Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Size: px
Start display at page:

Download "Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)"

Transcription

1 The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview The Intersection A Path Toward Maturity COSO s ERM Framework A Case Study in Risk Questions and Discussion Enterprise Risk Defined A process, effected by an entity s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. 1

2 The Business Motivation for ERM Reduce unacceptable performance variability Align and integrate risk management practices Build confidence of investment community Improve ability to anticipate and respond to impact of major events Reduce earnings volatility Improve consistency of operations. Avoid erosion of sources of value Manage increasing costs of mitigation Improve success rate at accomplishing strategic initiatives Enhance corporate governance Strengthen Board governance Meet regulator expectations Effectively communicate business and risk strategies Align throughout organization Clarify vertical and horizontal roles and authority levels Assess need for senior-level oversight structures Align multiple risk management functions Assess need for and role/authority of Chief Risk Officer (CRO) Integrate into critical management activities Link to shareholder value initiatives Increase ability to understand and aggregate risk exposure Successfully respond to changing business environment Become more forward looking Build management confidence Adopt to new business models Manage business alliances Adjust to competitor moves Exploit risk management strengths through product enhancements Improve resource allocation Demonstrate management s ability to take on and manage risk and provide an adequate return Display ability to handle industry issues and peer companions Increase transparency into risk management capabilities Align risk taking strategy with corporate culture Increase risk awareness Improve balance between risk taking vs. risk averse culture Improve tools to better understand risk exposures Increased accountability for managing risks Increase timely awareness of changes in risk profile and related controls Protiviti s Point of View on ERM If you don t know what your priority risks are, ERM will never begin If you don t have a view around the gaps existing with respect to your priority risks you will never be able to articulate a value proposition ERM is not something to build in a day start somewhere and build incrementally The purpose of ERM infrastructure is to drive continuous improvement of ERM capabilities Objective is to continuously improve capabilities around managing priority risks as circumstances change The tenets of effective ERM implementation: Leverage what you have Integrate with what you do Keep it simple!!! Forrester Independent Research Results In October 2005, The Forrester Wave : Enterprise Risk Consultants, 4th quarter, 2005, was released. The research identified Protiviti as a Leader in the field, along with Deloitte, PricewaterhouseCoopers and IBM Consulting. According to the study: Protiviti has strong methodologies and was rated well by clients. In the client reference category, Protiviti received a perfect score of 5 out of 5. Protiviti s service is an especially good fit for buyers that: Are looking for a strong source of ERM thought leadership and shared knowledge. Are looking for operational implementation of an ERM program. Protiviti s well-developed risk taxonomy is a key differentiator from the other leading firms. 2

3 Protiviti US Risk Barometer Survey Findings: Changing Risk Profile Corporate America s largest companies are taking more risks: They are vulnerable to these business risks and need to step up their risk management efforts to ensure their capabilities are keeping pace with changing risk profiles Risk levels as well as appetite for risk have changed significantly over the past two years Primary catalysts for change include the regulatory environment, strategic decisions, and current and potential litigation Risk Barometer Survey Findings: Risk Capabilities Most senior executives lack a high degree of confidence that their organization s risk management capabilities identify and manage all potentially significant business risks Only 38 percent of business leaders believe their organizations are very effective at managing significant risks More than half 54 percent acknowledge there is more they can do to identify, quantify and manage the risks they face Most companies are taking steps to improve their risk management capabilities Few companies are effective at balancing growth and control Not enough companies are employing best risk management practices CFOs own risk management in most organizations The most significant benefits of risk management are viewed to be lower costs of insuring risk and more timely identification of critical risks Risk Barometer Survey Findings: Current State of Risk Companies do not have just one predominant risk today rather, they face a range of risks The most significant risks cited were: Customer satisfaction (Internal) IT security (Internal) Competition (External) Current regulatory environment (External) 3

4 ERM: A Portfolio View Enterprise risk management requires an entity to take a portfolio view of risk. Corporate Marketing R&D Legal Sales The effects on the organization of: 20% decrease in marketing budget affect sales? 15% increase in R&D output affect demands to market new products. Shift to greater use of outside counsel affect communications with sales staff and R&D/patent process. Evolution of the COSO ERM Framework COSO Internal Control Framework COSO ERM Integrated Framework = New or Enhanced COSO Component Uncertainties Affect EACH Source of Value Unauthorized use Catastrophic loss Unacceptable costs Poor economic performance Insufficient sources of debt or equity Unacceptable losses Inadequate liquidity Physical Assets Financial Assets Organizational Assets Customer Assets Employer/ Supplier Assets Unclear or obsolete strategies Lack of institutional learning Ineffective/Inefficient processes Integrity breakdowns Inadequate information for internal decision making Incorrect executive certifications Reputation loss Significant losses of customers or channels Ineffective channels Loss of markets or market opportunities Lack of needed experience and skills Erosion of intellectual capital Loss of morale Poor relationships Inability to create effective partnerships Risk management should address exposures to ALL sources of value 4

