Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

Size: px
Start display at page:

Download "Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance"

Transcription

1 Optimizing an Enterprise Wide Effective Vendor Risk Program Pam Schott Head and VP Enterprise Supplier Governance June 1, 2015

2 Emerging Industry Trends As Procurement organizations mature; their focus needs to be more than just cost savings; they need to be proactively involved in strategic initiatives and creatively protect their organizations Procurement and Finance Alignment Essential partnership between procurement and finance to track and record savings International Expansion Support strategic initiatives in international expansion, licensing, ecommerce growth Innovative Solutions Expand supply market research to include new innovative solutions (i.e. cloud computing, social media, etc.) Talent Develop a procurement team aligned to business needs, organization s strategic priorities and growth areas and focus on building and retaining high-performing teams Affect Revenue New Risk Domains Promote and develop the bank s customer portfolio within our supplier community and maximize value to the bank by being thoughtful about our customer/supplier relationships Extension of the Third Party Risk to manage additional risk domains beyond Information Security and Supplier Performance (e.g., Reputation, Compliance, or Geo-political Risk 4 th Party Risk Inclusion of 4 th Parties in the Risk Program, including inventory, assessment and monitoring of 4 th Parties (Supply Chain ) M&A / Divestitures Ongoing M&A and Restructuring Activities have created new sourcing leverage and necessitated new supply strategies Green Value Chains Increasingly, customers and governments are demanding firms have plans to make their operations more sustainable and from a more diverse supplier base

3 Proactive risk management and oversight is an imperative for most organizations Third party risk is not a risk unto itself. Rather, it is a combination of other risks with various degrees of severity based on the nature of the relationship with the third party. The potential risk exposure from doing Business with third parties goes well beyond direct financial loss and includes reputational damage, regulatory scrutiny and customer attrition. 10. Business Continuity Risk Third party is unable to continue proving products / services 1. Strategic Risk Third party is not aligned to organization s strategic objectives 2. Information Security Risk Third party is able to access information outside of defined business requirements 9. Financial Stability Risk 3. Reputation Risk Third party cannot meet contractual obligations due to financial difficulties Third Party Risk Domains Third party s issues effect company brand 8. Geo-political Risk Country-specific factors (e.g., government, climate) affect Third party performance 4. Compliance Risk Third party actions are inconsistent with legal, regulatory, or policy requirements 7. Contractual Risk Service / Product provided by the Third party is incompletely defined in the contract 6. Credit Risk Third party is unable to make payments it is obligated to 5. Transaction / Operational Risk Third party is unable to deliver products / services appropriately The Third Party Risk Domains listed above also apply to fourth parties as an extension of third party risk.

4 Overview: Outsourcing and Supplier Risk Function at BMO Outsourcing and Supplier Risk Our Outsourcing and Supplier Risk Program aims to proactively identify, assess, monitor and mitigate risk associated with our third party suppliers and outsourcers through defined governance practices. Tools & Processes Oversight & Governance Analytics & Reporting We have controls for identifying, assessing, monitoring and managing outsourcing and supplier risk through a framework and SEMS management tool; a. Established end-to-end Outsourcing and Supplier Risk Framework b. Supplier Engagement system (SEMS) enables supplier intake and risk assessment We have developed the three lines of defense operating model, consistent with BMO s Enterprise framework and instituted a Governance Oversight Committee for the US; a. Roles of three lines of defense identified b. Governance committee in place, initial focus on US, currently expanding to enterprise We have refreshed our risk appetite statement and enhanced our reporting capabilities to monitor our risks; a. Defined risk appetite statement and associated dashboards and KRIs b. Data Analytics and Consumption in SpotFire for drill-down analytics 4

5 1 Tools & Processes Development of controls for identifying, assessing, monitoring and managing outsourcing and supplier risk through a framework and SEMS management tool. 1a 1b End-to-End Outsourcing and Supplier Risk Framework Supplier Engagement System (SEMS) We have implemented an Outsourcing and Supplier Risk Framework across the enterprise. The framework shows an end-to-end view of the processes, structures, controls and systems that are used to manage outsourcing and supplier risk. This framework is leveraged throughout the Supplier Lifecycle as set out in the Outsourcing and Supplier Risk Corporate Standard. Applies consistent onboarding and management methods for outsourcing and supplier arrangements. All new, renewing and amending supplier arrangements, in addition to significant changes in current agreements must be entered in to SEMS. This centralized tool assesses the associated risks per risk type and in the aggregate resulting in a risk rating that is used to inform supplier management and oversight. Outsourcing and Supplier Risk Framework Strategy Supplier Selection Due Diligence Contract Manage Renew / Terminate Preliminary Assessment Questionnaire (PAQ) Workload Planning Opportunity Strategy Market Intelligence Customer as a Supplier Assessment Supplier Diversity Supplier Engagement Questionnaire (SEQ) Stakeholder and CSA Engagement Sourcing Strategy (e.g. RfX, auction, or sole source) Conditional Award of the Business Deal Summary FirstPrinciples Operational Risk Corporate Policy, Standard, and Framework Effective Challenge Quality Assurance Identification Outsourcing & Supplier Risk (OSRM) Framework Corporate Support Area Due Diligence Program Corporate Support Area Contract Controls Contract Development Negotiation Execution Proof of Concept Execution Conduct Negotiation Post-Contract Supplier Controls Deal Summary Finalized Key Risk Indicators Risk Approval Governance Model Contract Execution and Registration Category Profile Mgmt Supplier Engagement System (SEMS) Governance Measurement Risk Definitions Risk Appetite Statement OSR Corporate Standards SPSG Operational Procedures Residual Risk Assessment (RRA) & Mitigating Residual Risk Reassessment (RRR) Termination or Renewal Strategy Assessment Assessment of Arrangement, Market and Business Requirements Termination and/or Transition Plan Supplier Engagement System (SEMS) licensed from Hiperos SEMS is the enterprise tool to identify, assess, manage and monitor outsourcing and supplier risk throughout the supplier lifecycle. Monitoring & Reporting Workflow Repository for pre-defined artefacts Notifications Track open items Reporting Analysis Change Footer goes here 5

6 First Principles Operational Risk Corporate Policy, Standard, and Framework Effective Challenge Quality Assurance Governance Risk Definitions Risk Appetite Statement OSR Corporate Standards SPSG Operational Procedures 1a Supplier Lifecycle Framework Key objectives of the framework include: Identification of Risks Measurement of Risk Impact and Mitigation of Risks Monitoring and Reporting of Risks Strategy Preliminary Assessment Questionnaire (PAQ) Workload Planning Opportunity Strategy Market Intelligence Customer as a Supplier Assessment Supplier Diversity Supplier Engagement Questionnaire Supplier Selection Stakeholder and CSA Engagement Sourcing Strategy (e.g. RfX, auction, or sole source) Conditional Award of the Business Deal Summary Supplier Lifecycle Due Diligence Contract Manage Corporate Support Area Due Diligence Program Corporate Supplier Area Contract Controls Contract Development Negotiation Execution Proof of Concept Execution Conduct Negotiation Deal Summary Finalized Risk Approval Contract Execution and Registration Residual Risk Assessment Residual Risk Reassessment Post-Contract Supplier Controls Key Risk Indicators Governance Model Category Profile Mgmt. Renew / Terminate Termination or Renewal Strategy Assessment Assessment of Arrangement, Market and Business Requirements Termination and/or Transition Plan Document and Supplier Engagement System (SEMS) Reporting The enterprise tool to identify, manage, and monitor outsourcing and supplier risk throughout Attestations the supplier lifecycle Workflow Repository for pre-defined artefacts Notifications Track open items Reporting Analysis Change

7 2a Oversight & Governance Adopt three lines of defense operating model and ensure roles and accountabilities are established across all three lines of defense. Three Lines of Defence to Manage Outsourcing & Supplier Risk First Line of Defense: LOB Supplier Manager/Accountable Executive Own and manage identified Outsourcing and Supplier Risk for their supplier arrangements Maintain overall accountability and oversight of the relationship: Set the strategic direction of the supplier relationship Make key decisions pertaining to the supplier relationship Resolve any escalated issues 1 Second Line of Defence SPSG & Outsourcing and Supplier Risk CSA Provide subject matter expertise, specialist support, and independent risk oversight of Outsourcing and Supplier Risk Quality Assurance and Effective Challenge roles in place Develop and implement the Outsourcing & Supplier Risk Managed through our SEMS tool 2 Second Line of Defence CSAs Provide inherent, residual risk assessment and due diligence for their domain of risks Assess implications of vendor risk to their risk domain Third Line of Defence Corporate Audit Provide an independent assessment of the effectiveness of the internal control environment in 1 st and 2 nd lines Provide timely independent reporting to senior management that assesses whether key control activities are operating effectively and reliably. For example, determining whether there is: Effective supplier risk identification and due diligence Appropriate contract controls Adherence to applicable regulatory guidance Appropriate ongoing supplier management and oversight An effective challenge to the first line and second line that includes escalation processes

8 VRC Members (Proposed Representation) Focus BMO FG Risk Committee (Cross Enterprise) Members CSAs LOB Head Chair U.S. CISO AML Corp. ERPM P&C U.S. Chicago Secretary U.S. CRO SOX Anti-Corruption Wealth Branch Chief T&O Officer U.S. ORO Corp. Bus. Continuity Capital NY Branch CPO U.S. CCO Compliance. Markets VP T&O Integration U.S. Sourcing Lead Information Outsourcing & MD Business Ops Audit 1 Security Supplier Risk Risk Coverage: Level, Appetite, Tolerance, Type, Methodology Vendor Coverage: Prioritization by Segment, Assessments Targets/Timelines, Reassessment Requirements by Risk Level, Quality Assurance Elements of the Vendor Risk Governance Program: Robust reporting tools/outputs from which VMROC: Will draw meaningful insights to help govern the program Review monthly reports on tier 3, Material, high and/or enterprise critical risk relationships 2b Oversight & Governance Institute a Vendor Risk and Operations Committee to provide oversight on supplier risk across all aspects of the Supplier Lifecycle. Key Governance Model Elements Vendor Risk and Operations Committee The Vendor Risk and Operations Committee ( VMROC ) is accountable for providing oversight and governance on supplier risks Coverage BMO FC U.S. RMC U.S. ORC U.S. VMROC (Cross Enterprise) Chair: Dante DeWitt Vendor Governance Program Reporting Operational Oversight The Enterprise Supplier Governance (ESG) team members and corporate support areas conduct regular effective challenges on the validity, quality and integrity of the data uploaded within SEMS. Hard challenges are then uploaded in to the tool to ensure we demonstrate where we have satisfied areas of concern. ESG developed the Standard Operating Framework that articulates the key components and requirements of effective post-contract governance, oversight, and monitoring of Enterprise Critical Suppliers. The Framework outlines high level responsibilities and the interaction model between Supplier teams, Enterprise Supplier Governance, and Corporate Support Areas. Quality Assurance (QA) Two Quality Assurance roles, were created to monitor and ensure completion of effective challenges by Outsourcing & Supplier Risk CSA to perform risk oversight on outsourcing and supplier risk. Their quarterly assessments are in compliance with the OSRM Corporate Standards and annual review of framework controls. Footer goes here 8

9 3a Analytics & Reporting Develop a risk appetite statement and enhanced reporting capabilities to allow for increased oversight and governance of the portfolio. 3a Defined Risk Appetite Statement and KRIs Strives to adhere to the letter and spirit of all regulatory obligations relating to vendor risk. We seek to have no significant instances of regulatory breach. We recognize that there is vendor risk inherent in our businesses. Based on our strategy and business practices, we are targeting a moderate* risk appetite. We will mitigate exposures that can adversely impact our critical activities, have a disruption to regular business operations, and negatively impact our customers. We will proactively and continuously improve our vendor / supplier risk framework 3b Data and Analytics We have selected SpotFire, a data visualization program, as our enterprise tool to provide risk reporting across the following dimensions: Portfolio view of risks to identify and monitor high, medium, and low risks. Ability to deep dive into engagement data and KRIs to understand risk drivers. Enhanced Risk Portfolio dashboard provides a comprehensive view on the Bank s current risk exposure across key KRI areas. The dashboards are released to VMROC members monthly and are a key input into the OSR CSA Report. Footer goes here 9

10 3b Analytics & Reporting This dashboard articulates how we measure risk through key performance indicators (KRIs), our risk tolerance as defined by the risk appetite and where each LOB and geography stands in relation. Vendor Risk Appetite Statement We aim to monitor KRIs across the Enterprise Framework, Engagement and Vendor processes to understand and mitigate the disruption that vendors can cause on the Bank s ability to conduct business Reporting OSR KRI Dashboard 1 Effectiveness of Control 2 Residual Risk Heat Map 3 Dimensions Risk Trends How a LOB/geography is doing relative to each of the risk dimensions What proportion of a LOB s/geography s vendors are high, medium or low risk How a LOB/geography is trending over time across KRIs

11 On-going Supplier : Evolution of the SRM Playbook to the Standard Operating Framework Based on input from Supplier Manager Teams during the Pilot in October 2014, ESG distilled the SRM Playbook into a more outcomefocused and user-friendly Standard Operating Framework, which was published in December 2014 Guiding Principles Defined Supplier processes, roles and responsibilities, tools and templates for the post-contract management of BMO s most critical suppliers Aggregation of best practices for postcontract supplier management into specific management activities Emphasis on prescriptive practices for supplier management SRM Playbook (Published August 2014, Retired and replaced by the Standard Operating Framework December 2014) Standard Operating Framework (Published December 2014) Guiding Principles Defined Supplier processes, roles and responsibilities, tools and templates for the post-contract management of BMO s most critical suppliers Distillation of best practices for postcontract supplier management into management outcomes Emphasis on output / interaction across constituents vs prescriptive process steps

Customer Support Group (CSG) Invoicing and Monitoring Arrangements. April 2016

Customer Support Group (CSG) Invoicing and Monitoring Arrangements. April 2016 Internal Audit Customer Support Group (CSG) Invoicing and Monitoring Arrangements April 2016 Distributed to: Chief Operating Officer Commercial Director Director of Resources Head of Finance Partnership

More information

Q1 Please select the primary industry in which your company operates.

Q1 Please select the primary industry in which your company operates. Q Please select the primary industry in which your company operates. Answered: 9 Skipped: Banking Construction & Real Estate Financial Services &... Food & Commodities Government Healthcare Higher Education

More information

US Business Continuity Safeguarding Your Business from a Disaster

US Business Continuity Safeguarding Your Business from a Disaster US Business Continuity Safeguarding Your Business from a Disaster Juanita Hardin BMO Harris Bank Head TPS Risk and Compliance William Simmons BMO Harris Bank Vice President Business Continuity Management

More information

Extended Enterprise Risk Management

Extended Enterprise Risk Management Extended Enterprise Risk Management Driving performance through the extended enterprise October 2015 A network within a network The Extended Enterprise is the concept that an organization does not operate

More information

Ensuring Organizational & Enterprise Resiliency with Third Parties

Ensuring Organizational & Enterprise Resiliency with Third Parties Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts

More information

Vendor Management Risk Mitigation:

Vendor Management Risk Mitigation: Vendor Management Risk Mitigation: The Importance of Having a Formalized Methodology Sun Life Financial Laura Williams AVP, Procurement Opus Sam Mele Vice President Sales sig.org/summit Case Study: Supplier

More information

Risk Advisory Services Developing your organisation s governance for competitive advantage

Risk Advisory Services Developing your organisation s governance for competitive advantage Advisory Services Developing your organisation s governance for competitive advantage The Deloitte Advisory Platform of Services can help you to govern your strategic plan to guide your operations measure

