Overview
GOVERNANCE, RISK AND COMPLIANCE POLICY (GRC)
Introduction
This document is the property of Tuntex Limited and is for use only by Tuntex Limited or any of its group Companies. It must not be copied, disclosed, circulated or referred to in correspondence with external parties or discussed with any other party other than for any regulatory requirements without prior written consent from the Management.
Governance: Ensuring that company activities, like managing IT operations, are aligned in a way that supports the company’s business goals.
Risk: Making sure that any risk (or opportunity) associated with company activities is identified and addressed in a way that supports the company’s business goals. In the IT context, this means having a comprehensive IT risk management process that rolls into an enterprise risk management function.
Compliance: Making sure that company activities are operated in a way that meets the laws and regulatory requirements impacting the systems. In the IT context, this means making sure that IT system, and the data contained in those systems, are used and secured properly.
Scope
This policy applies to all activities of the Tuntex company related to Information Technology.
Policy Principles
- Govern us to meet the expectations of Shareholders and stakeholders, in the outcomes achieve through open and transparent communication
- Promote a performance culture where we focus on its objectives and accept responsibility for recognizing, communicating and managing the uncertainty (opportunities and threats) to these objectives;
- Promote an organizational focus on IT Governance, Risk and Compliance to support the business in effectively integrating governance, risk and compliance into business decision making and business processes
- Execute timely decisions which create and protect business value having considered the best available information and taking account of uncertainty
- Understand and comply with our legal, regulatory and other obligations
- Understand those risks that threaten the ongoing operation of our company and have in place strategies to minimize business disruption
Policy Objectives
Governance:
- Company Structure Authority responsibility & accountability
- Board compliance capabilities- Ethics & policy compliance etc
- Business performance reporting on BSC, Risk score, operational control dashboards
- Policy management, Documentation & Communication
Risk Management:
- Identify, Assess and prioritize risk
- Identify key controls & establish risk mitigation procedures
- Establish a risk reporting & oversight framework & training
- Develop a risk model & risk rating criteria
Compliance:
- Freezing on Compliance checklist as per Business requirement
- Assigning accountability & responsibility
- Assessment & Audit
- Reporting & certification
Policy
Environment, higher business complexity and increased focus on accountability have led us to pursue a broad range of IT governance, risk and compliance initiatives across the company. We define IT Governance, Risk and Compliance Policy as a system of people, processes, and technology that enables company to:
- Understand and prioritize stakeholder expectations
- Set business objectives that are congruent with values and risks
- Achieve objectives while optimizing risk profile and protecting value
- Operate within legal, contractual, internal, social, and ethical boundaries
- Provide relevant, reliable, and timely information to appropriate stakeholders
- Enable the measurement of the performance and effectiveness of the system
In Tuntex IT Governance, Risk and Compliance Policy is the integrated collection of capabilities that enable Tuntex to reliably achieve objectives, address uncertainty and act with integrity.
In Tuntex IT Governance, Risk and Compliance Policy represents the capabilities that integrate the IT governance, management and assurance of performance, risk and compliance activities Policy Statement.
In Tuntex IT Governance, Risk and Compliance Policy is viewed as an integrated collection of all capabilities necessary to support Principled Performance and does not burden the business, it supports and improves it.
Respond to business risks related to Information Technology in real-time
Tuntex IT Governance, Risk, and Compliance helps transform inefficient processes across extended enterprise into an integrated risk program. Through continuous monitoring and automation we deliver a real-time view of compliance and risk, improves decision making, and increases performance across company and with vendors. Company connect the business, security, and IT with an integrated risk framework that transforms manual, siloed, and inefficient processes into a unified program built on a single platform.
Responsibilities
The IT Governance, Risk and Compliance Policy Board is responsible for:
- Setting objectives for company
- Delegating authority, setting limits of acceptable behavior through the Code of Conduct and defining risk appetite and tolerance by approving our Policies
- Establishing and monitoring effective IT governance, risk and compliance management
Executive Management (individually and as a team) is responsible for
- Achieving objectives set by the Board and managing uncertainty in relation to these objectives
- Promoting a performance culture embedding risk management in decision making and business processes
- Creating awareness of and ensuring compliance with legal, regulatory and other obligations
- Keeping the Board informed of risks and compliance issues and endorsing all information provided to the Board
- Establishing standards and procedures to underpin board approved our Policies
- Making available the necessary resources for effective IT governance, risk and compliance management
All employee/user (including third party vendor) are responsible for
- Actively seeking to understand the objectives, risks, controls and obligations that relate to their activities and participate in governance, risk and compliance management
- Undertaking activities in compliance with legislation and our policies and procedures
- Identifying and reporting risk events and instances of non-compliance; and
- Reporting new risks, risks exceeding tolerance, breaches or weaknesses of controls to their supervisor and as required under our Policies
Governance, Risk and Compliance Team is responsible for
- Providing expert advice and support in relation to IT governance, risk and compliance management
- Establishing an Enterprise Risk Management and Compliance Framework that enables effective risk management and compliance activity to be carried out consistently across the company
- Ensuring there is an appropriate level of understanding and engagement in risk and compliance management through effective education, reporting, escalation and discussion
- Establishing an IT Governance Management Framework which delegates authority, sets limits and describes risk tolerance (e.g. via policies, standards, procedures)
- Establishing a Business Continuity Framework to ensure risks that threaten the ongoing operation of the company are effectively planned and managed
- The review and continuous improvement of this policy and governance, risk and compliance management across the company
- Facilitating the process outlined within the Enterprise Risk Management and Compliance Framework and ensuring the ongoing reporting of the outcomes of those processes
Contact Information
Any Issue regarding Governance, Risk and Compliance Policy, please contact it@pttuntex.com