Enterprise Risk Management
|
|
- Sharyl Morgan
- 5 years ago
- Views:
Transcription
1 Enterprise Risk Management Identifying & Assessing Enterprise Risk Steve Nouss, Partner Adam Ross, Senior Manager 1
2 Session objectives Define and understand the importance of enterprise risk management (ERM) Understand the alignment of ERM with the COSO internal control framework ERM roadmap and COSO ERM framework Understand d the role of Internal Audit An overview of Open Compliance & Ethics Group (OCEG) 2
3 Enterprise risk management Defined " a process, effected by an entity's board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives " Source: COSO ERM Integrated Framework, Executive Summary, September
4 Enterprise risk management Why is ERM important? Every entity, whether for-profit or not-for-profit, exists to realize value for its stakeholders Value is created, preserved or eroded by management decisions in all activities, from setting strategy to operating the enterprise day-to-day 4
5 Enterprise risk management What does it mean to me? Sponsored by Board of Directors AND management Enterprise-wide all components and aspects of the organization (vertical and horizontal) Summary of ALL potential risk areas to the hospital Determination of risk threshold or "appetite" Determination of how to mitigate risks identified consistent with risk threshold 5
6 What is Internal Audit today? The IIA defines internal audit as: an independent, objective assurance and consulting activity designed to add value and improve an organization's operations It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes The key question every internal auditor must answer is: "What objectives are we to address?" 6
7 The universe of organizational objectives Every successful organization lives within an operational world that includes four critical elements: Strategic intent: what we want to accomplish and when Operational reality: the processes, people and technology we employ to achieve the strategic vision Reporting needs and requirements: internal and external reporting Legal and regulatory compliance requirements: what we can and cannot do, when and where 7
8 The universe of risks Every organization faces risks on three primary fronts: In their environment: competitors, governments, lenders, regulators, innovators, etc In their operations: production quality, efficiency, information systems, employee capabilities and integrity, etc In the information and related technology they use and/or produce that is critical for making decisions (planning, pricing, commitments, budgeting, g financial reporting, etc) 8
9 Research says 271 risk management executives in North America and Europe were recently surveyed by the Conference Board 90% want to build ERM into their processes Only 10% have built ERM into their processes Source: Internal Auditor Magazine 7,500 Chief Audit Executives worldwide were recently surveyed by the IIA Research Foundation Only 6% have fully implemented ERM Source: Internal Auditor Magazine 9
10 The ERM value proposition Focuses management attention on the truly important risks risks with potential to significantly impact earnings or even endanger company survival Makes ALL risks known to management, rather than some risks Develops a strategic, company-wide approach to risk management and mitigation using all the available tools: derivatives, insurance, internal controls and strategic action Integrates risk management into critical decision-making processes, such as strategic planning 10
11 The ERM value proposition continued Identifies the risks inherent in current strategy and business model before the competition to provide sustainable competitive advantage Determines risk appetite of the company in context of management t& community expectations ti 11
12 The Simplicity of ERM In the end, effectively controlling those risks boils down to four key steps: Set objectives What do you want to accomplish? Identify and prioritize risks What events/actions could significantly prevent the organization from achieving those objectives? Plan and execute a response Avoid, reduce, share, or accept tthe risk k( (or a combination) Monitor and continuously re-evaluate Develop a plan to ensure that the conclusions above are still relevant and operating as intended d 12
13 The COSO internal control framework The original COSO Internal Control Integrated Framework started out as a tool to help organizations ensure that they had procedures in place to consistently achieve their objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations 13
14 COSO Internal Control framework to COSO ERM framework STRATEGIC OPERATIONS REPORTING COMPLIANCE INTERNAL ENVIRONMENT CONTROL ENVIRONMENT RISK ASSESSMENT CONTROL ACTIVITIES INFORMATION & COMMUNICATION MONITORING OBJECTIVE SETTING EVENT IDENTIFICATION RISK ASSESSMENT RISK RESPONSE CONTROL ACTIVITIES INFORMATION & COMMUNICATION MONITORING 14
