Allocates resources to support the organisation’s commitment to ethical practices. Ensures the organisation has resources and skills for ethical assurance.
SFIA Skills: Governance, risk and compliance
Governance (Level 6) (AIDE)
Defines governance processes to ensure compliance with ethical standards.
Impact assessment (Level 5) (AIDE)
Reviews and approves impact assessments and audits carried out by others.
Governance (Level 5) (AIDE)
Oversees governance and assurance activities.
Risk strategy, processes and monitoring (BURM) (Level Six)
Identifies and categorises organisation-wide strategic and operational risks. Breaks down risks by sub-categories, such as compliance, architecture, environment, financial etc. and considers mitigation activities in the context of organisational risk appetite.
Risk countermeasures and response (BURM) (Level Six)
Advises on the evaluation of identified risks (including probability/frequency of occurrence, impact and severity). Advises on appropriate action, including contingency planning, and countermeasures.
Governance (GOVN) (Level Six)
Leads reviews of governance practices with appropriate and sufficient independence from management activity. Within a defined area of accountability, determines the requirements for the appropriate governance of the specific domains, ensuring clarity of responsibilities and authority, goals and objectives.
Risk strategy, processes and monitoring (BURM) (Level 5)
Monitors status of risks, and reports status and need for action to key stakeholders.
Risk countermeasures and response (BURM) (Level 5)
Coordinates response to quantified risks, which may involve acceptance/retention, transfer, reduction or avoidance/elimination. Coordinates the development of countermeasures and contingency plans.
Financial awareness (BURM) (Level 5)
Demonstrates financial awareness as a part of risk management (e.g. cost-effectiveness analysis of proposed counter measures).
Assurance (GOVN) (Level Six)
Implements the governance framework to enable governance activity to be conducted. Undertakes and/or directs reviews as necessary to ensure management decision-making is transparent, and that an appropriate balance between benefits, opportunities, costs and risks can be demonstrated to principal stakeholders.
Risk strategy, processes and monitoring (BURM) (Level 4)
Monitors status of risks, and reports status and need for action to senior colleagues.
Risk countermeasures and response (BURM) (Level 4)
Assists with development of agreed countermeasures and contingency plans.
Financial awareness (BURM) (Level 4)
Demonstrates financial awareness as a part of risk management (e.g. cost-effectiveness analysis of proposed counter measures).
Risk strategy, processes and monitoring (BURM) (Level 3)
Maintains documentation of risks, threats, vulnerabilities and mitigation actions.
Risk assessment (AUDT) (Level 7)
Directs use of risk analysis to identify areas for in-depth review.
Stakeholder engagement (AUDT) (Level 7)
Liaises with internal and external stakeholders to ensure audit coverage is relevant and understood.
Review findings (AUDT) (Level 7)
Assesses collated audit review findings. Identifies and proposes significant control improvement programmes.
Function leadership (AUDT) (Level 7)
Leads the definition, implementation, and communication of the organisation’s audit function. Ensures appropriate resources are available to deliver organisational audit requirements.
Audit strategy (AUDT) (Level 7)
Leads audit strategy development and definition and ensures that the audit function adds value to the organisation.
Audit standards (AUDT) (Level 7)
Approves new or amended audit policies and standards having first ensured that they have been adequately reviewed and amended following a formal review process.
Audit scope and requirements (AUDT) (Level 7)
Leads audit requirements definition for high-profile engagements and/or large organisations.
Audit roadmap (AUDT) (Level 7)
Reviews and approves all plans and the audit roadmap ensuring full scope is covered.
Audit prioritisation (AUDT) (Level 7)
Leads workshops with all stakeholders to review requirements for planned audits. Agrees priorities, timescales, information disclosure approach and audit frequency. Documents agreements made.
Audit point resolution (AUDT) (Level 7)
Runs the action plan following a completed audit. Prepares response within agreed timescales. Reviews and approves audit response.
Audit planning (AUDT) (Level 7)
Approves and authorises audit plans. Ensures costs, operational budgets, staffing requirements, audit resources and risk have been taken into account and appropriate and effective governance arrangements established.
Audit management(AUDT) (Level 7)
Ensures all audits are planned, resourced and executed within roadmap timescales.
Audit execution (AUDT) (Level 7)
Takes responsibility for the delivery of high-profile, large budget, audit programmes establishing and maintaining appropriate management structures to control and monitor audit deliverables.
Advice and guidance (AUDT) (Level 7)
Provides general and specific audit advice to senior leadership teams on ways of improving the effectiveness and efficiency of control mechanisms.
Review findings (AUDIT)(Level 4)
Collates and analyses evidence regarding the interpretation and implementation of control measures, and/or conformance to standards, and prepares and communicates the audit report.
Review findings (Level 2)
Collates evidence to support reviews of compliance with standards, statutory controls, or management directives.
Review findings (AUDIT)(Level 7)
Assess collated audit review findings. Identifies and proposes significant control improvement programmes.
Review findings (AUDIT)(IG)(Level 6)
Contributes to formal reports to management on the effectiveness and efficiency of control mechanisms and the extent of compliance of systems with standards, regulations and/or legislation.
Review findings (Level 3)
Collates evidence and examines for compliance with standards, statutory controls, or management directives. Identifies, escalates and documents issues of non-compliance.
Compliance analysis and reporting (Level 3)(QUAS)
Examines records for evidence that appropriate testing and other quality control activities have taken place and determines compliance with organisational directives, standards and procedures. Identifies non-compliances, non-conformances and abnormal occurrences, and inputs findings to compliance reports.
Compliance analysis and reporting (Level 5)
Evaluates, appraises and identifies non-compliances with organisational standards, QMS and/or quality plans and determines whether appropriate quality control has been applied.
Compliance analysis and reporting (Level 4)
Collates, collects and examines records. Analyses the evidence to ensure compliance with organisational standards for activities, processes, data, products or services. Investigates and documents the internal control of specified aspects of automated, partly automated, or manual processes. Assesses compliance with relevant standards and drafts all or part of formal compliance reports.
Compliance analysis and reporting (Level 3) (QUAS-F)
Supports the examination of records for evidence that appropriate testing and other quality control activities have taken place. Supports the identification of non-compliances, non-conformances and abnormal occurrences.