Scribd Logo
Upload

Welcome to Scribd!

  • Best Practice MEA

    Uploaded by

    geelatrip
    32 views3 pages
    The document outlines best practices for monitoring, assurance, and compliance (MEA). It provides best practices for 5 areas: 1. MEA01 - Establishing a monitoring approach, setting performance targets, collecting and analyzing data, and ensuring corrective actions. 2. MEA02 - Monitoring internal controls, reviewing control effectiveness, performing self-assessments, identifying deficiencies, ensuring independent assurance providers, and planning/executing assurance initiatives. 3. MEA03 - Identifying external compliance requirements, optimizing response to requirements, confirming compliance, and obtaining assurance of external compliance.

    Original Description:

    sgasdasd

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines best practices for monitoring, assurance, and compliance (MEA). It provides best practices for 5 areas: 1. MEA01 - Establishing a monitoring approach, setting performance targets, collecting and analyzing data, and ensuring corrective actions. 2. MEA02 - Monitoring internal controls, reviewing control effectiveness, performing self-assessments, identifying deficiencies, ensuring independent assurance providers, and planning/executing assurance initiatives. 3. MEA03 - Identifying external compliance requirements, optimizing response to requirements, confirming compliance, and obtaining assurance of external compliance.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views3 pages

    Best Practice MEA

    Uploaded by

    geelatrip
    The document outlines best practices for monitoring, assurance, and compliance (MEA). It provides best practices for 5 areas: 1. MEA01 - Establishing a monitoring approach, setting performance targets, collecting and analyzing data, and ensuring corrective actions. 2. MEA02 - Monitoring internal controls, reviewing control effectiveness, performing self-assessments, identifying deficiencies, ensuring independent assurance providers, and planning/executing assurance initiatives. 3. MEA03 - Identifying external compliance requirements, optimizing response to requirements, confirming compliance, and obtaining assurance of external compliance.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    MEA 01

    MEA01-BP1 Establish a monitoring approach.


    Engage with stakeholders to establish and maintain a monitoring approach to define the
    objectives,
    scope and method for measuring business solution and service delivery and contribution to
    enterprise objectives. Integrate this approach with the corporate performance management
    system.

    MEA01-BP2 Set performance and conformance targets.


    Work with the stakeholders to define, periodically review, update and approve performance
    and
    conformance targets within the performance measurement system.

    MEA01-BP3 Collect and process performance and conformance data.


    Collect and process timely and accurate data aligned with enterprise approaches.

    MEA01-BP4 Analyse and report performance.


    Periodically review and report performance against targets, using a method that provides a
    succinct
    all-around view of IT performance and fits within the enterprise monitoring system.

    MEA01-BP5 Ensure the implementation of corrective actions.


    Assist stakeholders in identifying, initiating and tracking corrective actions to address
    anomalies

    MEA 02

    MEA02-BP1 Monitor internal controls.


    Continuously monitor, benchmark and improve the IT control environment and control
    framework to
    meet organisational objectives.

    MEA02-BP2 Review business process controls effectiveness.


    Review the operation of controls, including a review of monitoring and test evidence, to
    ensure that
    controls within business processes operate effectively. Include activities to maintain evidence
    of the
    effective operation of controls through mechanisms such as periodic testing of controls,
    continuous
    controls monitoring, independent assessments, command and control centres, and network
    operations centres. This provides the business with the assurance of control effectiveness to
    meet
    requirements related to business, regulatory and social responsibilities.
    MEA02-BP3 Perform control self-assessments.
    Encourage management and process owners to take positive ownership of control
    improvement
    through a continuing programme of self-assessment to evaluate the completeness and
    effectiveness
    of managements control over processes, policies and contracts.

    MEA02-BP4 Identify and report control deficiencies.


    Identify control deficiencies and analyse and identify their underlying root causes. Escalate
    control
    deficiencies and report to stakeholders.

    MEA02-BP5 Ensure that assurance providers are independent and qualified.


    Ensure that the entities performing assurance are independent from the function, groups or
    organisations in scope. The entities performing assurance should demonstrate an appropriate
    attitude and appearance, competence in the skills and knowledge necessary to perform
    assurance,
    and adherence to codes of ethics and professional standards.

    MEA02-BP6 Plan assurance initiatives.


    Plan assurance initiatives based on enterprise objectives and strategic priorities, inherent risk,
    resource constraints, and sufficient knowledge of the enterprise.

    MEA02-BP7 Scope assurance initiatives.


    Define and agree with management on the scope of the assurance initiative, based on the
    assurance
    objectives.

    MEA02-BP8 Execute assurance initiatives.


    Execute the planned assurance initiative. Report on identified findings. Provide positive
    assurance
    opinions, where appropriate, and recommendations for improvement relating to identified
    operational
    performance, external compliance and internal control system residual risk.

    MEA 03

    MEA03-BP1 Identify external compliance requirements.


    On a continuous basis, identify and monitor for changes in local and international laws,
    regulations
    and other external requirements that must be complied with from an IT perspective.

    MEA03-BP2 Optimise response to external requirements.


    Review and adjust policies, principles, standards, procedures and methodologies to ensure
    that
    legal, regulatory and contractual requirements are addressed and communicated. Consider
    industry
    standards, codes of good practice, and best practice guidance for adoption and adaptation.

    MEA03-BP3 Confirm external compliance.


    Confirm compliance of policies, principles, standards, procedures and methodologies with
    legal,
    regulatory and contractual requirements.

    MEA03-BP4 Obtain assurance of external compliance.


    Obtain and report assurance of compliance and adherence with policies, principles, standards,
    procedures and methodologies. Confirm that corrective actions to address compliance gaps
    are
    closed in a timely manner.

    You might also like