From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance
|
|
- Alice Little
- 6 years ago
- Views:
Transcription
1 Sharon Hale and John Argodale May 28, 2015
2 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance Management: The act of directing, or controlling to bring about or succeed in accomplishing, sometimes despite difficulty or hardship
3 What is Enterprise Risk Management (ERM)? All large organizations operate in environments marked by inherent risk. Risk can take many forms: Risk of not meeting organizational goals and objectives Risks affecting the organization s mission and operations Risk of not complying with laws, policies, and regulations Cost and schedule risk associated with major programs and initiatives Financial risks Reputational risks Personnel and cultural risks Risk of fraud, waste, and abuse ERM is a process that: Is governed by the entity s senior management Is applied strategically across the entire enterprise Is designed to systemically identify events that may present risk Establishes the enterprise s tolerance or appetite for risk Identifies those risks that need to be actively managed Designs and implements controls to manage risks Monitors control effectiveness Establishes an appropriate risk response Provides reasonable assurance that the entity will achieve its objectives 3
4 Committee of Sponsoring Organizations (COSO) of the Treadway Commission 4 Developed the COSO Framework for ERM Supported by five private sector organizations: Institute of Management Accountants (IMA) American Accounting Association (AAA) American Institute of Certified Public Accountants (AICPA) Institute of Internal Auditors (IIA) Financial Executives International (FEI) Provides thought leadership for governance, internal controls, ethics and ERM Defines enterprise risk management as: a process, affected by an entity s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
5 5 The COSO ERM Framework Widely-accepted best practice for establishing ERM capabilities Used extensively by Federal agencies and the private sector The Government Accountability Office (GAO) Standards for Internal Control in the Federal Government are built upon the COSO framework Prescribes eight interrelated components required to be executed in order to achieve strategic, operational, reporting, and compliance objectives The eight risk management functions collectively comprise a comprehensive risk management framework Designed to be implemented across all organizational levels
6 Primary Operational Risk Management Functions COSO and industry best practices prescribe that a comprehensive ERM program fully addresses eight core risk management functions. Functions* Internal Environment/ Governance Objective Setting Risk Identification Risk Assessment Risk Response Primary Operational Risk Management Functions Description Setting the risk culture by defining the way the organization views and addresses risks and controls. The risk management governance structure is established to assign authority and responsibility. Coordination with executive leadership to align operational, compliance, and reporting objectives with risk tolerance. Identification of risk events that may affect the organization s ability to implement its strategy and achieve its objectives and performance goals. Evaluation of likelihood and impact of identified risk events as well as the existing controls that mitigate either the chance of an event occurring and/or the impact if it does occur. Selection of risk response options to minimize residual risk. Control Activities Information & Communication Monitoring Implementation of policies and procedures to execute and monitor risk responses. Identification, capture, and communication of relevant risk information across all organizational levels. Continuous monitoring and oversight to identify opportunities for improvement. * Based on COSO ERM Integrated Framework 6
7 LOW MEDIUM HIGH Catastrophic MINIMUM MAXIMUM Melt Down Big Mess Trouble Problem Concern Issue Minimal 7 7
8 8 Relationship of ERM Internal Controls Governance ERM Internal Controls Internal Controls
