Enterprise Risk Management. Marc Heneghan. BA 559 Enterprise IT Governance. Professor Michael Shaw
|
|
- Sandra Harper
- 6 years ago
- Views:
Transcription
1 Enterprise Risk Management Marc Heneghan BA 559 Enterprise IT Governance Professor Michael Shaw December 16, 2008
2 Enterprise Risk Management Introduction to Risk 3 Types of Risk 3 Risk Management Strategies 4 Driving Forces of ERM 4 ERM Software Solutions 5 Choosing an ERM 10 ERM Implementation 11 ERM Valuation 12 Credit Crisis and Financial Meltdown 13 Conclusion 14 Works Cited 15 2
3 Introduction to Risk There are several types of risk that companies face as they engage in business. These risks vary in both the type of risk and the impact the risk could have on the company. As great as these risks vary are the methods in which they are managed. These risks including governance, strategy, and operational are managed in different ways depending on the nature and size of the company as well as the industry it competes. This paper discusses several types of risk and evaluates many of the IT based Enterprise Risk Management (ERM) solutions available to address these risks. Finally, the paper discusses ERM with relation to the current credit crisis and financial meltdown. Types of Risk The number and types of risks a company face varies on countless factors ranging from the location and industry to economic conditions. Given the range of risks associated with business, classification is clearly needed. These risks, while not all-inclusive, can be broken down into the following categories: Strategic Risk that the company s strategy is not successful. Compliance Risk of adverse legislation. Financial Risk of financial insolvent. Operational Risk of operational failure (Business Link). Each risk must be viewed within the context of the company and even within the context of the other risks. ERM software can help identify and alleviate operational, compliance, strategic, and financial risk. 3
4 Risk Management Strategies There are several ways to manage risk. The four main methods of risk management include: Risk Mitigation The actions taken to alleviate potential risk. Risk Acceptance Accepting the risk and potential consequences. Risk Transfer Transferring the risk to a third party such as an insurance company. Risk Avoidance Avoiding the risk in general due to the severity of the potential outcome (Measuring Risk). Each Company s methodology for risk management differs greatly and is largely a function of the industry. For example, a high tech firm may adapt a risk acceptance strategy for new products, whereas a landlord of an office building may transfer risk through the form of insurance. Additionally, some industries including financial and pharmaceuticals are forced through government compliance to manage risks in certain manners. ERM software allow companies to evaluate and organize their risks based on evidence both internally and externally. Driving Forces of ERM Many companies are forced to adapt ERM solutions in order to maintain government compliance while the scale and complexity of other ERM solutions voluntarily adopted. In the case of regulation, compliance may require certain business processes to reduce or mitigate risk. Generally speaking, when these processes are required by law and not by 4
5 choice companies tend to take a low cost approach and tend to be reactive rather than proactive. This is an important distinction as it is relevant in understanding the credit crisis and sub-prime mortgage meltdown discussed below. If ERM is not being implemented for Governance reasons, it is typically implemented strategically or to improve performance (operational). Strategically, it may give a company a competitive advantage or allow them to reduce risks that competitors are unable to manage. For performance based results, it can reduce costs through cost saving consolidations as well as ensuring a stable operating environment through financial instruments such as hedging and derivatives. It can also help to coordinate resources or reduce redundancies. ERM Software Solutions ERM software suites range from extremely high tech and integrated management systems to affordable SaaS options. Don Sobczak, a KPMG Manager in Advisory Services categorized ERM software into four categories based on their ability to execute and completeness of vision as displayed below during a KPMG presentation (Sobczak). 5
6 Each of the four quadrants list different competitors that offer different solutions for the client. Don noted the large number of players in the market compared to Customer Relationship Management or Enterprise Resource Planning software. The segmented market is again due to the unique and diverse needs of different users. The differences are great between the software, but the similarities may be greater. Most of the products have numerous similar aspects and most share the COSO framework. A PriceWaterhouseCoopers paper on COSO Enterprise Risk Management-Integrated Framework describes ERM solutions. Enterprise risk management is a process, effected by an entity s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect 6
7 the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (Steinberg) With the COSO framework at the core, many of the solutions become easier to compare with the main differences with the software being industry or user customization or the implementation process. The COSO framework has eight components that are consistent with most ERM software. These components are: 1. Internal Environment 2. Objective Setting 3. Event Identification 4. Risk Assessment 5. Risk Response 6. Control Activities 7. Information and Communication 8. Monitoring In addition, the COSO framework share the same four risk areas described under the Type of Risks section (Steinberg). The ideal software for most companies would take elements from each of the four risk areas and identify the relevant components outlined by the COSO framework and apply it in an easy to use custom software. While the COSO framework is not the only framework used or accepted, it is by large the most commonly accepted and applied framework. 7
8 The software should then be able to organize the information outlined in the COSO framework in a meaningful manner. The information can be collected and organized in a number of ways and will be unique to each company and industry. Clearly input will be necessary from both those involved in the strategic planning in a company to those involved in the day to day production. This truly leads to a diverse view of risk and provides a 360 degree view of issues within a company. Kregg Weigand, a Partner in KPMG Advisory services also noted that simply compiling information on risks as seen by those for example in a board room to those on a factory floor will illustrate the disconnect in identifying and prioritizing risk (Weigand). An visual example of the compilation of this information is graphically depicted in graph presented by KPMG Advisory Services. (Weigand) 8
9 Once this information is collected it can be used to prioritize the risks. This again will vary from company to company on how risks are classified. Generally, the severity and probability of likelihood of each risk will be identified. In addition, the impact of the risk in comparison to the importance of the business process to critical success factors of the company will be evaluated (Weigand). McAfee visually depicts how an ERM would highlight and illustrate a certain risk based on these aspects. QuickTime?and a decompressor are needed to see this picture. (Measuring Risk) The resulting compilation is a risk profile of the relevant risks and how they may be related. Once this profile is developed, management must decide how to approach each risk or type of risks using the methods described above. For example, management may find it pertinent to accept some forms of risk but to transfer others in the form of insurance. This also allows management to take a proactive view of risk rather than a reactive and highlights potential material weaknesses in given event circumstances. It is therefore important to highlight key processes pertinent to each risk and how it is currently being managed and if any changes should or are being made. This constant 9
10 update allows users to have an up to date profile at any point during time. As described below, this could take the form of an annual review of risks or even a daily review depending on the company. A small company may have one risk profile, while a larger company may have profiles for each division. These profiles create a portfolio. The portfolio view of risk is vital risk management of larger companies. Some companies may be so large and diverse that they can simply accept the risk as it may balance another aspect of the company. In these cases of large conglomerates, relevant and reliable data is key to allowing management to maintain an acceptable level of risk. In other scenarios, a common risk across the portfolio could provide tolerable levels of risk on a project level but an intolerable aggregate. Choosing an ERM Even with all this information, choosing an ERM can be more than a headache. As illustrated above, there is not a clear choice or industry leader in every circumstance. Instead, each company should evaluate their needs and consider what the software and service can offer. For example, if a company already runs Oracle and is satisfied with its performance, than the Oracle GRC platform may be an excellent fit since it can tie in the financial reporting aspect (Oracle). However; if the company falls within the financial services sector, than a company with financial services expertise such as Qumas may be a better fit (Financial). To take this one step further, Mike Ohata, a Manager in KPMG s Advisory Services described how a high tech company like Google or Microsoft will face 10
11 constantly changing risk profile compared to stable industry (Ohata). In an example like this, the stable industry may benefit from a simple inexpensive annual risk analysis; whereas a high tech company may need a complex real time risk analysis to be successful. Another aspect to consider is if the company internally has the resources to perform and maintain the risk analysis. If the company does not, consulting options such as Protiviti can implement the risk management. In addition, some firms have also partnered with software venders. For example, PriceWaterhouseCoopers has a partnership with Cura Software Solutions (Cura). Although the industry leading team is a seemingly perfect fit with a powerful solution, the company must evaluate other externalities such as if this impedes audit independence in any way. In addition, audit firms may not be able to offer a full line of services due to potential future independence issues. Finally, as discussed below is the monetary cost of the software itself. Again, this is dependent on both the size of the company as well as the number of users. What is clear is that ease of use of the system is vital for widespread success. ERM Implementation Similar with other investments in IT, successful implementation requires more than just an excellent product. Almost all of the software listed above advertised their differentiation through customer service. Consulting firms specialize strictly in implementation to ensure smooth results. So much emphasis is rightfully placed on the implementation because if employees can not or choose not to use the software effectively than the value of the solution becomes worthless. Therefore, choosing a software partner or consultant that the company can work with is nearly as important as 11
12 the software itself. It is also important that management support the initiative or else it risks getting too little funding and respect. Under this circumstance, the software will not produce the desired results regardless of how good the software. Valuation of ERM Similar to the valuation of similar Enterprise suites or internal controls, the value gained by implementing the ERM solution should be greater than the cost; thus the company should recognize a positive return on investment. Still, the method of valuing such a system is difficult using conventional financial tools such as net present value. This difficulty arises for two primary reasons. The first being that the when an ERM is necessary for compliance the cost of not being compliant may be large fees or even termination of operation. For companies voluntarily adopting ERM, valuation becomes difficult as the true monetary value derived from risk management become an intangible figure. How should a company value properly identifying risks and responding in a timely manner, or avoiding projects management deems too risky for the organization? In addition, ERM can add value through opportunities identified through risk management. This is the idea that not only does ERM help manage the negative aspects of risk, but it also allows the company to identify and therefore increase the positive outcomes from risk. This adds to the difficulty in valuation and frustration to the implementation of ERM systems, as management often makes the mistake of taking a difficult to value asset and assigning it no value. What is clear, as Professor Michael Shaw of the University of Illinois states, is that companies should treat this and other forms of IT as an asset and view it as part of a portfolio (Shaw). 12
13 Credit Crisis and Financial Meltdown Kregg Weigand described financial services as having some of the most advanced ERM solutions available. However, Mr. Weigand described many of the ERM solutions adapted by financial services as reactive rather than proactive (Weigand). The result, may be that management of financial service industries adopted these ERM solutions extremely well on an operational and compliance level, but failed to bridge ERM to a strategic level. The affects of financial reporting risks are still unclear as fair market accounting valuation may have increased the rate of decline. The results of a strategic failure can be seen as consumer mortgages and loans that were both compliant and within technical requirements. These requirements were set and optimized for performance with a reliance on increasing asset valuation and inexpensive lending. The failure then lies with the strategy of lending or purchasing financial instruments with the principal lying in sub prime debtors. A successful ERM should identify the lapse of logic in the strategy of a portfolio with heavy reliance on under-collaterized loans to sub-prime debtors and thus limit exposure to such high risk devices. Indeed some firms did come to this realization and adverted much of the sub-prime fallout. An example of this is Goldman Sachs relative position to that of Lehman Brothers (Sub-Prime). There are many lessons to be learned here about risk management. First is the importance of viewing risk both from an individual risk perspective as well as with a greater scope incorporating the entirety of the risk profile. Next is the adaptation and acceptance of the software within the organization. If employees fail to properly implement and accept the ERM solution than the value of the system is lost. Finally is the mandate of ERM solutions. Regulation 13
14 can effectively mandate ERM for compliance, financial reporting, and even operational risks; however it is much more difficult conceptually and fiscally to enforce strategic risk or companywide risk analysis. Conclusion It is clear that there are enormous benefits to adopting an ERM solution. These include improvements within governance, strategy and performance. What is also clear is the difficulty in successfully implementing an ERM solution. Issues arising from valuation, selection, and implementation often hinder the effectiveness of the tool. Additionaly, trained and willing employees serve as link to a successful ERM. Clearly ERM can be a positive investment and serve as a competitive advantage when properly executed. 14
15 Works Cited "Cura and PricewaterhouseCoopers Announce Risk & Control Library Partnership." Cura Software Solutions. 15 Dec < 5&newssectionid=3>. "Financial Services Solutions." Qumas.com. 15 Dec < "Managing Risk." Business Link. 15 Dec < >. "Measuring Risk to Gauge Vulnerability." McAfee. 15 Dec < vulnerability.html>. Ohata, Michael. "Risk Managment Software." Champagin. 21 Dec "Oracle GRC." Oracle.com. 15 Dec < Shaw, Michael. "Enterprise IT Governance." Univeristy of Illinois, Champaign. 15 Dec Sobczak, Don. "KPMG IT Project Management Presentation." Univeristy of Illinois, Champaign. 30 Oct Steinberg, Richard, Miles Everson, Frank Martens, and Lucy Nottingham. "Enterprise Risk Management â Integrated Framework." PricewaterhouseCoopers LLP (2004). "Sub-prime sidestep boosts Goldman." News.bbc.co.uk. 18 Dec BBC News.15 Dec < Weigand, Kregg. "Enterprise Risk Management â Managing the Speed of Change." Univeristy of Illinois, Champaign. 20 Oct
Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationInternal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation
Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation April 2014 Disclaimer This presentation is made by KPMG Kenya, a member firm of the KPMG network of independent firms affiliated
More informationGleim CIA Review Updates to Part Edition, 1st Printing June 2018
Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the
More informationThe COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II
The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II S P E A K E R : D O T T. FA B I O A C C A R D I C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R
More informationENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA
ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA Chapter 1 Fundamentals of Enterprise Risk Management Risk management has become a vital ingredient in the entrepreneurial culture
More informationCLAconnect.com/creditunions. Impact the Future of Credit Unions
CLAconnect.com/creditunions Impact the Future of Credit Unions We Believe Enabling your success means a better world for all of us, but now, more than ever, a greater number of operational, regulatory,
More informationMore than 2000 organizations use our ERM solution
5 STEPS TOWARDS AN ACTIONABLE RISK APPETITE Contents New Defining Pressures Risk Appetite and Risk Tolerance Benefits The 5 Best of Practices Risk Assessments Benefits of an Actionable Risk Appetite More
More informationCertificate in Enterprise Risk Management
Certificate in Enterprise Risk Management Who should attend? Risk managers Managers and Directors responsible for the risk management function or process Senior Internal Auditors and audit managers Other
More informationRisk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009
2009 Compliance and Ethics Institute Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009 Table of contents Section 1 2 3 4 5 6 Learning objectives Why measure risk
More informationEnterprise Risk Management
BUSINESS RISK MANAGEMENT LTD Enterprise Risk Management Who should attend? Risk managers Managers and Directors responsible for the risk management function or process Senior Internal Auditors and audit
More informationStrengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More informationCapgemini Risk Management & Compliance
Risk Management & Compliance the way we do it Capgemini Risk Management & Compliance Bringing tangible results to the world s leading financial services companies Improving Reporting Through a Basel II
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which
More informationrisk management Regulatory Compliance in Community Bank: An Exercise in Risk Management By:
risk management Regulatory Compliance in Community Bank: An Exercise in Risk Management By: Kelly Lutinski, National Director KellyLutinski@smarterriskmanagement.com www.smarterriskmanagement.com Executive
More informationRISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt. Here s a primer on how to use two well-known approaches.
RISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt Here s a primer on how to use two well-known approaches. By Mark L. Frigo, CMA, CPA, and Richard J. Anderson, CPA As enterprise risk management (ERM) continues
More informationSuccessful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)
1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management
More informationManaging capital. The essential guide for growth oriented companies
Managing capital The essential guide for growth oriented companies How you manage your capital today will define your competitive position tomorrow. Focusing on capital Capital is the lifeblood of every
More informationEnterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model
Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model Institute of Internal Auditors, Detroit Chapter Meeting February 2019 With you today Sarah Ann Moore Director Internal Audit and Enterprise
More informationHeightened standards for compliance risk management. Lines of defense compliance s role
Heightened standards for risk management Lines of defense s role Post-financial crisis, the Office of the Comptroller of the Currency (OCC) developed a set of heightened expectations to enhance the risk
More informationEnterprise Risk Management & IT Implications. All companies in all industries face risks to successfully running a business. A
Megan Kasbohm BADM 559 Term Paper Enterprise Risk Management & IT Implications All companies in all industries face risks to successfully running a business. A risk is any factor that can hinder the ability
More informationInternal Control Systems
Internal Control Systems What are Internal Controls? Internal Controls are a set of rules, policies, and procedures a municipality can implement to provide reasonable assurances that: its financial reports
More informationERM and the Pharmaceutical Industry
ERM and the Pharmaceutical Industry Prepared By: Britton Stotler University of Illinois BADM 559 December 13, 2008 Introduction Risks are an innate part of every aspect of life, and the business environment
More informationInternal Control Integrated Framework. An IAASB Overview September 2016
Internal Control Integrated Framework An IAASB Overview September 2016 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing
More informationInternal Control Integrated Framework. An IAASB Overview September 2016
Internal Control Integrated Framework An IAASB Overview September 2016 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing
More informationLeveraging IT risk management to boost competitive advantage
Pharmaceuticals and Life Sciences Leveraging IT risk management to boost competitive advantage Achieving integrated information technology, governance, risk, and compliance Table of contents The heart
More informationINTRODUCING 16 WAYS TO GROW YOUR C&I PORTFOLIO IN 2016
INTRODUCING 16 WAYS TO GROW YOUR C&I PORTFOLIO IN 2016 Give me a stock clerk with a goal and I ll give you a man who will make history. Give me a man with no goals and I ll give you a stock clerk. J.C.
More informationInternal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationSolutions for Enterprise Risk Management SAS. Overview. A holistic view of risk of risk and exposures for better risk management SOLUTION OVERVIEW
SOLUTION OVERVIEW SAS Solutions for Enterprise Risk Management A holistic view of risk of risk and exposures for better risk management Overview The principal goal of any financial institution is to generate
More informationMoving Internal Audit Back into Balance
Moving Internal Audit Back into Balance A Post-Sarbanes-Oxley Survey Fourth Edition Table of Contents Introduction... 1 Executive Summary... 2 Overview of Rebalancing Initiatives... 4 Current Status of
More informationWhat s the cost of control? Keeping control of your business when cash is king
Get up to speed Building Better Finance Functions What s the cost of control? Keeping control of your business when cash is king whatwouldyouliketochange.com 2 PricewaterhouseCoopers LLP Contents Managing
More informationDon t make the same mistake twice! Avoiding repeat violations of Reliability Standards
Don t make the same mistake twice! Avoiding repeat violations of Reliability Standards 17 November 2010 www.morganlewis.com www.ey.com Welcome to Don t Make the Same Mistake Twice! Avoiding Repeat Violations
More informationORACLE SOA GOVERNANCE SOLUTION
ORACLE SOA GOVERNANCE SOLUTION KEY FEATURES AND BENEFITS TAKE CONTROL OF YOUR SOA. MAXIMIZE ROI, SERVICE REUSE AND POLICY COMPLIANCE. FEATURES Automated discovery, mapping, and management of the service
More informationMETROPOLITAN TRANSPORTATION AUTHORITY
ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation
More informationENTERPRISE COLLATERAL MANAGEMENT Supporting Banking Profitability White Paper
ENTERPRISE COLLATERAL MANAGEMENT Supporting Banking Profitability White Paper Background Banking profitability has never been under greater pressure. Increasing regulatory compliance costs are combining
More informationBy the Financial Forensic Investigation Team of the Attorneys Fidelity Fund
Find the problem before it finds you By the Financial Forensic Investigation Team of the Attorneys Fidelity Fund Allowing events to destroy the vision you have of your firm can be managed and limited,
More informationCOSO ERM: Integrating with Strategy and Performance. Michael Parkinson
COSO ERM: Integrating with Strategy and Performance Michael Parkinson Content The COSO Frameworks Risk (Enterprise) Risk Management The COSO risk management framework A few highlights Questions for management
More informationCGEIT Certification Job Practice
CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge
More informationFARM MANAGEMENT CONSULTING Advisory Solutions to Enhance Farm Profitability and Operations
FARM MANAGEMENT CONSULTING Advisory Solutions to Enhance Farm Profitability and Operations OUR CORE SERVICES Introduction Management and strategic planning Farm business reviews Production economics and
More informationUnlocking hidden value within regulatory affairs
Unlocking hidden value within regulatory affairs By Denis Berry, Paul Saias, and Brian Williams, KPMG in the U.S. These are chaotic times for life sciences organizations, rife with opportunities and risks.
More informationTransforming Your ERP System into a Solution for Higher Profitability. White Paper. Chris Jones, MAVERICK Technologies, LLC
Transforming Your ERP System into a Solution for Higher Profitability White Paper Chris Jones, MAVERICK Technologies, LLC Transforming Your ERP System into a Solution for Higher Profitability...3 Understanding
More informationRisk Management Developing an Effective Audit Plan
2013 CliftonLarsonAllen LLP Risk Management Developing an Effective Audit Plan Association of Credit Union Internal Auditors P L n L e A l n o s a r n L o t f i l C 3 1 0 2 cliftonlarsonallen.com Discussion
More informationRisk Advisory Services Developing your organisation s governance for competitive advantage
Advisory Services Developing your organisation s governance for competitive advantage The Deloitte Advisory Platform of Services can help you to govern your strategic plan to guide your operations measure
More informationGleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018
Page 1 of 16 Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 The content of BEC Study Unit 2, Subunit 2, has undergone extensive edits due to the 2017
More informationEnterprise Risk Management
Enterprise Risk Management A Roadmap For Implementation June 12, 2018 Presented by: Speaker Name Marianne Turnbull CohnReznick LLP 4 Becker Farm Road Roseland, NJ 07068 P: 973-228-3500 E:marianne.turnbull@cohnreznick.com
More informationEnterprise risk management Protecting and enhancing value Advisory
Enterprise risk management Protecting and enhancing value Advisory October 2016 kpmg.co.za 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More informationTaking ERM to a. 6 GRC Today / October 2015
GLOBAL SCALE 6 GRC Today / October 2015 Global Scale lobal events highlighted by G business scandals, failures, information theft, and natural disasters have shone the spotlight yet again on risk management
More informationCreating Sustainable Advantage Through IT Risk Management
Creating Sustainable Advantage Through IT Risk Management Greg Mitchell BADM 559 Shaw One of the most important things for a business is to create a sustainable advantage in their operations. Sustainable
More informationGuidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note
More informationQuadrant I. Module 25: Balanced Scorecard
Quadrant I Module 25: Balanced Scorecard 1. Learning Outcomes 2. Introduction 3. Balanced Scorecard Framework 4. Balanced Scorecard 5. Organisational Effectiveness 6. Balanced Scorecard & Organisational
More informationUNF Finance and Audit Committee January 15, 2013
Item 7 UNF Finance and Audit Committee January 15, 2013 Issue Office of Internal Auditing Audit Planning Methodology Proposed Action Report Background Information The purpose of this item is to present
More informationTOTAL ANALYTICS POWERED BY TOUCHÉ FOCUSED BUSINESS ANALYTICS
TOTAL ANALYTICS POWERED BY TOUCHÉ FOCUSED BUSINESS ANALYTICS 2 FINASTRA Brochure INTRODUCTION The Key to Overcoming Today s Challenges in Financial Services Marketing Is Access to Holistic Information
More informationKey TSA provisions your M&A team needs to know now
Key TSA provisions your M&A team needs to know now March 2018 kpmg.com 1 1 Companies are increasingly focusing on a rigorous Transition Service Agreement (TSA) as a key component in creating deal value.
More informationBCP Methodology Benefits realisation
www.pwc.com.cy BCP Methodology Benefits realisation Risk Assurance Consulting (RAC) Risk Assurance Consulting (RAC) helps management to make well informed decisions. The insight and independent assurance
More informationDeciphering third-party business risk in a period of weak commodity prices
Deciphering third-party business risk in a period of weak commodity prices Contents Introduction 1 Mitigating risk 2 Types of business disruption risk 4 Business Disruption Risk Analytics solution 5 Analyzing
More informationEnterprise Risk Management
Enterprise Risk Management Integrating with Strategy and Performance Paul Sobel, Vice President / CAE Georgia-Pacific, LLC COSO Chairman Jordan Reed, Managing Director, Protiviti 1 2 ERM status quo: A
More informationBUSINESS INTELLIGENCE: IT S TIME TO TAKE PRIVATE EQUITY TO THE NEXT LEVEL
BUSINESS INTELLIGENCE: IT S TIME TO TAKE PRIVATE EQUITY TO THE NEXT LEVEL BUSINESS CONSULTANTS DEEP TECHNOLOGISTS In a challenging economic environment, portfolio management has taken on greater importance.
More informationAdvancing analytics and automation within internal audit
Advancing analytics and automation within internal audit A look into the current maturity stages of internal audit analytics and how internal audit departments are further developing their analytics programs
More informationBeyond compliance. Gaining competitive advantage through risk data excellence
Beyond compliance Gaining competitive advantage through risk data excellence This page has been intentionally left blank New risk data aggregation and reporting rules affect bank IT and operations While
More informationISO whitepaper, January Inspiring Business Confidence.
Inspiring Business Confidence. ISO 31000 whitepaper, January 2015 Author: Graeme Parker enquiries@parkersolutionsgroup.co.uk www.parkersolutionsgroup.co.uk ISO 31000 is an International Standard for Risk
More informationCommunity Bankers Conference
3rd Annual Regional and Community Bankers Conference The Federal Reserve Bank of Boston Disclaimer NEVER WRONG DON T COMPLETELY RELY UPON Recent Developments in Audit Practice SOX, FDICIA 112, Other Robert
More informationREVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION
January 9, 2015 Secretariat of the Basel Committee on Banking Supervision Bank for International Settlements CH-4002 Basel, Switzerland Submitted via http://www.bis.org/bcbs/commentupload.htm REVISED CORPORATE
More informationGUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))
GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for
More informationRamifications of the New COSO Framework & Recent PCAOB Actions
Ramifications of the New COSO Framework & Recent PCAOB Actions Panelists Moderator Bob Meyer, Senior Vice President of Finance & Corporate Controller, American Tower Joann Cangelosi, Partner, Grant Thornton
More informationB U S I N E S S R I S K M A N A G E M E N T L T D
B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop
More informationDriving healthy growth
Health Care Of special interest to Boards of directors The C-suite Health care executives 5Insights for executives Driving healthy growth The value of a proactive stance to compliance Organizations throughout
More informationDriving profitability in a low-rate world. The state of the banking industry
Driving profitability in a low-rate world The state of the banking industry In this environment, even the best-run banks are challenged to deliver a satisfactory return on equity. And a disturbing number
More information2017 Internal Controls Survey
2017 Internal Controls Survey kpmg.com 2017 Internal Controls Survey Executive summary Although Sarbanes-Oxley (SOX) is not a new regulation, it has continued to evolve over the last 15 years since it
More informationRISK AND COMPENSATION COMMITTEE TERMS OF REFERENCE
RISK AND COMPENSATION COMMITTEE TERMS OF REFERENCE Mandate The Risk and Compensation Committee oversees the Company s 1 Enterprise Risk Management (ERM) Program, including the Company s identification
More informationSimplify and Secure: Managing User Identities Throughout their Lifecycles
PRODUCT FAMILY BRIEF: CA SOLUTIONS FOR IDENTITY LIFECYCLE MANAGEMENT Simplify and Secure: Managing User Identities Throughout their Lifecycles CA Identity & Access Management (IAM) Identity Lifecycle Management
More informationPillar 2 - Supervisory Review Process
BASEL II FRAMEWORK Stress Testing Principles and Guidelines February 2018 CAYMAN ISLANDS MONETARY AUTHORITY Table of Contents Introduction... 3 Stress Testing Framework... 4 Stress Testing Methodologies...
More informationRISK MANAGEMENT POLICY. [Section 134 of the Companies Act, 2013 read with Clause 49]
RISK MANAGEMENT POLICY [Section 134 of the Companies Act, 2013 read with Clause 49] Introduction Risk can be defined as the combination of the probability of an event and its consequences. Oxford Dictionary
More informationOperational Risk Management
Operational Risk Management May 2009 Table of contents Table of contents 3 1. Executive summary 4 2. Introduction 5 3. Guiding Principles 6 4. Operational Risk Definition 7 5. Operational Risk Management
More informationEnterprise Risk Management Course outline
Enterprise Risk Management Course outline Day One: Understanding Enterprise Risk Management (ERM) What is ERM Explanation of ERM and why it is not fully understood The current economic crisis and how ERM
More informationBusiness Model Canvas. Your Value Proposition describes the bundle of products and services that create value for a specific Customer Segment.
1. Value Proposition... Your Value Proposition describes the bundle of products and services that create value for a specific Customer Segment. Your Value Proposition is the reason why customers turn to
More informationConcordia University College of Alberta. Master of Information Systems Security Management (MISSM) Program Ada Boulevard, Edmonton, AB
Concordia University College of Alberta Master of Information Systems Security Management (MISSM) Program 7128 Ada Boulevard, Edmonton, AB Canada T5B 4E4 Scoping ITGC S for SOX 404 Audits by PERHR, Trish
More informationLya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises
Richard F. Chambers Certified Internal Auditor Certification in Control Self-Assessment Certified Government Auditing Professional President April 16, 2009 Lya Villasuso OECD Corporate Affairs Division
More informationGetting Started with Risk in ISO 9001:2015
Getting Started with Risk in ISO 9001:2015 Executive Summary The ISO 9001:2015 standard places a great deal of emphasis on using risk to drive processes and make decisions. The old mindset of using corrective
More informationCOSO ERM: Integrating with Strategy and Performance. Paul J. Sobel, CIA, QIAL, CRMA COSO Chairman
COSO ERM: Integrating with Strategy and Performance Paul J. Sobel, CIA, QIAL, CRMA COSO Chairman Focus of Presentation Why the ERM Framework was Updated 10 Key Things to Know about the Framework Key Impact
More informationEnterprise Risk Management (ERM): Gap Analysis for Kenya and the development of a niche service provider
Enterprise Risk Management (ERM): Gap Analysis for Kenya and the development of a niche service provider Author: Jason Levitan, Warrior INSIGHT Introduction Risk in the corporate arena is an ever-present
More informationDetailed competency map
Detailed competency map Additional competency requirements for entry to the Hong Kong Institute of CPAs qualification programme (Professional bridging examination) Fields of competency The items listed
More informationrisk management ERM Roles & Responsibilities In Community Banks: Who is Responsible for What?
risk management ERM Roles & Responsibilities In Community Banks: Who is Responsible for What? By: John Hurlock, President JohnHurlock@smarterriskmanagement.com Kelly Lutinski, National Director KellyLutinski@smarterriskmanagement.com
More informationRisk frameworks. Driving business strategy with effective risk frameworks
Risk frameworks Driving business strategy with effective risk frameworks Integrating risk management with business strategy Each year, a board begins its planning period with a set of strategic options
More informationTotal Expert presents. THE CO-MARKETING GUIDE: Four Common Co-Marketing Pitfalls Mortgage Lenders Face and How to Avoid Them
Total Expert presents THE CO-MARKETING GUIDE: Four Common Co-Marketing Pitfalls Mortgage Lenders Face and How to Avoid Them Introduction For decades, lenders have worked with Realtors to drive new mortgages
More informationQuantifying the Value of Investments in Micro Focus Quality Center Solutions
Dynamic Value Brief Application Delivery Management Quantifying the Value of Investments in Micro Focus Quality Center Solutions Manage software testing and IT quality management with consistent processes
More informationThe Change Challenge: Realizing the Full Value of Your Business Initiatives
The Challenge: Realizing the Full Value of Your Business Initiatives KPMG Management Consulting: People & kpmg.com 1 People and People and 2 Managing people through change For today s businesses, change
More information20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member
Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework Dr. Sandra Richtermeyer COSO Board Member Associate Dean and Professor of Accountancy Xavier University Cincinnati Ohio USA
More informationEnterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.
Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, 2017 3:45 p.m. 4:45 p.m. Presented by: Marc Winkler Director P&G Associates 646 Highway 18 East Brunswick, NJ 08816 P: 877-651-1700
More informationISACA. The recognized global leader in IT governance, control, security and assurance
ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About
More informationSTRAGETIC RISK MANUAL
Strategic Risk Manual 1 Unofficial Translation prepared by The Foreign Banks' Association This translation is for the convenience of those unfamiliar with the Thai language. Please refer to the Thai text
More informationCOMMUNITY SELF ASSESSMENT
COMMUNITY SELF ASSESSMENT WHAT IS IT? A community self assessment (strategic plan) is basically an inventory and analysis of existing conditions that generates a list of community improvement projects.
More informationERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance Wipfli LLP
ERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance 2018 Wipfli LLP In September 2017, the Committee of Sponsoring Organizations (COSO) a committee that provides guidance
More informationWorking better by working together
Working better by working together Deal Advisory / Germany We can help you Partner. / 1 A pragmatic approach to enhancing value through partnerships. Your vision. Our proven capabilities. Businesses thrive
More informationPolicies Regarding Mizuho's Fiduciary Duties
February 12, 2016 Mizuho Financial Group, Inc. Policies Regarding Mizuho's Fiduciary Duties Mizuho Financial Group, Inc. (President & CEO: Yasuhiro Sato) ( Mizuho ) has established its Policies Regarding
More informationcovered member immediate family impaired not a covered member close relative not impaired
BUS 425 Auditing Tad Miller May 22, 2017 Audit Planning, Analytical Procedures, Materiality & Risk, Internal Control Evaluation and Audit Plan 1. INDEPENDENCE All independence problems refer to a client
More informationCanadian Insurance Accountants Association
www.pwc.com/ca Canadian Insurance Accountants Association Corporate Governance Rising Expectations Presented By: Sandeep Dhiman May 20, 2015 Agenda 1. Current Corporate Governance Environment 2. Hot Topics
More informationOn the road(map) again. Balancing the emerging regulatory requirements in the Middle East public sector
On the road(map) again Balancing the emerging regulatory requirements in the Middle East public sector 38 Deloitte A Middle East Point of View Fall 2014 Public Sector Final destination Governments in the
More informationIAASB Main Agenda (September 2004) Page Agenda Item PROPOSED REVISED INTERNATIONAL STANDARD ON AUDITING 540
IAASB Main Agenda (September 2004) Page 2004 1651 Agenda Item 4-A PROPOSED REVISED INTERNATIONAL STANDARD ON AUDITING 540 AUDITING ACCOUNTING ESTIMATES AND RELATED DISCLOSURES (EXCLUDING THOSE INVOLVING
More informationSusan Schmidt Bies: Corporate governance and community banks
Susan Schmidt Bies: Corporate governance and community banks Remarks by Ms Susan Schmidt Bies, Member of the Board of Governors of the US Federal Reserve System, before the Annual Convention of the Arkansas
More information