Sign in
Search the library
Integrated governance, risk and control framework based on the elements of Basel operational risk definition, policies and procedures, people, and system: A study of the Egyptian banking sector
Nagy, Ehad Ahmed ID 000030
- Publisher
- Maastricht School of Management (MSM)
- Year
- 2021
- URL
- forms.office.com
- Series
- DBA Dissertation
- Keywords
- Compliance Governance GRC Internal Audit Internal Control Risk Management Strategic Management
Irrespective of the stakeholders’ contradicting interests, there is no doubt that any entity should have adequate and effective internal control, risk management, and governance framework. This study suggests an integrated framework for governance, risk, and control
(GRC), based on the latest two integrated frameworks of the Committee for Sponsoring Organisation of the Treadway Commission (COSO), for internal control and enterprise risk management (ERM). Also, the structure of the proposed framework is based on the threelines model of the Institute of Internal Audit (IIA). The suggested framework assumes that the core of any framework, leading to effective GRC level for any organisation, should be based on three main variables. Basel’s definition for operational risk provides three essential variables, which are people, policies, and procedures (internal process) and system. Any organisation capitalising on those variables will ensure effective overall processes, toward effective GRC levels. The proposed framework suggests that an effective comprehensive and end-to-end framework must be based on some mandatory requirements, to ensure the adequacy of the framework as a first phase. This framework should also ensure the existence of ongoing assessment and monitoring of the adequacy, effectiveness, and the efficiency of the implemented GRC framework. Monitoring is an iterative process required for an
ongoing third phase, considering processing as a second phase. Corrective actions taken based on the monitoring process will ensure continuous adequacy, effectiveness, and efficiency of the framework.
This proposed framework clearly defines and differentiates between the two concepts of adequacy and effectiveness, along with the allocation of roles and responsibilities within the three lines model. Also, this study acknowledges that the internal audit function must encompass both objectives and risks, rather than focussing on either risks or objectives. This framework considers GRC as a journey, or a cyclical process, in addition to being a culture. This journey begins with the identification of stakeholders’ interests and
expectations and ends with the evaluation of their achievements. It will examine the GRC performance, by assessing the achievement of objectives, and by risk-based audit findings. The research will validate the variables relevant to the operational risk definition, with the bank’s GRC level. This study will be conducted within the Egyptian banking sector to determine and explore the essential requirements that must exist to ensure the adequacy and effectiveness of a proposed GRC framework that could be applied in banks.
(GRC), based on the latest two integrated frameworks of the Committee for Sponsoring Organisation of the Treadway Commission (COSO), for internal control and enterprise risk management (ERM). Also, the structure of the proposed framework is based on the threelines model of the Institute of Internal Audit (IIA). The suggested framework assumes that the core of any framework, leading to effective GRC level for any organisation, should be based on three main variables. Basel’s definition for operational risk provides three essential variables, which are people, policies, and procedures (internal process) and system. Any organisation capitalising on those variables will ensure effective overall processes, toward effective GRC levels. The proposed framework suggests that an effective comprehensive and end-to-end framework must be based on some mandatory requirements, to ensure the adequacy of the framework as a first phase. This framework should also ensure the existence of ongoing assessment and monitoring of the adequacy, effectiveness, and the efficiency of the implemented GRC framework. Monitoring is an iterative process required for an
ongoing third phase, considering processing as a second phase. Corrective actions taken based on the monitoring process will ensure continuous adequacy, effectiveness, and efficiency of the framework.
This proposed framework clearly defines and differentiates between the two concepts of adequacy and effectiveness, along with the allocation of roles and responsibilities within the three lines model. Also, this study acknowledges that the internal audit function must encompass both objectives and risks, rather than focussing on either risks or objectives. This framework considers GRC as a journey, or a cyclical process, in addition to being a culture. This journey begins with the identification of stakeholders’ interests and
expectations and ends with the evaluation of their achievements. It will examine the GRC performance, by assessing the achievement of objectives, and by risk-based audit findings. The research will validate the variables relevant to the operational risk definition, with the bank’s GRC level. This study will be conducted within the Egyptian banking sector to determine and explore the essential requirements that must exist to ensure the adequacy and effectiveness of a proposed GRC framework that could be applied in banks.