5 ERM Builds upon Existing Risk Capabilities Focus Objective Scope Emphasis Risk Financial and hazard risks and internal controls Protect enterprise value Treasury, insurance and operations involved Financial and operations Business Risk Business risk and internal controls, taking a risk-byrisk approach Protect enterprise value Business managers accountable Enterprise Risk Business risk and internal controls, taking an entitylevel portfolio view of risk Protect and enhance enterprise value Applied across the enterprise, at every level and unit Strategy-setting Application Selected risk areas, units and processes Selected risk areas, units and processes Enterprise-wide to all sources of value CURRENT STATE CAPABILITIES FUTURE STATE VISION Five Practical Steps to ERM Implementation 3 Integrating ERA with Strategy Potential to Embed Risk Assessment Results into Strategic Processes Strategic Risk Assessment Strategic Planning (Value Creation and Protection) Corporate Objective Setting IA Planning Business Unit Objective Setting Budget and Planning Performance Dashboard Reporting (including risk metrics) Resource Allocation 5

6 Designing an ERM infrastructure ERM infrastructure may include: FOUNDATION Common risk language Enterprise risk management policy Risk committee charter Chief Risk Officer job description Clarification of roles and responsibilities CAPABILITIES Enterprise-wide risk assessment process Integration of risk responses with operating plans Supporting technology to collect and aggregate risk management data Common training on and knowledge sharing of best practices Dashboard and other risk reporting ELEMENTS FOR ENHANCING CAPABILITIES Tools to portray a portfolio view of risk Alignment of organizational behavior with risk appetite BCM Terminology and Process Introduction BCM = Crisis + Business Resumption Planning + IT Disaster Recovery Planning the development of strategies, plans and actions which provide protection or alternative modes of operation for those activities or business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise. 6

7 Terminology Confusion Confusion Around Terminology? Let s Discuss Some Similar Terms Business Continuity Planning (BCP) Business Recovery Planning (BRP) Business Resumption Planning (BRP) Business Resiliency Planning (BRP) Disaster Recovery Planning (DRP) Contingency Planning The Business Continuity Lifecycle Why Protiviti? Compliance Monitoring & Auditing Vulnerability & Risk Assessments Business Continuity Plan Benchmarking Training & Awareness Programs Continuity Life Cycle Business Impact Analysis Business Continuity Business Continuity Plan Testing Strategy Design Solutions Deployment Components of a BCM Program Executive Support Steering Committee Process Owner BCM Policy Training and Awareness Program Plan Testing & Exercise Program Plan Maintenance Process Tested, Documented Procedures Crisis Organizational Structure Emergency Operations Center Alternate Processing Facility Crisis Communications Processes Trained Response and Recovery Personnel Pre-positioned Resources Identified Vital Records, Information & Data 7

8 Business Continuity Drivers Regulatory Requirements Current Events and the Perceived Threat Single Points of Failure / Critical External Dependencies Customer Demands Director and Officer Liability Risk Transfer Costs Cannot Afford Downtime Corporate leaders have an obligation to the stakeholders of their organizations to ensure that everything that can reasonably be done to protect the business is done. Gartner Group - Real-Time Enterprise: Business Continuity and Availability October 22, 2002 The Intersection Developing a Common Language The Protiviti Risk Model provides a framework for identifying and defining key risks. It is a flexible tool that can be adapted to meet a client s specific facts and circumstances. The model provides a language to start with in narrowing down the risks to the vital few requiring specific attention. This helps build the confidence of executives and directors in the comprehensiveness of the process. Definitions are created to clarify the risk specificity in order to provide a substantive language for use across the enterprise. 8

9 A Path Toward Maturity Capability Maturity A Model for Describing Process Improvement Derived from Carnegie Mellon capability maturity model Six Elements of Infrastructure Business Policies Business Processes People and Organization Reports Methodologies Systems and Data Corporate, business unit, location level policies Integration into business processes and control environment Risk response ownership and accountability Key performance indicators and management reports Alignment to corporate and business unit methodologies (e.g., Six Sigma) Ability to manage risk response based on technology capabilities 9

