Enterprise Risk Management

Similar documents
Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

ERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance Wipfli LLP

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

Enterprise Risk Management Montana State Fund

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Strengthening Your Enterprise Risk Management Process

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

PMO In A Box. Prepared for UBS

Next-generation enterprise risk management

Risk Management in the 21 st Century Ameren Business Risk Management

The COSO Approach to Enterprise Risk Management

Who Should be on Your Project Team: The Importance of Project Roles and Responsibilities

Charter for Enterprise Risk Management

Implementing Authentic Enterprise Risk Management

Enterprise Risk Management. Focus on the Future June 2017

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Project Governance. Melissa McCall PMO Director

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Asset Acceptance Capital Corp.

Information Management Strategy

Performance Risk Management Jonathan Blackmore, May 2013

Fraud Risk Management

10/29/2018. THOUGHTWARE Energy. Enterprise Risk Management for Energy Companies. Brian Matlock, CPA Ken Hirsch Charlie Wright, CPA, CIA, CISA

Enterprise Risk Management Integrated with Strategy & Performance

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

Practices in Enterprise Risk Management

REPORT 2015/077 INTERNAL AUDIT DIVISION

Fear, Uncertainty, Doubt

Taking ERM to a. 6 GRC Today / October 2015

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Risk Management Developing an Effective Audit Plan

Texas Tech University System

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

Enterprise Risk Management Handbook. June, 2010

Risk Management 23RD SESSION OF THE STANDING COMMITTEE ON PROGRAMMES AND FINANCE AGENDA ITEM 7

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

Enhanced Risk Management Policy

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

COSO ERM: Integrating with Strategy and Performance. Paul J. Sobel, CIA, QIAL, CRMA COSO Chairman

Enterprise Risk Management A strategic tool for the middle market

Financial and Cash Management Task Force

Building Sustainable Organizations: Early Warning Systems. May 9, 2012

Enterprise Risk Management

Maximizing value from your lines of defense

Establishing Enterprise Risk Management in

ISACA Systems Implementation Assurance February 2009

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

Enterprise Risk Management And Beyond. Copyright WHA Insurance

Portfolio Management Professional (PfMP ) Certification preparatory workshop Course Outline

Enterprise Risk Management Assessment Results

COSO ERM: Integrating with Strategy and Performance. Paul J. Sobel COSO Chairman Chief Risk Officer Georgia-Pacific

ERM for Small to Mid-sized Companies

Risk Advisory Services Developing your organisation s governance for competitive advantage

U.S. Census Bureau Enterprise Risk Management Program Operationalizing ERM A Top-down, Bottom-Up Approach

Risk Management With an Enterprise (Wide) Focus

Statement of Work. Human Resources (HR) Health Check Engagement HR Function Process Assessment & Talent Management Process Assessment

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

Financial Management in the Federal Government:

Tactical Implementation of Enterprise Risk Management

5 DAY MBA. Certified Enterprise Risk Management

Embedding Operational Risk

New Central Library Readiness Audit

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018

4/26. Analytics Strategy

It s All About Strategy!

Internal Oversight Division. Audit Report. Audit of Enterprise Risk Management

2012 CliftonLarsonAllen LLP. A Practical & Tactical Approach to. Management (ERM) Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management

Executive Summary. Exhibit 1- Streamlined communication to the Board of Directors

Does your organization Establish Career Path for all Organizational Project Management Roles"?

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

What Makes a Successful Integration

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Preparing your organization for a Human Resource Outsourcing implementation

So You Have Your Baseline Risk Assessment For ERM, What Next? San Antonio IIA I Heart Audit Conference February 2018

ENTERPRISE RISK MANAGEMENT

Road to Self Governance

Cloudy skies. How to bring clarity to your cloud platform in order to optimize your investment. September 2016

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Services Description. Transformation and Plan Services. Business Transformation and Plan Services

From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks

Empower loss prevention with strategic data analytics

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

ENTERPRISE RISK MANAGEMENT ALIGNING RISK WITH STRATEGY AND PERFORMANCE

Enterprise Risk Management: Materials [date]

CGEIT QAE ITEM DEVELOPMENT GUIDE

Transformation Services. Maximize the value of your investments

CHANGE MANAGEMENT IN PROCUREMENT TRANSFORMATION. Bloomberg. Page 1

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Deloitte Governance Framework and Maturity Model

Arizona Strategic Enterprise Technology Arizona

Transcription:

Enterprise Risk Management A Roadmap For Implementation June 12, 2018 Presented by: Speaker Name Marianne Turnbull CohnReznick LLP 4 Becker Farm Road Roseland, NJ 07068 P: 973-228-3500 E:marianne.turnbull@cohnreznick.com

Discussion Topics COSO ERM: Enhanced Focus on Strategy Sample of Risks managed by Banks, Thrifts and Credit Unions ERM Methodology Keys to Successful ERM

COSO ERM: Enhanced Focus on Strategy

COSO ERM Framework Linked to Strategy DEFINITION: COSO Enterprise Risk Management The culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value. Source: Enterprise Risk Management - Integrating with Strategy and Performance, Committee of Sponsoring Organizations of the Treadway Commission, Volume 1, June 2017 Possibility of Strategy Not Aligning Lack of organizational understanding of mission and vision can result in lack of focus on strategic decision-making Poor communication Siloed decision-making Lack of understanding of roles Inadequate support from key stakeholders Implications from the Strategy Chosen Organizations may not properly evaluate alternative strategies and the key assumptions made Changes to assumptions may not be evaluated as to how they affect the achievement of strategies Organizations may not revisit strategies and risks when change occurs Risk to Strategy and Performance Organizations may not consider the relationship between risk, strategy and performance Organization may not understand the correlation between increased performance goals and risk

COSO ERM FRAMEWORK Components and Principles Source: Enterprise Risk Management - Integrating with Strategy and Performance, Committee of Sponsoring Organizations of the Treadway Commission, Volume 1, June 2017

Changes in the New COSO ERM Address Ever-Changing Risk Landscape Develop and Refine Strategy and Integrate Performance Adopts a components and principles structure Simplifies the definition of enterprise risk management Emphasizes the relationship between risk and value Renews the focus on the integration of enterprise risk management Examines the role of culture Elevates discussion of strategy Key Points Enhances the alignment between performance and enterprise risk management Links enterprise risk management into decisionmaking more explicitly Delineates between enterprise risk management and internal controls Refines risk appetite and acceptable variation in performance (risk tolerance) Addresses the evolution of ERM and need for organizations to improve their approach

Benefits of ERM Insight Performance Culture Strategy Reduces unexpected outcomes Allows a structure to anticipate risks, opportunities, and changes in business environment Enables early detection of disruptions to the markets that require modifications to strategy Provides deeper analysis of alternative strategies Identifies opportunities for integration and efficiencies Facilitates the acceleration of growth and performance Reduces the variability of performance Facilitates more effective use of resources Brings risk awareness to all employees Emphasizes ownership and responsibility for risk management throughout the entity Establishes top-level buy-in and Tone at the Top Empowers employees responsible for the execution of strategy to be involved in the development of strategy Provides output/results for use in strategic planning and decision making Provides comfort to stakeholders and investors with respect to the organization s risk management infrastructure Provides a platform for identifying and pursuing existing and new opportunities Proactive approach to setting, redefining and monitoring strategic objectives Incorporates entity s risk appetite into strategic decision-making

Sample of risks managed by Banks, Thrifts and Credit Unions

Risk & Strategy Considerations Statutory limitations Changes in regulations Unable to meet regulatory requirements Inability to keep up with changing technologies or customer needs Out-of-date and unfocused organizational strategies Lack of effective information technology infrastructure Banks, Thrifts and Credit Unions Changes in IRS tax code Lack of integrity and availability of data Cybersecurity Compliance Strategic IT Operational Risks & Opportunities Poor process or inadequate infrastructure Liquidity Loan delinquencies Credit risk Quality of underwriting and asset management practices Market Defaults Defaults Counterparty risk Changes in long-term interest rates Falling interest rates Margin calls Valuation Unable to meet funding requirements Unable to convert an asset into liquid funds Mismatched assets & liabilities

ERM Methodology

G O A L S ERM Approach Risk Management Integrated with Strategy and Performance A C T I O N P L A N Assess the As Is Risk Management Structure Identify Risks and Measure Appetite Improved Risk Management Capabilities Identify Risk Mitigation Activities Create ERM Rollout Plan Assist with Implementation Business Objectives / Strategy Governance / Oversight Legal / Compliance Policies, Procedures, Authorities, Roles and Responsibilities Technology / Risk Reporting Culture / Resources Key Stakeholder Interviews / Facilitated Discussions Emerging Risks Benchmarking / Key Risk Indicators (KRIs) Risk Appetite and Tolerance Inherent Risk Ratings Based on Impact / Likelihood Prioritized Risks Based on Management Input Mitigating Processes and Controls Residual Risk Ratings Gap Analysis Recommendations to Improve Risk Mitigation Activities Management Agreement on Risks / Recommendations Accountability for Remediation Activities Agree upon ERM Action Items related to: Oversight Roles, Responsibilities & Accountability KRIs and Monitoring Mechanisms Communication and Reporting Protocols Training Tools and Technologies Timeline, Milestones and Defined Deliverables Project Plan (PMO) Remediation Assistance Risk Management Policy Governance Model Industry Specific KRIs Customized Management Reporting Tools, Techniques, and Methodologies Best Practices

Step 1: Assess the As Is Risk Management Structure Action Understand existing business objectives and strategy as well as process for developing and refining strategic objectives Assess governance and oversight framework, including functions such as Legal and Compliance Assess adequacy of risk-related policies and procedures Assess use of technology and adequacy of management risk reporting including KRIs Assess adequacy of resources and skillsets available to support the identification of gaps and the ERM implementation Assess culture and maturity level of organization and knowledge of employees regarding risk concepts Output Gap List and recommendations related to adequacy of: Governance structure, including executive sponsorship and Steering Committee Defined policies, procedures, authorities, roles, and responsibilities Management reporting, benchmarking, and other mechanisms for knowledge sharing Skill sets, resource levels, project support, and technology required for implementation Potential challenges and opportunities for successful implementation

Step 2: Identify Risks and Measure Appetite Action Interview and survey key stakeholders to identify key risks Facilitate collaborative sessions to align on key risks and opportunities Identify emerging risks Define the organization s risk appetite/ tolerance Develop ratings of inherent risks based on impact and likelihood Identify key risk Indicators (KRIs) and perform benchmarking against similar organizations Output Identification of risks that can prevent achievement of key financial, strategic, operational, and compliance objectives Prioritized rankings of key and emerging inherent risks Improved insight and better understanding of end-to-end business processes, cross-functional issues, bottlenecks, and other impediments to success List of KRIs to assess and monitor key risks

Step 3: Identify Risk Mitigation Strategies Action Output Identify controls related to key risks and determine residual risk ratings Perform gap analysis between current and desired state Identify gaps requiring immediate management attention and remediation Develop heat maps to align and prioritize organizational effort Obtain management buy-in on recommendations and strategies Assign accountability for remediation activities Alignment on key risks and strategies Defined actions and accountabilities to address risk gaps Opportunities to close the gaps between current and desired states Improved oversight, monitoring, compliance and reporting of risks

Step 4: Create ERM Rollout Plan Action Establish accountability for risk oversight Agree upon ERM action items Recommend risk management strategies related to key gaps in existing risk management structure Identify responsible party(ies) for ERM implementation activities Establish timeline Establish project milestones Output Detailed ERM rollout plan including items such as: Oversight (board / committees) Roles, responsibilities, and accountability (management) KRIs and monitoring mechanisms Communication and reporting Protocols Training Tools and technologies Agreed upon implementation dates Key project milestones Definition of deliverables

Step 5: Assist With Implementation Action Provide project management assistance Assist with implementing remediation recommendations Provide templates to assist in establishing risk management policy, job descriptions, etc. Design risk management reporting, custom dashboards, KRIs, early warning indicators, etc. Provide tools, techniques, methodologies, and best practices Output Detailed project plan and project management expertise (PMO) Focused remediation plans Established robust governance model Customized management reporting system with industry-specific KPIs Best-in-class tools, techniques, and methodologies

Keys to Successful ERM

Keys to Successful ERM Implementation Top-down approach Board and executive management buy-in ERM governance established at the board and executive level Expertise to implement a successful ERM program ERM champion(s) with expertise and well-defined responsibilities Access to and input from senior leadership Understanding of a framework and focus on the strategy and purpose of ERM Proper application of ERM in a given situation not always the same Realistic expectations of mature ERM and time needed to develop processes Definition of risk language risk appetite, risk tolerance, etc. Needs to be an integrated ongoing process, part of the way work is performed throughout the organization

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback