliance Manager course
Each participant receives the following S+P products with the seminar:
+ Organization manual for the information security guideline (approx. 30 pages)
+ S+P Tool Risk Assessment: Determination of IT protection requirements
+ S+P Check: User authorization management
+ S+P organization handbook data protection management (approx. 40 pages)
+ S+P Check: data protection, IT security and cyber risks
Program for the New IT Compliance Manager course
MaGo – Internal review of the governance system- Implementing IT compliance securely
- You need to know these “red lines”: implement the minimum requirements from BAIT, VAIT, DIN EN ISO 2700x and BSI basic protection in an audit-proof manner
- Which risks are “material”? Differentiation of terms from Section 25b KWG; § 26 ZAG and § 32VAG
- Outsourcing or outsourcing? Correct evaluation of software and IT services
- IT compliance at a glance: dovetailing of IT strategy, IT governance, information security and information risk management
- AT 7: Audit focus on IT compliance : IT strategy, IT environment and IT organization in the focus of the new MaRisk, MaGO, KAMaRisk and BCBS 239
With the New IT Compliance Manager course, participants receive the S+P Tool Box:
+ S+P Test: Is the IT system compliant?
+ Organization manual for the information security guideline (approx. 30 pages)
+ S+P Check: Systemprüfung zum IT-System
IT governance: Risk analysis to determine the need for IT protection
- Risk analysis in information management
- Implementation of the qualitatively tightened IT risk analysis based on uniform scoring criteria
- Assessment of the need for protection with a view to integrity, availability, confidentiality and authenticity
- New BaFin requirements for cloud computing: strategy, risk analysis and materiality assessment
- Information security management: Creation of the catalog of target measures and derivation of risk-reducing measures
With the New IT Compliance Manager course, participants receive the S+P Tool Box:
+ S+P Tool Risk Assessment: IT protection requirements with scoring and risk-oriented derivation of the catalog of target measures
Obligations in data protection: Actively control interfaces between compliance, information security, money laundering prevention and data protection
- Modules of an effective data protection system: Interface management to
-
- Processing directory Art. 30 EU-DSGVO
- Data protection impact assessment Art. 35 EU-DSGVO
- Deletion concept Art. 17 EU-DSGVO and DIN standard 66398
- Safe handling of self-developed IT applications, access rights, IT approvals and changes in the IT system
- Efficient communication to outsourcing, data protection, money laundering and information security officers
- Compliance control plan – The most important monitoring and control actions
- Compliance requirements for control and reporting obligations in the IT area
Each participant receives the S+P Tool Box with the New IT Compliance Manager course:
+ Checklist: data protection for practitioners in accordance with the new GDPR
+ Checklist: Monitoring and documentation of control actions
+ Job description for information security officer
MaGo – Internal review of the governance system
In addition to the New IT Compliance Manager course, the participants were also interested in the following seminars:
Compliance management in the company
Outsourcing in the focus of banking supervision
MaRisk 2017 – risk-bearing capacity – SREP – ICAAP
MaRisk 6.0 – new requirements for risk management
Risk management and internal control system
Compliance and risk management for entrepreneurs