No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

Why a Resilient Risk Management and Internal Control Infrastructure Matters

by Adi Agrawal
November 9, 2016
in Risk
Risk and audit expert on the importance of resiliency

Enhanced focus on internal controls by corporate boards and regulators sometimes appears to be a post-financial crisis phenomenon. Those tasked with designing, executing and assuring the resiliency of a corporation’s internal control infrastructure sometimes struggle with articulating the business case for it, as well as defining the business need for internal controls. It is, hence, important to recognize and understand what “controls” are and their value in achieving desired outcomes.

Controls have been utilized for millennia as a means to assure that objectives are met within a range of tolerable outcomes. They have been developed and deployed to reduce uncertainty (or unwanted deviations) within a process or system to achieve a desired outcome. In the third century B.C., Ktesibios’s water clock in Alexandria, Egypt kept time by controlling the water level in a vessel. Today, internet protocol thermostats are available to remotely regulate and control temperature in our homes. There are applications of controls all around us that have become a ubiquitous part of our daily lives. Without effective and reliable controls, it is difficult to ensure outcomes, and this is particularly true for complex processes and systems in the exchange-listed options space.

As a Systemically Important Financial Market Utility (SIFMU) and the foundation for secure markets, OCC understands the value and importance of maintaining and operating an effective and reliable internal control infrastructure that ensures risk management and processing outcomes expected by our stakeholders. Our responsibility to ensure integrity, timeliness and completeness in the services we provide to market participants span beyond the enterprise. That is why we continue to invest in evolving and maturing our internal control infrastructure in response to changing business and regulatory needs.

To maintain a resilient risk management and internal control infrastructure at OCC, we employ the “three lines of defense” model. This model allows us to manage the corporation’s control infrastructure with clarity of ownership and accountability. The first line of defense is the operational business units of the corporation, including financial risk management, operations, technology, legal, regulatory affairs and corporate functions such as human resources, finance, accounting and the program management office. Our first-line colleagues are responsible and accountable for designing, operating and maintaining an effective internal control infrastructure comprised of policies, standards, procedures and guidance that allows us to meet our service obligations. They own and are accountable for our internal control infrastructure and service outcomes.

We support and monitor the efforts of our first-line colleagues using capabilities within a second line of defense consisting of our corporate risk management and compliance functions. The second line designs, implements and maintains an enterprise-wide risk management framework and tools to assess and manage risk at that level. These colleagues work with the first line to assess risks and establish policies and guidelines. They advise, monitor and report on the first line’s effectiveness in managing risk and maintaining and operating a resilient control infrastructure. Our second line of defense is an important portfolio of capabilities that allow our executive management and the OCC Board of Directors to have a comprehensive and objective view regarding the overall health of our risk management and internal control infrastructure and whether our services are being delivered within an agreed-upon risk appetite.

The third line of defense is the OCC Internal Audit function. My team and I work for the Audit Committee of our Board of Directors, and we are accountable for designing, implementing and maintaining a comprehensive assurance program that allows our executive management and Board to receive independent and objective assurance that the quality of our risk management and internal control infrastructure meets our risk appetite and business imperatives. We fulfill our obligations to OCC by maintaining a diverse and skilled team of professionals with a variety of business, technology and assurance skills. The OCC Internal Audit team performs all its activities in compliance with the Institute of Internal Auditors’ standards enshrined in the International Professional Practices Framework.

All my OCC colleagues across the three lines of defense are dedicated to maintaining a resilient risk management and internal control infrastructure to fulfill OCC’s mission, which is to promote stability and market integrity through effective and efficient clearing, settlement and risk management services while providing thought leadership and education to market participants and the public about the prudent use of products we clear.

By enhancing our resiliency through a strong internal control infrastructure, we are not only building a high-performance culture, we are promoting increased operational excellence and fostering growth, innovation and thought leadership. This helps OCC in its role as a leader in the exchange-listed options industry and allows us to better serve market participants and the greater public interest.

To learn more about OCC’s thought leadership on industry issues, visit OCC’s Blog.


Previous Post

First Modern Slavery Report Shows Businesses are Behind

Next Post

What You Need to Know about the New PCI Standard

Adi Agrawal

Adi Agrawal

adi-agrawalAdi Agrawal is Senior Vice President and Chief Audit Executive at OCC. OCC is the world's largest equity derivatives clearing organization. In this role, Mr. Agrawal is responsible for assuring the effectiveness of OCC's risk management capabilities and internal control environment. He previously served as First Vice President, Internal Audit. Mr. Agrawal is an internationally recognized and experienced assurance and risk executive with more than 25 years of experience leading information technology, process re-engineering, risk and strategy. Prior to joining OCC, Mr. Agrawal served as Executive Director, Global Assurance at CME Group, where he was responsible for internal audit operations for trading, clearing, market data, proximity-hosting, technology services and self-regulatory organizations. Before that he served as Executive Director of Enterprise Risk Management at CME Group, reporting to the Audit and Risk Committee of the Board and Executive Management, with responsibility for processes and systems to conduct risk assessments, support risk management decisions and prepare the company's risk profile. Before joining CME Group, Mr. Agrawal served in a variety of consulting, operations, technology and audit leadership roles at American Express TBS, SDG Corporation, Transamerica Finance Corporation, Aerial Communication and First Chicago NBD Corporation. Mr. Agrawal earned a Master of Business Administration in Economics, Finance and International Business from The University of Chicago Booth School of Business and a Master of Science in Computer Science from the State University of New York Polytechnic Institute. He also completed the Executive Certificate Program in Strategic Decisions and Risk Management at Stanford University.

Related Posts

layoffs woman with carton of items

Beyond Fair WARNing: Regulatory & Reputational Pitfalls of Workforce Reduction

by Nancy Mann Jackson
June 11, 2025

Nearly 700,000 workers have lost jobs this year as companies respond to economic uncertainty, but employment law experts warn that...

elephant vs donkey

MAGA Hats and Pronoun Disputes Test Workplace Speech Boundaries

by Gorev Ahuja
June 10, 2025

Private employers can regulate political expression more freely, but public agencies must navigate a 3-part constitutional test that weighs speech...

kroger

Blocked, Sued and CEO-Less: How Kroger’s Board Must Navigate Triple Crisis

by Conor Johnston
June 9, 2025

Failed mergers often trigger talent exodus and shareholder fury, but strategic refocusing on core competencies can turn regulatory setbacks into...

polluted water

PFAS Reporting Window Delayed, but Waiting to Act on ‘Forever Chemicals’ Could Be Risky

by Cally Edgren
June 9, 2025

Technical issues on government portal give companies short reprieve

Next Post
Updates to payment card data security standard to affect compliance

What You Need to Know about the New PCI Standard

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights