Back

Establish, implement, and maintain a compensation, reward, and recognition program.


CONTROL ID
12806
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish job categorization criteria, job recruitment criteria, and promotion criteria., CC ID: 00781

This Control has the following implementation support Control(s):
  • Establish and maintain an annual report on compensation., CC ID: 14801
  • Disseminate and communicate the compensation, reward, and recognition program to interested personnel and affected parties., CC ID: 14800
  • Establish, implement, and maintain roles and responsibilities in the compensation, reward, and recognition program., CC ID: 14798
  • Align the compensation, reward, and recognition program with the risk management program., CC ID: 14797
  • Establish, implement, and maintain remuneration standards, as necessary., CC ID: 14794


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • report the results of votes of stakeholders (including shareholders) on remuneration policies and proposals, if applicable. (Disclosure 2-20 ¶ 1(b), GRI 2: General Disclosures, 2021)
  • Define, monitor and supervise roles, responsibilities and compensation frameworks for personnel, including the requirement to adhere to management policies and procedures, the code of ethics, and professional practices. The level of supervision should be in line with the sensitivity of the position … (PO7.3 Staffing of Roles, CobiT, Version 4.1)
  • Establish compensation, reward, and recognition programs for all employees, business partners, and other stakeholders that recognize individuals and organizational units for exhibiting desired conduct and do not reward undesirable conduct. (OCEG GRC Capability Model, v. 3.0, P5.3 Develop and Implement Compensation, Reward and Recognition Programs, OCEG GRC Capability Model, v 3.0)
  • the organization's approach to compensation, ensuring that compensation is, and remains, fair, responsible and transparent; (§ 6.3.3.2.2 ¶ 2 h), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • The organization shall implement a process that provides for a periodic review of performance targets, performance bonuses and other incentives, to verify that there are appropriate measures in place to prevent encouraging noncompliance. (§ 7.2.2 ¶ 3, ISO 37301:2021 Compliance management systems — Requirements with guidance for use, First Edition, Edition 1)
  • The organization shall implement a process that provides for a periodic review of performance targets, performance bonuses and other incentives, to verify that there are appropriate measures in place to prevent encouraging noncompliance. (§ 7.2.2 ¶ 3, ISO/DIS 37301, Compliance management systems — Requirements with guidance for use, DRAFT)
  • In some governance structures, performance targets cascade from the board of directors to the chief executive officer, management, and other personnel, and performance is evaluated at each of these levels. The board of directors evaluates the performance of the chief executive officer, who in turn e… (Holding Itself Accountable ¶ 1, Enterprise Risk Management - Integrating with Strategy and Performance, June 2017)
  • Performance is greatly influenced by the extent to which individuals are held accountable and how they are rewarded. It is up to management and the board of directors to establish incentives and other rewards appropriate for all levels of the entity, considering the achievement of both short-term an… (Rewarding Performance ¶ 1, Enterprise Risk Management - Integrating with Strategy and Performance, June 2017)
  • Salary increases and bonuses are common incentives, but non-monetary rewards such as being given greater responsibility, visibility, and recognition are also effective. Management consistently applies and regularly reviews the entity's measurement and reward structures in conjunction with its desire… (Rewarding Performance ¶ 2, Enterprise Risk Management - Integrating with Strategy and Performance, June 2017)
  • Aligning risk-aware behaviors and decision-making with performance: Remuneration and incentive programs are aligned to the core values of the organization including expected behaviors, adherence to codes of conduct, and promoting accountability for risk-aware decision-making and judgment. (Embracing a Risk-Aware Culture ¶ 1 Bullet 4, Enterprise Risk Management - Integrating with Strategy and Performance, June 2017)
  • Management should demonstrate a commitment to recruit, develop, and retain competent individuals. (4.01, Standards for Internal Control in the Federal Government)