www.mdps.com

Governance, Risk Management & Compliance

Key Services & Product Focus

Corporate Governance Advisory

Internal Audit Advisory & Co-Sourcing (Financial, Operational & Technology Risk)

IT Governance, Data Security & IT Risk Management

Financial / IT SOX 302 & 404 Compliance (COSO)

Risk / Control Design & Monitoring (KRIs)

Regulatory Compliance & Process Improvement

Strengthening the Quality, Accuracy & Usability of Risk Information for Closer Monitoring

Governance, Risk Management and Compliance (GRC) practices have gained significant traction since companies had invested in Sarbanes-Oxley compliance in the mid 2000's. The early focus on financial reporting risk and rigour to evaluate risk/controls under a COSO framework quickly expanded into other controllable risk areas such Technology Risk/BCP, Regulatory Compliance, Outsourcing, Legal, Human Resources.

The case for extending the use of the SOX tools and methods already invested beyond financial reporting risk to miminize losses is compelling, and there has been a movement to build out technologies to capture KRIs related to risk. This sometimes requires enhancing simple database structures of the original risk-control-self-assesement (RCSA).

During the same time, Boards have experienced a significant increase in responsibility to identify, manage and report on risk through the use of better governance methods. The Walker Report, for instance, outlines key components of the new Board responsibilities and requirements.

Typical GRC methodologies include tools and workflows that enable clients to provide day-to-day surveillance, where decisions are made on a continuous basis how to respond to the risk or new opportunity which the risk represents. In mature organizations which employ an Enterprise Risk Managment (ERM) framework culture, the accuracy, validity, timeliness of this information is critical as it feeds risk / exposure information into the ERM framework for capital adequacy, strategy & planning management, and reporting on exposure to stakeholders.

Madison-Davis' deep Internal Audit (to objectively evaluate companies risks), SOX, IT Risk and Regulatory Compliance expertise provides the foundation for a broader application of GRC best practices. We are different from traditional risk advisory firms because we

Combine latest techniques for continuous risk/controls monitoring solutions
Have direct access to the broadest global consortium database for key Risk Indicators & Risk Scenarios
Maintain close relationships with most GRC and Business Intelligence tools vendors
Have direct / proprietary access to globally accepted risk data structures and benchmarking data
Keep sight of our Clients' risk management goals by leveraging of GRC solutions into ERM solutions & Business Process Improvement and Finance & Accounting Solutions.

Madison-Davis' combination of expertise, data and tools expertise empowers our clients to build repeatable processes while helping the company to improve their overall risk decisioning capabilities.

Governance, Risk & Compliance Case Studies

Sarbanes-Oxley and Information Technology Audit for Real Estate Investment Trust

This Real Estate Investment Trust (REIT) company has been a client of Madison-Davis for over five years and recently had a successful IPO which required the firm to implement Sarbanes-Oxley 302 and 404. The firm relies significantly on their information technology systems, and had not had the resources to perform a full-scope IT Audit of their networks, applications and infrastructure.
Compliance Policy, Procedure & Technology Plan Design for a Full Service Broker Dealer / Investment Bank

As this firm had grown over 300% in a single year, and both FINRA and SEC supervision over AML and securities trading rules had stepped up during the same period, Madison-Davis was invited to provide an overall assessment of the firm's capabilities to achieve compliance as part of their day-to-day operations, write full WSPs and implement the technology to help them sustain compliance on a day-to-day basis. The firm's regulators recognized our high-quality work, which promoted a favorable relationship with the firm as it continues to employ Madison-Davis to improve its processes.

Governance, Risk & Compliance Resource Links

Governance, Risk & Compliance Resources (4)
- Self-Regulatory Oversight: Financial Industry Regulatory Authority (FINRA)
  FINRA combines the investor protection of the NASD rules with the securities operations compliance rules of the NYSE in a member run self-regulatory body covering the securiteis industry
- Helpful Resources: IA Watch
  Helpful information on regulatory & compliance topics related to Investment Advisers - Hedge Funds, Asset Managers and Broker-Dealers
- Government Oversight: Federal Financial Institutions Examination Council (FFIEC)
  The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by 8 separate U.S. bank regulatory bodies - not including Securities regulators.
- Government Oversight: Public Company Accounting Oversight Board (PCAOB)
  PCAOB's charge is to oversee the auditors of public companies as created by the Sarbanes-Oxley (SOX) Act of 2002

Governance Risk & Compliance Whitepapers & Downloads

Governance Risk & Compliance Whitepapers (1)
- Excerpt: Walker Report Segment on Risk Committees
  Download an excerpt of the Walker Report on Corporate Governace (UK - 7/2008) providing data on the development of Risk Committees in public firm financial institutions

Navigation Path: Governance, Risk Management & Compliance (GRC)