MYOBI uses a model to express the levels of maturity. MYOBI uses the maturity model of DNB as a reference model for this. This is a general model in the financial world that offers the possibility to determine an own ambitious level and to determine realization, and can be used to gain clarity about the level of the other members of MYOBI.
DNB applies this model per control measure. MYOBI uses this model to determine the maturity level based on the level of the underlying controls.
Het volwassenheidsniveau doet een uitspraak over de effectieve werking van de beheersingsmaatregelen.
Level 1, Initial.
De beheersingsmaatregelen zijn (gedeeltelijk) gedefinieerd maar worden op inconsistente wijze uitgevoerd. Er is een grote afhankelijkheid van individuen bij de uitvoering van de beheersingsmaatregelen. Criteria:
- No or limited control measures implemented;
- Niet of ad-hoc uitgevoerd;
- Not / partly documented;
- Method of implementation depending on individual (not standardized).
Level 2, Repeatable but informal.
Controls are in place and are performed in a consistent and structured but informal manner. Criteria:
- The implementation of the control measures is based on an informal but standardized working method. This procedure is not fully documented.
Level 3, Defined.
The design of the control measures is documented and implemented in a structured and formalized manner. The required effectiveness of the control measures can be demonstrated and are being tested. Criteria:
- The control measures are defined based on risk assessment;
- Documented and formalized;
- Responsibilities and tasks are unambiguously assigned;
- Design, existence and effective operation are demonstrable;
- Effective operation of control measures is periodically tested;
- The assessment is risk-based and shows that the control measure is effective over a longer period (> 6 months).
Level 4, Controlled and measurable
The effectiveness of the control measures is periodically evaluated. Where necessary, controls are improved or replaced by other controls. The evaluation is recorded. Level 3 criteria plus the following:
- Periodic (control) evaluation and follow-up takes place;
- Evaluation is documented;
- Tasks and responsibilities for evaluation have been formalized;
- Evaluation frequency is based on the institution’s risk profile and is at least annually;
- The evaluation includes (operational) incidents;
- The results of the evaluation are reported to management.
Level 5, Continuous improvement
The control measures are anchored in the integral risk management framework, with continuous efforts to improve the effectiveness of the measures. External data and benchmarking are used for this. Employees are proactively involved in improving control measures. Level 4 criteria plus the following:
- Continuously evaluating controls to continuously improve the effectiveness of controls;
- Using results from self-assessments, gap and root cause analyzes;
- The control measures taken are benchmarked on the basis of external data and are “best practice” compared to other organizations.
Organizations that are serious about their accountability may have reached different levels of maturity in terms of controlling obligations when applying for the Accountability Seal.
Interested? Feel free to contact us at +31 (0) 70 362 18 07 or firstname.lastname@example.org.