CODE | INS5000 | ||||||||||||
TITLE | Governance, Risk and Compliance (GRC) | ||||||||||||
UM LEVEL | 05 - Postgraduate Modular Diploma or Degree Course | ||||||||||||
MQF LEVEL | 7 | ||||||||||||
ECTS CREDITS | 5 | ||||||||||||
DEPARTMENT | Insurance and Risk Management | ||||||||||||
DESCRIPTION | This study-unit focuses on Internal Audit, Governance, Risk and Compliance a combined area of focus that developed because of interdependencies between these Internal Control components within a firm. Governance, risk management,and compliance or GRC Definition: The capability and culture that enables and organisation to achieve principled performance (proven achievement of objectives with responsibility and integrity). It is the umbrella term covering an organization's approach across these three areas. Being closely related concerns, governance, risk management and compliance activities are increasingly being integrated and aligned to some extent in order to avoid conflicts, wasteful overlaps and gaps. While interpreted differently in various organizations, GRC typically encompasses activities such as corporate governance, Internal Audit, enterprise risk management (ERM) and corporate compliance with applicable voluntary and mandatory parameters, laws and regulations. Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures. Governance activities ensure that critical management information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision making, and provide the control mechanisms to ensure that strategies, directions and instructions from management are carried out systematically and effectively. Risk management is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party. Whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.), external legal and regulatory compliance risks are arguably the key issue in GRC. Compliance means conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary. The content of this unit will add value to the existing course structure by bridging the gap between Risk Management, Compliance, and Governance and ensuring that students have the capability of understanding and appreciating the need for internal control. In doing so it will look at other internal control functions and structures such as the Internal Audit Function. Topics will include Risk Management Fundamentals (definitions, categorisation, regulations and recommendations and tools used), Governance, Risk Management and Compliance (GRC) – A capability and a culture that enables an organisation achieve principled performance and proactive internal control. Why does Governance, Risk and Compliance (GRC) matter? looking at Culture/ Corporate Culture the Critical Driver, the Governance Frameworks, the Relevance to Operational risk and the and Leadership and the role of Senior Managers - the Compliance Officer. It will be looking at how to create a robust Risk and Control Culture (expanding a bit on Regulatory Compliance) including some key aspects such as: -personal responsibility, motivation, morale, integrity, appropriate environment, continuous improvement, awareness, managing change and expertise. Other risk points such a policy, measuring, practical constraints of implementing an operational risk management framework will also be looked at. Governance, Risk Management and Compliance Processes, the Frameworks, Models and Standard, Business Continuity, Internal Controls – The changing Role of management, the risk manager, Internal Auditor and the compliance Officer an integrated and risk based approach, Insurance Risks, Health and Safety Risks, Financial and Non-Financial Risk Management – Conducting your own risk assessment and Alignment will also be explained. Study-unit Aims: The study-unit aims to provide students with the basic tools, knowledge and skills needed to appreciated the Governance functions and processes within a firm - mainly Internal Audit, Compliance and Risk Management. It aims to give students an understanding of the Governance needed within firms to ensure good and ethical practices and continuity in business. Moreover, it aims to strengthen students communication top down and bottom up. Communication regarding objectives, culture, risks and practices (Both written and verbal). Learning Outcomes: 1. Knowledge & Understanding: By the end of the study-unit the student will be able to: The student will have the knowledge and skills needed to support regulatory compliance and risk management, and to promote best practices and international standards that align with business objectives, Business Culture and regulatory requirements (including standards). They will be in a position to determine, influence and ensure compliance with internal policies, guidelines, regulations and set parameters. They will have knowledge of the available frameworks and standards and be able to design and implement a GRC program and ensure Business Continuity and influence strategy to ensure this. They will gain knowledge on how to set Risk Parameters in measurable terms and in qualitative terms. That is the preparation and usage of a Risk Register and Scenario Analysis. They will be able to carry out Governance and internal control responsibilities, relationships and fit in an organisation, where there are standards, where there are legal issues for monitoring and compliance and where there is need for understanding corporate governance. In other words how its quality can affect an organisation's business strategy, structure and continuity. 2. Skills: By the end of the study-unit the student will be able to: At the end of this course the student will have obtained the basic skills necessary to work in a GRC environment. One will learn the terminology and references used in risk management. Will have an overview of the standards and models used for identifying, reporting and Managing Risk: who, what, when, how. Moreover, one will be able to understand better the importance of every role and culture within an organisation and have the skill set to work in that environment. Main Text/s and any supplementary readings: Suggested Texts • Essentials of Risk Management in Finance Anthony Tarantino with Deborah Cernauskas. Wiley ISBN: 978-0-470-63528-5. • Governance, Risk Management, and Compliance: It Can't Happen to Us--Avoiding Corporate Disaster While Driving Success (Wiley Corporate F&A) Richard M. Steinberg (Author) ISBN 9781118024300. • Mastering Operational Risk: A Practical Guide To Understanding Operational Risk And How To Manage It. Tony Blinden & John Thirlwell. Pearson ISBN 9780273727323. • Risk Management and Financial Institutions –John Hull John Hull ISBN: 978-1-1182-6903-9. • The Essentials of Risk Management Michel Crouhy, Dan Galai, Robert Mark ISBN: 9780071429665. Other Readings • The Failure of Risk Management: Why it's Broken and How to Fix it. Douglas W. Hubbard, Wiley ISBN 970470387955. • The Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices Anthony Tarantino (Author) ISBN: 978-0-470- 09589-8 (Wiley). • Manager's guide to compliance:Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB A- 123, ASX 10, OECD principles, Turnbull guidance, best practices, and case studies Anthony Tarantino (Wiley) ISBN 9780471792574. • Strategic Risk Taking: A Framework for Risk Management Aswath Damodaran. |
||||||||||||
STUDY-UNIT TYPE | Lecture | ||||||||||||
METHOD OF ASSESSMENT |
|
||||||||||||
LECTURER/S | Philip M. Beattie Christian Bonnici West Simon Grima (Co-ord.) Sharon Seychell |
||||||||||||
The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints. Units not attracting a sufficient number of registrations may be withdrawn without notice. It should be noted that all the information in the description above applies to study-units available during the academic year 2024/5. It may be subject to change in subsequent years. |