An examination performed by an independent third party that verifies the guidelines outlined by a regulatory body.
The acknowledgement of understanding and abidance to policies, procedures or training.
Analyzing your data year over year by comparing one's own business processes and performance against the industry standard to reveal compliance program effectiveness and to determine needed improvements.
An incentive given, or offered, to a person or organization to encourage that person/organization to take an action that benefits the giver.
chief privacy officer
A chief privacy officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect employee and customer data from unauthorized access.
chief risk officer
The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings. The position is sometimes called chief risk management officer, or simply risk management officer.
code of conduct
An organization’s code of conduct is its policy of all policies. It’s a central guide and reference for users in support of day-to-day decision making. It is meant to clarify an organization's mission, values and principles, linking them with standards of professional conduct. As a reference, it can be used to locate relevant documents, services and other resources related to ethics within the organization.
The decisions, choices, and actions we make that reflect and enact our values.
To intentionally lie or cheat to get something to which one is not rightfully entitled.
The act, process, or power of exercising authority or control in an organizational setting
governance, risk and compliance (GRC)
Governance, risk and compliance (GRC) is a combined area of focus within an organization that developed because of interdependencies between the three components. GRC software products, available from a number of vendors, typically facilitate compliance with legal requirements, such as those specified in the Sarbanes-Oxley Act (SOX) or occupational health and safety regulations.
Gramm-Leach-Bliley Act (GLB)
Federal legislation enacted in the U.S. to control the ways that financial institutions deal with the private information of individual users.
A common reporting system giving anonymous telephone access to employees seeking to report possible instances of wrongdoing.
Making choices that are consistent with each other and with the stated and operative values one espouses. Striving for ethical congruence in one's decisions.
An internal control is a business practice, policy or procedure that is established within an organization to create value or minimize risk.
Risk assessment is the process of identifying variables that have the potential to negatively impact an organization’s ability to conduct business.
risk assessment framework (RAF)
A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
Risk exposure is a quantified loss potential of business. Risk exposure is usually calculated by multiplying the probability of an incident occurring by its potential losses.
Transparency, in a business or governance context, is honesty and openness. Transparency and accountability are generally considered the two main pillars of good corporate governance.
The core beliefs we hold regarding what is right and fair in terms of our actions and our interactions with others. Another way to characterize values is that they are what an individual believes to be of worth and importance to their life.
A whistleblower is a person who voluntarily provides information to the general public, or someone in a position of authority, about dishonest or illegal business activities occurring at an organization. This organization could include a government department, a public company or a private organization.