9 Anticipated Changes to Office of Management and Budget (OMB) Circular No. A-123 for Fiscal Year (FY) 2016 Draft tentatively titled Management s Responsibility for Risk Management and Internal Control OMB s vision for FY 2016 Update The goal of Circular A-123 is to modernize efforts to implement the Federal Managers Financial Integrity Act (FMFIA) so that it will evolve our existing internal control framework to be more value-added and provide for stronger risk management Detailed framework for evaluating control deficiencies Reinforces corrective action planning requirements to address the root causes of control deficiencies Introduces ERM to provide for more effective risk management and internal control in the Federal Government Adopts additional COSO framework guidance Emphasizes governance and internal control relationships Revised Annual Statement of Assurance Internal controls over operations and compliance Internal controls over financial reporting Guidance on service organizations user controls Alignment with audit terminology significant condition vs. reportable condition OMB A-123 Update Briefing, April 28,
10 Most Organizations Implement Some Risk Management Elements but are not Fully Optimized 10
11 Challenges to Implementing an ERM Framework 11 Leadership Culture Governance Policies not Aligned to Risk Appetite Risk Standardization, Response, and Coordination Communication Organizational Silos Command and Control Structures Compliance Focus Personnel and Resource Constraints Technology to Enable Effective and Efficient Risk Management Business Process and System Complexity and Maturity IT General and Application Controls
12 12 The Value Proposition The cost of preventive internal controls vs. cost of cleaning up Collaboration between program offices and traditional support offices Chief Financial Officer (CFO)/A-123 staff Building partnerships with stakeholders to support their cases A more risk enabled performance management culture A sustainable approach for an Audit Steady environment Strategic alignment: Improve likelihood of achieving objectives Effectiveness: Doing the right things and seizing opportunities Efficiency: Achieving strategic objectives in a cost effective manner
13 ERM Supports Audit Readiness and Enhance the Managers Internal Control Program Internal Controls Framework 1 Opportunities MONITORING INFORMATION AND COMMUNICATION CONTROL ACTIVITIES RISK ASSESSMENT CONTROL ENVIRONMENT GAO and COSO set five objectives for development of an agency s Internal Controls Program: Monitoring: Performance report, review, and systematic oversight Information and Communication: Agency communications Control Activities: Approvals and clear control owners Risk Assessment: Establish process risk self assessment capabilities and risk ranking and prioritization Control Environment: Establish and communicate tone at the top and develop policies and procedures 1 Source: GAO Internal Controls Framework Guidelines and Committee of Sponsoring Organizations (COSO) Internal Control Framework UNIT A UNIT B ACTIVITY 1 ACTIVITY 2 ACTIVITY 3 Implementing an effective ERM program provides opportunities to: Evolve controls from manual to automated or detective to preventive Rationalize business processes based on complexity and implement process risk self assessments Achieve and sustain a cost beneficial audit ready and audit steady business environment Map business processes Identify risks Link controls to risks Develop key risk indicators 13
14 Characteristics and Benefits of an Optimized ERM Program 14 Characteristics Benefits Senior management sets the tone from the top Governance structure holds appropriate personnel accountable Repeatable business processes that address an organization s operational risks Methodology includes assessments, risk data capture, analytics, and reporting Objective is to improve risk response as an interrelated risk portfolio Governance, policies, and standards centrally managed Decentralized execution Improve Performance Reduce operational losses and surprises Improve compliance Increase change capability Inform operational management decisions Facilitate risk self-identification Support for management assurance statement Optimize Costs Aggregate risk transfer and acceptance decisions Eliminate overlapping and unnecessary controls and activities Align risk thresholds to business strategy Instill Confidence Protect reputation Integrate risk into planning and strategy Better align resources to missions Reduce waste, fraud, mismanagement Enhance the Managers Internal Control Program (MICP)
15 Approach to Evolve ERM from Current Level to Optimized 15 Key Success Factors for Enabling an Optimized Risk Management Program 1 Involve all staff in risk management activities Promote A Risk Set up recognition and reward initiatives Management Define risk management as part of the requirement Culture for all management positions 6 Implement Concise Risk Assessment Processes Develop efficient, targeted Process Risk Self Assessments (PRSA) Emphasize value to Commands and Field Leverage existing documentation to develop process maps of key processes and programs 2 Drive Risk Active engagement from senior leadership in risk Management From processes and meetings Distribute communications and policies directly from Top leadership 7 Focus Working Groups and Committees Working groups and committees should be mindful of the risks associated with the objectives and outcomes they are trying to achieve 3 Establish Open Communication Channels Communicate the organization s efforts and involve all employees 8 Leverage Internal Control Point of Contacts (POC) Leverage the organization s existing MICP personnel and structure 4 Create simple, understandable terminology and tools Use Common Risk for Command, Field, Installation and Programs Language and Leverage facilitators and risk and control Subject Tools Matter Experts (SME) in working sessions to improve standardization of risk data 9 Develop Adequate Guidance Set up a forum of managers where they are able to identify their problems/risks and share best practices 5 Develop risk dashboards for Commands and Field as 10 Communicate Risk well as senior leadership Provide Dedicated Management Demonstrate linkage of risk management processes to Training Performance measures of business performance and measures of risk thresholds Provide risk management training to help integrate risk management tactics
16 16 What is Process Risk Self Assessment? A robust, standard approach designed to assess the effectiveness of risk management and control processes and report results A methodology for focusing on significant risks and key controls A standard process providing documented support for the Annual Statement of Assurance and a means to generate risk and control data A bottoms-up approach to systematically implement operational risk management capabilities to detect, prevent, and correct risk events A method to improve risk management and reduce loss A means to provide decision makers information to support control assessments and enable risk-informed decisions
17 Process Risk Self Assessments Ensure Controls are Effectively Executed 17 More Effective / Desirable Less Effective / Desirable Systemic Preventive (e.g., System edit prevents unapproved action) Systemic Detective (e.g., System report identifies unapproved activity) Manual Preventive (e.g., Employees receive annual training on policy requirements) Manual Detective (e.g., Employee reviews receipts for any non-approved activity) Key Components Written policies for executing selected risk responses Processes and procedures Management and human capital assigned as risk and process owners Review of performance measures Progress to Date Policies and procedures and reference manuals developed with reference to risk activities Opportunities to Enhance Control Activities Implement policies and procedures that assign risk responses to process owners Establish clear accountability by establishing process and control owners Leverage control testing as part of the Process Risk Self Assessment process to review control quality
18 Four Process Steps Drive Process Risk Self Assessment 18 Track metrics Monitor Risk Management performance Follow up on corrective action Monitor Identify Collect critical process list Create/update process maps Identify critical processes Capture and catalog processes Maintain Risk Management Tool Create customized dashboard reports Generate reports for all risk stakeholders Report Evaluate Perform process-based risks and controls assessments Analyze risk events, evaluate results, and implement corrections
19 OBJECTIVE: Get the chicks safely across the road 19
20 RISK: The chicks may be too small to safely cross the drain 20
21 RISK ASSESSMENT: Failed to assess risk of crossing the drain 21
22 RISK RESPONSE: Call the fire department 22
23 RESULTS: All the chicks are safe 23
Enterprise Risk Management: Developing a Model for Organizational Success. White Paper
Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the
More informationCatching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010
Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified
More informationEnterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.
Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, 2017 3:45 p.m. 4:45 p.m. Presented by: Marc Winkler Director P&G Associates 646 Highway 18 East Brunswick, NJ 08816 P: 877-651-1700
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which
More informationStrengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationEnterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.
Enterprise Risk Management Applying enterprise risk management to environmental, social and governance-related Executive Summary PRELIMINARY DRAFT January 2018 This document was developed by the Committee
More informationCOSO 2013: Updated internal control framework
COSO 2013: Updated internal control framework Athens, 10 October 2013 Background COSO's structure and mission COSO 1 is a joint initiative of five sponsoring organizations - American Accounting Association
More informationINTEGRATING ENTERPRISE RISK MANAGEMENT IN THE FEDERAL GOVERNMENT. Partnership for Public Service September 10, 2015
INTEGRATING ENTERPRISE RISK MANAGEMENT IN THE FEDERAL GOVERNMENT Partnership for Public Service September 10, 2015 Welcome, Introductions, and Purpose 3 Federal Enterprise Risk Management Framework Mission/Vision
More informationBUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017
For Exams Scheduled After March 31, 2017 CPA EXAM REVIEW BUSINESS UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1-877-CPA-EXAM
More informationMETROPOLITAN TRANSPORTATION AUTHORITY
ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation
More information1/12/2016. Standards for Internal Control in the Federal Government. Standards for Internal Control in the Government
Standards for Internal Control in the Federal Government Internal Control through the Years Standards for Internal Control in the Government GAO s Revised Green Book 1 2 Why the Green Book? What s in the
More informationIT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams
IT Audit at Brown A collaboration between the Information Technology and Internal Audit Teams Page 1 Agenda Objective Risk Management Overview Internal Audit at Brown IT Audit at Brown Frequently Asked
More informationEFFICIENT USE OF AUDIT COMMITTEES
AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit
More informationInternal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationInternal Control. Meeting Federal Requirements for Accountability. Robert Black, Senior Instructor 3 June 2016 PDI Orlando, FL
Internal Control Meeting Federal Requirements for Accountability Robert Black, Senior Instructor 3 June 2016 PDI Orlando, FL Internal Control Is EVERYONE S RESPONSIBILITY! Control Failure Examples Upper
More informationIn Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal
More informationStrengthening Control and integrity: A Checklist for government Managers
Forum: Analytics and Risk Management Tools for Making Better Decisions Strengthening Control and integrity: A Checklist for government Managers By James A. Bailey The next contribution is based on a Center
More informationAdvisory Services Governance, Risk & Compliance
Advisory Services Governance, Risk & Compliance Caribbean Association of Audit Committee Members Inc. 2010 Conference Caretakers of Integrity and Accountability: The Role of Internal Audit in Corporate
More information2014 Integrated Internal Control Plan. FRCC Spring Compliance Workshop April 8-10, 2014
2014 Integrated Internal Control Plan Contents Definitions Integrated Components of COSO Internal Control Framework The COSO Internal Control Framework and Seminole Control Environment Risk Assessment
More informationERM: Risk Maps and Registers. Performing an ISO Risk Assessment
ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING PRESENTATION AUDITING IMPLICATIONS OF COSO PROJECT TO UPDATE
More informationA Discussion About Internal Controls February 2016
A Discussion About Internal Controls February 2016 What we will cover today 001 Introductions 002 Defining Internal Controls 003 COSO Internal Controls Integrated Framework 004 Approach to Designing Internal
More informationISACA. The recognized global leader in IT governance, control, security and assurance
ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About
More informationEnterprise Risk Management 2016
Senior Management Conference November 3, 2016 Enterprise Risk Management 2016 Presented by: Jack R. Salvetti, Principal S.R. Snodgrass, P.C. 2016 S.R. Snodgrass, P.C. All Rights Reserved Risk: Exposure
More informationLEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE
Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson
More informationTaking ERM to a. 6 GRC Today / October 2015
GLOBAL SCALE 6 GRC Today / October 2015 Global Scale lobal events highlighted by G business scandals, failures, information theft, and natural disasters have shone the spotlight yet again on risk management
More informationEnterprise Risk Management Demystified
Enterprise Risk Management Demystified Charles W. Soucy, CPCU, CLU, ARM Joe C. Underwood, CPCU, ARM, AIC October 27, 2010 Agenda 1. What is it? A formal definition of ERM How it s different 2. Why do it?
More informationCOSO Internal Control Integrated Framework Proposed Update
COSO Internal Control Integrated Framework Proposed Update Presented by: Dustin Birashk September 20, 2012 1 DISCLOSURE STATEMENT The material appearing in this presentation is for informational purposes
More informationA Risk Management Framework for the CGIAR System
Agenda Item 10 For Decision Issued: 25 October 2017 A Risk Management Framework for the CGIAR System Purpose Building on core principles presented at SC4 for early input, this paper summarizes the main
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationThe Future of Internal Auditing:
Internal Audit The Future of Internal Auditing: Changing Internal Audit s Value Proposition October 12, 2010 Istanbul, Turkey Presented by: Naman Parekh Partner, Agenda Background of the 2012 Study Key
More informationCOMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University
COMPLIANCE AT LARGER INSTITUTIONS November 11 13, 2009 Robert F. Roach Chief Compliance Officer New York University I. Introduction - What is Compliance? We re Watching You! In a University setting, the
More informationClarifying the Role of. Enterprise Risk Management
Clarifying the Role of Enterprise Risk Management Introductions/Opening Remarks Speakers: Doug Webster, Director, Risk Officer, US Agency for International Development Mike Wetklow, Deputy CFO, National
More informationThe COSO Approach to Enterprise Risk Management
Bank Enterprise Management May 4 5, 2016 New York City The COSO Approach to Enterprise Management Presented by: Jack R. Salvetti, Principal S.R. Snodgrass, P.C. About COSO The Committee of Sponsoring Organizations
More informationMiles CPA Review: BEC Q Updates for 2017 Edition
Miles CPA Review Miles CPA Review: BEC Q2 2018 Updates for 2017 Edition Summary of updates: - New version CPA exam structure (w.e.f. April 2017) Time management on the exam - BEC-1.3 Enterprise Risk Management
More informationTactical Implementation of Enterprise Risk Management
Tactical Implementation of Enterprise Risk Management Presented by: Glen Cooper Copyright Tactical Implementation of ERM CONGRATULATIONS YOU HAVE SUCCESSFULLY MADE YOUR BUSINESS CASE AND ACHIEVED MANAGEMENT
More informationAudit of Entity Level Controls
Unclassified Internal Audit Services Branch Audit of Entity Level Controls February 2014 SP-606-03-14E You can download this publication by going online: http://www12.hrsdc.gc.ca This document is available
More informationEnterprise Risk Management, Compliance, and Management Advisory Services: An Integrated Approach. SCCE s Higher Education Compliance Conference
Enterprise Risk Management, Compliance, and Management Advisory Services: An Integrated Approach SCCE s Higher Education Compliance Conference June 13, 2011 Objectives Implementing Enterprise Risk Management
More informationHeads Up. Control Integrated Framework. COSO Enhances Its Internal. In This Issue: Enhancements in the 2013 Framework
June 10, 2013 Volume 20, Issue 17 Heads Up In This Issue: Enhancements in the 2013 Framework Effective Systems of Internal Control COSO Transition Guidance and Impact on Other COSO Documents Internal Control
More informationEffective implementation of COSO s new anti-fraud guidance
Effective implementation of COSO s new anti-fraud guidance In September 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a new Fraud Risk Management Guide (Anti-fraud
More informationDIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015
DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS SAMPLE SELF-ASSESSMENT TOOL INTRODUCTION The purpose of this tool is to help determine
More informationEnterprise Risk Management Program
Enterprise Management Program APPA Meeting Austin, Texas September 25, 2007 Presented by: L.D. Hollingsworth 1 Agenda Introduction - Why ERM? Governance & Reporting Structure CPS Energy s ERM Approach
More informationSOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT
RSA ARCHER AUDIT MANAGEMENT INTRODUCTION Internal audit departments are struggling to deliver strategic leadership, coordinated assurance and other services their stakeholders need, but this task isn t
More informationREPORT 2016/033 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS
More informationAn Assessment of Texas State Government. Implementation of Enterprise Risk Management Principles
An Assessment of Texas State Government Implementation of Enterprise Risk Management Principles Faculty Approval: By Lynn Altemeyer An Applied Research Project (Political Science 5397) Submitted to the
More informationRisk Assessment and Risk Acceptance Overview
Risk Assessment and Risk Acceptance Overview Presented by: Bernice Lemaire, CPA, CIA, CGFM, CGMA, CFE Office of Benefits Administration (OBA) Manager, Management Compliance Division, OBA Chief Auditor
More informationDallas Center for Performance Excellence (CPE) Executive Summary
Dallas Center for Performance Excellence (CPE) Executive Summary Publication Date: January 8, 2015 The Center for Performance Excellence (CPE) is a continuous improvement initiative commissioned by the
More informationRisk Based Internal Audit Plan
Risk Based Internal Audit Plan (Developing a Risk based IA Plan and updating the Audit Universe) C.A. Milan Mody WIRC of ICAI Presentation on 18th August 2018 1 2 Table of Contents Backdrop What is Risk?
More informationMore than 2000 organizations use our ERM solution
5 STEPS TOWARDS AN ACTIONABLE RISK APPETITE Contents New Defining Pressures Risk Appetite and Risk Tolerance Benefits The 5 Best of Practices Risk Assessments Benefits of an Actionable Risk Appetite More
More informationEnterprise Risk Management Handbook. June, 2010
Enterprise Risk Management Handbook June, 2010 Table of Contents Overview... 4 What is Enterprise Risk Management?... 5 Why Undertake Enterprise Risk Management?... 6 Draft UW System ERM Vision, Mission,
More informationDepartment of Navy Audit Update
Department of Navy Audit Update Northern Virginia Chapter Association of Government Accountants April 28, 2017 Victoria Crouse, Chief Strategy Officer Agenda What We ve Done Journey to Date: Key Milestones
More informationRISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt. Here s a primer on how to use two well-known approaches.
RISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt Here s a primer on how to use two well-known approaches. By Mark L. Frigo, CMA, CPA, and Richard J. Anderson, CPA As enterprise risk management (ERM) continues
More informationBusiness Context of ISO conform Internal Financial Control Assessment
Business Context of ISO 15504 conform Internal Financial Control Assessment By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction In this paper the business context of the ISO/IEC 15504 [1] conformant
More information1. Definition & Mission
1. Definition & Mission 1.1 Internal Auditing is an independent, objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of. 1.2 Group Internal
More informationAdvisory on UNESCO s Enterprise Risk Management. Internal Oversight Service Audit Section. IOS/AUD/2016/05 Original: English.
Internal Oversight Service Audit Section IOS/AUD/2016/05 Original: English Advisory on UNESCO s Enterprise Risk Management July 2016 Auditors: Sameer Pise Dawn Clemitson Christian Muco EXECUTIVE SUMMARY
More informationCritical Success Factor in ERM Implementation
Critical Success Factor in ERM Implementation Mohd Shahari Idris 4 th & 5 th June 2014, Mandarin Oriental Hotel, KL Integrating Risk and Objectives VISION MISSION STRATEGY MAP ENTERPRISE RISK MANAGEMENT
More informationRSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT
RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT OVERVIEW Internal Audit (IA) plays a critical role in mitigating the risks an organization faces. Audit must do so in a world of increasing risks and compliance
More informationECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme
ECQA Certified Profession Governance SPICE Model used by the Internal Financial Control Assessor Training Programme Contact: János Ivanyos Memolux Ltd. +36 1 467403 ivanyos@memolux.hu www.training.ia-manager.org
More informationPART 6 - INTERNAL CONTROL
PART 6 - INTERNAL CONTROL INTRODUCTION The A-102 Common Rule and OMB Circular A-110 (2 CFR part 215) require that non-federal entities receiving Federal awards (i.e., auditee management) establish and
More informationReport. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report
Report Quality Assessment of Internal Audit at Draft Report / Final Report Quality Self-Assessment by Independent Validation by Table of Contents 1.
More information2013 COSO Internal Control Framework Update. September 5, 2013
2013 COSO Internal Control Framework Update September 5, 2013 Agenda 2013 COSO IC Framework Topic Minutes The update process 5 What is not changing / What is changing 5 The 17 principles and changes to
More informationIntroductions. Enterprise Risk Management. Thinus Nienaber. Why are You here? Where are You coming from? Where are You going?
Enterprise Risk Management PRESENTED BY Thinus Nienaber Introductions Why are You here? Where are You coming from? Where are You going? What do You expect? From the intervention? From Yourself? Let s share!
More informationThat Was Then, This Is Now. COSO Updates its 1992 Classic Internal Control-Integrated Framework
Internal Controls That Was Then, This Is Now COSO Updates its 1992 Classic Internal Control-Integrated Framework By Robert B. (BOB) Scott Originally issued in 1992, the COSO Internal Control- Integrated
More informationLIVING IN THE REAL WORLD THE LEGAL AND INSURANCE ASPECTS OF SMS
LIVING IN THE REAL WORLD THE LEGAL AND INSURANCE ASPECTS OF SMS Minneapolis, Minnesota August 8-9, 2017 Special Thanks Our Host: August 8-9, 2017 Panelists Risk Management Perspective Michael Yip, Vice
More informationPresent and functioning: Fine-tuning your ICFR using the COSO update
Present and functioning: Fine-tuning your ICFR using the COSO update November 2014 With the COSO s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time
More informationGovernance SPICE. Using COSO and COBIT Process Assessment Models BPM GOSPEL
Governance SPICE Using COSO and COBIT Process Assessment Models Linking Governance to Sustainable Value Creation BPM GOSPEL (LLP-LDV-TOI-2010-HU-001) This project has been funded with support from the
More informationTools & Techniques II: Lead Auditor
About This Course Tools & Techniques II: Lead Auditor Course Description Learn the skills necessary to lead an audit team with confidence. This course provides an overview of the life cycle of an audit
More informationThe Social Marketer vs. the Social Enterprise Social media in financial institutions is in transition.
DECEMBER 2014 THE STATE OF Social Media in Financial Services The Social Marketer vs. the Social Enterprise Social media in financial institutions is in transition. Although social media is largely perceived
More informationDeveloping an Integrated Anti-Fraud, Compliance, and Ethics Program
Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Establishing an Effective Anti-Fraud, Compliance, and Ethics Function 2018 Association of Certified Fraud Examiners, Inc. Discussion
More informationRisk Management Strategy
Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved
More informationInformed Decision Making
Informed Decision Making WHEFA Workshop March 2018 Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor. Choose Your Own Adventure
More informationAudit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization
Audit Training-of-Trainers Workshop, 18-19 November 2014, Vienna Components of internal control within organization Andrei Busuioc, Senior Financial Management Specialist, CFRR Session objectives The session
More informationProtecting Fixed Assets: Internal Controls for Non Profits
Protecting Fixed Assets: Internal Controls for Non Profits 25 September 2012 Community Sector Council Newfoundland and Labrador (CSC) Darlene Scott, Senior Program Associate darlenescott@cscnl.ca www.communitysector.nl.ca
More informationPrince William County Public Schools Annual Audit Plan
Prince William County Public Schools 2011 Annual Audit Plan Office of Internal Audit Vivian Calkins-McGettigan, MBA, CPA, CPFO Chief Internal Auditor Table of Contents Foreword 3 Introduction to the Office
More informationLeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT
LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT This policy provides an overview of the bank s risk management process and defines the broad responsibilities for overseeing corporate governance and
More informationISO Revisions. ISO 9001 Whitepaper. The importance of risk in quality management. Approaching change
ISO Revisions ISO 9001 Whitepaper The importance of risk in quality management Approaching change Background and overview to the ISO 9001:2015 revision As an International Standard, ISO 9001 is subject
More informationDeveloping a successful governance strategy. By Muhammad Iqbal Hanafri, S.Pi., M.Kom. IT GOVERNANCE STMIK BINA SARANA GLOBAL
Developing a successful governance strategy By Muhammad Iqbal Hanafri, S.Pi., M.Kom. IT GOVERNANCE STMIK BINA SARANA GLOBAL it governance By NATIONAL COMPUTING CENTRE The effective use of information technology
More informationEnterprise risk management Protecting and enhancing value Advisory
Enterprise risk management Protecting and enhancing value Advisory October 2016 kpmg.co.za 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member
More informationSession 7: Corporate Governance
Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
More informationImprove GRC Maturity through Combined Assurance
White Paper Improve GRC Maturity through Management External Assurance Providers Internal Assurance Providers Oversight Governance; Risks and Controls Figure 1: The Model What is Combined Assurance? With
More informationENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015
ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS Dan Julevich and Chris Dawes April 17, 2015 Agenda ERM What, Why, How? ERM Keys to Success Fail, Survive, or Thrive? ERM Current State Overview ERM Leading
More informationEnterprise Risk Management
1 Enterprise Risk Management Building an Effective Enterprise Risk Management Program in a Community Bank Jay Gallo Chief Risk Officer Topics for Discussion 2 Defining Enterprise Risk Management Do Community
More informationIntegrating COSO s Fraud Risk Management Guide on an Enterprise Scale
Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale September 15, 2017 Vincent Walden Partner EY Atlanta Delores White Director, Internal Audit Southern Company Scott Hulsey Chief Compliance
More informationENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA
ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA Chapter 1 Fundamentals of Enterprise Risk Management Risk management has become a vital ingredient in the entrepreneurial culture
More informationBeyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404
Beyond Compliance Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404 Note to Readers Regarding This First Edition April 2003: This document was published
More informationRisk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director
Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director March, 2010 Today s Agenda In the Spotlight More Than 15 Minutes of Fame Marketplace Perspective Deloitte Global
More informationInternational Finance Corporation
International Finance Corporation Corporate Governance and Internal Audit Overview Bob Lamm Independent Senior Advisor Center for Corporate Governance Deloitte LLP Neil White Global IA Analytics Leader
More informationKEY SUCCESS FACTORS FOR MAJOR PROGRAMS THAT LEVERAGE IT. The 7-S for Success Framework
KEY SUCCESS FACTORS FOR MAJOR PROGRAMS THAT LEVERAGE IT The 7-S for Success Framework May 2014 This document sets forth a framework of critical success factors for large scale government IT projects. ACT-IAC
More information7 Key Trends in Enterprise Risk Management
7 Key Trends in Enterprise Risk Management John Verver, CPA CA, CISA, CMC Kevin Legere, ACDA Presenters John Verver Consultant and Advisor to ACL Kevin Legere Director of Product Design Agenda Excellence
More informationWhat We Will Cover Today
Standards for the Professional Practice of Internal Auditing The IIA Red Book The Basics of Internal Auditing September 8, 2014 Sam McCall, PhD, CPA, CGFM, CIA, CGAP, CIG Chief Audit Officer Florida State
More informationResearch paper on risk management in the light of the results of the global survey of 2012
Research paper on risk management in the light of the results of the global survey of 2012 November 2013 INTOSAI SUBCOMMITTEE ON INTERNAL CONTROL STANDARDS 1 Introduction The events that the global economy
More informationCORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE
CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE What is on the agenda Corporate Governance: In Theory Brief history The concept Principles Corporate Governance: In Practice Corporate governance elements
More informationAnalytics in Auditing Is a Game Changer
Analytics in Auditing Is a Game Changer With digitalization, robotics and business transformation gaining more momentum in organizations every day, internal audit needs to embrace analytics and fast. Internal
More informationAn Update of COSO s Internal Control Integrated Framework. December 2011
An Update of COSO s Internal Control Integrated Framework December 2011 1 Internal Control-Integrated Framework First published in 1992 Gained wide acceptance following financial control failures of early
More informationNYSARC/CP Compliance Seminar: Risk Assessments. May 2, 2016 Robert Hussar and Melissa Zambri
NYSARC/CP Compliance Seminar: Risk Assessments May 2, 2016 Robert Hussar and Melissa Zambri rhussar@barclaydamon.com mzambri@barclaydamon.com Agenda Introductions Compliance Risk Assessment Process OMIG
More informationFraming the future of corporate governance Deloitte Governance Framework. Center for Board Effectiveness
Framing the future of corporate governance Deloitte Governance Framework Center for Board Effectiveness For those interested in the topic of corporate governance, these are dynamic times. The events of
More informationTraining Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch
Training Title DEVELOPING EFFECTIVE KRIs (KEY RISK INDICATORS) Training Duration 5 days Training Dates & Venue REF ML056 Developing Effective KRIs (Key Risk Indicators) 5 28 Oct-01 Nov $4,250 Abu Dhabi,
More informationInternal Controls and Risk Management Report
42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management
More information