More information

Time Topic Responsible

Time Topic Responsible 5/24/17 Time Topic Responsible 2:00pm Welcome & Introductions Snehal Sindhvad (SIG) 2:05pm SIG Working Group Concept & Structure Snehal Sindhvad (SIG) 2:15pm The Sourcing Lifecycle John Bree (NEO) 3:00pm

More information

Third Party Risk Management ( TPRM ) Transformation

Third Party Risk Management ( TPRM ) Transformation Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement

More information

WELCOME. 1

WELCOME.  1 WELCOME 1 The AML Risk Conundrum What Does AML Risk Really Mean? BSA Coalition Training Event November 17, 2016 2 Opening Remarks: Amanda Tucker, BSA Coalition Board Member Executive Vice President I Chief

More information

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide CITIBANK N.A JORDAN Governance and Management of Information and Related Technologies Guide 2018 Table of Contents 1. OVERVIEW... 2 2. Governance of Enterprise IT... 3 3. Principles of Governance of Enterprise

More information

Why Is Third Party Risk Management Important?

Why Is Third Party Risk Management Important? Third Party Risk Management Managing Risks in Your Extended Enterprise Why Is Third Party Risk Management Important? It is not a new concept for organisations to engage with third parties for the provision

More information

Role of Operational Risk in the Product Lifecycle Presented By: Chris Nestore, SVP Head of Operational Risk Management, TD Bank

Role of Operational Risk in the Product Lifecycle Presented By: Chris Nestore, SVP Head of Operational Risk Management, TD Bank Role of Operational Risk in the Product Lifecycle Presented By: Chris Nestore, SVP Head of Operational Risk Management, TD Bank Product Governance Overview Regulatory agencies have increased interest and

More information

Real Estate Lifecycle

Real Estate Lifecycle Real Estate Lifecycle AND FACILITY MANAGEMENT Companies often use anywhere from 10 to 15 different point solutions to run their day-to-day business, addressing only a single functional activity at a time.

More information

IT Service Delivery And Support Week Seven: SLA. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao

IT Service Delivery And Support Week Seven: SLA. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao IT Service Delivery And Support Week Seven: SLA IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Outsourcing Drivers Outsourced IT Works Outsourced IT Activity Samples Top Three Outsourcing

More information

Control and testing transformation

Control and testing transformation Control and testing transformation 1 Control and testing transformation Innovation and disruption are providing incredible opportunities and challenges to the process, risk and control environment in the

More information

Click to edit Master title style

Click to edit Master title style Click to edit Master title style Click Category to edit Management: Master title style Transformational Change in Federal Procurement Breakout Third Session level #G13 Eric Heffernan, Principal, Grant

More information

Case Study Webinar: Vendor Risk Management at Global Lending Services

Case Study Webinar: Vendor Risk Management at Global Lending Services Case Study Webinar: Vendor Risk Management at Global Lending Services Al Palmer, SVP Compliance, Global Lending Services LLC (GLS) Melissa Brown, Compliance Manager, Global Lending Services LLC (GLS) John

More information

MANAGING RISK AT SUNCORP

MANAGING RISK AT SUNCORP SUNCORP GROUP LIMITED CORPORATE GOVERNANCE MANAGING RISK AT SUNCORP 1 MANAGING RISK AT SUNCORP Managing risk is a key contributor to Suncorp Group's success. The Board and management recognise that an

More information

Heightened standards for compliance risk management. Lines of defense compliance s role

Heightened standards for compliance risk management. Lines of defense compliance s role Heightened standards for risk management Lines of defense s role Post-financial crisis, the Office of the Comptroller of the Currency (OCC) developed a set of heightened expectations to enhance the risk

More information

Bank It: Optimizing the Source to Contract Process to Maximize and Lock in Savings. Cardinal Health Patrick Eckhert Head of Indirect Procurement

Bank It: Optimizing the Source to Contract Process to Maximize and Lock in Savings. Cardinal Health Patrick Eckhert Head of Indirect Procurement Bank It: Optimizing the Source to Contract Process to Maximize and Lock in Savings Cardinal Health Patrick Eckhert Head of Indirect Procurement www.sig.org/eval Bank It: Optimizing the Source to Contract

More information

7 Key Trends in Enterprise Risk Management

7 Key Trends in Enterprise Risk Management 7 Key Trends in Enterprise Risk Management John Verver, CPA CA, CISA, CMC Kevin Legere, ACDA Presenters John Verver Consultant and Advisor to ACL Kevin Legere Director of Product Design Agenda Excellence

More information

Lessons Learned in Streamlining the Third-party Risk Assessment Process

Lessons Learned in Streamlining the Third-party Risk Assessment Process Lessons Learned in Streamlining the Third-party Risk Assessment Process Agenda Welcome & Introductions Overview of the Third Party Risk Management Lifecycle Three Unique Perspectives on: Third Party Inventories

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework Introductory Note to User: CompanyLongName There is no requirement in Australia for a non-publicly listed entity (other than a company regulated by APRA) to comply

More information

5. Effective controls and risk management

5. Effective controls and risk management Capita plc 35 5. Effective controls and risk management Managing our business Our flat management structure and governance procedures promote accountability and knowledge sharing across the business. This

More information

Optiv's Third- Party Risk Management Solution

Optiv's Third- Party Risk Management Solution Optiv's Third- Party Management Solution Third-Party Relationships Pose Overwhelming To Your Organization. Data Processing 641 Accounting Education 601 Payroll Processing Call Center 452 400 901 Healthcare

More information

How to Deliver Value Through The Three Lines of Defense

How to Deliver Value Through The Three Lines of Defense How to Deliver Value Through The Three Lines of Defense May 12, 2015 Financial Results Month xx, 2015 1 Herb Mazariegos U.S. Chief AML Officer 2 What We Do and How We Go About Doing It Three lines of defense.

More information

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting Presented by Scott Perry - Slalom Consulting Introductions Session Objectives Overview of Enterprise Risk Management The Role Of IT IT Governance Model IT Risk Assessment How IT Auditors Add Value Key

More information

RISK AND COMPENSATION COMMITTEE TERMS OF REFERENCE

RISK AND COMPENSATION COMMITTEE TERMS OF REFERENCE RISK AND COMPENSATION COMMITTEE TERMS OF REFERENCE Mandate The Risk and Compensation Committee oversees the Company s 1 Enterprise Risk Management (ERM) Program, including the Company s identification

More information

Risk management is changing. Act now.

Risk management is changing. Act now. Global Regulatory Reform Risk management is changing. Act now. Risk Transformation 01 The call to action 01 02 New world. New CRO. 02 03 The risk function must operate differently 04 04 The ART of risk

More information

An integrated model approach to improve the management of marketed products

An integrated model approach to improve the management of marketed products Insight brief Regulatory and safety integration An integrated model approach to improve the management of marketed products Leo Dodds, Principal, Quintiles Advisory Services John Rogers, Engagement Leader,

More information

Model Risk Management at FinTech organizations Considerations for bank charter applicants

Model Risk Management at FinTech organizations Considerations for bank charter applicants Model Risk Management at FinTech organizations Considerations for bank charter applicants September 2018 In July 2018, the US Treasury Department issued a report 1 signaling a new regulatory approach for

More information

Strategies to Mitigate the Cost of a Risky Third-Party Relationship

Strategies to Mitigate the Cost of a Risky Third-Party Relationship Strategies to Mitigate the Cost of a Risky Third-Party Relationship Experts on Panel Linda Tuck Chapman President, Ontala SIG: Sourcing Resource Center Chair, Thought Leaders Council Manu Gopeendran Senior

More information

USAA's Supplier Governance Transformation that Optimizes Value and Addresses Risk

USAA's Supplier Governance Transformation that Optimizes Value and Addresses Risk USAA's Supplier Governance Transformation that Optimizes Value and Addresses Risk USAA Glenn Ellis Director, USAA Supplier Management Enlighta Nipun Sehgal CEO www.sig.org/eval USAA s Supplier Governance

More information

Achieve Continuous Compliance via Business Service Management (BSM)

Achieve Continuous Compliance via Business Service Management (BSM) Achieve Continuous Compliance via Business Service (BSM) Brian Holmes, CISA Solutions Consultant BMC Software Agenda Introduction Compliance: The Business Driver Challenges of IT Compliance Business Service

More information

Risk Management: Building an Integrated Program to Drive Business Value

Risk Management: Building an Integrated Program to Drive Business Value Risk Management: Building an Integrated Program to Drive Business Value Presenter s Name Saturday, September 24, 2011 Agenda Identify key forces impacting risk management Evaluate the maturity of your

More information

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

IT Governance Overview

IT Governance Overview IT Governance Overview Contents Executive Summary... 3 What is IT Governance?... 4 Strategic Vision and IT Guiding Principles... 4 Campus-Wide IT Strategic Vision... 4 IT Guiding Principles... 4 The Scope

More information

CGI Business Process Outsourcing. for oil and gas companies

CGI Business Process Outsourcing. for oil and gas companies CGI Business Process Outsourcing for oil and gas companies Improving efficiency and outcomes With low oil prices driving cost reductions and performance improvement programs, many companies are moving

More information

Corporate Functions & Business Operations

Corporate Functions & Business Operations Corporate Functions & Business Operations BlackRock was founded by eight entrepreneurs who wanted to start a very different company. One that combined the best of a financial leader and a technology pioneer.

More information

Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises

Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises In today s business environment, banks are continuously facing challenges to reduce their

More information

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale September 15, 2017 Vincent Walden Partner EY Atlanta Delores White Director, Internal Audit Southern Company Scott Hulsey Chief Compliance

More information

Enterprise Risk Management Survey 2011

Enterprise Risk Management Survey 2011 Enterprise Risk Management Survey 2011 - A Driver of Enterprise Value in the Emerging Environment Governance, Risk and Compliance Services (GRCS) KPMG in India 6 April 2011 Neville Dumasia About this survey

More information

IT Executive Programs

IT Executive Programs IT Executive Programs Why IDC? 50 years of providing global, regional and local IT advisory services to businesses and governments on technology and line-of-business related issues, in 110 countries. 1,100

More information

Effects of GDPR and NY DFS on your Third Party Risk Management Program

Effects of GDPR and NY DFS on your Third Party Risk Management Program Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders

More information

An Executive Guide to Third Party Management

An Executive Guide to Third Party Management An Executive Guide to SIG Global Summit October 14 16, 2014 Executive Summary Companies... should take a hard look at the agents conducting business on their behalf. Kara Brockmeyer, chief of the SEC Enforcement

More information

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00 Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with

More information

Intelligent Procurement from SAP Ariba

Intelligent Procurement from SAP Ariba SAP Ariba Strategic Point of View Paper EXTERNAL Intelligent procurement SAP Ariba solutions Intelligent Procurement from SAP Ariba Making Procurement Solutions Smarter 1/9 Table of Contents 3 Executive

More information

Integrating a robust third-party risk management program with the vendor onboarding process

Integrating a robust third-party risk management program with the vendor onboarding process Integrating a robust third-party risk management program with the vendor onboarding process Introductions Kevin Bushbaker Alexion Senior Director Global Requisition To Pay kevin.bushbaker@alexion.com Colin

More information

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for

More information

Effective Vendor Risk Management. April 21, Mario A. Mosse. This Training is Brought to you by ComplianceOnline. Presenter:

Effective Vendor Risk Management. April 21, Mario A. Mosse. This Training is Brought to you by ComplianceOnline. Presenter: This Training is Brought to you by ComplianceOnline. Effective Vendor Risk Management Presenter: Mario A. Mosse April 21, 2017 This training session is sponsored by 2014 ComplianceOnline www.complianceonlie.com

More information

Navigating the New Health Economy

Navigating the New Health Economy Navigating the New Health Economy How non-traditional healthcare players are using the HITRUST CSF to drive their security programs forward Speakers Dennis Quandt Risk Assurance Director, PwC Boston, MA

More information

Internal Audit Solutions:

Internal Audit Solutions: Internal Audit Solutions: Internal Audit Leading Practices - Continuous Monitoring / Auditing Provided to Sioux Falls, SD IIA Chapter Thursday January 25, 2018 11:30 AM 1:00 PM CT Today's Presenter Anne

More information

Outsourcing Procurement Services Deliver Higher Performance at a Lower Cost

Outsourcing Procurement Services Deliver Higher Performance at a Lower Cost Outsourcing Procurement Services Deliver Higher Performance at a Lower Cost As the hospitality industry looks to generate more operational efficiencies while maintaining brand diversity, a paradigm shift

More information

STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017

STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017 STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES September 2017 Your presenters Nancy Aubrey Partner Boston, MA Nancy.aubrey@rsmus.com Rick Shriner Principal McLean, VA Rick.shriner@rsmus.com 2 Agenda

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved

More information

Management Excluded Job Description

Management Excluded Job Description Management Excluded Job Description 1. Position Identification Position Number 993234 Position Title Department Reports to (title) Associate Director, Supply Management Purchasing Services Director, Purchasing

More information

Supplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance

Supplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance Supplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance Steps to reduce supplier uncertainty and uncover cost savings An unreliable

More information

AffirmX. New York Credit Union Association. AffirmX. Linda Bow, CUCE, CRCM Director of Compliance

AffirmX. New York Credit Union Association. AffirmX. Linda Bow, CUCE, CRCM Director of Compliance New York Credit Union Association AffirmX Linda Bow, CUCE, CRCM Director of Compliance AffirmX AffirmX offers Compliance Solutions for all asset-size credit unions as well as a large variety of risk assessments,

More information

Managed Governance Services

Managed Governance Services Managed Governance Services effective sourcing governance, underpinned by powerful collaborative software Table of Contents 1 Introduction... 3 2 What is Managed Governance Services... 3 3 When is Managed

More information

Client onboarding and Legal Entity Data Solutions from Thomson Reuters

Client onboarding and Legal Entity Data Solutions from Thomson Reuters Client onboarding and Legal Entity Data Solutions from offers a broad and integrated suite of KYC, client onboarding and legal entity data solutions to support your ongoing client lifecycle management

More information

Asset Acceptance Capital Corp.

Asset Acceptance Capital Corp. Asset Acceptance Capital Corp. A Practical Approach to Enterprise Risk Management Detroit Chapter IIA September 14, 2010 1 Presenters Jeffrey S. Bankowski, CIA, CPA, CFF Jeff is currently the Vice President

More information

Dig Deeper. Supply Chain

Dig Deeper. Supply Chain Dig Deeper Supply Chain Geoff Babidge CEO, A2 Corp We are committed to positive purchasing decisions We are a global company. And with more than 18,000 businesses supplying us with over $4.9 billion of

More information

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL FINANCIAL YEAR ENDED 31 DECEMBER 2017 INTRODUCTION The Board of Directors is pleased to provide the Statement on Risk Management and Internal Control pursuant

More information

CORROSION MANAGEMENT MATURITY MODEL

CORROSION MANAGEMENT MATURITY MODEL CORROSION MANAGEMENT MATURITY MODEL CMMM Model Definition AUTHOR Jeff Varney Executive Director APQC Page 1 of 35 TABLE OF CONTENTS OVERVIEW... 5 I. INTRODUCTION... 6 1.1 The Need... 6 1.2 The Corrosion

More information

Be a Hero in Boom Times Not Just in Bust Times

Be a Hero in Boom Times Not Just in Bust Times Be a Hero in Boom Times Not Just in Bust Times BE A HERO IN BOOM TIMES NOT JUST IN BUST TIMES Patrick Connaughton Research Director, The Hackett Group The Hackett Group The Evolving Business Environment

More information

THE 8 REPORTS YOU NEED FOR EFFECTIVE AND EFFICIENT VENDOR RISK MANAGEMENT

THE 8 REPORTS YOU NEED FOR EFFECTIVE AND EFFICIENT VENDOR RISK MANAGEMENT THE 8 REPORTS YOU NEED FOR EFFECTIVE AND EFFICIENT VENDOR RISK MANAGEMENT Reporting is a critical, yet often overlooked, aspect of a successful Vendor Risk Management program. The right reports give you

More information

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation April 2014 Disclaimer This presentation is made by KPMG Kenya, a member firm of the KPMG network of independent firms affiliated

More information

VENDOR RISK MANAGEMENT FCC SERVICES

VENDOR RISK MANAGEMENT FCC SERVICES VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda

More information

Maximizing value from your lines of defense

Maximizing value from your lines of defense Insights on governance, risk and compliance December 2013 Maximizing value from your lines of defense A pragmatic approach to establishing and optimizing your LOD model Contents Introduction Are you getting

More information

Enterprise Risk Management Montana State Fund

Enterprise Risk Management Montana State Fund Enterprise Risk Management Montana State Fund Report to the Board January 28, 2011 Presented by: Mary Peter, Director of Enterprise Risk Management Enterprise Risk Management (ERM) Defined An integrated

More information

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The COMPANY) Amendments approved by the Board on 22 March 2016 Audit, Risk and Compliance Committee Terms of Reference Atlas Mara Limited (The "COMPANY") Amendments approved by the Board on 22 March 2016 1. OVERVIEW 1.1 The primary objective of the committee is to

More information

Implementations Advisory Analytics. Unlocking Value in Source-to-Pay. Realize Customer Success through Transformation and Cloud Software

Implementations Advisory Analytics. Unlocking Value in Source-to-Pay. Realize Customer Success through Transformation and Cloud Software Implementations Advisory Analytics Unlocking Value in Source-to-Pay Realize Customer Success through Transformation and Cloud Software 2 What s Trending One of the hottest trends in business is the adoption

More information

Building a Framework for Effective Third-Party Risk Management (TPRM)

Building a Framework for Effective Third-Party Risk Management (TPRM) Building a Framework for Effective Third-Party Risk Management (TPRM) GARP Webcast Series On24 Tech Tips Brenda Boultwood Christopher Thackray APRIL 2016 Make sure your speakers are on Hit F5 any time

More information

B A L A N C I N G M O B I L I T Y O B J E C T I V E S : TA L E N T V S. B U S I N E S S N E E D S

B A L A N C I N G M O B I L I T Y O B J E C T I V E S : TA L E N T V S. B U S I N E S S N E E D S B A L A N C I N G M O B I L I T Y O B J E C T I V E S : TA L E N T V S. B U S I N E S S N E E D S L a u r a R o d r i g u e z G l o b a l D i r e c t o r, Ta l e n t M o b i l i t y J o h n s o n & J o

More information

Using data analytics and continuous auditing for effective risk management

Using data analytics and continuous auditing for effective risk management Using data analytics and continuous auditing for effective risk management November 2013 Irakis Kanavaris Agenda Current trends Common terminology of Data Analytics and CA/CM KPMG approach & observations

More information

Service Organization Controls (SOC) Reporting Discussion: Perspectives and Opportunities

Service Organization Controls (SOC) Reporting Discussion: Perspectives and Opportunities IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Service Organization Controls (SOC) Reporting Discussion: Perspectives and Opportunities

More information

Procurement Development Programs. Free Powerpoint Templates Page 1

Procurement Development Programs. Free Powerpoint Templates Page 1 . Procurement Development Programs Page 1 Why Should Procurement Matter? The benefits to the enterprise Drive efficiency and financial sustainability Improve probity and process Return on investment Support

More information

Effective Risk Management With AML Risk Assessment. January 25, 2017

Effective Risk Management With AML Risk Assessment. January 25, 2017 Effective Risk Management With AML Risk Assessment January 25, 2017 2017 2017 Crowe Crowe Horwath Horwath LLP LLP Agenda Regulatory Trends in Risk Assessment Crowe Approach to Anti-Money Laundering (AML)

More information

Transforming Internal Audit to Drive Business Performance. 21 June, 2011

Transforming Internal Audit to Drive Business Performance. 21 June, 2011 Transforming Internal Audit to Drive Business Performance 21 June, 2011 Agenda Stakeholder Needs from Survey Data Linking Business Performance to Internal Audit The Role of Risk Management Becoming a Strategic

More information

Procurement Performance Review

Procurement Performance Review Office of the BC Ferries Commissioner Procurement Performance Review Final Report Table of contents Table of contents... 2 1. Executive Summary... 3 2. List of Acronyms Used... 6 3. Background... 7 3.1.

More information

Gain strategic insight into business services to help optimize IT.

Gain strategic insight into business services to help optimize IT. Closed-loop measurement and control solutions To support your IT objectives Gain strategic insight into business services to help optimize IT. Highlights Gain insight and visibility across the IT project

More information

Third-Party Risk Management: Driving Enterprise Value. Linda Tuck Chapman

Third-Party Risk Management: Driving Enterprise Value. Linda Tuck Chapman Third-Party Risk Management: Driving Enterprise Value Linda Tuck Chapman lindatuckchapman@ontala.com 416.452.4635 917.831.2923 Linda Tuck Chapman Career highlights: President, Ontala Performance Solutions

More information

Best Practices for Vendor Risk Profiling

Best Practices for Vendor Risk Profiling Best Practices for Vendor Risk Profiling Presented By Michael Volkov CEO & Founder, Volkov Law Group Stephen Gooding Director, Product Specialists, NAVEX Global Copyright 2019 NAVEX Global, Inc. All Rights

More information

Identifying and Mitigating Third Party Risk Conducting Risk-Based Anti-Corruption, Anti-bribery Due Diligence

Identifying and Mitigating Third Party Risk Conducting Risk-Based Anti-Corruption, Anti-bribery Due Diligence Identifying and Mitigating Third Party Risk Conducting Risk-Based Anti-Corruption, Anti-bribery Due Diligence Jennafer B. Watson Chief Compliance Officer Layne Christensen Diana M. Lutz, Chief Ethics and

More information

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2 Practical Enterprise Risk Management (ERM) Casualty Loss Reserve Seminar, Fall 2013 Agenda ERM 101 2 Building an effective ERM program 8 Case study 28 Lessons learned 34 Q&A 38 1 Practical Enterprise Risk

More information

How to Measure the Value of Your Internal Audit Group

How to Measure the Value of Your Internal Audit Group How to Measure the Value of Your Internal Audit Group Best practices to follow, pitfalls to avoid and success metrics to measure May 17, 2012 Agenda Strategic challenges: Implications for the enterprise

More information

Capgemini s Comprehensive Capital Analysis and Review Services

Capgemini s Comprehensive Capital Analysis and Review Services Capgemini s Comprehensive Capital Analysis and Review Services Driving regulatory and compliance values to banking institutions In 2011, the US Federal Reserve issued the Capital Plan Rule, which requires

More information

Agile Risk Assessment Reinventing RCSAs

Agile Risk Assessment Reinventing RCSAs POINT OF VIEW Agile Assessment Reinventing RCSAs The Building Blocks of Agile Management Protiviti s Agile Management philosophy enables organizations to focus on growth, improve efficiency and become

More information

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud insights for 5executives Governing the cloud Drive innovation and empower your workforce through responsible adoption of the cloud Of special interest to Chief information officers Chief information security

More information

Bank of Ireland. Service Integration as a means to govern a multivendor. 11 th October 2013

Bank of Ireland. Service Integration as a means to govern a multivendor. 11 th October 2013 Bank of Ireland Integration as a means to govern a multivendor IT estate 11 th October 2013 Gerry Flanagan (Accenture) Sharon Donnelly (Bank of Ireland) Agenda Introductions What is Introduction and why

More information

LEADING WITH GRC. The Return of the ERM Extending Beyond It s Past Scope. Brenda Boultwood, SVP Industry Solutions, MetricStream

LEADING WITH GRC. The Return of the ERM Extending Beyond It s Past Scope. Brenda Boultwood, SVP Industry Solutions, MetricStream LEADING WITH GRC The Return of the ERM Extending Beyond It s Past Scope Brenda Boultwood, SVP Industry Solutions, MetricStream The Return Of The Jedi Extending beyond its past scope June 7, 2017 In Today

More information

ERM for Small to Mid-sized Companies

ERM for Small to Mid-sized Companies ERM for Small to Mid-sized Companies Session #304 Today s Presenters Greg Fritsky Jerry Ravi Rita Linterno Technology & Finance Transformation Consultant ERM / Internal Audit Specialist & Technology Consultant

More information

Global Enterprise Model (GEM) for Utilities

Global Enterprise Model (GEM) for Utilities Business Process Outsourcing the way we do it Global Enterprise Model (GEM) for Utilities Transforming business processes to drive greater efficiencies, reduce operational costs and improve the customer

More information

White Paper Describing the BI journey

White Paper Describing the BI journey Describing the BI journey The DXC Technology Business Intelligence (BI) Maturity Model Table of contents A winning formula for BI success Stage 1: Running the business Stage 2: Measuring and monitoring

More information

NASCIO 2010 Recognition Award Nomination. Title: Electronic Commerce Task Force Study and Enterprise Implementation

NASCIO 2010 Recognition Award Nomination. Title: Electronic Commerce Task Force Study and Enterprise Implementation NASCIO 2010 Recognition Award Nomination Title: Electronic Commerce Task Force Study and Enterprise Implementation Category: Cross-Boundary Collaboration and Partnerships State: North Carolina Prepared

More information

Navigating Changing Dynamics of First Line Risk and Control Functions

Navigating Changing Dynamics of First Line Risk and Control Functions POINT OF VIEW Navigating Changing Dynamics of First Line Risk and Control Functions Including results of Protiviti s large financial institution survey on business control functions An organization s overall

More information

FINRA 2090/2111 Solutions & Expertise

FINRA 2090/2111 Solutions & Expertise FINRA 2090/2111 Solutions & Expertise TABLE OF CONTENTS Overview... 3 Requirements for Institutions... 3 Recommended Approach... 4 Actimize Solutions for FINRA Know Your Customer & Suitability Requirements...

More information

Intelligent automation and internal audit

Intelligent automation and internal audit Intelligent automation and internal audit Adding value through governance, risk management, and controls Second article in the series kpmg.ch Contents Governing intelligent automation across the enterprise

More information

Ingersoll Rand. Jonathan Kamanns Leader, Supplier Relationship Management

Ingersoll Rand. Jonathan Kamanns Leader, Supplier Relationship Management Ingersoll Rand Jonathan Kamanns Leader, Supplier Relationship Management Supplier Relationship Management Global Process Ownership What is Supplier Relationship Management (SRM)? Why do we need it - Benefits?

More information