Enterprise Risk Management Implementation Foundations and Reflections of a University Chief Risk Officer at the Five Year Milestone

Similar documents
Executive Teams and the Use of ISO in Decision Making. Scott Wightman, ARM-E National Director Gallagher ERM Practice

Texas Tech University System

Enterprise Risk Management Plan FY Submitted: April 3, 2017

Risk Management at Statistics Canada

Durham College Policy and Procedure

Enterprise Risk Management

Charter for Enterprise Risk Management

Enterprise Risk Management Assessment Results

A New Framework for Risk Management

Your Path to Success TEN BASIC RESPONSIBILITIES OF NONPROFIT BOARDS. Presented by. Visit Us

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

The Portfolio Management Office Project Management Process Overview

ISACA. The recognized global leader in IT governance, control, security and assurance

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Enterprise Risk Management Montana State Fund

Establishing Enterprise Risk Management in

ACADEMIC DIVISION ENTERPRISE RISK MANAGEMENT (ERM) GARY NIMAX ASSISTANT VICE PRESIDENT FOR COMPLIANCE AND ENTERPRISE RISK MANAGEMENT

Making it Happen: How Project Managers Drive Strategic Alignment and Strategy Execution. Jacob Parrish, MPH, PMP Vice President, Systems & Procedures

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Enterprise Risk Management (ERM) Program Primer

BACKGROUND KEY FINDINGS

PMI Southern Ontario Chapter PDD Ralph Dunham May 26, 2012

Enterprise Risk Management Handbook. June, 2010

Strengthening Your Enterprise Risk Management Process

Enterprise Risk Management

Critical Success Factor in ERM Implementation

U.S. Census Bureau Enterprise Risk Management Program Operationalizing ERM A Top-down, Bottom-Up Approach

Enhanced Risk Management Policy

CREATING, REDESIGNING, & SUSTAINING GOVERNANCE STRUCTURES TO DRIVE STRATEGY

Fraud Risk Management

According to Paul Thomlingson, in his book Effectiveness Maintenance, the objectives of a good maintenance function are to:

Integrating Corporate Compliance Programs into Enterprise Risk Management Programs

CORROSION MANAGEMENT MATURITY MODEL

To provide an update on the progress of the HR/Payroll Modernization program since the May 2016 Board of Regents meeting.

Internal Audit Division FY 17 - Audit Plan Overview

The Power of People. Our University Our Future Our People

Finance Division Strategic Plan

ADMINISTRATION OF QUALITY ASSURANCE PROCESSES

Audit and Compliance Committee Enterprise Risk Management

Equipping You For Success

ADVISORY. LEADERSHIP TRANSITION ACTION PLAN by Christina Drouin. Sample Transition Action Item Checklist

Fear, Uncertainty, Doubt

Institutional Data Improvement and Utilization Allen County Community College. Process: Open Pathway Quality Initiative Proposal

INTERNAL CONTROLS ON OUR CAMPUS. Kara Kearney-Saylor Director of Internal Audit, UB

Practices for Effective Local Government Leadership

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

Conceptual Framework and Process for Strategic Planning

A Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.

29/11/2017. Risk Management Policy

Richland Community College May 2009

TEMPLATE. Asset Management. Assetivity

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

Risk Management in Nonprofits Monday, February 8, 2010 Midland, Texas 11:45am 1:00pm

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

ERO Enterprise Three-Year Strategic Plan and 2014 Performance Metrics

A Roadmap for Developing Effective Collaborations & Partnerships to Advance the Employment of Individuals with Disabilities in the Federal Sector

National Defense University. Strategic Plan 2012/2013 to 2017/18 One University Evolution

Annual Statewide Trustees Conference MANAGING RISK. Staying Focused on the Mission. November 4, 2015

Session 7: Corporate Governance

Report on the Current State of Enterprise Risk Oversight

Technical Director International Auditing and Assurance Standards Board 545 Fifth Avenue, 14 th Floor New York, New York USA

ISO Risk Management Principles and Guidance

Planning and Evaluation Office of the Senior Vice President for Development and Public Affairs

Enterprise Risk Management (ERM) How Internal Audit Can Add Great Value

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

M E M O R A N D U M. The proposed resolution approves the adoption of a compliance program for the State University of New York.

Risk Management Strategy

New Central Library Readiness Audit

Community Foundation for Greater Atlanta and BoardSource. Executive Succession Planning: A Leadership Priority June 14, 2016

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management

Risk Management Update ISO Overview and Implications for Managers

Sample Corporate Risk Management Policy

STRATEGIC PLAN

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

BOND UNIVERSITY RESEARCH STRATEGIC PLAN

AGENDA ECU Board of Trustees Audit Committee Meeting November 29, I. Approval of September 20, 2012 Minutes Action

Information and Communication Technologies Strategic Plan 2016/ /20

EY Center for Board Matters. Leading practices for audit committees

Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

ICMA PRACTICES FOR EFFECTIVE LOCAL GOVERNMENT LEADERSHIP Approved by the ICMA Executive Board June 2017; effective November 2017

Organizational Sustainability, Succession Planning, and Leader Development. Former President of TransitionGuides

Introducing ISO 22301

Management Excluded Job Description

International Organisation for Standards: ISO 14001:2015 Review

Solvency II and Risk Management: Generali Group approach. Stefano Ferri Group Chief Risk Officer Generali Group

Benchmarking Compliance Effectiveness:

CHIEF TRANSFORMATION OFFICER

Security s Role in Corporate Social Responsibility

ERP Systems for Higher Education: Evaluating and Selecting The Best Fit For the Institution

ISO 9001:2015 and Risk Based Thinking

USAC Special Report Diversity & Inclusion Task Force

Case Study. Technical Talent Management

University of North Carolina School of the Arts UNC Tomorrow Phase II Response Section D

Resource Management?

7P2. How do you select, manage, and distribute data and performance information to support your planning and improvement efforts?

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Taming the Tiger Risk Management in a Non profit Organisation

Becky Bowen Jessica Katz Jameson Susan Scherffius Jakes Mary Tschirhart

Transcription:

Enterprise Risk Management Implementation Foundations and Reflections of a University Chief Risk Officer at the Five Year Milestone Tim Wiseman Assistant Vice Chancellor for Enterprise Risk Management East Carolina University

ECU Location Home of the Pirates 2

ECU s ERM Environment Public versus private institution Heritage and traditions Demographics and location/proximity Independent or part of a system Research, medical campus, vision/objectives, interface with society & community Main University Risk Categories: Size and scale Strategic Budget and capital projects financial Nonprofit Operational Shared governance Compliance Academic core Reputational -> Overarching Increased regulation and federal/state oversight 3

Enterprise Risk Management at ECU Our Mission: Provide leadership and management experience to better identify and manage the university s strategic, financial, operational, regulatory compliance, and reputational risks holistically as an enterprise. ECU s ERM Approach: Work through the Enterprise Risk Management Committee in a decentralized fashion to accomplish ERM goals Improve risk measurement to support strategic decision making, risk mitigation efforts, and resource allocation Use pre-existing risk identification and internal control processes to the greatest extent possible Raise institutional awareness of existing and emerging risks and their relative potential effects on the institution as a whole Provide training and relevant information on ERM to enhance the internal controls and risk management mindset of ECU employees, students, and other stakeholders

ERM Road Map GREEN: Completed ORANGE: In-Progress/Partially Completed BLACK: Future Action Phase 1: Building the Case for ERM 1. Understand the institution s plans, environment, and culture 2. Determine the status of your existing risk management processes 3. State your goals and objectives 4. Present the case 5. Obtain top-level commitment, support, and participation Phase 2: Building an ERM Foundation 6. Name a project leader 7. Plan your project and incorporate a timeline 8. Select or design an ERM Framework that best fits the institution s goals and campus culture 9. Create a cross-functional Risk Council 10. Create a mission and goals statement for the Risk Council 11. Develop a risk vocabulary and definitions Phase 3: Implementation 12. Develop a risk portfolio 13. Assess your risks: validate and prioritize 14. Assign ownership and take action Phase 4: Sustaining Your ERM Program 15. Assess results 16. Review and realign risk treatments with available resources 17. Meet and Report 18. Do not neglect traditional risk management functions 19. Review any ERM framework you have followed 20. Develop institution-wide systems for communicating (ongoing) Estimated progress point to date 56 months (2013) Road to Implementation, Enterprise Risk Management for Colleges and Universities, Gallagher Higher Education Practice, 2009 5

ERM Milestones 2009 2010 2011 2012 2013 2014 CRO Hired Risk Committee Established Senior Leader Expectations Published ERM Training (TXAMU Visit) 1 st ERM Survey Board Audit Committee Inclusion Implementation Road Map and Strategy Introduced SharePoint Site Established Hosted NC ERM in Higher Ed Symposium Standardized ERM Briefing Formats Risk Identification Workshop for Academic Deans and Directors ERM Involvement on Crisis Policy Team Migrated ERM Survey to Qualtrics ERM Workshop on Health Sciences Campus Office Calls with Executive Council Members Introduced Risk Reviews Format Risk Survey Results Briefed to Leadership Formal ERMC Appointments ERM on Key Committees Risk Working Groups Risk Mgmt Process Owners ERM Training Sessions Webinar Series Robust Risk Presentation to Executive Council and Board Audit Committee CRO Professional Development ERM in Chancellor Goals/ Assessment Risk Assessment Tool Development 2-Year ERM Cycle Model Adopted Enhanced ERM Materials Push to Full Board ERM Form Development Connection with College of Business Risk Management Faculty/ Program

The purpose of managing risk is to increase the likelihood of an organization achieving its objectives by being in a position to manage threats and adverse situations and being ready to take advantage of opportunities that may arise. National Guidance on Implementing ISO 31000:2009 From NSAI in Ireland

What s Your Risk Management Value? Preserve Value Create Value

What s Your Risk Management Value? Preserve Value Create Value Finance, transfer or avoid threats Minimize damage Protect assets Manage risk to strategy Support for risk taking Risk-based decision making

The Benefits of Risk Management Increase likelihood of achieving objectives Encourage proactive management Be aware of the need to identify and treat risk throughout the organization Improve the identification of opportunities & threats Effectively allocate and use resources ISO/ANSI/ASSE 31000:2009 Risk management Principles and Guidelines Comply with relevant legal and regulatory requirements and international norms Improve mandatory and voluntary reporting Improve operational effectiveness & efficiency Improve stakeholder confidence and trust Establish a reliable basis for decision making & planning Improve controls Improve governance

Sample Elevator Speech on ERM Risk Management is about supporting opportunities as well as preventing problems It is tied to business objectives & strategies and supports them It works within the entity s culture and will become integral to decision making It will ensure that Risk Management applies to all levels of the organization and to all activities

ERM and the Audit Planning Process 12

Case Study: The Fiery Fish Situation: You are a university risk manager. One day, as you are scrolling through your email inbox, you come across the following email. Needless to say, there are a few things in the content that catch your eye. Just from the text of the message and picture, how many potential risks come to mind?

To: Announce List Subject: Need a generator for a flaming fish... Two professors and seven graduate/undergraduate ceramics students will create a lovely seven foot-tall ceramic fish, swath it in portable kiln fabric, bake it until it's crispy, then unwrap the monster in a fiery nighttime reveal (Friday, June 26, approximately 9:00 p.m., south of Joyner Library near Tenth Street where the Baptist Student Union stood [or stands for a little while longer]). Please come witness the splendor. If your department owns a portable generator, the School of Art and Design would like to borrow it from June 22 through June 26. After the artists construct the FireFish, they need to run a fan for several days to dry the clay in advance of firing. The staff of the generator-lending department will retain the right to make unlimited marshmallow jokes during the firing process. UYPTF 14

Case Study: The Fiery Fish What about opportunities? http://www.ecu.edu/cs-admin/news/firefish.cfm When nothing bad happens, it can also be a big success story in academia. The other side of the risk coin.

ERM Protecting the Blind Side 16

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback