Enterprise Risk Management Defined and Explained

Size: px
Start display at page:

Download "Enterprise Risk Management Defined and Explained"

Transcription

1 Enterprise Risk Management Defined and Explained Council of Engineering and Scientific Society Executives ACCESSE16 July 27, 2016 Paul Klein Managing Director Not-for-Profit Atlantic Coast Market Territory Business Advisory Services Leader

2 Defining risk Threats The probability of damage, injury, liability, loss, or other negative consequence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action. Opportunities The lost prospects of achieving positive outcomes due to conservative management that relies on eliminating potential negative consequences through avoidance. 2

3 Evolution of risk management Traditionally, risk management focused on minimizing insurable risks due to accidental loss Risk management evolved to include other risk transfer and risk mitigation strategies Enterprise risk management further elaborates this in the context of threats to achieving strategic goals and opportunities to advance the mission 3

4 What is ERM? a process, effected by an entity s board of directors, management and other personnel, applied in a strategy setting across the enterprise, designed to identify potential events that may affect the entity, and to manage risk to be within its risk appetite, providing reasonable assurance regarding the achievement of entity objectives. - Source: COSO ERM Integrated Framework, Executive Summary, September

5 Differences between Enterprise and Internal Audit risk assessments Internal Audit Risk Assessment Focus on internal, controllable risks Risks viewed in the context of vulnerabilities Risk managed through controls that reduce/eliminate risk Evaluation of risk owned by internal auditor Enterprise Risk Assessment Focus on internal and external risks Risks viewed in the context of organizational strategy Risk managed through a broader variety of techniques Evaluation of risk owned by everyone 5

6 ERM objectives Provide increased visibility to the most significant risks impacting the institution Provide a platform for broad discussion and evaluation of appropriate levels of risk-taking consistent with risk tolerances Focus management s risk management efforts by identifying and reporting emerging risks that could jeopardize the institution s mission and strategy Serve as a foundation for an on-going risk monitoring process Provide the leadership team with increased visibility to the most significant risks to the institution 6

7 ERM scope Strategic risks that may impact the institution s ability to achieve its strategic priorities and fulfill its mission Financial risks that may affect stewardship and accountability for organizational assets Business, operational, program risks Regulatory compliance Reputational risks Information technology risk Emergency preparedness 7

8 Current state of ERM ERM processes at many institutions are still developing For-profits are further along in their ERM efforts than NFPs, partly due to regulatory requirements and stockholder demand for greater value Most organizations need to place a stronger focus on strategic risks While Boards are recognizing their risk oversight responsibilities, the level of oversight still varies greatly 8

9 Sample NFP Risk Universe Strategy and Initiatives: Vision and Direction Planning and Execution Measurement and Monitoring Organizational Structure Restructuring and Alignment Innovation Brand and Reputation Partnerships and Collaborations: Integration Alliances and Partnerships Communication: Policy and advocacy Crisis Communications Employee Communication Media Communications Market Dynamics: Competition Demand Socio-Political Strategic Operations Program Service & Delivery Membership model Supplier / Vendor Management Contract Commitment Procurement Infrastructure and Assets Project Planning and Management Construction and Maintenance People: Culture Recruiting and Retention Development and Performance Measurement Succession Planning Compensation and Benefits Information Technology: Security/Access Availability/Continuity Application Development Data Integrity IT Project Management Network Planning Hazards: Natural Events Terrorism and Malicious Events Disaster Response Safety Governance: Board Performance Tone at the Top Control Environment Social Responsibility Policies and Procedures Code of Conduct : Ethics Fraud Legal: Contracts Liability IP Infringement Compliance Regulatory compliance: Labor Practices - EEOC Environment - EPA Data Protection and Privacy Health and Safety EH&S Financial Liquidity and Credit: Income diversification Debt Management Credit and Collections (posttransaction) Insurance Healthcare costs Accounting External Reporting and Disclosure Internal Reporting Tax: Tax Strategy and Planning Reputational Image and Branding: Public Relations Brand perception Media Stakeholder Relations: Member Relevance Donor Communication Constituent Expectations 9

10 Participation in the ERM process Board of Directors Oversee the ERM program Set the tone for organizational risk appetite Review the risks identified by management Endorse management s assessment of risks Review effectiveness of risk mitigation efforts Monitor compliance with risk mitigation policies and procedures as well as changes in the risk environment 10

11 Participation in the ERM process Key questions the Board should be asking How often are we refreshing our assessment of top risks? Who is accountable for results? How are we monitoring and managing the top risks? What progress are we making to further mitigate top risks? Do we have responses prepared for extreme events (the black swans )? 11

12 Participation in the ERM process Management Implement and manage ERM processes Align ERM program to strategic goals and objectives Set tone for staff Identify and prioritize risks Establish risk responses and mitigation practices Report to the Board 12

13 High level ERM process Risk Response ERM Strategy and Framework Ongoing Communication, Reporting, and Monitoring Action Planning Strategic Risk Assessment 13

14 Using ERM as a strategic advantage Low value ERM Compliance focused Large inventory of risks and extensive risk mapping Risk mitigation to safeguard the organization Risk management activities are separate from strategic and operational decision-making Perceived as a necessary effort Delegated to lower level staff High value ERM Value and opportunity focused Fewer risks focused on significant gains/losses Risk optimization to maximize value Risk management is incorporated in strategic and operational decision-making Perceived as a cultural imperative Participation at all levels of the organization 14

15 Getting your ERM initiative started Seek board and senior management leadership, involvement, and oversight Select a strong leader to drive the ERM initiative Establish a risk management committee or working group From COSO: Embracing Enterprise Risk Management Perfect is the enemy of good enough! The most important thing is to get started 15

16 ERM the project Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Understand Business Environment Develop Risk Universe and Assess Risks Determine Risk Responses Design Ongoing ERM Processes Monitor Risk Universe Train and embed ERM guiding principles and processes 16

17 Implementing ERM Review relevant documentation Conduct an ERM kick-off meeting Conduct an introductory training session for senior management Facilitate Board dialog on risk Interview senior management and select Board of Directors Establish a committee responsible for risk management processes and activities PHASE 1 UNDERSTAND THE BUSINESS ENVIRONMENT 17

18 Implementing ERM Define the glossary of risk terminology Establish a framework for describing and evaluating risks Create risk register Confirm and hone the list with management Evaluate risks, assessing risk impact, likelihood, velocity, duration Identify risk categories and common themes Prioritize risks PHASE 2 DEVELOP RISK UNIVERSE AND ASSESS RISKS 18

19 Risk evaluation framework IMPACT Overall Risk Rating Description Low Medium High Strategy Achievement of strategic goals is delayed; customers are inconvenienced; minimal attrition can be expected (<1%) Achievement of strategic goals are blocked / management must reconsider initiatives; customer attrition is likely Existential risk to the organization; significant impediment to attracting and retaining customers Operations Financial Personnel Technology Changes required may be accomplished within operating budget parameters without significantly affecting other initiatives Changes require significant use of resources and requires Board action; unrestricted net assets stays mostly intact (<=$500k) Changes require significant use of resources and requires Board action; significantly erodes unrestricted net assets (>$500k) Legal / Compliance Low probability of successful lawsuit / sanctions against the organization (<15%); financial exposure is minimal (<$10,000) Heightened probability of successful lawsuit / sanctions against the organization (15%-50%); financial exposure would leave unrestricted net assets mostly intact (<=$500k) High probability of successful lawsuit / sanctions against the organization (>50%); financial exposure of a successful suit significantly erodes unrestricted net assets (>$500k) Fraud Minor amount of resources affected by fraud. Control structure exists, but does not operate sufficiently to prevent/deter/detect fraud. Significant amount of resources affected by fraud. Control structure exists, but does not operate sufficiently to prevent/deter/detect fraud -or- Minor amount of resources affected by fraud, but control structure is insufficient to prevent/deter/detect fraud (control design weakness). Significant amount of resources affected by fraud. Control structure is insufficient to prevent/deter/ detect fraud (control design weakness). Opportunity Little or minimal loss of potential revenue opportunity by not mitigating the identified risk Material loss of potential revenue (<=$500k) opportunity Significant loss of potential revenue (>$500k) opportunity Reputation Little to no external reaction expected; only a small constituency or interest group takes note External reaction expected from a broad constituency or interest group, but unorganized Significant external reaction expected from a broad constituency or interest group; risk event is noted on a national scale; causes constituents to organize against the organization or distance themselves from the organization 19

20 Risk evaluation framework Overall Risk Rating Description Low Medium High VELOCITY Speed which risk creates impact Slow (Greater than 24 months) Moderate (12-24 months) Fast (Less than 12 months) Anticipated duration that impact will be felt Short (Less than 6 months) Moderate (6-12 months) Long (Greater than 12 months) LIKELIHOOD Remote Unlikely Possible More Likely than Not Probable Nearly Certain Probability of Occurrence < 5% in one year -oronce in 20 years 5-20% in one year -oronce in years 20-40% in one year -oronce in years 40-60% in one year -oronce in 5-10 years 60-80% in one year -oronce in 2-5 years > 80% in one year -oronce in 1-2 years 20

21 Sample risk categories Strategy Operations Technology Personnel Finance Compliance Regulations Reputation Governance Fraud Environment 21

22 Overall Impact Strategy Operations Financial Compliance Fraud Legal Personnel Opportunity Reputation Technology Likelihood Velocity Duration Trend Sample risk register ample Risk Catalog IMPACT Risk Area Short name Risk Description Emergency Business continuity Failure to recover from an event that significantly preparedness disrupts operations and threatens business continuity Emergency preparedness Emergency preparedness Natural disasters Violence or Terrorism Failure to maintain practices for emergency/disaster preparedness in the event of natural disasters An act of violence / terrorism affects the facility or neighborhood, resulting in business interruption, injury, or damage to facilities. Financial Exchange rate volatility Impact of exchange rate variations when doing business internationally Financial Financial fraud Failure to protect the organization against any financial (e.g., treasury and cash management) fraud or malpractice Brand Protecting IP Failure to adequately protect intellectual property from unauthorized access or sharing by users High Low High High Low Low Low Low Low Low Low Possible Fast Short Increasing High Low High Medium Low Low Low Low Low Low Low Remote Fast Medium Steady High Low High Medium Low Low Low Low Low Low Low Remote Fast Medium Steady Medium Low Low Medium Low Low Low Low Low Low Low Possible Fast Short Increasing High Low Low High Medium High Medium Low Low High Low Remote Slow Medium Steady High Low Low High Low Low Low Low Low Low Low More Likely than Not Medium Medium Increasing Strategy Government funding, mandates, and embargos Failure to adapt to the shift in government funding to agencies and research institutions, as well as to mandates and embargos on government funding Medium Medium Low Medium Low Low Low Low Low Low Low Probable Medium Long Increasing Technology IT security practices Failure to create and maintain adequate security measures to safeguard against threats, including security policies and procedures High Low High High Low Low Low Low Medium Low High Possible Medium Medium Increasing Technology Protect enterprise data Failure to properly secure enterprise data from data servers and employee computers High Low Medium High Low Low Low Low Low Medium Medium Possible Fast Medium Steady 0 Technology Protect malicious activity of Failure to adequately monitor and protect access to Medium Low Medium Medium Low Low Low Low Low Medium Medium Possible Medium Medium Steady vendors various SaaS (cloud-based) systems from malicious usage by vendors 22

23 Implementing ERM Map risk management activities Ascertain institutional risk tolerance/appetite Assess gaps in risk response capabilities Develop an action plan to further reduce risk exposure Review analysis and plans with executives and the Board Execute approved action plans PHASE 3 DETERMINE RISK RESPONSES 23

24 ERM working document Risk Events Current Risk Profile Current Risk Mitigation Activities Required Action Items Future Risk Profile Impact Likelihood Impact Likelihood

25 Tips for improving your ERM efforts Align responses to your risk appetite Description Action Intolerable Highly undesirable Manageable Negligible Completely avoid/eliminate risk Accept risk only if essential and there is a limited possibility/extent of failure Accept risk if benefits outweigh negative consequences (justified risk) Manage impacts Accept possibility of failure if it maximizes returns monitor risk for changes in risk profile 25

26 LIKELIHOOD Sample ERM heat map Area of Focus: Technology RISK EVENTS H Cyber threats Back-up and recovery 3 Optimizing systems IT governance Access to budgets Technology investments M Help desk Policies & procedures 9 Mobility 10 Availability/reliability 11 Supplier/contractor activity L End-user training Balancing costs L M H IMPACT 26

27 Implementing ERM Design continuous risk assessment process that is embedded in the ERM program Design monitoring and event identification process Align strategic planning with ERM processes Design communication and reporting process Create long-term awareness and training plan PHASE 4 DESIGN ONGOING ERM PROCESSES 27

28 Implementing ERM Monitor changes to identified enterprise risks Discuss new and emerging risks Reassess action plans Update risk universe and prioritization Report progress to executives and the Board PHASE 5 MONITOR RISK UNIVERSE 28

29 Benefits of ERM Create clarity of definition and consensus regarding risk Protect assets of the organization, especially reputation Prevent/reduce impact of risks Provide transparency and accountability Increase constituent confidence Unify behavior/culture around risk management Establish linkage to strategic planning Prioritize allocation of resources (to most significant risks) Support mission success 29

30 Additional resources for management, Board members, and audit committees Publications for not-for-profit organizations 30

31 Questions / Comments 31

32 Contact information Paul Klein Managing Director Not-for-Profit Atlantic Coast Market Territory Business Advisory Services Leader T E Paul.Klein@us.gt.com 32

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM) The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview

More information

Strengthening Your Enterprise Risk Management Process

Strengthening Your Enterprise Risk Management Process Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise

More information

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1 5 Core Must-Haves for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and

More information

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1

Evolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1 Evolving Core Tasks for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and

More information

Enterprise Risk Management Montana State Fund

Enterprise Risk Management Montana State Fund Enterprise Risk Management Montana State Fund Report to the Board January 28, 2011 Presented by: Mary Peter, Director of Enterprise Risk Management Enterprise Risk Management (ERM) Defined An integrated

More information

EY Center for Board Matters. Leading practices for audit committees

EY Center for Board Matters. Leading practices for audit committees EY Center for Board Matters for audit committees As an audit committee member, your role is increasingly complex and demanding. Regulators, standard-setters and investors are pressing for more transparency

More information

Treasury and Risk- Vision 2009 March 25 th, 2009 Michele L. Turner- Sr. Manager Operations Enterprise Risk Management (OERM)

Treasury and Risk- Vision 2009 March 25 th, 2009 Michele L. Turner- Sr. Manager Operations Enterprise Risk Management (OERM) Treasury and Risk- Vision 2009 March 25 th, 2009 Michele L. Turner- Sr. Manager Operations Enterprise Risk Management (OERM) Microsoft Mission: At Microsoft, our mission and values are to help people and

More information

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015 Enterprise Risk Management Program Development Update Finance & Audit Committee Meeting September 25, 2015 Enterprise Risk Management Presentation Topics Enterprise Risk Management ( ERM ) Overview Lead

More information

A Risk Management Framework for the CGIAR System

A Risk Management Framework for the CGIAR System Agenda Item 10 For Decision Issued: 25 October 2017 A Risk Management Framework for the CGIAR System Purpose Building on core principles presented at SC4 for early input, this paper summarizes the main

More information

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018 Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the

More information

A Risk Management Framework for the CGIAR System

A Risk Management Framework for the CGIAR System Agenda Item 11 Cover Paper Issued: 29 November 2017 A Risk Management Framework for the CGIAR System Purpose This paper summarizes the main elements of the Risk Management Framework for the CGIAR System.

More information

Enterprise Risk Management. Focus on the Future June 2017

Enterprise Risk Management. Focus on the Future June 2017 Enterprise Risk Management Focus on the Future June 2017 2017 Crowe 2017 Crowe Horwath Horwath LLP LLP Learning Objectives and Agenda Objectives Distinguish Risk Management from ERM Understand the Value

More information

Executive Summary. Exhibit 1- Streamlined communication to the Board of Directors

Executive Summary. Exhibit 1- Streamlined communication to the Board of Directors Executive Summary Enterprise Risk Management (ERM) remains one of the most important tasks of corporate leadership teams. The increased pace and magnitude of technology innovation, regulatory changes,

More information

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Governance Digi.Com Berhad Annual Report 2017 73 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL IN ACCORDANCE WITH PARAGRAPH 15.26 (b) OF THE MAIN MARKET LISTING REQUIREMENTS OF BURSA MALAYSIA SECURITIES

More information

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy

More information

Risk Advisory Services Developing your organisation s governance for competitive advantage

Risk Advisory Services Developing your organisation s governance for competitive advantage Advisory Services Developing your organisation s governance for competitive advantage The Deloitte Advisory Platform of Services can help you to govern your strategic plan to guide your operations measure

More information

716 West Ave Austin, TX USA

716 West Ave Austin, TX USA FRAUD-RELATED INTERNAL CONTROLS GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA Figure 2.1 COSO defines an internal control as a process, effected by an entity s board of

More information

Next-generation enterprise risk management

Next-generation enterprise risk management Next-generation enterprise risk management Advancing strategy and performance in light of the COSO 2017 refresh Heading into the beginning of the year, the EY Center for Board Matters published the Top

More information

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS SAMPLE SELF-ASSESSMENT TOOL INTRODUCTION The purpose of this tool is to help determine

More information

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM) 1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management

More information

Risk Management in the 21 st Century Ameren Business Risk Management

Risk Management in the 21 st Century Ameren Business Risk Management Management in the 21 st Century Ameren Business Management Charles A. Bremer V.P. Ameren Service Center/Information Technology Ameren Services Co. November, 2007 Ameren s History 2 Ameren Today Electric

More information

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018 Role of Board of Directors in Risk Management Presentation by: CPA Erick Audi Thursday, 15 th November 2018 Uphold public interest Presentation Agenda Introduction & Definitions Legal Provisions/Guidelines

More information

Session 7: Corporate Governance

Session 7: Corporate Governance Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

More information

1. Definition & Mission

1. Definition & Mission 1. Definition & Mission 1.1 Internal Auditing is an independent, objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of. 1.2 Group Internal

More information

THE CLOUD, RISKS AND INTERNAL CONTROLS. Presented By William Blend, CPA, CFE

THE CLOUD, RISKS AND INTERNAL CONTROLS. Presented By William Blend, CPA, CFE THE CLOUD, RISKS AND INTERNAL CONTROLS Presented By William Blend, CPA, CFE AGENDA Cloud Basics Risks Related Cloud Use GOA on Service Level Agreements COSO ERM Internal Control Model 2 CLOUD BASICS Evolution

More information

Enterprise Risk Management Handbook. June, 2010

Enterprise Risk Management Handbook. June, 2010 Enterprise Risk Management Handbook June, 2010 Table of Contents Overview... 4 What is Enterprise Risk Management?... 5 Why Undertake Enterprise Risk Management?... 6 Draft UW System ERM Vision, Mission,

More information

Standards for Internal Control in New York State Government 2016 Update

Standards for Internal Control in New York State Government 2016 Update Standards for Internal Control in New York State Government 2016 Update Presented to the New York State Internal Control Association John F. Buyce Audit Director April 28, 2016 1 Last Revised in 2007 A

More information

LI & FUNG LIMITED ANNUAL REPORT 2016

LI & FUNG LIMITED ANNUAL REPORT 2016 52 Our approach to risk management We maintain a sound and effective system of risk management and internal controls to support us in achieving high standards of corporate governance. Our approach to risk

More information

Third Party Risk Management ( TPRM ) Transformation

Third Party Risk Management ( TPRM ) Transformation Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement

More information

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide CITIBANK N.A JORDAN Governance and Management of Information and Related Technologies Guide 2018 Table of Contents 1. OVERVIEW... 2 2. Governance of Enterprise IT... 3 3. Principles of Governance of Enterprise

More information

Citizens Property Insurance Corporation Business Continuity Framework

Citizens Property Insurance Corporation Business Continuity Framework Citizens Property Insurance Corporation Framework Dated September 2015 Approvals: Risk Committee: September 17, 2015 (via email) Adopted by the Audit Committee: Page 1 of 12 Table of Contents 1 INTRODUCTION...

More information

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010 Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management Integrating with Strategy and Performance Paul Sobel, Vice President / CAE Georgia-Pacific, LLC COSO Chairman Jordan Reed, Managing Director, Protiviti 1 2 ERM status quo: A

More information

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00 Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with

More information

Executive Summary THE OFFICE OF THE INTERNAL AUDITOR. Internal Audit Update

Executive Summary THE OFFICE OF THE INTERNAL AUDITOR. Internal Audit Update 1 Page THE OFFICE OF THE INTERNAL AUDITOR The Office of Internal Audit focuses its attention on areas where it can contribute the most by working with the organization to reduce risk and increase operational

More information

Fear, Uncertainty, Doubt

Fear, Uncertainty, Doubt Fear, Uncertainty, Doubt However, ERM = Manageable OK, Back to The Bonadio Group Standard Enterprise Risk Management An Overview on Key Controls We Will Cover Why ERM ERM COSO basics Tangible benefits

More information

Risk Management at Statistics Canada

Risk Management at Statistics Canada Risk Management at Statistics Canada Presentation to Workshop on Risk Management Practices in Statistical Organizations J. Mayda April 25 th, 2016 Introduction Statistics Canada has had a formal Integrated

More information

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009 2009 Compliance and Ethics Institute Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009 Table of contents Section 1 2 3 4 5 6 Learning objectives Why measure risk

More information

Sample Corporate Risk Management Policy

Sample Corporate Risk Management Policy Sample Corporate Risk Management Policy This document provides a sample Risk Management policy which includes an overview of the key roles and responsibilities of the various stakeholders. Risk Oversight

More information

B U S I N E S S R I S K M A N A G E M E N T L T D

B U S I N E S S R I S K M A N A G E M E N T L T D B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop

More information

METROPOLITAN TRANSPORTATION AUTHORITY

METROPOLITAN TRANSPORTATION AUTHORITY ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation

More information

Statement on Risk Management and Internal Control

Statement on Risk Management and Internal Control INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased

More information

Risk Management Guidelines of the CGIAR System

Risk Management Guidelines of the CGIAR System Agenda Item 11 For Decision Management Guidelines of the CGIAR System Purpose These guidelines are proposed as a companion document to the Management Framework of the CGIAR System to support the attainment

More information

Internal Controls and Fraud Risks

Internal Controls and Fraud Risks Internal Controls and Fraud Risks Chris Alger, Director of Financial Operations 10/26/2018 Agenda Introduction Internal Control Framework Components of Fraud What s Next? What are Internal Controls? The

More information

International Standards for the Professional Practice of Internal Auditing (Standards)

International Standards for the Professional Practice of Internal Auditing (Standards) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the

More information

Risk Management Developing an Effective Audit Plan

Risk Management Developing an Effective Audit Plan 2013 CliftonLarsonAllen LLP Risk Management Developing an Effective Audit Plan Association of Credit Union Internal Auditors P L n L e A l n o s a r n L o t f i l C 3 1 0 2 cliftonlarsonallen.com Discussion

More information

29/11/2017. Risk Management Policy

29/11/2017. Risk Management Policy 1 Purpose APA Group (APA) is Australia s leading energy infrastructure business delivering smart, reliable and safe solutions through our deep industry knowledge and interconnected infrastructure. Risk

More information

Advisory Services Governance, Risk & Compliance

Advisory Services Governance, Risk & Compliance Advisory Services Governance, Risk & Compliance Caribbean Association of Audit Committee Members Inc. 2010 Conference Caretakers of Integrity and Accountability: The Role of Internal Audit in Corporate

More information

COSO ERM: Integrating with Strategy and Performance. Paul J. Sobel, CIA, QIAL, CRMA COSO Chairman

COSO ERM: Integrating with Strategy and Performance. Paul J. Sobel, CIA, QIAL, CRMA COSO Chairman COSO ERM: Integrating with Strategy and Performance Paul J. Sobel, CIA, QIAL, CRMA COSO Chairman Focus of Presentation Why the ERM Framework was Updated 10 Key Things to Know about the Framework Key Impact

More information

AUDITING. Auditing PAGE 1

AUDITING. Auditing PAGE 1 AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal

More information

Governance Institute of Australia Ltd

Governance Institute of Australia Ltd Governance Institute of Australia Ltd Management Policy 1. Overview management is a key element of effective corporate governance. In view of this, Governance Institute of Australia Ltd (Governance Institute)

More information

Enterprise Risk Management

Enterprise Risk Management Compliance, Audit, Risk Management and Legal Affairs Committee Enterprise Risk Management Higher Education Scorecards, Performance Based Metrics, and Faculty Compensation Alan D. Phillips Vice President

More information

RISK MANAGEMENT REPORT

RISK MANAGEMENT REPORT RISK MANAGEMENT REPORT A RCL FOODS RISK MANAGEMENT REPORT 2016 RISK MANAGEMENT REPORT FRAMEWORK Risk management is considered by the Board to be a key business discipline, designed to balance risk and

More information

INTERNAL AUDIT PLAN AND CHARTER 2018/19

INTERNAL AUDIT PLAN AND CHARTER 2018/19 INTERNAL AUDIT PLAN AND CHARTER 208/9 PURPOSE OF REPORT. To present the proposed 208/9 audit plan and charter to the Audit Committee for consideration and approval..2 The Internal Audit Plan for 208/9

More information

Information governance for the real world

Information governance for the real world Information governance for the real world 1 2 Information governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing associated

More information

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

The Role of the Chief Risk Office and the Board s Role in Risk Oversight The Canadian Society of Corporate Secretaries 16th Annual Corporate Governance Conference Banff Springs Hotel Banff, AB August 24 27, 2014 The Role of the Chief Risk Office and the Board s Role in Risk

More information

Our Approach to Risk Management

Our Approach to Risk Management 62 Li & Fung Limited Annual Report 2017 Our Approach to Risk Management Our Approach to Risk Management We maintain a solid, effective system of risk management and internal controls to support us in achieving

More information

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation April 2014 Disclaimer This presentation is made by KPMG Kenya, a member firm of the KPMG network of independent firms affiliated

More information

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare. Enterprise Risk Management in Healthcare Deloitte & Touche LLP Heather Hagan, Senior Manager Nancy Perilstein, Senior Manager February 29, 2016 Discussion Items Drivers of Enterprise Risk Management (ERM)

More information

Active Essex Risk Management Strategy

Active Essex Risk Management Strategy Active Essex Risk Management Strategy 2017-2021 November 2017 Contents 1. Policy Statement 2. Statement of Commitment 3. Risk Management Framework 4. Risk Appetite 5. Risk Maturity 6. Risk Management Levels

More information

Generating value within the Risk Ecosystem Risk powers performance

Generating value within the Risk Ecosystem Risk powers performance Generating value within the Risk Ecosystem Risk powers performance The Risk Ecosystem Disruption and volatility are impacting today s business climate. CROs and risk executives function in a Risk Ecosystem,

More information

A robust and systematic review.

A robust and systematic review. Principal risks and uncertainties A robust and systematic review. The Board considers these to be the most significant risks faced by the Group that may impact the achievement of our six strategic drivers.

More information

Boards and internal audit: Working together to strengthen risk management

Boards and internal audit: Working together to strengthen risk management Boards and internal audit: Working together to strengthen risk management Growing demands on boards The role of the board has always been an important and demanding one, but today s board members face

More information

Enterprise Risk Management at

Enterprise Risk Management at Enterprise Risk Management at John R.S. Fraser Vice President, Internal Audit & Chief Risk Officer, Hydro One Inc. February 15, 2006 for PRMIA Toronto Chapter - The Fields Institute Summary 1. Background

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management A Roadmap For Implementation June 12, 2018 Presented by: Speaker Name Marianne Turnbull CohnReznick LLP 4 Becker Farm Road Roseland, NJ 07068 P: 973-228-3500 E:marianne.turnbull@cohnreznick.com

More information

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015 In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal

More information

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II S P E A K E R : D O T T. FA B I O A C C A R D I C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R

More information

Enterprise Risk Management

Enterprise Risk Management BUSINESS RISK MANAGEMENT LTD Enterprise Risk Management Who should attend? Risk managers Managers and Directors responsible for the risk management function or process Senior Internal Auditors and audit

More information

KING IV TM APPLICATION REPORT

KING IV TM APPLICATION REPORT PRINCIPLE 1: The governing body should lead ethically and effectively. Board members individually and collectively demonstrate integrity, competence, responsibility, accountability, fairness and transparency

More information

Figure 1: COSO Enterprise Risk Management Cube

Figure 1: COSO Enterprise Risk Management Cube Figure 1: COSO Enterprise Risk Management Cube Source: Committee of Sponsoring Organizations (COSO), "Enterprise Risk Management- Integrated Framework: Executive Summary" 5. As shown in the COSO ERM cube,

More information

Sample Strategy and Value Oversight Policy

Sample Strategy and Value Oversight Policy Sample Strategy and Value Oversight Policy This document provides a sample Strategy & Value Oversight policy which includes a high level overview of the key roles and responsibilities of the various participants.

More information

COSO ERM: Integrating with Strategy and Performance. Paul J. Sobel COSO Chairman Chief Risk Officer Georgia-Pacific

COSO ERM: Integrating with Strategy and Performance. Paul J. Sobel COSO Chairman Chief Risk Officer Georgia-Pacific COSO ERM: Integrating with Strategy and Performance Paul J. Sobel COSO Chairman Chief Risk Officer Georgia-Pacific 1 Focus of Presentation Why the COSO ERM Framework was Updated 10 Key Things to Know about

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved

More information

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 Page 1 of 16 Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 The content of BEC Study Unit 2, Subunit 2, has undergone extensive edits due to the 2017

More information

Corporate Governance Principles 2015

Corporate Governance Principles 2015 Corporate s 2015 corporate principles 1 corporate principles 1. Ethical leadership and corporate citizenship Responsible leadership 1.1 The board should provide effective leadership based on an ethical

More information

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship

More information

King IV application report In pursuit of growth

King IV application report In pursuit of growth King IV application report 2018 In pursuit of growth 02 PRINCIPLE 1: The governing body should lead ethically and effectively. Board members individually and collectively demonstrate integrity, competence,

More information

Risk Appetite Statement

Risk Appetite Statement Risk Appetite Statement May 2018 Risk Appetite Statement Contents 1. Mission, Vision, Values and Beliefs... 3 2. Introduction... 3 3. Overall Risk Appetite... 4 4. Risk Framework... 4 5. Key Risk Appetite

More information

INTERNAL AUDITING THAT MATTERS. Norman Marks April 2017

INTERNAL AUDITING THAT MATTERS. Norman Marks April 2017 INTERNAL AUDITING THAT MATTERS Norman Marks April 2017 GLOBAL AUDIT COMMITTEE SURVEY: Fewer than half of the 1,800 respondents are satisfied that internal audit delivers the value to the company it should

More information

Oversight by Board, Risk Management & Audit Committee (RMAC) and other committees. Second line of defense

Oversight by Board, Risk Management & Audit Committee (RMAC) and other committees. Second line of defense 47 In the business environment that we live in, doing nothing might be the biggest risk of all. At Cim, the Board plays a crucial role in risk oversight; it is bringing more diverse viewpoints into the

More information

To: Identify your chief goals and objectives Identify risks Prioritize the risks to achieving objectives Determine which controls/processes to review

To: Identify your chief goals and objectives Identify risks Prioritize the risks to achieving objectives Determine which controls/processes to review 1 Objective To: Identify your chief goals and objectives Identify risks Prioritize the risks to achieving objectives Determine which controls/processes to review In order to: Develop an effective Internal

More information

REPORT 2016/033 INTERNAL AUDIT DIVISION

REPORT 2016/033 INTERNAL AUDIT DIVISION INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS

More information

Texas Tech University System

Texas Tech University System Texas Tech University System October 31, 2017 ERM Overview Evolution of Risk Management Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster Minimizing

More information

Charter for Enterprise Risk Management

Charter for Enterprise Risk Management for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which

More information

Internal Controls and Risk Management Report

Internal Controls and Risk Management Report 42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management

More information

Using a Compliance Program Assessment for Strategic Impact

Using a Compliance Program Assessment for Strategic Impact SCCE 10th Annual and Ethics Institute Using a Program Assessment for Strategic Impact Laura LaCorte, University of Southern California Andrew Reisman, Ernst & Young LLP September 13, 2011 Overview Goals

More information

WFP s 2018 enterprise risk management policy

WFP s 2018 enterprise risk management policy WFP s 2018 enterprise risk management policy Informal consultation 24 July 2018 World Food Programme Rome, Italy Executive summary As a voluntarily funded organization, WFP depends on the confidence of

More information

Toyota Financial Services (South Africa) Limited: King III Principles

Toyota Financial Services (South Africa) Limited: King III Principles FOR THE YEAR ENDED 31 MARCH 2017 KING III - PRINCIPLES TOYOTA FINANCIAL SERVICES (SOUTH AFRICA) LIMITED (TFSSA) To be read in conjunction with the 2017 Annual Financial Statements Toyota Financial Services

More information

October 2014 FC 156/15. Hundred and Fifty-sixth Session. Rome, 3-7 November Progress Report on an Accountability and Internal Control Framework

October 2014 FC 156/15. Hundred and Fifty-sixth Session. Rome, 3-7 November Progress Report on an Accountability and Internal Control Framework October 2014 FC 156/15 E FINANCE COMMITTEE Hundred and Fifty-sixth Session Rome, 3-7 November 2014 Progress Report on an Accountability and Internal Control Framework Queries on the substantive content

More information

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following

More information

Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value

Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value ASSOCIATION OF HEALTHCARE INTERNAL AUDITORS 2009 ANNUAL CONFERENCE Charting a Course for Excellence Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value to Your Organization s ERM Process

More information

CGIAR System Management Board Audit and Risk Committee Terms of Reference

CGIAR System Management Board Audit and Risk Committee Terms of Reference Approved (Decision SMB/M4/DP4): 17 December 2016 CGIAR System Management Board Audit and Risk Committee Terms of Reference A. Purpose 1. The purpose of the Audit and Risk Committee ( ARC ) of the System

More information

FY19 Enterprise Risk Management Assessment. Board Meeting December 5, 2018

FY19 Enterprise Risk Management Assessment. Board Meeting December 5, 2018 FY19 Enterprise Risk Management Assessment Board Meeting December 5, 2018 CPS Vision and Enterprise Risk Management Assessment CPS Enterprise Risk Management Assessment, as directed by the Board and the

More information

International Standards for the Professional Practice of Internal Auditing (Standards)

International Standards for the Professional Practice of Internal Auditing (Standards) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent

More information

Compliance, Internal Audit, and Risk Management: What do they look like at a Managed Care Plan?

Compliance, Internal Audit, and Risk Management: What do they look like at a Managed Care Plan? Compliance, Internal Audit, and Risk Management: What do they look like at a Managed Care Plan? And, other words of wisdom... Objectives: Define risk and identify where risk comes from Recognize what risk

More information

MPAC BOARD OF DIRECTORS MANDATE

MPAC BOARD OF DIRECTORS MANDATE MPAC BOARD OF DIRECTORS MANDATE The Municipal Property Assessment Corporation Act is the foundation of the governance model that establishes Municipal Property Assessment Corporation (MPAC) and sets out

More information

Chatham-Kent Health Alliance. Internal Control Framework Assessment - Executive Summary

Chatham-Kent Health Alliance. Internal Control Framework Assessment - Executive Summary Chatham-Kent Health Alliance Internal Control Framework Assessment - Executive Summary March 1, 2017 Table of Contents 1. Background and Approach..4 2. Overview of Findings and Results.7 2 Disclaimer This

More information

From Backyard Business to Public Company

From Backyard Business to Public Company From Backyard Business to Public Company The Changing Role of the Management Accountant IMA Michigan Fall Conference October 29, 2008 John Pollara CMA, IMA Chair Emeritus 1 2 3 4 5 6 7 8 9 10 11 12 Definitions

More information

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management Leveraging Internal Audit and Corporate Compliance for Effective Risk Management April 18, 2016 Don Sinko Chief Integrity Officer Cleveland Clinic Agenda Cleveland Clinic Integrity Office Model The 3 Lines

More information