15 The COSO ERM framework The COSO ERM Framework: 1 Adds the "Strategic" objective 2 Broadens the "Financial Reporting" objective to all Reporting 3 Enhances the components to more effectively address objective setting and risk assessment
16 COSO ERM framework Strategic objective: Typically the purview of management Oversight by the Board Limited Internal Audit involvement Limited tools available INTERNAL ENVIRONMENT OBJECTIVE SETTING EVENT IDENTIFICATION RISK ASSESSMENT RISK RESPONSE CONTROL ACTIVITIES INFORMATION & COMMUNICATION MONITORING 16
17 COSO ERM framework Operations objective: Line management responsibility Executive management oversight Significant Internal Audit involvement Limited available tools INTERNAL ENVIRONMENT OBJECTIVE SETTING EVENT IDENTIFICATION RISK ASSESSMENT RISK RESPONSE CONTROL ACTIVITIES INFORMATION & COMMUNICATION MONITORING 17
18 COSO ERM framework Reporting objective: Accounting and Legal department's responsibility Executive management and audit committee oversight Internal Audit involvement driven by active Audit Committee Available tools original COSO Framework INTERNAL ENVIRONMENT OBJECTIVE SETTING EVENT IDENTIFICATION RISK ASSESSMENT RISK RESPONSE CONTROL ACTIVITIES INFORMATION & COMMUNICATION MONITORING 18
19 COSO ERM framework Compliance objective: Legal and/or Compliance department's responsibility Executive management and board oversight Minimal to moderate Internal Audit involvement Tools - OIG workplan, Joint Commission, HIPAA, etc INTERNAL ENVIRONMENT OBJECTIVE SETTING EVENT IDENTIFICATION RISK ASSESSMENT RISK RESPONSE CONTROL ACTIVITIES INFORMATION & COMMUNICATION MONITORING 19
20 ERM capability maturity Basic Determine risk treatment strategies Establish business risk inventory Align business unit risks with objectives Create common language for risks, control activities and monitoring Communicate risk taking expectations to senior managers 20
21 ERM capability maturity Intermediate Basic ERM plus Quantify key risks to best extent t possible Identify key risk metrics to report on Create risk policy and procedure manual Analyze risks' root cause and impact Integrate effects of risk types 21
22 ERM capability maturity Advanced Intermediate ERM plus Strategic t planning Annual budget process Stakeholder communications Management scorecards Remuneration 22
23 Example of "basic" ERM approach Identify risk universe Narrow to common risk themes Rank risks (impact, likelihood, etc) Develop cost / benefit analysis Present to Board Develop & execute risk management plan 23
24 Enterprise risk assessment Assessment factors Impact The relative significance or consequences to the organization in terms of financial impact, reporting and disclosure, loss of assets, disruption of business, violation of law or impairment of image and reputation ti Change The relative significance of recent (the last months) or planned (the next months) changes in business activities (including products, services, mergers, acquisitions) as well as people, processes and technology with the organization 24
25 Enterprise risk assessment Assessment factors Problems The relative presence or significance of reported or historical issues, control weaknesses or problems as it relates to people, processes or technology Complexity The inherent level of difficulty or complexity as it relates to the ability of personnel to understand, monitor, oversee, calculate, reperform or directly control a specific activity, task or process 25
26 ERM approach Keep it simple to succeed Leverage other risk management initiatives Utilize a quantitative and standard questionnaire Interview all key stakeholders to ensure all perspectives are captured the first time Incorporate known organization and industry risks up front Focus on pervasive risks first (top-down) 26
27 The role of Internal Audit Provide assurance on risk management processes Provide assurance that risks are correctly evaluated Evaluate risk management processes Evaluate the reporting of key risks Review the management of key risks Source: the IIA's position paper, The Role of Internal Auditing in Enterprise-wide Risk Management 27
28 The role of Internal Audit with safeguards Facilitate identification and evaluation of risks Coach management in responding to risks Coordinate ERM activities Consolidate the reporting on risks Maintain and develop the ERM framework Champion establishment of ERM Develop risk management strategy for board approval Source: The IIA's position paper, The Role of Internal Auditing in Enterprise-wide Risk Management 28
29 The role of Internal Audit Play an important role in monitoring ERM but do not have primary responsibility for its implementation or maintenance Assist management and the board or audit committee in the process by: Monitoring Reporting Examining improvements Evaluating Recommending Source: COSO 9/29/2004 presentation titled, Applying COSO s Enterprise Risk Management Integrated Framework 29
30 The role of Internal Audit Do not Set the risk appetite Impose risk management processes Management assurance on risks Make decisions on risk management or responses Implement risk responses on management's behalf Become accountable for risk management Source: The IIA's position paper, The Role of Internal Auditing in Enterprise-wide id Risk Management 30
31 ERM best practices and lessons learned Do Establish a Risk Management Committee and Charter Identify a risk champion supported by the CEO Understand that ERM is a journey and not a project Provide a holistic definition of business risk Include consultants, but do not let them drive ERM 31
32 ERM best practices and lessons learned Do not Underestimate the impact of existing culture Undersell ERM as a business risk assessment Implement ERM as a part-time job Take on too much at one time 32
33 ERM output Enterprise risk analysis Hospital area / process Risk rating Lab specimen charge entry and billing 35 Conflict of interest 28 Operating room 33 Information security 32 Joint ventures 37 Downtime procedures / business continuity 33 Physician networks 29 Budgeting & forecasting 34 Fundraising / development 23 Risk Rating rated from 1 (low) to 5 (high) High Medium Low 33
34 ERM output SWOT analysis Strengths Positive "tone at the top" promotes attention to risk management activities and internal controls Considerable use of committees to address and monitor important matters Weaknesses Certain medical records are distributed are may not be properly p secured Certain contracts may not be reviewed and/or approved by the Legal department New Chief Investment Officer and review of investment strategy may result in an increased rate of return Heightened patient satisfaction will increase brand recognition and revenue Opportunities Pressure on ability to contain costs On-going compliance with federal and state requirements and changes in those requirements Frequency of leadership changes may dilute long-term focus and strategy Threats 34
35 ERM output Internal Audit plan # Audit Area Audit Freq FY 09 FY 10 FY 11 Internal Audit Plan 1 Accounting function segregation of duties analysis 2 Reimbursement Fraud risk and anti-fraud controls IT security / vulnerability assessment 5 Materials Management Operating room # Information Privacy
36 ERM output Internal Audit plan # Audit Area Audit Freq FY 09 FY 10 FY 11 Annual recurring internal audit activities # General audit administration, planning & reporting Follow-up on prior year observations 35 Risk assessment (and audit plan) update # External audit support Total estimated hours: (Note: illustrative hours only; columns don't foot) 36
37 OCEG Framework Open Compliance & Ethics Group The OCEG Framework provides common ground for several disciplines and integrates the most important features of existing and emerging standards and frameworks Integrates areas of commonality, overlap and best practices into a baseline foundation Ensures alignment with important existing and emerging standards / frameworks 37
38 OCEG Involvement 200+ experts 100+ companies 12+ industries Board members, CEOs CCOs, CROs, Ethics Officers, HR Executives, CTO/CIOs Law-makers, regulators Investors, creditors, ratings agencies 25+ specific interviews of CCOs and compliance programs 90+ companies participate in benchmarking study (500 data points) Steering Committee Leadership Council 38
39 OCEG Leadership Council Aon* Archer Daniels Midlands Baker Hughes CISCO Corpedia Education Dell Deloitte & Touche DuPont Ernst & Young EthicsPoint Freddie Mac Gevity Global Compliance Grant Thornton Interactive Alchemy Littler Mendelson LRN Lyondell Chemical Marsh Microsoft PETCO PricewaterhouseCoopers Qwest Roche Diagnostics Sears Staples The Integrity Institute Unilever Wachovia Corporation 39
40 OCEG Integration OCEG integrates effective practices associated with multiple disciplines into a framework for managing compliance and ethics Governance Compliance / Legal Management Ethics Management Risk Management Internal Audit Human Capital Management Training Development / Design Change Management Quality Management 40
41 OCEG Framework overview Company Domains provide topic or industry- specific information that integrates with and assumes the Foundation is in place Companies can build on top of these models to customize and configure their capability to address unique requirements Domains Foundation The Foundation describes common elements of an effective compliance and ethics program that apply to all domain areas 41
42 OCEG Risk Area Domain Guidelines Risk Area Domain Guidelines identify a number of areas to which most organizations are exposed Each organization is unique and will focus on specific domains as appropriate Company Domains Foundation Industry Domain Guidelines provide guidelines that address industry-specific specific factors 42
43 OCEG Domain Guidelines Industry Domain Guidelines Fi nance/ Ba anking surance In Bi iotech Au uto Ch hemical Te elecom/ Te ech Oi il/gas He ealth ca are Hi igher ed Ph harma Ut tility Ot thers Company sk Area Doma ain Guide elines Ri governance anti-corruption financial assurance information management employment intellectual property environmental international transactions product quality / safety competitive practices workplace health / safety government dealings (USA) Domains Foundation 43
44 OCEG foundation C1 Ethical Culture C2 Governance Culture C3 Risk Culture C4 Human Capital Culture E1 Monitoring E2 Periodic Evaluation E3 Continuous Improvement P1 Scope/Objectives P2 Event Identification P3 Risk Assessment P4 Strategy 44 Company Domains Foundation R1 Organization R2 Code of Conduct R3 Policies/Procedures R4 Training R5 Reporting/Disclosures R6 Human Capital R7 Communication/Messaging R8 Issue/Question Management R9 Special Investigations R10 Crisis Management R11 Information Management R12 Technology R13 Physical Infrastructure R14 Vendor Management
45 COSO & OCEG Integration CONTROL ENVIRONMENT RISK ASSESSMENT CONTROL ACTIVITIES ACTIV VITY 1 CTIVITY 2 A BIZ UNIT A B BIZ UNIT OCEG focuses on the Control Environment and Compliance Risks INFORMATION & COMMUNICATION MONITORING 45
46 COSO ERM & OCEG Integration OCEG Culture INTERNAL ENVIRONMENT OBJECTIVE SETTING Plan Respond EVENT IDENTIFICATION RISK ASSESSMENT RISK RESPONSE CONTROL ACTIVITIES INFORMATION & COMMUNICATION Evaluate MONITORING 46
47 Questions? Comments? Observations? 47
48 Contact information Steve Nouss Grant Thornton LLP Advisory Services Partner P E SteveNouss@gtcom Adam Ross Grant Thornton LLP Advisory Services Senior Manager P E AdamRoss@gtcom 48
Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010
Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified
More informationEnterprise Risk Management (ERM) How Internal Audit Can Add Great Value
ASSOCIATION OF HEALTHCARE INTERNAL AUDITORS 2009 ANNUAL CONFERENCE Charting a Course for Excellence Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value to Your Organization s ERM Process
More informationFrom Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance
Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationSuccessful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)
1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management
More informationHCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.
Enterprise Risk Management in Healthcare Deloitte & Touche LLP Heather Hagan, Senior Manager Nancy Perilstein, Senior Manager February 29, 2016 Discussion Items Drivers of Enterprise Risk Management (ERM)
More information5 Core Must-Haves for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1
5 Core Must-Haves for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and
More informationEvolving Core Tasks for Improved Internal Audit Performance. Copyright 2018 AuditBoard Inc. 1
Evolving Core Tasks for Improved Internal Audit Performance Copyright 2018 AuditBoard Inc. 1 Introductions Built by experienced auditors, AuditBoard allows enterprises to collaborate, manage, analyze and
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationRisk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance
Risk Advisory SERVICES A holistic approach to implementing effective governance, managing risk and maintaining compliance Contents Weaver's Risk Advisory Services 1 Enterprise Risk Management 4 Assessing
More information5th Annual National Congress on Health Care Compliance. Internal Audits Role in Compliance (and Vice Versa)
5th Annual National Congress on Health Care Compliance Internal Audits Role in Compliance (and Vice Versa) Welcome To The New Humana James Rose, Corporate Director of Internal Audit February 7, 2002 Your
More informationStrengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More informationAligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00
Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with
More informationGleim CIA Review Updates to Part Edition, 1st Printing June 2018
Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the
More informationCharter for Enterprise Risk Management
for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1
More informationEFFICIENT USE OF AUDIT COMMITTEES
AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit
More information2012 CliftonLarsonAllen LLP. A Practical & Tactical Approach to. Management (ERM) Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management
A Practical & Tactical Approach to Implementing Enterprise Risk Management (ERM) National Society of Accountants for Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management 1 1 Speaker Bio
More informationLeveraging Internal Audit and Corporate Compliance for Effective Risk Management
Leveraging Internal Audit and Corporate Compliance for Effective Risk Management April 18, 2016 Don Sinko Chief Integrity Officer Cleveland Clinic Agenda Cleveland Clinic Integrity Office Model The 3 Lines
More informationEnterprise Risk Management Defined and Explained
Enterprise Risk Management Defined and Explained Council of Engineering and Scientific Society Executives ACCESSE16 July 27, 2016 Paul Klein Managing Director Not-for-Profit Atlantic Coast Market Territory
More informationEnterprise Risk Management
Enterprise Risk Management A Roadmap For Implementation June 12, 2018 Presented by: Speaker Name Marianne Turnbull CohnReznick LLP 4 Becker Farm Road Roseland, NJ 07068 P: 973-228-3500 E:marianne.turnbull@cohnreznick.com
More informationINTERNAL AUDIT CHARTER
INTERNAL AUDIT CHARTER I. MISSION II. SCOPE The mission of Internal Audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight. Internal Audit
More informationA Guide to IT Risk Assessment for Financial Institutions. March 2, 2011
A Guide to IT Risk Assessment for Financial Institutions March 2, 2011 Welcome! Housekeeping Control panel on the right side of your screen. Audio Telephone VoIP Submit Questions in the pane on the control
More informationDeloitte Governance Framework and Maturity Model
Deloitte Governance Framework and Maturity Model Deloitte Governance Framework The Deloitte Governance Framework was developed to help boards and executive management assess the effectiveness of the organization
More informationEY Center for Board Matters. Leading practices for audit committees
EY Center for Board Matters for audit committees As an audit committee member, your role is increasingly complex and demanding. Regulators, standard-setters and investors are pressing for more transparency
More informationStatement on Risk Management and Internal Control
INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased
More informationCGEIT Certification Job Practice
CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge
More informationGRM OVERSEAS LIMITED RISK MANAGEMENT POLICY
GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY As approved by the Board of Directors at their meeting held on 11.11.2014. 1 P a g e Contents 1. Risk Management...3 2. Policy...3 3. Risk Management Philosophy...3
More informationGleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018
Page 1 of 16 Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 The content of BEC Study Unit 2, Subunit 2, has undergone extensive edits due to the 2017
More informationBusiness Risk Services
Business Risk Services Corporate Governance Internal Control Review Risk Management Internal Audit Fraud & Forensics Compliance Policies & Procedures Our Firm... Grant Thornton - Al-Qatami, Al-Aiban and
More informationAgenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.
Agenda 1 Agenda Definitions and Processes Risks Audit & ERM Key Strategies Conclusions 2 2017 1 ERM: Definition From Wikipedia, the free encyclopedia ERM in business includes the methods and processes
More informationThe most commonly applied model for designing and auditing internal
Fair Value Accounting Fraud: New Global Risks and Detection Techniques By Gerard M. Zack Copyright 2009 by Gerard M. Zack Appendix C Internal Controls over Fair Value Accounting Applications The most commonly
More informationLI & FUNG LIMITED ANNUAL REPORT 2016
52 Our approach to risk management We maintain a sound and effective system of risk management and internal controls to support us in achieving high standards of corporate governance. Our approach to risk
More informationCompliance Plan. Introduction to the Complince Plan of the Archdiocese of Indianapolis. John S. (Jay) Mercer
Compliance Plan Introduction to the Complince Plan of the Archdiocese of Indianapolis John S. (Jay) Mercer Overview I. Compliance Background II. Elements of an Effective Compliance Program What is Compliance?
More informationYour committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance
Audit Committee Self-assessment Guide The following guide summarizes leading audit committee practices discussed in the "Audit Committee Effectiveness- What Works Best" report. You may use it to help assess
More informationRisk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009
2009 Compliance and Ethics Institute Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009 Table of contents Section 1 2 3 4 5 6 Learning objectives Why measure risk
More informationPerformance Risk Management Jonathan Blackmore, May 2013
Performance Risk Management Jonathan Blackmore, May 2013!@# Topics The world is changing How leading companies turn risk into results Back to basics 2 Company focus Market Risk Management an evolving journey
More informationRisk Management in the 21 st Century Ameren Business Risk Management
Management in the 21 st Century Ameren Business Management Charles A. Bremer V.P. Ameren Service Center/Information Technology Ameren Services Co. November, 2007 Ameren s History 2 Ameren Today Electric
More informationAdvisory Services Governance, Risk & Compliance
Advisory Services Governance, Risk & Compliance Caribbean Association of Audit Committee Members Inc. 2010 Conference Caretakers of Integrity and Accountability: The Role of Internal Audit in Corporate
More informationInternal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP
Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP March 28, 2012-1 - Speaker Introduction Laurie Shen is a Director at Grant Thornton's Northeast Internal Audit
More informationRisk Management Developing an Effective Audit Plan
2013 CliftonLarsonAllen LLP Risk Management Developing an Effective Audit Plan Association of Credit Union Internal Auditors P L n L e A l n o s a r n L o t f i l C 3 1 0 2 cliftonlarsonallen.com Discussion
More informationExecutive Summary. Exhibit 1- Streamlined communication to the Board of Directors
Executive Summary Enterprise Risk Management (ERM) remains one of the most important tasks of corporate leadership teams. The increased pace and magnitude of technology innovation, regulatory changes,
More informationUsing a Compliance Program Assessment for Strategic Impact
SCCE 10th Annual and Ethics Institute Using a Program Assessment for Strategic Impact Laura LaCorte, University of Southern California Andrew Reisman, Ernst & Young LLP September 13, 2011 Overview Goals
More information9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in
9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in operational effectiveness and efficiency, reliable
More informationHeightened standards for compliance risk management. Lines of defense compliance s role
Heightened standards for risk management Lines of defense s role Post-financial crisis, the Office of the Comptroller of the Currency (OCC) developed a set of heightened expectations to enhance the risk
More informationCORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE
CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE What is on the agenda Corporate Governance: In Theory Brief history The concept Principles Corporate Governance: In Practice Corporate governance elements
More informationINTERNAL CONTROLS AUDITOR JOHN BYRD, SENIOR AUDITOR TONYA CARRIGAN, SENIOR AUDITOR
1 INTERNAL CONTROLS FOR THE BEGINNING AUDITOR JOHN BYRD, SENIOR AUDITOR TONYA CARRIGAN, SENIOR AUDITOR UF HEALTH SHANDS HOSPITAL AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois www.ahia.org
More informationAnalyzing and improving operational processes
Analyzing and improving operational processes 178 Overview Overview of Internal Audit Review of 2017 Protiviti Survey Health Care Internal Audit Use of Data Analytics Internal Audit Transformation Questions
More informationIT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams
IT Audit at Brown A collaboration between the Information Technology and Internal Audit Teams Page 1 Agenda Objective Risk Management Overview Internal Audit at Brown IT Audit at Brown Frequently Asked
More information716 West Ave Austin, TX USA
FRAUD-RELATED INTERNAL CONTROLS GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA Figure 2.1 COSO defines an internal control as a process, effected by an entity s board of
More informationB U S I N E S S R I S K M A N A G E M E N T L T D
B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop
More informationSan Francisco Chapter. Presented by Scott Perry - Slalom Consulting
Presented by Scott Perry - Slalom Consulting Introductions Session Objectives Overview of Enterprise Risk Management The Role Of IT IT Governance Model IT Risk Assessment How IT Auditors Add Value Key
More informationInternational Finance Corporation
International Finance Corporation Corporate Governance and Internal Audit Overview Bob Lamm Independent Senior Advisor Center for Corporate Governance Deloitte LLP Neil White Global IA Analytics Leader
More informationW207: How should you leverage internal audit? October 26, 2016
W207: How should you leverage internal audit? October 26, 2016 Agenda Internal Audit Framework 3 Lines of Defense Value Enhancement Work Internal Audit vs. Compliance Areas of Focus Key takeaways 2 What
More informationCITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide
CITIBANK N.A JORDAN Governance and Management of Information and Related Technologies Guide 2018 Table of Contents 1. OVERVIEW... 2 2. Governance of Enterprise IT... 3 3. Principles of Governance of Enterprise
More informationENTERPRISE RISK MANAGEMENT
ENTERPRISE RISK MANAGEMENT PROFILE AND BACKGROUND JOHN TOSCANO, CPA, PARTNER 959-200-7211 john.toscano@cohnreznick.com John Toscano, CPA is a partner with CohnReznick LLP and leads the Firm s Independent
More informationQuality Assessments what you need to know
Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches
More informationDIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015
DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS SAMPLE SELF-ASSESSMENT TOOL INTRODUCTION The purpose of this tool is to help determine
More informationCertificate in Internal Audit IV
Certificate in Internal Audit IV The Senior Audit Role auditing key business activities Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need
More information3/21/2017. How and when should you leverage internal audit? March 28, Agenda. What are your initial thoughts on internal audit?
How and when should you leverage internal audit? March 28, 2017 Agenda Internal Audit foundation 3 lines of defense Trends in consultative & value enhancement work Why you should care Key takeaways 2 What
More informationMore than 2000 organizations use our ERM solution
5 STEPS TOWARDS AN ACTIONABLE RISK APPETITE Contents New Defining Pressures Risk Appetite and Risk Tolerance Benefits The 5 Best of Practices Risk Assessments Benefits of an Actionable Risk Appetite More
More informationISACA. The recognized global leader in IT governance, control, security and assurance
ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About
More informationPREPARING A RISK BASED AUDIT WORK PROGRAM
1 PREPARING A RISK BASED AUDIT WORK PROGRAM BAILEY JORDAN PARTNER, GRC PRACTICE LEADER GRANT THORNTON, LLP DAVID TYLER PRINCIPAL, HEALTH CARE ADVISORY GRANT THORNTON, LLP AHIA 32 nd Annual Conference August
More informationCertified Internal Auditor - Part 1, The Internal Audit Activity's Role in Governance, Risk, and Control
IIA IIA-CIA-Part1 Certified Internal Auditor - Part 1, The Internal Audit Activity's Role in Governance, Risk, and Control https://killexams.com/pass4sure/exam-detail/iia-cia-part1 Question: 555 During
More informationRisk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director
Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director March, 2010 Today s Agenda In the Spotlight More Than 15 Minutes of Fame Marketplace Perspective Deloitte Global
More informationSupplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance
Supplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance Steps to reduce supplier uncertainty and uncover cost savings An unreliable
More informationIntegrating COSO s Fraud Risk Management Guide on an Enterprise Scale
Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale September 15, 2017 Vincent Walden Partner EY Atlanta Delores White Director, Internal Audit Southern Company Scott Hulsey Chief Compliance
More informationHow to Assess and Mitigate the Risk of Misconduct Occurring and Not Being Reported
How to Assess and Mitigate the Risk of Misconduct Occurring and Not Being Reported October 15, 2012 Presented by: Chip Jones Kathy Cooper Franklin Brad Siciliano Presented by: Earl M. Chip Jones, III Littler
More informationRole of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018
Role of Board of Directors in Risk Management Presentation by: CPA Erick Audi Thursday, 15 th November 2018 Uphold public interest Presentation Agenda Introduction & Definitions Legal Provisions/Guidelines
More information1. Definition & Mission
1. Definition & Mission 1.1 Internal Auditing is an independent, objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of. 1.2 Group Internal
More informationERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2
Practical Enterprise Risk Management (ERM) Casualty Loss Reserve Seminar, Fall 2013 Agenda ERM 101 2 Building an effective ERM program 8 Case study 28 Lessons learned 34 Q&A 38 1 Practical Enterprise Risk
More informationInternal Audit & the Audit Committee
HCCA Audit & Compliance Committee Conference February 2008 Internal Audit & the Audit Committee Glen C. Mueller, CPA, CIA, CISA, CISM Scripps Health, San Diego, CA VP-Chief Audit & Compliance Executive
More informationEnterprise Risk Management Montana State Fund
Enterprise Risk Management Montana State Fund Report to the Board January 28, 2011 Presented by: Mary Peter, Director of Enterprise Risk Management Enterprise Risk Management (ERM) Defined An integrated
More informationEnterprise Risk Management: Developing a Model for Organizational Success. White Paper
Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the
More informationAdvanced Audit Techniques
Certificate in Internal Audit 4 Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit projects, contracts
More informationStrategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.
Strategic Risk Assessment A first step for improving risk management and governance. By Mark L. Frigo and Richard J. Anderson December 2009 I STRATEGIC FINANCE 25 The recent economic environment and negative
More informationIT Audit Process Prof. Liang Yao Week Three IT Risk Assessment
Week Three IT Risk Assessment Defining Risks Inherent Risk: The risk that an activity would pose if no controls or other mitigating factors were in place (the gross risk or risk before controls) Residual
More informationAnti-Fraud Programs and Control Policy
Anti-Fraud Programs and Control Policy OVERVIEW This document provides an overview of the programs and controls Tahoe Resources Inc. ( Tahoe ) follows in order to evaluate fraud risk as it pertains to
More informationCompliance Risk Management
Compliance Risk Management Seventh Annual University Compliance Conference Society for Corporate Compliance and Ethics May 30, 2009 Robert F. Roach, NYU University Ethics and Compliance Officer Robert.Roach@nyu.edu
More informationEY Center for Board Matters Boards and internal audit
EY Center for Board Matters Boards and internal audit Working together to strengthen risk management Growing demands on boards The role of the board has always been an important and demanding one, but
More informationInternal Audit Best Practices for Community Banks. A CSH White Paper
Internal Audit Best Practices for Community Banks A CSH White Paper Internal audit is not an option; examiners expect your bank to have an effective internal audit program in place. However, in today s
More informationTreasury and Risk- Vision 2009 March 25 th, 2009 Michele L. Turner- Sr. Manager Operations Enterprise Risk Management (OERM)
Treasury and Risk- Vision 2009 March 25 th, 2009 Michele L. Turner- Sr. Manager Operations Enterprise Risk Management (OERM) Microsoft Mission: At Microsoft, our mission and values are to help people and
More informationEmbedding Operational Risk
Embedding Operational Risk Banking & Payments Federation Ireland Angela Calapa, Risk & Regulatory Director Areas of Challenge for Embedding Operational Risk Most banks face a significant number of challenges
More informationGlossary. Chartered Institute of Internal Auditors. 26 July Add value. Adequate control. Assurance services. Board. Charter
26 July 2017 Glossary Chartered Institute of Internal Auditors This glossary explains the specific meanings of some terms that are used in the The International Standards. Add value The internal audit
More informationSusan Schmidt Bies: Corporate governance and community banks
Susan Schmidt Bies: Corporate governance and community banks Remarks by Ms Susan Schmidt Bies, Member of the Board of Governors of the US Federal Reserve System, before the Annual Convention of the Arkansas
More informationNOGDAWINDAMIN FAMILY AND COMMUNITY SERVICES
This dictionary describes the following six functional competencies and four enabling competencies that support the differentiated territory for professional accountants in strategic management accounting:
More informationDoes your organization Establish Career Path for all Organizational Project Management Roles"?
Best Practice ID SAM Question Domain Process Improvement Stage 8640 Does your organizaron Control the Define Roadmap Control 8750 Does your organizaron Improve the Define Roadmap Improve 8760 Does your
More informationDOING MORE WITH LESS: OBSTACLE OR OPPORTUNITY FOR COMPLIANCE LEADERS
DOING MORE WITH LESS: OBSTACLE OR OPPORTUNITY FOR COMPLIANCE LEADERS Society of Corporate Compliance & Ethics Institute Planet Hollywood, Las Vegas, Nevada September 16, 2009 Presenters: David Childers,
More informationTactical Implementation of Enterprise Risk Management
Tactical Implementation of Enterprise Risk Management Presented by: Glen Cooper Copyright Tactical Implementation of ERM CONGRATULATIONS YOU HAVE SUCCESSFULLY MADE YOUR BUSINESS CASE AND ACHIEVED MANAGEMENT
More informationHCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?
HCCA Institute 2018 708: Intersection of & April 17, 2018 Agenda Objectives Where are we today? Corporate Integrity: The intersection of, and Privacy Questions 2 Where are we today? 3 1 Regulatory change
More informationEffective implementation of COSO s new anti-fraud guidance
Effective implementation of COSO s new anti-fraud guidance In September 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a new Fraud Risk Management Guide (Anti-fraud
More informationInternal Audit Division FY 18 - Audit Plan Overview
Division FY 18 - Audit Plan Overview Our Value Proposition - Objective Insight and Catalyst for Positive Change delivers value-added services that are catalysts for positive institutional change in governance,
More informationGuide to Internal Controls
Guide to Internal Controls Table of Contents Introduction to Internal Controls...3 Roles...4 Components....5 Control Environment...5 Risk assessment...6 Control Activities...7 Information & Communication...9
More informationPrivate Client Services Are your internal controls supporting your business strategy?*
Private Client Services Are your internal controls supporting your business strategy?* Featured Article Series Issue 1 March 2008 *connectedthinking pwc We know you want more than just another consultant
More informationPrivate Company Services. Private companies: are your internal controls supporting your business strategy?*
Private Company Services Private companies: are your internal controls supporting your business strategy?* private companies and internal controls Benefits for private companies // 3 Internal controls
More informationGroup Internal Audit Charter
Group Internal Audit Charter March 2018 1. Introduction 1.1. This internal audit charter defines the purpose, authority, responsibilities and framework within which the Group Internal Audit (GIA) function
More informationIIA ACFE Conference April 17, 2015
IIA ACFE Conference April 17, 2015 Summary of Presentation Forensic Audit / Internal Audit Forensic Audit Role Forensic Audit Methodology Pragmatic examples of how forensic audit can benefit the risk assessment
More informationTransaction Advisory Services. Operational Transaction Services. Working with you to make your transaction a success
Transaction Advisory Services Operational Transaction Services Working with you to make your transaction a success Operational Transaction Services Canada offers substantial growth opportunities for both
More informationREPORT 2016/033 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS
More informationRamifications of the New COSO Framework & Recent PCAOB Actions
Ramifications of the New COSO Framework & Recent PCAOB Actions Panelists Moderator Bob Meyer, Senior Vice President of Finance & Corporate Controller, American Tower Joann Cangelosi, Partner, Grant Thornton
More informationRisk Management With an Enterprise (Wide) Focus
Risk Management With an Enterprise (Wide) Focus Date or subtitle August 11, 2016 1 Today s Presenters Jerry Miller, CRCM, CMC, AMLS, CRP Partner 630.368.7021 jlmiller@wipfli.com 2 Risk Management Governance
More information