This portal aims to provide starting point for managers, internal and external auditors in each sector to acquire necessary skills, knowledge and certification in the fields of managing and auditing governance, risk management and compliance controls in a common, integrated framework. Besides of conceptual materials, the users can achieve relevant training, workshop and conference resources. The referred learning services provide multilingual tools for preparation and succesfully passing exams organized through European Certification and Qualification Association. In case of having questions or special request regarding the portal's content please contact to ivanyos<at>memolux.hu.
Integrated Audit in relation to Financial Reporting Regulations
Such an audit is called an integrated audit, where auditors have the additional responsibility (other than to opine on the financial statements) of expressing an opinion on the effectiveness of company's internal control over financial reporting (e.g. in accordance with the PCAOB Auditing Standard No. 5).
Utilizing Single Audit
Due to the increasing number of regulations and need for operational transparency, organizations are adopting risk-based audits that can cover multiple regulations and standards from a single audit event. This approach ensures that all the necessary governance requirements can be met without duplicating effort from both audit and audit hosting resources.
Integrated Assurance on Governance, Risk and Compliance
An integrated assurance makes use of a consolidated and harmonized set of compliance controls.
Integrated assurance is applicable where the organizations' approach to (i) governance, (ii) risk management and (iii) compliance (GRC) are all managed under a single, streamlined, connected and over-arching framework, using a common terminology. This enables substantial operational and compliance benefits to be realised through the useful information that each discipline can provide to the others. This is possible because although governance, risk management and compliance are seperate disciplines, they have a large amount of interdependence and connection.
Embeded GRC is a term used to describe organizations that follow a top-down approach to GRC management. Compliance controls are locked (or "integrated") into operational processes with the intention of being able to drive compliance control and compliance oversight. As compliance controls can be associated with governance and risk factors, this is considered to be one form of integrated GRC.
An advantage of this method is that for exceptionally mature operational processes, very detailed operational compliance management performance metrics can be obtained.
A disadvantage of this method is that it is less agile and responsive to changes or available improvements in regulations, technology or compliance monitoring feedback that is outside of the expected parameters. This is a very granular (detailed) approach that requires a high degree of knowledge maturity in the operational processes.
Organizations referring to continuous compliance management are likely to be taking this type of approach.