Extended Enterprise Risk Management

Similar documents
Extended Enterprise Risk Management

Data Standards in Oil & Gas

Solve for now. Build for next. The Deloitte Audit

Modernizing compliance: Moving from value protection to value creation

FINRA 2090/2111 Solutions & Expertise

Implementing a corporate legal process outsourcing solution. Key considerations before embarking on the legal service delivery transformation journey

Deloitte Accelerated Value: SaaS innovation for the digital core. Extending the potential of core systems, addressing tomorrow s needs

Upstream Tax Analyzer Moving forward with innovative technology Oil & gas tax

Take 3 Making smarter, faster resource decisions

HR Metrics and Model for Modern Times

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Deciphering third-party business risk in a period of weak commodity prices

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise

Outsourcing transparency evolution

Four faces of the CFO

Software asset management: Where is the market headed?

Outsourcing fails when no one connects the pieces

Creating a Risk Intelligent Enterprise: Scenario planning and war-gaming

Creating a Risk Intelligent Enterprise: Risk sensing

EY Forensic & Integrity Services

CFOs and CIOs: How do you know when to reach for the clouds?

Extended enterprise risk management: New perspectives on a growing imperative The Dbriefs Governance, Risk, & Compliance series

Adding insight to audit Transforming Internal Audit through data analytics

MDM offers healthcare organizations an agile, affordable solution To deliver high quality patient care and better outcomes

Enterprise Risk Management in Health Care

Adopting automation in internal audit Using robotic process automation and cognitive intelligence to fortify the third line of defense

Managing FTI Data Compliance. Addressing Publication 1075

Deloitte Leading Practices Solution for Utilities (DLeaPS-U) Empowering innovation at the core

Value-added governance and controls: The need and application of strategic risk Paul Campbell, Katie Pavlovsky and Jeff Suchadoll

Beyond EDI Unlocking new value with transactions enabled by SAP Ariba and the Ariba Network

Federal CFO Insights Real solutions to win the fight against improper payments and fraud, waste and abuse

Mitigating compliance risk Implications for global supply chains

WARRANTY WASTE ANALYTICS

HR Benchmarks for Modern Times

DevSecOps Embedded Security Within the Hyper Agile Speed of DevOps

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Supplier Management. Global control of your learning supplier lifecycle and a streamlined procurement process

Enterprise compliance Acting on today s risks to avoid tomorrow s crises

Making winning workforce decisions

Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises

Creating a Risk Intelligent Enterprise: Risk governance

The Future of Regulatory Productivity, powered by RegTech. Banking and Securities

Standardize, streamline, simplify: Applications rationalization during M&A Part of the Wired for Winning series on M&A technology topics

Aligning Resources to Performance and Strategy: The Imperative for the "New Normal"

An intelligent approach to unlocking value in service delivery transformation Focus on risk from the start

Modernizing Compliance: Evolving From a Foundational Program to a Value-Creating Strategic Partner

Delivering smarter audits Insights through innovation

2 TRACE Inc. RISK-BASED DUE DILIGENCE

IIB - INTERNATIONAL BANKING ANTI-MONEY LAUNDERING SEMINAR

CFO meets M&A: Value creation in the digital age The Dbriefs Driving Enterprise Value series

ONGOING MONITORING OF THIRD PARTY RELATIONSHIPS

Shine a light on media accountability

Five Steps to Predictive Analytics

Conflict minerals The retail perspective. September 2014

Building a gross-to-net strategy in a fast changing market How evolved is your approach?

Third Party Governance and Risk Management

Corporate Tax Spring Training Trends in Tax Technology

Corporate Brochure. Elevate Your Flexible Workforce Management and Services Procurement

Optiv's Third- Party Risk Management Solution

Conflict minerals The automotive perspective. November 2014

ISACA San Francisco Chapter

Deloitte s Third Party Monitor

Best Practices for Vendor Risk Profiling

Data analytics and workforce strategies New insights for performance improvement and tax efficiency

Digital Testing and Controls Automation A transformative approach to automating your control environment

Financial Services Compliance

Rich Mobile Content. by DigitalMIX. Dynamically publish content without changing a single line of code

Oracle Cloud ERP - Oil and Gas Industry Enabler for Digital Finance Transformation

IBM Service Management Buyer s guide: purchasing criteria. Choose a service management solution that integrates business and IT innovation.

Deloitte. M&A Institute

Operational Risk Management (#DOpsRisk) Solutions suite

Appointing, Assessing, and Compensating the Independent Auditor The Role of the Audit Committee

Financial Advisory. Valuation Services. Life Science Industry

2017 NASC Annual Conference SESSION G: Postmodern ERP: Back to The Future

Transformation in the Internal Audit Function Neil White October 5, 2017

Source-to-pay: Delivering value beyond savings

Effective Risk Management With AML Risk Assessment. January 25, 2017

Operational Considerations for Transparency. September 2011

Astrus Third Party Intelligence

Revenew s Cost Recovery and Cost Containment services return dollars to your budgets. We recover over $100 million for our clients annually.

Featuring as an example: NexJ Systems

Understanding employee engagement after a corporate acquisition A global communications company. EngagePath client spotlight

Continuous Auditing/Monitoring Using Data Analytics Institute Of Internal Auditors/ISACA Conference, 27/28 August 2015 Presented by: Tricha Simon

CFO Perspectives CFO Speaks

Capability-led Transformation in Banking. A robust approach for today s banking challenges

Detecting and responding to fraud: making the intelligent connection Fraud Investigation & Dispute Services

Supplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance

The importance of a solid data foundation

How and Where Organizations are Investing to Help Close Employee Skills Gaps. Corporate Learning Benchmarks & Trends

Consumer engagement Guiding your customers down the yellow brick road. Strengthening the health care customer journey

Streamline and integrate your claims processing

Deloitte Forensic Predict. Detect. Respond.

Gross-to-Net Estimates and Accruals - Master Class

SAP S/4HANA Finance The Finance Labs The Art of the Possible

The Role of the Board in Strategy & Risk. NACD National Conference Power Breakfast October 15, 2012

The Envestnet Platform

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

INDUSTRY STUDY. The Definitive Buyer's Guide to the Global Market for Learning Management Solutions 2013

Transcription:

Extended Enterprise Risk Management Overview of Risks and Methodologies/Tools to Address FEI Presentation June 7, 2016

Our POV on Extended Enterprise Risk Management

Operational Risk Framework Organizations are continuously exposed to a multitude of risks, emerging from within and outside of their value chains Macro environment risks Impact the breadth of the entire supply chain Extended value chain risks Originate in upstream and downstream supply chain partners Operational risks Relate to internal process risks Develop Plan Source Make Deliver/Return Supply Demand Tier N Tier 1 3 rd Party Services Distributors End Users Economic Environmental/Social Responsibility $ Geopolitical Hazards! Infrastructure / Resources Regulatory Security R&D Finance $$$ Contracts Functional risks Exist among enabling functions that support operational processes People Supply Chain Information Technology Marketing Human Resources Legal 3 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

The Extended Enterprise A network within a network The Extended Enterprise is the concept that an organization does not operate in isolation, because its success is dependent upon a complex network of third-party relationships. Illustrative example of the extended enterprise 4 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

The Extended Enterprise What could go wrong? Export Controls Risk Energy companies utilize critical machinery and equipment, many types of which are subject to export controls regulations. In 2013, a large oil and gas company agreed to a $50 million civil penalty following allegations of exporting critical equipment to Iran, Syria, and Cuba in violation of the Export Administration Regulations (EAR) and other U.S. sanctions. In this specific case, some of the equipment transfers took place via the company s Dubai-based subsidiary. Increasing third party administration and monitoring could prevent similar violations and ensure proper regulatory compliance. Supply Chain Risk Energy companies engage in highly complex projects with multiple layers of contractors and subcontractors. This complex network of contractors increases the risk of: duplicate billings, inappropriate markups, improper related party billing, failure to identified receive goods/ services billed for, and overbilling relative to terms of contract. Potential overcharges on Deloitte contractor audits average of 1-5% of contract spend based on experience. With the use and complexity of the extended enterprise projected to be on the rise, stories of mis-steps in the extended enterprise continue to be prevalent Regulatory & Compliance A large oil and gas company was forced to pay penalties and back payments on their U.S. energy leases and settled lawsuits accusing them of fraudulently underestimating the value of oil and gas to lower their royalty payments. Lack of due diligence regarding third party monitoring and risk assessments exposed the company to these costs. Environmental, Health, & Safety A super major oil & gas company was forced to pay out over $680M in settlements as a result of a catastrophic oil spill at one of its offshore rigs. This accident caused irreparable damage to the company s reputation, significant impact to the stock price, damage to surrounding wild life and communities, lawsuits from citizens and small businesses, etc. Increasing third party administration and monitoring could prevent future accidents and increase a company s reaction time. 5 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

The Extended Enterprise Management challenges There are several challenges with managing the Extended Enterprise. The findings from a recent Deloitte survey, which had representation from twenty two industry sectors is telling: How would you rate your extended enterprise management capabilities? Percentage of respondents who rate themselves above average * Deloitte's 2014 global outsourcing and insourcing survey 6 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

The Risk Execution Gap While most companies have experienced supply chain risk events and aspire to better manage these risks, few have confidence in their ability to effectively do so 87% of respondents have faced a disruptive incident with third parties in the last 2-3 years 28% faced major disruption 11% experienced a complete third party failure 55.1% of respondents aspire to have integrated third party risk management systems in a year or more, with 16.5% aspiring to be best-in-class 94.3% of respondents have only low to moderate confidence in the tools and technology used to manage third party risk and 88.6% have a similar level of confidence in the underlying risk management processes, despite significantly higher levels of confidence in organizational commitment and governance frameworks creating the execution gap Source: Deloitte 2016 global survey on Third Party Governance and Risk Management of 170 organizations 7 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

The Extended Enterprise Management challenges Management challenges could be both internal and external. Some of the key challenges and questions we are hearing in the marketplace regarding the Extended Enterprise include: Where are the breakpoints in our third party relationships? How do we assess and stay ahead of them? How do we bridge the gap between those in the business and our compliance and risk staff? How can we turn this program into one that evaluates value and does so on a recurring basis? Creating an agile and flexible governance model Driving performance Using data and analytics to make informed decisions What tools and technologies should we leverage to make informed decisions about our third party relationships? What data do we already have access to? What should we be monitoring and analyzing to make real time decisions? Navigating events that shape the extended enterprise How do we determine whether to outsource or insource, build or buy? What delivery models should we take advantage of? How will evolving technologies, market trends, or disruptive forces present opportunities and challenges to our third party relationships? Managing relationships, compliance, and regulation How do we keep up with the emerging regulatory requirements? Are our third parties keeping up? How do we ensure that appropriate contracts are in place with third parties, that they are meeting expectations, and complying with contractual commitments? 8 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

Business Intelligence Services Conducting Due Diligence Established in 1997, Deloitte s Business Intelligence Services (BIS) team is staffed with more than 240 investigators in 20 countries across the globe that are fluent in more than 85 languages. The BIS due diligence methodology was developed to help clients identify risks within their supply chain, validate information during Mergers and Acquisitions (M&A) and provide executives with insight into their business operations and the reputation of current and potential partners. The BIS approach to due diligence seeks to answer the following sample questions which may be of interest to a client: Are there FCPA allegations associated with this company or its executives? Are any of the company s executives considered politically exposed persons? Is the company operating in countries or regions with potentially high levels of corruption? Is the company or its executives being investigated by local authorities? How financially stable is the company? Is the company at risk of being acquired? Are there lawsuits involving this company? Is there worrisome media about the company? 9 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

Business Intelligence Services Methodology Deloitte s manual due diligence methodology follows a four-tiered approach. Marigold is currently capable of expediting a Level 1 investigation; persistently monitoring that entity; and providing the foundation to quickly get to a Level 2, 3 or 4 investigation if warranted. Covered by Marigold Level 1 Usually conducted to rapidly determine if a company is a bona fide entity and to uncover any major issues of concern Will not give insight into many of the people associated with a company, or information contained in non-english sources Level 2 The standard level of investigation needed to determine whether a company or its key officers have any significant issues of concern Will not give insight into non-public data, or information that can only be obtained locally Level 3 Level 4 Research is usually done after issues of concern, or ambiguities, are identified at Level 2. It is a deeper investigation into those issues and includes more intense scrutiny of individuals associated with the company or person of interest Research is the deepest level of research, usually in cases where the risk to our client could be significant, or when a notable absence of information exists regarding a company or individual. Therefore, Level 4 involves research into non-public information and potential site visits and/or engagement with the subject Marigold is a force-multiplier; it enables companies to stay ahead of emergent risk and point limited resources in the direction where they are most needed. 10 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

