Organizational Management
The purpose of this activity set is to show the organization is committed to protecting employees, customers, partners, vendors and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
Category | Sub-Category | Name | Activity |
|---|---|---|---|
Organization Management | Board of Directors | Board of Directors Structure and Purpose | The Board of Directors provides corporate oversight, strategic direction, and review of management for [the organization]. The Board of Directors meets at least [in accordance with the organization-defined frequency] and has 3 sub-committees: |
Organization Management | Board of Directors | Audit Committee | The Audit Committee is governed by a Charter, is independent from [the organization] Management, is composed of outside directors (Industry Experts), and meets [in accordance with the organization-defined frequency]. The Audit Committee oversees: |
Organization Management | Strategic Planning | Organizational Structure | [The organization] Management ensures that its organization is aligned with the corporate strategy by assigning key managers with responsibilities to execute the corporate strategy. |
Organization Management | Strategic Planning | Operating Plans | [In accordance with the organization-defined frequency]operating plans are aligned with Corporate Objectives, which are established [in accordance with the organization-defined frequency] during the Company's planning process. Priorities are set and plans are communicated appropriately. |
Organization Management | Strategic Planning | Cyber Security Insurance | [The organization] purchases cyber security insurance to mitigate risk of material financial impact that could result from a cyber security event. |
Organization Management | Internal Audit Oversight | Internal Audit Function | [In accordance with the organization-defined frequency], the Chief Audit Executive meets with the Audit Committee to review key risk issues. The Audit Committee approves the [in accordance with the organization-defined frequency] Internal Audit Plan. Results of [in accordance with the organization-defined frequency] audits and subsequent issue tracking summaries are presented to the Audit Committee. |
Organization Management | Internal Audit Oversight | Financial Control Review | Internal financial control assessment results are reported to the Audit Committee by the Chief Audit Executive on a [in accordance with the organization-defined frequency] and support the CEO/CFO 302/404 certifications. |
Organization Management | Internal Audit Oversight | Anti-fraud Program | [The organization]'s anti-fraud program encompasses both entity-level (Code of Conduct, Hotline, Background Checks, AC oversight, etc.) and process-level controls (including IT controls) embedded with [The organization]'s process design of ICOFR. |
Organization Management | Information Security Oversight | Information Security Function | [In accordance with the organization-defined frequency], the Chief Security Officer meets with the Audit Committee to review key Information Security issues. Results of continuous monitoring activities and current security compliance status are presented to the Audit Committee and the Board of Directors. |
Organization Management | Information Security Oversight | Information Security Compliance Review | Information Security compliance results are reported to the Audit Committee by the Chief Security Officer on a [in accordance with the organization-defined frequency] and support information security compliance certifications |