COMPASSIONS CORE VALUES DRIVE HOW WE AUDIT

Committed to Christ and His Church:

Integrity

The church is the great hope for the world and Gods instrument to advance the Kingdom of God.
Compassion mobilizes and connect the global body of Christ to fulfill her mandate for holistic
discipleship of children in poverty.

Integrity:

Excellence

Christ
And His
Church

Dignity

Aligning thoughts, motivations, attitudes, and actions with ethical principles find in Gods word
(work and personal lives)

Excellence:

Do things Gods way Consistently do everything we are called to do with outstanding quality. We
do the right things, the right way every time.

Stewardship:
Stewardship

Compassions ministry belongs to the children, ICPs, sponsors and donors, and ultimately God.
Therefore, we protect, develop, and deploy all our resources with great care and wisdom.

Dignity:

Each person is created in Gods image and bears Gods likeness. Jesus treated everyone with
respect and willingly gave his life for redemption of all people. Therefore, all people are worth of
our respect and love.

AGENDA
Overview of Compassions Office of Risk Management
ORM Interaction with Partnership Audit
General PA Lead / PA Roles and Responsibilities
Scope of Audit in Compassion
Enterprise Risk Management
COSO Control Framework

Overview of Compassions Office of Risk Management

OFFICE OF RISK MANAGEMENT (ORM) OVERVIEW

James Hansen
Vice President of ORM

Katie Kassing
Sr. Administrative Assistant

Walt Fisher

Karen Hoida

Wade Crow

Director of Governance

Director of Risk Management

Director of Audit

ORM OVERVIEW GOVERNANCE & INFORMATION SECURITY

Walt Fisher
Director of Governance

Walt Hintz

Justin Schluessler

Rhett Saunders

Principle BCDR Specialist

Director of Information Security

Governance Analyst

Business Continuity

Josh Nalley
Sr. Information Specialist

GRC Tool Build-Out

Disaster Recovery

David DeCoste
Information Security Specialist
Policy and Standards
Development

ISM Development
and Compliance

Payment Card
Industry (PCI)
Assessments

Bob Stephenson
Information Security Specialist 1

ORM OVERVIEW RISK MANAGEMENT

Karen Hoida
Director of Risk Management

Risk Assessments

Lilian Gitau
Principle Risk Management Specialist

Crisis Management
Special Projects

ORM OVERVIEW INTERNAL AUDIT

Wade Crow
Director of Audit

Jess Bolding
Manager of Audit

Steve Borchert
Sr. Internal Auditor

Arlie Cadigal
Sr. Internal Auditor

Internal Audits

Jonathan Carter
Lead Sr. Internal Auditor

Jennifer Lorme
Sr. Info. Systems Auditor

Management
Consulting

Investigations
& EthicsPoint

Ivonne Hicks
Sr. PA Analyst

Partnership
Audit Support

Ramesh Pathara
Sr. PA Analyst

COMPASSIONS ETHICS POINT REPORTING HOTLINE

http://iweb.ci.org/admin_services/orm/ethics_point/ethics-point.aspx

ORM Interaction With Partnership Audit

ORM CONNECTION TO PARTNERSHIP AUDIT

Sr. PA Analyst

Country Director

Lead PA

Lead PA

Lead PA

Sr. PA Analyst Support:

Pre-Employment Interviews
Targeted Onboarding Support
Support Annual Plan Development
Support During ICP Audit, As Needed
Provide ICP Rating Guidance
Gather and Report Quarterly Roll-Ups
Support Investigations, As Needed
Conduct Meetings by Request (Annual
Planning, One-on-Ones, etc.)

Partnership Audit Lead and Partnership Auditor

Roles and Responsibilities

PARTNERSHIP AUDIT ROLES AND RESPONSIBILITIES

Partnership Audit Lead
Oversee annual risk assessment and audit plan
development
Conduct ICP audits according to SSFM and PAT standards

Partnership Auditor
Conduct ICP audits according to SSFM and PAT standards
Follow-up on all ICP action items

Follow-up on all ICP action items

Provide regular reports and insights to Partnership Audit

Lead on audit observations and action items

Provide regular reports to Country Director and CMT

members on Partnership Audit results and high risk issues

Seek advice, support, and training from Partnership Audit

Lead

Provide roll-up reports to Sr. Partnership Audit Analysts

Manages, supports, and develops Partnership Auditor(s)
throughout all aspects of the audit process

Scope of Audit at Compassion

SCOPE AND INFLUENCE OF INTERNAL AND PARTNERSHIP AUDIT

Scope of Work
Global Process Reviews
Management Consulting
/ Investigation Requests
GMC Process Audits
Field Office Audits

ICP Audits

Enterprise Risk Management Overview

ENTERPRISE RISK MANAGEMENT OVERVIEW

What is a Risk?
Any event or action that
exposes someone or
something valued to
danger, harm, or loss

ENTERPRISE RISK MANAGEMENT OVERVIEW

Are Risks and Issues the Same?

ENTERPRISE RISK MANAGEMENT OVERVIEW

Inherent Risk vs. Residual Risk

Residual Risk:

Inherent Risk:

Risk level that

remains after controls
are implemented.

Risk level when no

internal controls exist.
Management will never fully
reduce risk unless stop doing
activity, remove technology,
quit operating, etc.

ENTERPRISE RISK MANAGEMENT OVERVIEW

Security

Child
Protection

Stakeholder
Support

Legal

Financial

Reputational Impacts

Geopolitical
Religious

Core Values

Workforce

ENTERPRISE RISK MANAGEMENT OVERVIEW

Risk Evaluation Considerations
What is the potential
impact to Compassion?

What controls does

Compassion have in
place to mitigate the
risk?

How quickly will

Compassion realize risk
impact?

How likely is it that the

risk event will happen?

ENTERPRISE RISK MANAGEMENT OVERVIEW

Impact Considerations:
Child physical and emotional safety

Compromised core values

Employee safety

Financial impact to processes

System downtime

Employee and volunteer engagement

Government action / reaction

Employee capability

Stakeholder impact

Sponsor and donor perceptions

ENTERPRISE RISK MANAGEMENT OVERVIEW

Probability & Velocity Considerations:
How easy could the risk event occur?
Are there personal incentives for someone to cause this risk event to occur?
How frequently could this risk event occur?
Has this risk event occurred before?
If this occurred, how quickly would the risk event impact Compassion?

COSO Control Framework Introduction