Enterprise Risk Management Defined and Explained
|
|
- Cecily Owens
- 6 years ago
- Views:
Transcription
1 Enterprise Risk Management Defined and Explained Council of Engineering and Scientific Society Executives ACCESSE16 July 27, 2016 Paul Klein Managing Director Not-for-Profit Atlantic Coast Market Territory Business Advisory Services Leader
2 Defining risk Threats The probability of damage, injury, liability, loss, or other negative consequence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action. Opportunities The lost prospects of achieving positive outcomes due to conservative management that relies on eliminating potential negative consequences through avoidance. 2
3 Evolution of risk management Traditionally, risk management focused on minimizing insurable risks due to accidental loss Risk management evolved to include other risk transfer and risk mitigation strategies Enterprise risk management further elaborates this in the context of threats to achieving strategic goals and opportunities to advance the mission 3
4 What is ERM? a process, effected by an entity s board of directors, management and other personnel, applied in a strategy setting across the enterprise, designed to identify potential events that may affect the entity, and to manage risk to be within its risk appetite, providing reasonable assurance regarding the achievement of entity objectives. - Source: COSO ERM Integrated Framework, Executive Summary, September
5 Differences between Enterprise and Internal Audit risk assessments Internal Audit Risk Assessment Focus on internal, controllable risks Risks viewed in the context of vulnerabilities Risk managed through controls that reduce/eliminate risk Evaluation of risk owned by internal auditor Enterprise Risk Assessment Focus on internal and external risks Risks viewed in the context of organizational strategy Risk managed through a broader variety of techniques Evaluation of risk owned by everyone 5
6 ERM objectives Provide increased visibility to the most significant risks impacting the institution Provide a platform for broad discussion and evaluation of appropriate levels of risk-taking consistent with risk tolerances Focus management s risk management efforts by identifying and reporting emerging risks that could jeopardize the institution s mission and strategy Serve as a foundation for an on-going risk monitoring process Provide the leadership team with increased visibility to the most significant risks to the institution 6
7 ERM scope Strategic risks that may impact the institution s ability to achieve its strategic priorities and fulfill its mission Financial risks that may affect stewardship and accountability for organizational assets Business, operational, program risks Regulatory compliance Reputational risks Information technology risk Emergency preparedness 7
8 Current state of ERM ERM processes at many institutions are still developing For-profits are further along in their ERM efforts than NFPs, partly due to regulatory requirements and stockholder demand for greater value Most organizations need to place a stronger focus on strategic risks While Boards are recognizing their risk oversight responsibilities, the level of oversight still varies greatly 8
9 Sample NFP Risk Universe Strategy and Initiatives: Vision and Direction Planning and Execution Measurement and Monitoring Organizational Structure Restructuring and Alignment Innovation Brand and Reputation Partnerships and Collaborations: Integration Alliances and Partnerships Communication: Policy and advocacy Crisis Communications Employee Communication Media Communications Market Dynamics: Competition Demand Socio-Political Strategic Operations Program Service & Delivery Membership model Supplier / Vendor Management Contract Commitment Procurement Infrastructure and Assets Project Planning and Management Construction and Maintenance People: Culture Recruiting and Retention Development and Performance Measurement Succession Planning Compensation and Benefits Information Technology: Security/Access Availability/Continuity Application Development Data Integrity IT Project Management Network Planning Hazards: Natural Events Terrorism and Malicious Events Disaster Response Safety Governance: Board Performance Tone at the Top Control Environment Social Responsibility Policies and Procedures Code of Conduct : Ethics Fraud Legal: Contracts Liability IP Infringement Compliance Regulatory compliance: Labor Practices - EEOC Environment - EPA Data Protection and Privacy Health and Safety EH&S Financial Liquidity and Credit: Income diversification Debt Management Credit and Collections (posttransaction) Insurance Healthcare costs Accounting External Reporting and Disclosure Internal Reporting Tax: Tax Strategy and Planning Reputational Image and Branding: Public Relations Brand perception Media Stakeholder Relations: Member Relevance Donor Communication Constituent Expectations 9
10 Participation in the ERM process Board of Directors Oversee the ERM program Set the tone for organizational risk appetite Review the risks identified by management Endorse management s assessment of risks Review effectiveness of risk mitigation efforts Monitor compliance with risk mitigation policies and procedures as well as changes in the risk environment 10
11 Participation in the ERM process Key questions the Board should be asking How often are we refreshing our assessment of top risks? Who is accountable for results? How are we monitoring and managing the top risks? What progress are we making to further mitigate top risks? Do we have responses prepared for extreme events (the black swans )? 11
12 Participation in the ERM process Management Implement and manage ERM processes Align ERM program to strategic goals and objectives Set tone for staff Identify and prioritize risks Establish risk responses and mitigation practices Report to the Board 12
13 High level ERM process Risk Response ERM Strategy and Framework Ongoing Communication, Reporting, and Monitoring Action Planning Strategic Risk Assessment 13
14 Using ERM as a strategic advantage Low value ERM Compliance focused Large inventory of risks and extensive risk mapping Risk mitigation to safeguard the organization Risk management activities are separate from strategic and operational decision-making Perceived as a necessary effort Delegated to lower level staff High value ERM Value and opportunity focused Fewer risks focused on significant gains/losses Risk optimization to maximize value Risk management is incorporated in strategic and operational decision-making Perceived as a cultural imperative Participation at all levels of the organization 14
15 Getting your ERM initiative started Seek board and senior management leadership, involvement, and oversight Select a strong leader to drive the ERM initiative Establish a risk management committee or working group From COSO: Embracing Enterprise Risk Management Perfect is the enemy of good enough! The most important thing is to get started 15
16 ERM the project Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Understand Business Environment Develop Risk Universe and Assess Risks Determine Risk Responses Design Ongoing ERM Processes Monitor Risk Universe Train and embed ERM guiding principles and processes 16
17 Implementing ERM Review relevant documentation Conduct an ERM kick-off meeting Conduct an introductory training session for senior management Facilitate Board dialog on risk Interview senior management and select Board of Directors Establish a committee responsible for risk management processes and activities PHASE 1 UNDERSTAND THE BUSINESS ENVIRONMENT 17
18 Implementing ERM Define the glossary of risk terminology Establish a framework for describing and evaluating risks Create risk register Confirm and hone the list with management Evaluate risks, assessing risk impact, likelihood, velocity, duration Identify risk categories and common themes Prioritize risks PHASE 2 DEVELOP RISK UNIVERSE AND ASSESS RISKS 18
19 Risk evaluation framework IMPACT Overall Risk Rating Description Low Medium High Strategy Achievement of strategic goals is delayed; customers are inconvenienced; minimal attrition can be expected (<1%) Achievement of strategic goals are blocked / management must reconsider initiatives; customer attrition is likely Existential risk to the organization; significant impediment to attracting and retaining customers Operations Financial Personnel Technology Changes required may be accomplished within operating budget parameters without significantly affecting other initiatives Changes require significant use of resources and requires Board action; unrestricted net assets stays mostly intact (<=$500k) Changes require significant use of resources and requires Board action; significantly erodes unrestricted net assets (>$500k) Legal / Compliance Low probability of successful lawsuit / sanctions against the organization (<15%); financial exposure is minimal (<$10,000) Heightened probability of successful lawsuit / sanctions against the organization (15%-50%); financial exposure would leave unrestricted net assets mostly intact (<=$500k) High probability of successful lawsuit / sanctions against the organization (>50%); financial exposure of a successful suit significantly erodes unrestricted net assets (>$500k) Fraud Minor amount of resources affected by fraud. Control structure exists, but does not operate sufficiently to prevent/deter/detect fraud. Significant amount of resources affected by fraud. Control structure exists, but does not operate sufficiently to prevent/deter/detect fraud -or- Minor amount of resources affected by fraud, but control structure is insufficient to prevent/deter/detect fraud (control design weakness). Significant amount of resources affected by fraud. Control structure is insufficient to prevent/deter/ detect fraud (control design weakness). Opportunity Little or minimal loss of potential revenue opportunity by not mitigating the identified risk Material loss of potential revenue (<=$500k) opportunity Significant loss of potential revenue (>$500k) opportunity Reputation Little to no external reaction expected; only a small constituency or interest group takes note External reaction expected from a broad constituency or interest group, but unorganized Significant external reaction expected from a broad constituency or interest group; risk event is noted on a national scale; causes constituents to organize against the organization or distance themselves from the organization 19
20 Risk evaluation framework Overall Risk Rating Description Low Medium High VELOCITY Speed which risk creates impact Slow (Greater than 24 months) Moderate (12-24 months) Fast (Less than 12 months) Anticipated duration that impact will be felt Short (Less than 6 months) Moderate (6-12 months) Long (Greater than 12 months) LIKELIHOOD Remote Unlikely Possible More Likely than Not Probable Nearly Certain Probability of Occurrence < 5% in one year -oronce in 20 years 5-20% in one year -oronce in years 20-40% in one year -oronce in years 40-60% in one year -oronce in 5-10 years 60-80% in one year -oronce in 2-5 years > 80% in one year -oronce in 1-2 years 20
21 Sample risk categories Strategy Operations Technology Personnel Finance Compliance Regulations Reputation Governance Fraud Environment 21
22 Overall Impact Strategy Operations Financial Compliance Fraud Legal Personnel Opportunity Reputation Technology Likelihood Velocity Duration Trend Sample risk register ample Risk Catalog IMPACT Risk Area Short name Risk Description Emergency Business continuity Failure to recover from an event that significantly preparedness disrupts operations and threatens business continuity Emergency preparedness Emergency preparedness Natural disasters Violence or Terrorism Failure to maintain practices for emergency/disaster preparedness in the event of natural disasters An act of violence / terrorism affects the facility or neighborhood, resulting in business interruption, injury, or damage to facilities. Financial Exchange rate volatility Impact of exchange rate variations when doing business internationally Financial Financial fraud Failure to protect the organization against any financial (e.g., treasury and cash management) fraud or malpractice Brand Protecting IP Failure to adequately protect intellectual property from unauthorized access or sharing by users High Low High High Low Low Low Low Low Low Low Possible Fast Short Increasing High Low High Medium Low Low Low Low Low Low Low Remote Fast Medium Steady High Low High Medium Low Low Low Low Low Low Low Remote Fast Medium Steady Medium Low Low Medium Low Low Low Low Low Low Low Possible Fast Short Increasing High Low Low High Medium High Medium Low Low High Low Remote Slow Medium Steady High Low Low High Low Low Low Low Low Low Low More Likely than Not Medium Medium Increasing Strategy Government funding, mandates, and embargos Failure to adapt to the shift in government funding to agencies and research institutions, as well as to mandates and embargos on government funding Medium Medium Low Medium Low Low Low Low Low Low Low Probable Medium Long Increasing Technology IT security practices Failure to create and maintain adequate security measures to safeguard against threats, including security policies and procedures High Low High High Low Low Low Low Medium Low High Possible Medium Medium Increasing Technology Protect enterprise data Failure to properly secure enterprise data from data servers and employee computers High Low Medium High Low Low Low Low Low Medium Medium Possible Fast Medium Steady 0 Technology Protect malicious activity of Failure to adequately monitor and protect access to Medium Low Medium Medium Low Low Low Low Low Medium Medium Possible Medium Medium Steady vendors various SaaS (cloud-based) systems from malicious usage by vendors 22
23 Implementing ERM Map risk management activities Ascertain institutional risk tolerance/appetite Assess gaps in risk response capabilities Develop an action plan to further reduce risk exposure Review analysis and plans with executives and the Board Execute approved action plans PHASE 3 DETERMINE RISK RESPONSES 23
24 ERM working document Risk Events Current Risk Profile Current Risk Mitigation Activities Required Action Items Future Risk Profile Impact Likelihood Impact Likelihood
25 Tips for improving your ERM efforts Align responses to your risk appetite Description Action Intolerable Highly undesirable Manageable Negligible Completely avoid/eliminate risk Accept risk only if essential and there is a limited possibility/extent of failure Accept risk if benefits outweigh negative consequences (justified risk) Manage impacts Accept possibility of failure if it maximizes returns monitor risk for changes in risk profile 25
26 LIKELIHOOD Sample ERM heat map Area of Focus: Technology RISK EVENTS H Cyber threats Back-up and recovery 3 Optimizing systems IT governance Access to budgets Technology investments M Help desk Policies & procedures 9 Mobility 10 Availability/reliability 11 Supplier/contractor activity L End-user training Balancing costs L M H IMPACT 26
27 Implementing ERM Design continuous risk assessment process that is embedded in the ERM program Design monitoring and event identification process Align strategic planning with ERM processes Design communication and reporting process Create long-term awareness and training plan PHASE 4 DESIGN ONGOING ERM PROCESSES 27
28 Implementing ERM Monitor changes to identified enterprise risks Discuss new and emerging risks Reassess action plans Update risk universe and prioritization Report progress to executives and the Board PHASE 5 MONITOR RISK UNIVERSE 28
29 Benefits of ERM Create clarity of definition and consensus regarding risk Protect assets of the organization, especially reputation Prevent/reduce impact of risks Provide transparency and accountability Increase constituent confidence Unify behavior/culture around risk management Establish linkage to strategic planning Prioritize allocation of resources (to most significant risks) Support mission success 29
30 Additional resources for management, Board members, and audit committees Publications for not-for-profit organizations 30
31 Questions / Comments 31
32 Contact information Paul Klein Managing Director Not-for-Profit Atlantic Coast Market Territory Business Advisory Services Leader T E Paul.Klein@us.gt.com 32
Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationStrengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More information5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1
5 Core Must-Haves for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and
More informationEvolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1
Evolving Core Tasks for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and
More informationEnterprise Risk Management Montana State Fund
Enterprise Risk Management Montana State Fund Report to the Board January 28, 2011 Presented by: Mary Peter, Director of Enterprise Risk Management Enterprise Risk Management (ERM) Defined An integrated
More informationEY Center for Board Matters. Leading practices for audit committees
EY Center for Board Matters for audit committees As an audit committee member, your role is increasingly complex and demanding. Regulators, standard-setters and investors are pressing for more transparency
More informationTreasury and Risk- Vision 2009 March 25 th, 2009 Michele L. Turner- Sr. Manager Operations Enterprise Risk Management (OERM)
Treasury and Risk- Vision 2009 March 25 th, 2009 Michele L. Turner- Sr. Manager Operations Enterprise Risk Management (OERM) Microsoft Mission: At Microsoft, our mission and values are to help people and
More informationEnterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015
Enterprise Risk Management Program Development Update Finance & Audit Committee Meeting September 25, 2015 Enterprise Risk Management Presentation Topics Enterprise Risk Management ( ERM ) Overview Lead
More informationA Risk Management Framework for the CGIAR System
Agenda Item 10 For Decision Issued: 25 October 2017 A Risk Management Framework for the CGIAR System Purpose Building on core principles presented at SC4 for early input, this paper summarizes the main
More informationGleim CIA Review Updates to Part Edition, 1st Printing June 2018
Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the
More informationA Risk Management Framework for the CGIAR System
Agenda Item 11 Cover Paper Issued: 29 November 2017 A Risk Management Framework for the CGIAR System Purpose This paper summarizes the main elements of the Risk Management Framework for the CGIAR System.
More informationEnterprise Risk Management. Focus on the Future June 2017
Enterprise Risk Management Focus on the Future June 2017 2017 Crowe 2017 Crowe Horwath Horwath LLP LLP Learning Objectives and Agenda Objectives Distinguish Risk Management from ERM Understand the Value
More informationExecutive Summary. Exhibit 1- Streamlined communication to the Board of Directors
Executive Summary Enterprise Risk Management (ERM) remains one of the most important tasks of corporate leadership teams. The increased pace and magnitude of technology innovation, regulatory changes,
More informationSTATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
Governance Digi.Com Berhad Annual Report 2017 73 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL IN ACCORDANCE WITH PARAGRAPH 15.26 (b) OF THE MAIN MARKET LISTING REQUIREMENTS OF BURSA MALAYSIA SECURITIES
More informationFrom Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance
Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy
More informationRisk Advisory Services Developing your organisation s governance for competitive advantage
Advisory Services Developing your organisation s governance for competitive advantage The Deloitte Advisory Platform of Services can help you to govern your strategic plan to guide your operations measure
More information716 West Ave Austin, TX USA
FRAUD-RELATED INTERNAL CONTROLS GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA Figure 2.1 COSO defines an internal control as a process, effected by an entity s board of
More informationNext-generation enterprise risk management
Next-generation enterprise risk management Advancing strategy and performance in light of the COSO 2017 refresh Heading into the beginning of the year, the EY Center for Board Matters published the Top
More informationDIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015
DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS SAMPLE SELF-ASSESSMENT TOOL INTRODUCTION The purpose of this tool is to help determine
More informationSuccessful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)
1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management
More informationRisk Management in the 21 st Century Ameren Business Risk Management
Management in the 21 st Century Ameren Business Management Charles A. Bremer V.P. Ameren Service Center/Information Technology Ameren Services Co. November, 2007 Ameren s History 2 Ameren Today Electric
More informationRole of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018
Role of Board of Directors in Risk Management Presentation by: CPA Erick Audi Thursday, 15 th November 2018 Uphold public interest Presentation Agenda Introduction & Definitions Legal Provisions/Guidelines
More informationSession 7: Corporate Governance
Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
More information1. Definition & Mission
1. Definition & Mission 1.1 Internal Auditing is an independent, objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of. 1.2 Group Internal
More informationTHE CLOUD, RISKS AND INTERNAL CONTROLS. Presented By William Blend, CPA, CFE
THE CLOUD, RISKS AND INTERNAL CONTROLS Presented By William Blend, CPA, CFE AGENDA Cloud Basics Risks Related Cloud Use GOA on Service Level Agreements COSO ERM Internal Control Model 2 CLOUD BASICS Evolution
More informationEnterprise Risk Management Handbook. June, 2010
Enterprise Risk Management Handbook June, 2010 Table of Contents Overview... 4 What is Enterprise Risk Management?... 5 Why Undertake Enterprise Risk Management?... 6 Draft UW System ERM Vision, Mission,
More informationStandards for Internal Control in New York State Government 2016 Update
Standards for Internal Control in New York State Government 2016 Update Presented to the New York State Internal Control Association John F. Buyce Audit Director April 28, 2016 1 Last Revised in 2007 A
More informationLI & FUNG LIMITED ANNUAL REPORT 2016
52 Our approach to risk management We maintain a sound and effective system of risk management and internal controls to support us in achieving high standards of corporate governance. Our approach to risk
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationCITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide
CITIBANK N.A JORDAN Governance and Management of Information and Related Technologies Guide 2018 Table of Contents 1. OVERVIEW... 2 2. Governance of Enterprise IT... 3 3. Principles of Governance of Enterprise
More informationCitizens Property Insurance Corporation Business Continuity Framework
Citizens Property Insurance Corporation Framework Dated September 2015 Approvals: Risk Committee: September 17, 2015 (via email) Adopted by the Audit Committee: Page 1 of 12 Table of Contents 1 INTRODUCTION...
More informationCatching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010
Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified
More informationEnterprise Risk Management
Enterprise Risk Management Integrating with Strategy and Performance Paul Sobel, Vice President / CAE Georgia-Pacific, LLC COSO Chairman Jordan Reed, Managing Director, Protiviti 1 2 ERM status quo: A
More informationAligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00
Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with
More informationExecutive Summary THE OFFICE OF THE INTERNAL AUDITOR. Internal Audit Update
1 Page THE OFFICE OF THE INTERNAL AUDITOR The Office of Internal Audit focuses its attention on areas where it can contribute the most by working with the organization to reduce risk and increase operational
More informationFear, Uncertainty, Doubt
Fear, Uncertainty, Doubt However, ERM = Manageable OK, Back to The Bonadio Group Standard Enterprise Risk Management An Overview on Key Controls We Will Cover Why ERM ERM COSO basics Tangible benefits
More informationRisk Management at Statistics Canada
Risk Management at Statistics Canada Presentation to Workshop on Risk Management Practices in Statistical Organizations J. Mayda April 25 th, 2016 Introduction Statistics Canada has had a formal Integrated
More informationRisk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009
2009 Compliance and Ethics Institute Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009 Table of contents Section 1 2 3 4 5 6 Learning objectives Why measure risk
More informationSample Corporate Risk Management Policy
Sample Corporate Risk Management Policy This document provides a sample Risk Management policy which includes an overview of the key roles and responsibilities of the various stakeholders. Risk Oversight
More informationB U S I N E S S R I S K M A N A G E M E N T L T D
B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop
More informationMETROPOLITAN TRANSPORTATION AUTHORITY
ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation
More informationStatement on Risk Management and Internal Control
INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased
More informationRisk Management Guidelines of the CGIAR System
Agenda Item 11 For Decision Management Guidelines of the CGIAR System Purpose These guidelines are proposed as a companion document to the Management Framework of the CGIAR System to support the attainment
More informationInternal Controls and Fraud Risks
Internal Controls and Fraud Risks Chris Alger, Director of Financial Operations 10/26/2018 Agenda Introduction Internal Control Framework Components of Fraud What s Next? What are Internal Controls? The
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the
More informationRisk Management Developing an Effective Audit Plan
2013 CliftonLarsonAllen LLP Risk Management Developing an Effective Audit Plan Association of Credit Union Internal Auditors P L n L e A l n o s a r n L o t f i l C 3 1 0 2 cliftonlarsonallen.com Discussion
More information29/11/2017. Risk Management Policy
1 Purpose APA Group (APA) is Australia s leading energy infrastructure business delivering smart, reliable and safe solutions through our deep industry knowledge and interconnected infrastructure. Risk
More informationAdvisory Services Governance, Risk & Compliance
Advisory Services Governance, Risk & Compliance Caribbean Association of Audit Committee Members Inc. 2010 Conference Caretakers of Integrity and Accountability: The Role of Internal Audit in Corporate
More informationCOSO ERM: Integrating with Strategy and Performance. Paul J. Sobel, CIA, QIAL, CRMA COSO Chairman
COSO ERM: Integrating with Strategy and Performance Paul J. Sobel, CIA, QIAL, CRMA COSO Chairman Focus of Presentation Why the ERM Framework was Updated 10 Key Things to Know about the Framework Key Impact
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationGovernance Institute of Australia Ltd
Governance Institute of Australia Ltd Management Policy 1. Overview management is a key element of effective corporate governance. In view of this, Governance Institute of Australia Ltd (Governance Institute)
More informationEnterprise Risk Management
Compliance, Audit, Risk Management and Legal Affairs Committee Enterprise Risk Management Higher Education Scorecards, Performance Based Metrics, and Faculty Compensation Alan D. Phillips Vice President
More informationRISK MANAGEMENT REPORT
RISK MANAGEMENT REPORT A RCL FOODS RISK MANAGEMENT REPORT 2016 RISK MANAGEMENT REPORT FRAMEWORK Risk management is considered by the Board to be a key business discipline, designed to balance risk and
More informationINTERNAL AUDIT PLAN AND CHARTER 2018/19
INTERNAL AUDIT PLAN AND CHARTER 208/9 PURPOSE OF REPORT. To present the proposed 208/9 audit plan and charter to the Audit Committee for consideration and approval..2 The Internal Audit Plan for 208/9
More informationInformation governance for the real world
Information governance for the real world 1 2 Information governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing associated
More informationThe Role of the Chief Risk Office and the Board s Role in Risk Oversight
The Canadian Society of Corporate Secretaries 16th Annual Corporate Governance Conference Banff Springs Hotel Banff, AB August 24 27, 2014 The Role of the Chief Risk Office and the Board s Role in Risk
More informationOur Approach to Risk Management
62 Li & Fung Limited Annual Report 2017 Our Approach to Risk Management Our Approach to Risk Management We maintain a solid, effective system of risk management and internal controls to support us in achieving
More informationInternal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation
Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation April 2014 Disclaimer This presentation is made by KPMG Kenya, a member firm of the KPMG network of independent firms affiliated
More informationHCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.
Enterprise Risk Management in Healthcare Deloitte & Touche LLP Heather Hagan, Senior Manager Nancy Perilstein, Senior Manager February 29, 2016 Discussion Items Drivers of Enterprise Risk Management (ERM)
More informationActive Essex Risk Management Strategy
Active Essex Risk Management Strategy 2017-2021 November 2017 Contents 1. Policy Statement 2. Statement of Commitment 3. Risk Management Framework 4. Risk Appetite 5. Risk Maturity 6. Risk Management Levels
More informationGenerating value within the Risk Ecosystem Risk powers performance
Generating value within the Risk Ecosystem Risk powers performance The Risk Ecosystem Disruption and volatility are impacting today s business climate. CROs and risk executives function in a Risk Ecosystem,
More informationA robust and systematic review.
Principal risks and uncertainties A robust and systematic review. The Board considers these to be the most significant risks faced by the Group that may impact the achievement of our six strategic drivers.
More informationBoards and internal audit: Working together to strengthen risk management
Boards and internal audit: Working together to strengthen risk management Growing demands on boards The role of the board has always been an important and demanding one, but today s board members face
More informationEnterprise Risk Management at
Enterprise Risk Management at John R.S. Fraser Vice President, Internal Audit & Chief Risk Officer, Hydro One Inc. February 15, 2006 for PRMIA Toronto Chapter - The Fields Institute Summary 1. Background
More informationEnterprise Risk Management
Enterprise Risk Management A Roadmap For Implementation June 12, 2018 Presented by: Speaker Name Marianne Turnbull CohnReznick LLP 4 Becker Farm Road Roseland, NJ 07068 P: 973-228-3500 E:marianne.turnbull@cohnreznick.com
More informationIn Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal
More informationThe COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II
The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II S P E A K E R : D O T T. FA B I O A C C A R D I C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R
More informationEnterprise Risk Management
BUSINESS RISK MANAGEMENT LTD Enterprise Risk Management Who should attend? Risk managers Managers and Directors responsible for the risk management function or process Senior Internal Auditors and audit
More informationKING IV TM APPLICATION REPORT
PRINCIPLE 1: The governing body should lead ethically and effectively. Board members individually and collectively demonstrate integrity, competence, responsibility, accountability, fairness and transparency
More informationFigure 1: COSO Enterprise Risk Management Cube
Figure 1: COSO Enterprise Risk Management Cube Source: Committee of Sponsoring Organizations (COSO), "Enterprise Risk Management- Integrated Framework: Executive Summary" 5. As shown in the COSO ERM cube,
More informationSample Strategy and Value Oversight Policy
Sample Strategy and Value Oversight Policy This document provides a sample Strategy & Value Oversight policy which includes a high level overview of the key roles and responsibilities of the various participants.
More informationCOSO ERM: Integrating with Strategy and Performance. Paul J. Sobel COSO Chairman Chief Risk Officer Georgia-Pacific
COSO ERM: Integrating with Strategy and Performance Paul J. Sobel COSO Chairman Chief Risk Officer Georgia-Pacific 1 Focus of Presentation Why the COSO ERM Framework was Updated 10 Key Things to Know about
More informationRisk Management Strategy
Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved
More informationGleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018
Page 1 of 16 Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 The content of BEC Study Unit 2, Subunit 2, has undergone extensive edits due to the 2017
More informationCorporate Governance Principles 2015
Corporate s 2015 corporate principles 1 corporate principles 1. Ethical leadership and corporate citizenship Responsible leadership 1.1 The board should provide effective leadership based on an ethical
More informationGovernance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
More informationKing IV application report In pursuit of growth
King IV application report 2018 In pursuit of growth 02 PRINCIPLE 1: The governing body should lead ethically and effectively. Board members individually and collectively demonstrate integrity, competence,
More informationRisk Appetite Statement
Risk Appetite Statement May 2018 Risk Appetite Statement Contents 1. Mission, Vision, Values and Beliefs... 3 2. Introduction... 3 3. Overall Risk Appetite... 4 4. Risk Framework... 4 5. Key Risk Appetite
More informationINTERNAL AUDITING THAT MATTERS. Norman Marks April 2017
INTERNAL AUDITING THAT MATTERS Norman Marks April 2017 GLOBAL AUDIT COMMITTEE SURVEY: Fewer than half of the 1,800 respondents are satisfied that internal audit delivers the value to the company it should
More informationOversight by Board, Risk Management & Audit Committee (RMAC) and other committees. Second line of defense
47 In the business environment that we live in, doing nothing might be the biggest risk of all. At Cim, the Board plays a crucial role in risk oversight; it is bringing more diverse viewpoints into the
More informationTo: Identify your chief goals and objectives Identify risks Prioritize the risks to achieving objectives Determine which controls/processes to review
1 Objective To: Identify your chief goals and objectives Identify risks Prioritize the risks to achieving objectives Determine which controls/processes to review In order to: Develop an effective Internal
More informationREPORT 2016/033 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS
More informationTexas Tech University System
Texas Tech University System October 31, 2017 ERM Overview Evolution of Risk Management Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster Minimizing
More informationCharter for Enterprise Risk Management
for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which
More informationInternal Controls and Risk Management Report
42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management
More informationUsing a Compliance Program Assessment for Strategic Impact
SCCE 10th Annual and Ethics Institute Using a Program Assessment for Strategic Impact Laura LaCorte, University of Southern California Andrew Reisman, Ernst & Young LLP September 13, 2011 Overview Goals
More informationWFP s 2018 enterprise risk management policy
WFP s 2018 enterprise risk management policy Informal consultation 24 July 2018 World Food Programme Rome, Italy Executive summary As a voluntarily funded organization, WFP depends on the confidence of
More informationToyota Financial Services (South Africa) Limited: King III Principles
FOR THE YEAR ENDED 31 MARCH 2017 KING III - PRINCIPLES TOYOTA FINANCIAL SERVICES (SOUTH AFRICA) LIMITED (TFSSA) To be read in conjunction with the 2017 Annual Financial Statements Toyota Financial Services
More informationOctober 2014 FC 156/15. Hundred and Fifty-sixth Session. Rome, 3-7 November Progress Report on an Accountability and Internal Control Framework
October 2014 FC 156/15 E FINANCE COMMITTEE Hundred and Fifty-sixth Session Rome, 3-7 November 2014 Progress Report on an Accountability and Internal Control Framework Queries on the substantive content
More informationERM: Risk Maps and Registers. Performing an ISO Risk Assessment
ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following
More informationEnterprise Risk Management (ERM) How Internal Audit Can Add Great Value
ASSOCIATION OF HEALTHCARE INTERNAL AUDITORS 2009 ANNUAL CONFERENCE Charting a Course for Excellence Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value to Your Organization s ERM Process
More informationCGIAR System Management Board Audit and Risk Committee Terms of Reference
Approved (Decision SMB/M4/DP4): 17 December 2016 CGIAR System Management Board Audit and Risk Committee Terms of Reference A. Purpose 1. The purpose of the Audit and Risk Committee ( ARC ) of the System
More informationFY19 Enterprise Risk Management Assessment. Board Meeting December 5, 2018
FY19 Enterprise Risk Management Assessment Board Meeting December 5, 2018 CPS Vision and Enterprise Risk Management Assessment CPS Enterprise Risk Management Assessment, as directed by the Board and the
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent
More informationCompliance, Internal Audit, and Risk Management: What do they look like at a Managed Care Plan?
Compliance, Internal Audit, and Risk Management: What do they look like at a Managed Care Plan? And, other words of wisdom... Objectives: Define risk and identify where risk comes from Recognize what risk
More informationMPAC BOARD OF DIRECTORS MANDATE
MPAC BOARD OF DIRECTORS MANDATE The Municipal Property Assessment Corporation Act is the foundation of the governance model that establishes Municipal Property Assessment Corporation (MPAC) and sets out
More informationChatham-Kent Health Alliance. Internal Control Framework Assessment - Executive Summary
Chatham-Kent Health Alliance Internal Control Framework Assessment - Executive Summary March 1, 2017 Table of Contents 1. Background and Approach..4 2. Overview of Findings and Results.7 2 Disclaimer This
More informationFrom Backyard Business to Public Company
From Backyard Business to Public Company The Changing Role of the Management Accountant IMA Michigan Fall Conference October 29, 2008 John Pollara CMA, IMA Chair Emeritus 1 2 3 4 5 6 7 8 9 10 11 12 Definitions
More informationLeveraging Internal Audit and Corporate Compliance for Effective Risk Management
Leveraging Internal Audit and Corporate Compliance for Effective Risk Management April 18, 2016 Don Sinko Chief Integrity Officer Cleveland Clinic Agenda Cleveland Clinic Integrity Office Model The 3 Lines
More information