10 Improved Maturity - Capability Improved risk management capabilities: Initial Repeatable Defined Managed/Optimizing Enterprise-wide risk strategies Risk Identification Common language Dedicated resources Risk management policy Executive management oversight Risk sourcing Defined process Initial quantification ERM responsibilities Policy and process guidelines followed across the organization Consistent risk reporting Robust risk measurement Enterprise-wide limits Risk diversification exploited competitively Quantification of risk versus tolerances Integrated risk measurement systems Risk measures applied to performance goals Integration with strategy and planning Improved Maturity - Benefits Accumulation of business performance benefits: Initial Repeatable Defined Managed/Optimizing Capitalize on market opportunities Risk awareness Improved business knowledge Uncertainties evaluated and understood Risk-reward decisions receive more attention More effective risk-based decision making Risk anticipated better than competitors Linkage between risk management and line operations management Improved capital and resource allocation Risk transparency with stakeholders Risk managed as integral part of managing the business Diversification effects understood and exploited Risks aggregated to reduce risk transfer costs Risk management integrated with business planning and strategy Protiviti s Enterprise Risk Assessment (ERA) Methodology Understand the business and its objectives Identify events that negatively impact one or more business objectives Understand, evaluate, and prioritize business risks by evaluating the impact and likelihood of potential events and Develop a plan to existing activities respond to high priority risks 10

11 Protiviti s Enterprise Risk Assessment (ERA) Methodology Inputs Establish Project Sponsor and Steering Committee Finalize Project Scope and Approach Develop Project Plan for Each Phase Finalize Project Team Resources Define Project Roles and Responsibilities Determine Approach to Communications Determine Project Team Requirements Meet With Steering Committee Determine Interview Questions and Participants Identify Potential High Risk Areas Conduct Risk Identification Interviews Develop Custom Document Results Risk Model of Interviews in Review Risk Model Documentation Deploy On-Line Request Survey as List Necessary Plan and Design ERA Workshop Develop Workshop Materials Conduct Facilitated Enterprise Risk Assessment Workshop Compile Results of Risk Assessment Activities Risk Profile Develop Executive Report Review Results with Executive ERA 1 2 Internal 3 Event 4 Risk 5 Project Environment and Identification Assessment Risk Reporting Methodology Planning Objectives Outputs Finalized Project Scope & Approach Project Communication Roles & Responsibilities Final Project Documentation Request List Custom Risk Model Understanding of Business Environment Inventory of Risks Identified Initial Top Risks Identified Survey and Interview Results Impact & Likelihood Results for Top Risks Risk Profile Initial Identification of Key Controls Risk Profile and Prioritized Risks Executive Report Documented ERM Next Steps Sample Risk Map IMPACT 9 Catastrophic 8 Major 7 6 Moderate 5 4 Minor 3 2 Risk - Moderate to High N V Risk Moderate K Risk Low D U Risk - High L Risk Moderate to High P Risk Low to Moderate O C R A X Risk Very High M Risk - High T G Risk Moderate G X M T C R P L U N V K O A D Change Performance Execution Business Interruption Technology Support Disaster Recoery Resources Allocation Product Development Regulatory Compliance Reputation Client Retention Security/Vulnerability HR Knowledge capital Communication Performance Monitoring Disaster recovery Insignificant 1 1 Remote 10% Unlikely Reasonably Possible 25% 50% LIKELIHOOD 7 Probable 75% 8 9 Almost Certain 90% Questions and Discussion 11

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the

More information

Enterprise Risk Management Defined and Explained

Enterprise Risk Management Defined and Explained Enterprise Risk Management Defined and Explained Council of Engineering and Scientific Society Executives ACCESSE16 July 27, 2016 Paul Klein Managing Director Not-for-Profit Atlantic Coast Market Territory

More information

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010 Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified

More information

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy

More information

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2 Practical Enterprise Risk Management (ERM) Casualty Loss Reserve Seminar, Fall 2013 Agenda ERM 101 2 Building an effective ERM program 8 Case study 28 Lessons learned 34 Q&A 38 1 Practical Enterprise Risk

More information

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation April 2014 Disclaimer This presentation is made by KPMG Kenya, a member firm of the KPMG network of independent firms affiliated

More information

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018 Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the

More information

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018 Role of Board of Directors in Risk Management Presentation by: CPA Erick Audi Thursday, 15 th November 2018 Uphold public interest Presentation Agenda Introduction & Definitions Legal Provisions/Guidelines

More information

Risk Management Developing an Effective Audit Plan

Risk Management Developing an Effective Audit Plan 2013 CliftonLarsonAllen LLP Risk Management Developing an Effective Audit Plan Association of Credit Union Internal Auditors P L n L e A l n o s a r n L o t f i l C 3 1 0 2 cliftonlarsonallen.com Discussion

More information

Introduction to ERM (Enterprise Risk Management)

Introduction to ERM (Enterprise Risk Management) Introduction to ERM (Enterprise Risk Management) Jonathan Burns Director of Finance for Paramount Health Care since November 2014 Relocated to NW OH from Lexington, KY Prior roles in higher education and

More information

Risk Management in the 21 st Century Ameren Business Risk Management

Risk Management in the 21 st Century Ameren Business Risk Management Management in the 21 st Century Ameren Business Management Charles A. Bremer V.P. Ameren Service Center/Information Technology Ameren Services Co. November, 2007 Ameren s History 2 Ameren Today Electric

More information

Enterprise Risk Management at

Enterprise Risk Management at Enterprise Risk Management at John R.S. Fraser Vice President, Internal Audit & Chief Risk Officer, Hydro One Inc. February 15, 2006 for PRMIA Toronto Chapter - The Fields Institute Summary 1. Background

More information

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare. Enterprise Risk Management in Healthcare Deloitte & Touche LLP Heather Hagan, Senior Manager Nancy Perilstein, Senior Manager February 29, 2016 Discussion Items Drivers of Enterprise Risk Management (ERM)

More information

Certificate in Enterprise Risk Management

Certificate in Enterprise Risk Management Certificate in Enterprise Risk Management Who should attend? Risk managers Managers and Directors responsible for the risk management function or process Senior Internal Auditors and audit managers Other

More information

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM) 1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management

More information

Enterprise Risk Management. Focus on the Future June 2017

Enterprise Risk Management. Focus on the Future June 2017 Enterprise Risk Management Focus on the Future June 2017 2017 Crowe 2017 Crowe Horwath Horwath LLP LLP Learning Objectives and Agenda Objectives Distinguish Risk Management from ERM Understand the Value

More information

The Future of Internal Auditing:

The Future of Internal Auditing: Internal Audit The Future of Internal Auditing: Changing Internal Audit s Value Proposition October 12, 2010 Istanbul, Turkey Presented by: Naman Parekh Partner, Agenda Background of the 2012 Study Key

More information

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 Page 1 of 16 Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018 The content of BEC Study Unit 2, Subunit 2, has undergone extensive edits due to the 2017

More information

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015 Enterprise Risk Management Program Development Update Finance & Audit Committee Meeting September 25, 2015 Enterprise Risk Management Presentation Topics Enterprise Risk Management ( ERM ) Overview Lead

More information

Enterprise Risk Management

Enterprise Risk Management BUSINESS RISK MANAGEMENT LTD Enterprise Risk Management Who should attend? Risk managers Managers and Directors responsible for the risk management function or process Senior Internal Auditors and audit

More information

Asset Acceptance Capital Corp.

Asset Acceptance Capital Corp. Asset Acceptance Capital Corp. A Practical Approach to Enterprise Risk Management Detroit Chapter IIA September 14, 2010 1 Presenters Jeffrey S. Bankowski, CIA, CPA, CFF Jeff is currently the Vice President

More information

6. IT Governance 2006

6. IT Governance 2006 6. IT Governance 2006 Introduction The Emerging Enterprise Model 3 p IT is an integral part of the business p IT governance is an integral part of corporate governance 4 Challenges for the IT IT gets more

More information

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00 Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved

More information

ISACA. The recognized global leader in IT governance, control, security and assurance

ISACA. The recognized global leader in IT governance, control, security and assurance ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About

More information

Taking ERM to a. 6 GRC Today / October 2015

Taking ERM to a. 6 GRC Today / October 2015 GLOBAL SCALE 6 GRC Today / October 2015 Global Scale lobal events highlighted by G business scandals, failures, information theft, and natural disasters have shone the spotlight yet again on risk management

More information

Introducing ISO 22301

Introducing ISO 22301 Introducing ISO 22301 1 2 Background How was the ISO22301 formed? Contributors 3 Context 4 Source documents included BS25999-2 NFPA 1600 ASIS OR standard Singapore standards ISO 27031 ISO Guide 73 ISOPAS22399

More information

Governance Institute of Australia Ltd

Governance Institute of Australia Ltd Governance Institute of Australia Ltd Management Policy 1. Overview management is a key element of effective corporate governance. In view of this, Governance Institute of Australia Ltd (Governance Institute)

More information

Building an Intelligent Risk Organization Case Studies in Strategic Risk Management

Building an Intelligent Risk Organization Case Studies in Strategic Risk Management Building an Intelligent Risk Organization Case Studies in Strategic Risk Management October 24, 2016 Yannick Kwan & Tom Durkin Aon Global Risk Consulting WWW.CHICAGOLANDRISKFORUM.ORG Global Trends in Risk

More information

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model Institute of Internal Auditors, Detroit Chapter Meeting February 2019 With you today Sarah Ann Moore Director Internal Audit and Enterprise

More information

Enterprise Risk Management Program

Enterprise Risk Management Program Enterprise Management Program APPA Meeting Austin, Texas September 25, 2007 Presented by: L.D. Hollingsworth 1 Agenda Introduction - Why ERM? Governance & Reporting Structure CPS Energy s ERM Approach

More information

Performance Risk Management Jonathan Blackmore, May 2013

Performance Risk Management Jonathan Blackmore, May 2013 Performance Risk Management Jonathan Blackmore, May 2013!@# Topics The world is changing How leading companies turn risk into results Back to basics 2 Company focus Market Risk Management an evolving journey

More information

pwc.co.uk Enterprise Risk Management

pwc.co.uk Enterprise Risk Management pwc.co.uk Enterprise Risk Management Contents What s on your mind? 01 Our point of view 02 What good looks like 04 How we can help 06 What you gain 07 When to act 08 Intelligent Digital 09 What s on your

More information

Active Essex Risk Management Strategy

Active Essex Risk Management Strategy Active Essex Risk Management Strategy 2017-2021 November 2017 Contents 1. Policy Statement 2. Statement of Commitment 3. Risk Management Framework 4. Risk Appetite 5. Risk Maturity 6. Risk Management Levels

More information

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting July 17, 2017 Objectives Provide perspective on the evolution of Enterprise Risk Management (ERM) New 2017

More information

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson COSO ERM: Integrating with Strategy and Performance Michael Parkinson Content The COSO Frameworks Risk (Enterprise) Risk Management The COSO risk management framework A few highlights Questions for management

More information

A Risk Management Framework for the CGIAR System

A Risk Management Framework for the CGIAR System Agenda Item 10 For Decision Issued: 25 October 2017 A Risk Management Framework for the CGIAR System Purpose Building on core principles presented at SC4 for early input, this paper summarizes the main

More information

Enterprise Risk Management Course outline

Enterprise Risk Management Course outline Enterprise Risk Management Course outline Day One: Understanding Enterprise Risk Management (ERM) What is ERM Explanation of ERM and why it is not fully understood The current economic crisis and how ERM

More information

B U S I N E S S R I S K M A N A G E M E N T L T D

B U S I N E S S R I S K M A N A G E M E N T L T D B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop

More information

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational

More information

A Risk Management Framework for the CGIAR System

A Risk Management Framework for the CGIAR System Agenda Item 11 Cover Paper Issued: 29 November 2017 A Risk Management Framework for the CGIAR System Purpose This paper summarizes the main elements of the Risk Management Framework for the CGIAR System.

More information

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards IRM s Professional Standards in Risk PART 1 Consultation: Functional Standards Setting standards Building capability Championing learning and development Raising the risk profession s profile Supporting

More information

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be Enterprise Risk Management The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be 2 Enterprise Risk Management Table of content 1. Introduction...05 2. Takeaways...07 3. Key

More information

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting Presented by Scott Perry - Slalom Consulting Introductions Session Objectives Overview of Enterprise Risk Management The Role Of IT IT Governance Model IT Risk Assessment How IT Auditors Add Value Key

More information

Figure 1: COSO Enterprise Risk Management Cube

Figure 1: COSO Enterprise Risk Management Cube Figure 1: COSO Enterprise Risk Management Cube Source: Committee of Sponsoring Organizations (COSO), "Enterprise Risk Management- Integrated Framework: Executive Summary" 5. As shown in the COSO ERM cube,

More information

Software Project & Risk Management Courses Offered by The Westfall Team

Software Project & Risk Management Courses Offered by The Westfall Team Software Project & Risk Management is a 5-day course designed to provide a knowledge base and practical skills for anyone interested in implementing or improving Software Project and Risk Management techniques

More information

Risk Advisory Services Developing your organisation s governance for competitive advantage

Risk Advisory Services Developing your organisation s governance for competitive advantage Advisory Services Developing your organisation s governance for competitive advantage The Deloitte Advisory Platform of Services can help you to govern your strategic plan to guide your operations measure

More information

Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value

Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value ASSOCIATION OF HEALTHCARE INTERNAL AUDITORS 2009 ANNUAL CONFERENCE Charting a Course for Excellence Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value to Your Organization s ERM Process

More information

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com ICAAP Engaging the business in risk management A presentation to FIDE Forum by Penny Fosker 10 January 2013 1 Agenda What is an ICAAP and what s in it for me? Managing capital and risk or managing my business?

More information

Risk appetite and internal audit

Risk appetite and internal audit 30 April 2018 Risk appetite and internal audit Chartered Institute of Internal Auditors This guidance looks at the nature of risk appetite and how it has come to the fore following the financial crisis

More information

Road map for. March 19, Enterprise Risk Management USI Insurance Services National, Inc. All rights reserved.

Road map for. March 19, Enterprise Risk Management USI Insurance Services National, Inc. All rights reserved. Road map for Enterprise Risk Management March 19, 2018 2018 USI Insurance Services National, Inc. All rights reserved. Enterprise Risk Management (ERM) Roadmap ERM has come full circle in some ways. When

More information

Miles CPA Review: BEC Q Updates for 2017 Edition

Miles CPA Review: BEC Q Updates for 2017 Edition Miles CPA Review Miles CPA Review: BEC Q2 2018 Updates for 2017 Edition Summary of updates: - New version CPA exam structure (w.e.f. April 2017) Time management on the exam - BEC-1.3 Enterprise Risk Management

More information

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks. Enterprise Risk Management Applying enterprise risk management to environmental, social and governance-related Executive Summary PRELIMINARY DRAFT January 2018 This document was developed by the Committee

More information

Strengthening Your Enterprise Risk Management Process

Strengthening Your Enterprise Risk Management Process Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise

More information

APM Risk SiG Conference 26 th October 2006 Reporting risks to the board

APM Risk SiG Conference 26 th October 2006 Reporting risks to the board APM Risk SiG Conference 26 th October 2006 Reporting risks to the board Purpose The purpose of this paper is to summarise the key points from the various presentations and knowledge sharing session held

More information

2012 CliftonLarsonAllen LLP. A Practical & Tactical Approach to. Management (ERM) Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management

2012 CliftonLarsonAllen LLP. A Practical & Tactical Approach to. Management (ERM) Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management A Practical & Tactical Approach to Implementing Enterprise Risk Management (ERM) National Society of Accountants for Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management 1 1 Speaker Bio

More information

Enterprise Risk Management Montana State Fund

Enterprise Risk Management Montana State Fund Enterprise Risk Management Montana State Fund Report to the Board January 28, 2011 Presented by: Mary Peter, Director of Enterprise Risk Management Enterprise Risk Management (ERM) Defined An integrated

More information

Clarifying the Role of. Enterprise Risk Management

Clarifying the Role of. Enterprise Risk Management Clarifying the Role of Enterprise Risk Management Introductions/Opening Remarks Speakers: Doug Webster, Director, Risk Officer, US Agency for International Development Mike Wetklow, Deputy CFO, National

More information

More than 2000 organizations use our ERM solution

More than 2000 organizations use our ERM solution 5 STEPS TOWARDS AN ACTIONABLE RISK APPETITE Contents New Defining Pressures Risk Appetite and Risk Tolerance Benefits The 5 Best of Practices Risk Assessments Benefits of an Actionable Risk Appetite More

More information

Risk Management at Statistics Canada

Risk Management at Statistics Canada Risk Management at Statistics Canada Presentation to Workshop on Risk Management Practices in Statistical Organizations J. Mayda April 25 th, 2016 Introduction Statistics Canada has had a formal Integrated

More information

Strategic Risk Management -The Route to Business success

Strategic Risk Management -The Route to Business success BUSINESS RISK MANAGEMENT LTD Strategic Risk Management -The Route to Business success Attend this brand new seminar led by world renowned expert Phil Griffiths of Business Risk Management Ltd and learn

More information

Session 7: Corporate Governance

Session 7: Corporate Governance Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

More information

Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014

Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014 Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders October 7, 2014 Agenda Background Program Elements What Makes it Enterprise-wide Recommended Strategies

More information

METROPOLITAN TRANSPORTATION AUTHORITY

METROPOLITAN TRANSPORTATION AUTHORITY ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation

More information

Next-generation enterprise risk management

Next-generation enterprise risk management Next-generation enterprise risk management Advancing strategy and performance in light of the COSO 2017 refresh Heading into the beginning of the year, the EY Center for Board Matters published the Top

More information

Risk Alert or Risk Averse for Business Sustainability. G. Simpson, FCII

Risk Alert or Risk Averse for Business Sustainability. G. Simpson, FCII Risk Alert or Risk Averse for Business Sustainability G. Simpson, FCII Agenda Perspectives on Risk Emerging Trends on Risk Management RM and Sustainability Everything Matters Employee Engagement Returns

More information

Introduction to Business

Introduction to Business ANALYSIS DESIGN IMPLEMENTATION Introduction to Business Continuity course This course is an introduction to the world of business continuity (BC). It is designed as a first step for newcomers to the subject

More information

Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director

Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director March, 2010 Today s Agenda In the Spotlight More Than 15 Minutes of Fame Marketplace Perspective Deloitte Global

More information

Certificate in Internal Audit 3

Certificate in Internal Audit 3 Certificate in Internal Audit 3 Risk Based Auditing- the next level Who should attend? Heads of Audit, Audit managers and senior auditors Auditors responsible for developing or implementing a risk based

More information

ICMI PROFESSIONAL CERTIFICATION

ICMI PROFESSIONAL CERTIFICATION ICMI PROFESSIONAL CERTIFICATION Contact Center Management Competencies The ICMI Professional Certification Contact Center Management Competencies specify job role-specific knowledge, skills and abilities

More information

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit. Agenda 1 Agenda Definitions and Processes Risks Audit & ERM Key Strategies Conclusions 2 2017 1 ERM: Definition From Wikipedia, the free encyclopedia ERM in business includes the methods and processes

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework Introductory Note to User: CompanyLongName There is no requirement in Australia for a non-publicly listed entity (other than a company regulated by APRA) to comply

More information

Current State of Enterprise Risk Oversight:

Current State of Enterprise Risk Oversight: Current State of Enterprise Risk Oversight: Progress is Occurring but Opportunities for Improvement Remain July 2012 Mark Beasley Bruce Branson Bonnie Hancock Deloitte Professor of ERM Associate Director,

More information

Advisory Services. Global process ownership: implications for organizations. Global process ownership as a concept. by Lisa Janke and Neel Garg

Advisory Services. Global process ownership: implications for organizations. Global process ownership as a concept. by Lisa Janke and Neel Garg Advisory Services Global process ownership: implications for organizations by Lisa Janke and Neel Garg Global process ownership as a concept Developing a governance model that seeks to assign process ownership

More information

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali MANAGING OPERATIONAL RISK IN THE 21 ST CENTURY White Paper Series Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali 2 In today s competitive and

More information

It s All About Strategy!

It s All About Strategy! Enterprise Management: What s the Role of the? Mark Beasley Deloitte Professor of Enterprise Management NC State University 1 It s All About Strategy! 2 1 Strategic View of Management What is management

More information

ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA

ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA Chapter 1 Fundamentals of Enterprise Risk Management Risk management has become a vital ingredient in the entrepreneurial culture

More information

IT Governance and the Audit Committee Recognizing the Importance of Reliable and Timely Information

IT Governance and the Audit Committee Recognizing the Importance of Reliable and Timely Information IT ADVISORY IT Governance and the Audit Committee Recognizing the Importance of Reliable and Timely Information KPMG INTERNATIONAL IT Governance and the Audit Committee: Recognizing the Importance of

More information

Strategic Asset Management Plan

Strategic Asset Management Plan Strategic Asset Management Plan Prepared for Town of Oakville December 2017 CH2M HILL Canada Limited 245 Consumers Road Suite 400 Toronto, ON M2J 1R3 CA Contents Section Page Acronyms and Abbreviations...

More information

Risk Appetite Statement

Risk Appetite Statement Risk Appetite Statement May 2018 Risk Appetite Statement Contents 1. Mission, Vision, Values and Beliefs... 3 2. Introduction... 3 3. Overall Risk Appetite... 4 4. Risk Framework... 4 5. Key Risk Appetite

More information

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework CAGFO 2018 Conference Winnipeg, MB September 13, 2018; 10:30am Agenda 01 What is being said of ERM today? 02 What

More information

Sub-section Content. 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx

Sub-section Content. 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx Sub-section Content 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx 2 Job Purpose - To assist in the maintenance and development of

More information

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009 2009 Compliance and Ethics Institute Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009 Table of contents Section 1 2 3 4 5 6 Learning objectives Why measure risk

More information

Business Plan

Business Plan Business Plan 2017-2018 rev. May 2017 MESSAGE FROM THE CEO As the Chief Executive Officer of PEC, I am pleased to present the 2017 2018 Business Plan, a tool that will enable the Cooperative to make informed

More information

Texas Tech University System

Texas Tech University System Texas Tech University System October 31, 2017 ERM Overview Evolution of Risk Management Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster Minimizing

More information

A Risk Practitioners Guide to ISO 31000: 2018

A Risk Practitioners Guide to ISO 31000: 2018 A Risk Practitioners Guide to ISO 31000: 2018 Review of the 2018 version of the ISO 31000 risk management guidelines and commentary on the use of this standard by risk professionals 1 A Risk Practitioners

More information

L44: Taking BCP to BCM. Victoria D. Leighton Avanade, Inc.

L44: Taking BCP to BCM. Victoria D. Leighton Avanade, Inc. L44: Taking BCP to BCM Victoria D. Leighton Avanade, Inc. AGENDA Part I: Critical steps from BCP to BCM Part II: Gaining buy-in from Executive Management Part III: Rolling out the process Enterprise wide

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management A Roadmap For Implementation June 12, 2018 Presented by: Speaker Name Marianne Turnbull CohnReznick LLP 4 Becker Farm Road Roseland, NJ 07068 P: 973-228-3500 E:marianne.turnbull@cohnreznick.com

More information

CGEIT Certification Job Practice

CGEIT Certification Job Practice CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge

More information

Embedding Operational Risk

Embedding Operational Risk Embedding Operational Risk Banking & Payments Federation Ireland Angela Calapa, Risk & Regulatory Director Areas of Challenge for Embedding Operational Risk Most banks face a significant number of challenges

More information

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance Risk Advisory SERVICES A holistic approach to implementing effective governance, managing risk and maintaining compliance Contents Weaver's Risk Advisory Services 1 Enterprise Risk Management 4 Assessing

More information

Enterprise Risk Management Demystified

Enterprise Risk Management Demystified Enterprise Risk Management Demystified Charles W. Soucy, CPCU, CLU, ARM Joe C. Underwood, CPCU, ARM, AIC October 27, 2010 Agenda 1. What is it? A formal definition of ERM How it s different 2. Why do it?

More information

UNF Finance and Audit Committee January 15, 2013

UNF Finance and Audit Committee January 15, 2013 Item 7 UNF Finance and Audit Committee January 15, 2013 Issue Office of Internal Auditing Audit Planning Methodology Proposed Action Report Background Information The purpose of this item is to present

More information

IT Strategic Alignment Benchmark

IT Strategic Alignment Benchmark IT Institute IT Strategic Alignment Benchmark This report was prepared for: Joann Chizlett Director of Information Technology Orlando-Orange County Expressway Authority The IT Institute (ITPI) is an independent

More information

PRACTICE. Reframing risk BY MARK BUTTERWORTH

PRACTICE. Reframing risk BY MARK BUTTERWORTH Feature PRACTICE Reframing risk As the major revision of one of the world s most influential pieces of guidance on risk turns one year old, what does COSO ERM mean to the profession? BY MARK BUTTERWORTH

More information

CARNEGIE MELLON UNIVERSITY

CARNEGIE MELLON UNIVERSITY CARNEGIE MELLON UNIVERSITY 1 Integrated Risk Management for the Enterprise Brett Tucker December 2018 Carnegie Mellon University Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

More information

A Guide to Business Continuity

A Guide to Business Continuity A Guide to Business Continuity Getting Started Business Continuity Management is a process driven from the top of the organisation. The first stage has to be an acceptance by the Board or the Executive

More information

Risk management is changing. Act now.

Risk management is changing. Act now. Global Regulatory Reform Risk management is changing. Act now. Risk Transformation 01 The call to action 01 02 New world. New CRO. 02 03 The risk function must operate differently 04 04 The ART of risk

More information

So You Have Your Baseline Risk Assessment For ERM, What Next? San Antonio IIA I Heart Audit Conference February 2018

So You Have Your Baseline Risk Assessment For ERM, What Next? San Antonio IIA I Heart Audit Conference February 2018 So You Have Your Baseline Risk Assessment For ERM, What Next? San Antonio IIA I Heart Audit Conference February 2018 Speaker Profiles Jody Allred, CPA, CITP, CISA, CGMA Partner, Risk Advisory Services

More information

ERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance Wipfli LLP

ERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance Wipfli LLP ERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance 2018 Wipfli LLP In September 2017, the Committee of Sponsoring Organizations (COSO) a committee that provides guidance

More information