Marigold Overview Marigold, provides visibility into global vendor risk through automated, proactive risk assessment and monitoring at the vendor level. Marigold Automates Risk Monitoring Aggregate Gathers relevant data from disparate data sources to build a complete corporate profile Identifies current FCPA allegations associated with the company or its executives Determines company executives considered politically exposed persons Assesses operations in countries or regions with potentially high levels of corruption Uncovers current investigations by local authorities and agencies Evaluates financial stability of the company Measures company acquisition risk Identifies lawsuits against the company Automate Automates third party due diligence based on nearly 800 pre-defined rule sets that can be tailored Marigold Enables Vendor Due Diligence Process Discovers worrisome or negative media reporting about the company Analyze Provides a platform for an analyst to conduct further analysis on critical information that surface Alert Continuously monitors and generates automatic alerts in response to critical changes Marigold is a web-based application that automates the identification, assessment and monitoring of vendor risk through proprietary algorithms and an automated alert system. 11 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

Marigold Design Marigold connects to data aggregators, manages data, and conducts thousands of due diligence, rule-based queries on a persistent basis. Rules Engine Over 760 rules or algorithms divided into six categories of risk. Tailorable to a client s specific risk needs. Data Aggregators Currently 10 data aggregators with access to thousands of local and international sources with information on companies, subsidiaries and executives. Configurable to include proprietary databases. Data Management Structured data processed through name match technology and rules engine. Unstructured data is managed by key word searches, thematic clustering and timelines. 1 2 3 Rule-based risk assessment engine that has nearly 800 predefined rules based on leading practices, and can be customized based on client needs Ability to assess risk on an ongoing basis through publicly available data augmented by key third party data sources Alerts and early warnings based on suppliers exceeding predetermined risk thresholds, with management dashboards Marigold is a web-based application that automates the identification, assessment and monitoring of vendor risk through proprietary algorithms and an automated alert system. 12 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

Marigold Integration We recommend integrating Marigold with client s supplier relationship management solution to seamlessly share information. Supplier Management Processs 1.Registration 2. Qualification 3. Set-up Rule-based risk assessment 5. Ongoing engine that has 5. nearly Phase-out/ 800 predefined rules based Termination leading Management practices, and can be customized based on client needs Sourcing Initial Findings Negotiations and Contracting Vendor Onboarding Ongoing P2P Management/ Termination Ability to assess risk on an ongoing basis through publicly Periodic Monitoring available data augmented by key third party data sources Marigold was built with an open architecture designed to integrate with supplier relationship management programs Screen: Vendor will be vetted in Marigold upon registering with, and being deemed qualified by a client, to fill a sourcing need. Monitor: After negotiations and contracting is complete, Marigold will periodically monitor vendor for any emerging issues. Analyze: As a vendor s risk assessment is completed and updated, the summary and risk score and will be fed into client s supplier profile within the portal, allowing for a holistic and detailed view of the vendor portfolio. 13 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

The Extended Enterprise Benefits of program animation Managing the extended enterprise risk with a robust, secure and integrated technology platform provides the appropriate level of upstream and downstream visibility and accountability that is critical to better performance and risk management. Higher Quality Information Integrating the right information gives management visibility into quality data and allows them to make better risk informed decisions, in a timely fashion Process Optimization Intelligent Risk Management With structured process flows, redundant/ non-value add activities are eliminated, activities are streamlined to reduce lag time and inconsistency, responsibilities are correctly allocated Processes can be tailored to address risks inherent to the product/ service being outsourced with consistent application for same type of relationships for intelligent risk management Effective Capital Allocation Identifying areas where there are redundancies or inefficiencies allows financial and human capital to be allocated more effectively Reduced Costs Proactive decision making, visibility into performance and compliance of extended enterprise and optimized processes result in cost reduction, providing return on investments in technology 14 Extended enterprise risk management Driving value through the extended enterprise Copyright 2015 Deloitte Development LLC. All rights reserved.

As used in this document, Deloitte means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright 2015 Deloitte Development LLC. All rights reserved. 36 USC 220506 Member of Deloitte Touche Tohmatsu Limited

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback