Cycle time in calendar days (including weekends) from identification of change in risk until changes to risk management policies and procedures are completed and ready for deployment/communication/implementation by the business entity

This measure calculates the number of calendar days (including weekends) that elapse from identification of change in risk until changes to risk management policies and procedures are completed and ready for deployment/communication/implementation by the business entity. It is part of a set of Cycle Time measures that help companies analyze the duration from beginning to end of the "operate controls and monitor compliance with internal controls policies and procedures" process, which incorporates planning, management, operations, and monitoring of internal control mechanism policies and procedures in order to manage internal controls.

Benchmark Data

Lock

Sorry! Not all users have access to all of our resources. Question mark icon

Want to unlock access to all of our resources?

Learn about Membership icon--arrow--right

Measure Category:
Cycle Time
Measure Id:
100140
Total Sample Size:
390 All Companies
Performers:
25th
Median
75th
Key Performance
Indicator:
Yes

Compute this Measure

Units for this measure are days.

Back to Top

Cycle time in calendar days (including weekends) from identification of change in risk until changes to risk management policies and procedures are completed and ready for deployment/communication/implementation by the business entity

Key Terms

Back to Top

Cycle Time

Cycle time is the total time from the beginning of the process to the end. This includes both time spent actually performing the process and time spent waiting to move forward.

Median

The metric value which represents the 50th percentile of a peer group. This could also be communicated as the metric value where half of the peer group sample shows lower performance than the expressed metric value or half of the peer group sample shows higher performance than the expressed metric value.

Business Entity

For survey purposes, a business entity is defined as an entity that:

  1. performs significant aspects of the processes for the surveys identified, or
  2. is part of a cost or revenue center within the company.

Within your organization, diverse departments may be geographically co-located, with closely integrated operations that form part of one "business entity" which may be a great distance apart. When trying to determine if related parts of your operation should be considered a single business entity, look for the following characteristics:

  • Do they operate closely together?
  • Do they serve many of the same customers?
  • Do they support the same region or product group?
  • Do they share any performance measures?
  • Is data meaningful at a consolidated level?

Examples of business entity definition:

  1. A general ledger accounting unit located in Germany has two groups. One performs general ledger accounting for the corporate headquarters, which has three business units. The other group does general ledger accounting for one of the three business units. In spite of their geographic co-location, their roles are substantially different and consolidating their data into a single response would make it less meaningful. Each group should be treated as a separate business entity.
  2. Three business units within a corporation use a shared services center for accounts payable and expense reimbursement, but are self-supporting for the other financial processes. The best approach is to make the shared services centre a separate business entity for accounts payable and expense reimbursement, and to retain the three original business units for the other financial processes.
  3. A global manufacturing company has five plant locations, each manufacturing product and each with its own logistics operations. For purposes of completing a manufacturing and logistics survey, they should be treated as five separate business entities.

Measure Scope

Back to Top

Cross Industry (7.2.1)

  • 9.8.2.1 - Design and implement control activities (10917) - Defining and executing policies, procedures, techniques, and mechanisms and actions taken to minimize risk.
  • 9.8.2.2 - Monitor control effectiveness (10918) - Overseeing the activities for internal controls. Observe the effectiveness of policies, procedures, techniques, and mechanisms actions taken to minimize risk.
  • 9.8.2.3 - Remediate control deficiencies (10919) - Taking corrective measures for policies, procedures, techniques, and mechanisms actions taken to minimize risk. (Conduct in accordance with Monitor control effectiveness [10918] in order to determine and rectify the control deficiencies.)
  • 9.8.2.4 - Create compliance function (10920) - Developing a compliance function for internal controls. Monitor trading activity. Avoid conflicts of interest. Safeguard compliance with guidelines at brokerage houses. Avoid money laundering and potential tax evasion.
  • 9.8.2.5 - Operate compliance function (10921) - Administering operational activities of a compliance function.
  • 9.8.2.6 - Implement and maintain controls-related enabling technologies and tools (10922) - Implementing and maintaining the compliance technological systems or equipment that are control-enabled.