Cycle time in calendar days (including weekends) from identification of change in risk until changes to risk management policies and procedures are completed and ready for deployment/communication/implementation by the business entity

This measure calculates the number of calendar days (including weekends) that elapse from identification of change in risk until changes to risk management policies and procedures are completed and ready for deployment/communication/implementation by the business entity. It is part of a set of Cycle Time measures that help companies analyze the duration from beginning to end of the "operate controls and monitor compliance with internal controls policies and procedures" process, which incorporates planning, management, operations, and monitoring of internal control mechanism policies and procedures in order to manage internal controls.

Benchmark Data

Lock

Sorry! Not all users have access to all of our resources.

Want to unlock access to all of our resources?

Learn about Membership Arrow with stem

Measure Category:
Cycle Time
Measure ID:
100140
Total Sample Size:
393 All Companies
Performers:
25th Median 75th
- - -
Key Performance Indicator:
Yes

Sample image showing interactive filters for more detailed measure peer group data and an interactive graph.

Compute this Measure

Units for this measure are days.

Back to Top

Cycle time in calendar days (including weekends) from identification of change in risk until changes to risk management policies and procedures are completed and ready for deployment/communication/implementation by the business entity

Key Terms

Back to Top

Cycle time is the total time from the beginning of the process to the end. This includes both time spent actually performing the process and time spent waiting to move forward.

The metric value which represents the 50th percentile of a peer group. This could also be communicated as the metric value where half of the peer group sample shows lower performance than the expressed metric value or half of the peer group sample shows higher performance than the expressed metric value.

For survey purposes, a business entity is defined as an entity that:

  1. performs significant aspects of the processes for the surveys identified, or
  2. is part of a cost or revenue center within the company.

Within your organization, diverse departments may be geographically co-located, with closely integrated operations that form part of one "business entity" which may be a great distance apart. When trying to determine if related parts of your operation should be considered a single business entity, look for the following characteristics:

  • Do they operate closely together?
  • Do they serve many of the same customers?
  • Do they support the same region or product group?
  • Do they share any performance measures?
  • Is data meaningful at a consolidated level?

Examples of business entity definition:

  1. A general ledger accounting unit located in Germany has two groups. One performs general ledger accounting for the corporate headquarters, which has three business units. The other group does general ledger accounting for one of the three business units. In spite of their geographic co-location, their roles are substantially different and consolidating their data into a single response would make it less meaningful. Each group should be treated as a separate business entity.
  2. Three business units within a corporation use a shared services center for accounts payable and expense reimbursement, but are self-supporting for the other financial processes. The best approach is to make the shared services centre a separate business entity for accounts payable and expense reimbursement, and to retain the three original business units for the other financial processes.
  3. A global manufacturing company has five plant locations, each manufacturing product and each with its own logistics operations. For purposes of completing a manufacturing and logistics survey, they should be treated as five separate business entities.

Measure Scope

Back to Top

Cross Industry (7.3.1)

  • 9.8.2.1 - Design and implement control activities (10917)
  • 9.8.2.2 - Monitor control effectiveness (10918)
  • 9.8.2.3 - Remediate control deficiencies (10919)
  • 9.8.2.4 - Create compliance function (10920)
  • 9.8.2.5 - Operate compliance function (10921)
  • 9.8.2.6 - Implement and maintain controls-related enabling technologies and tools (10922)