Clarifying the Role of. Enterprise Risk Management

Similar documents
Establishing Enterprise Risk Management in

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

Strengthening Your Enterprise Risk Management Process

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Introduction to ERM (Enterprise Risk Management)

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Enterprise Risk Management Demystified

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Charter for Enterprise Risk Management

Enterprise Risk Management in the Public Sector

Performance Risk Management Jonathan Blackmore, May 2013

Executive Teams and the Use of ISO in Decision Making. Scott Wightman, ARM-E National Director Gallagher ERM Practice

2017 ERM Workshop: Beyond Compliance, Driving Organizational Value

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Enterprise Risk Management

Financial Management in the Federal Government:

POSITION PROFILE FOR THE CHIEF OF THE WINNIPEG POLICE SERVICE. Last updated October, 2015

Fraud Risk Management

Enterprise Risk Management 2016

INTEGRATING ENTERPRISE RISK MANAGEMENT IN THE FEDERAL GOVERNMENT. Partnership for Public Service September 10, 2015

IIA ERM Summit. August 22, 2010

7 Key Trends in Enterprise Risk Management

Enterprise risk management Protecting and enhancing value Advisory

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?

Taking ERM to a. 6 GRC Today / October 2015

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

Enterprise Risk Management: A Best Practice in Managing Federal Programs

Maximizing value from your lines of defense

Miles CPA Review: BEC Q Updates for 2017 Edition

Enterprise Risk Management Aligning Risk With Strategy and Performance

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management

Risk Management With an Enterprise (Wide) Focus

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Informed Decision Making

Compliance in Multiple Regulatory Settings. a Holistic Approach

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

Building an Integrated Talent Management Strategy. Stavros Liakakos, VP HCM Strategy Knowledge Infusion

Neal Cohen, MD Board Chair. Neal Cohen, MD Board Chair

4/26. Analytics Strategy

Risk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade

FOSTERING A CULTURE OF QUALITY

Sustainably Managing Risk: The Business Official s Role beyond Internal Controls

ERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance Wipfli LLP

Enterprise Risk Management Program

Leading Practice: Approaches to Organizational Change Management

Building an Intelligent Risk Organization Case Studies in Strategic Risk Management

Task Force Innovation Working Groups

2013 New COSO 2013 Framework and Current Trends in Risk Management

Risk management is changing. Act now.

INTEGRATED RISK MANAGEMENT

Turning risk into results. How leading companies use risk management to fuel better performance

Today we will discuss

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

Enterprise Risk Management in Health Care

Seven Key Success Factors for Identity Governance

Emerging Trends in Auditing ERM COSO ERM 2017

pwc.co.uk Enterprise Risk Management

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Management and Inspector General Road Rules in Enterprise Risk Management. June 16, 2016

A Multi- Dimensional Framework for Implementing Technology Business Management

FINANCE & BUSINESS AT PENN STATE...

PORTLAND PUBLIC SCHOOLS HUMAN RESOURCE SERVICES AND DELIVERY

Implementing Risk Management in 2008: Current Canadian Status of Implementing Risk Management

ISACA. The recognized global leader in IT governance, control, security and assurance

Next-generation enterprise risk management

Strategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.

Texas Tech University System

Leveraging Data Analytics as a Force Multiplier. June 2017

9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

Delivering tomorrow s companies today. How global business services can transform your business. The COO perspective

Executive Summary. Exhibit 1- Streamlined communication to the Board of Directors

Horst Simon. COO, Dubai Centre for Enterprise Risk Management

ENTERPRISE RISK MANAGEMENT ALIGNING RISK WITH STRATEGY AND PERFORMANCE

CGEIT Certification Job Practice

risk management ERM Roles & Responsibilities In Community Banks: Who is Responsible for What?

2012 CliftonLarsonAllen LLP. A Practical & Tactical Approach to. Management (ERM) Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management

Internal Controls Optimization

STRATEGIC PLAN WORKPLACE SAFETY AND INSURANCE BOARD

Treasury s Leading Role in Enterprise Risk Management

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

From Visionary Insight to Strategic Outcomes

3Z0Z 0? W7? TOTAL QUALITY MANAGEMENT MASTER PLAN* (S)l\f> v^n. 0 Department of Defense. AUG 2 ego, August O/ A./ \o V* TECHNICAL LIBRARY

INFORMATION ASSURANCE DIRECTORATE

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.

Business Process Improvement by Evans Incorporated

LEAN ENTERPRISE TRANSFORMATION

Compliance, Internal Audit, and Risk Management: What do they look like at a Managed Care Plan?

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

Control and testing transformation

A Guide to IT Risk Assessment for Financial Institutions. March 2, 2011

Governance: Risk Committees

Information and Communications Technology (ICT) Strategy Consulting

RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM

LeiningerCPA, Ltd. RISK MANAGEMENT POLICY STATEMENT

Transcription:

Clarifying the Role of Enterprise Risk Management

Introductions/Opening Remarks Speakers: Doug Webster, Director, Risk Officer, US Agency for International Development Mike Wetklow, Deputy CFO, National Science Foundation

Learning Objectives 1. Understanding the role of risk management 2. Clarifying the distinction between internal controls, risk management, and Enterprise Risk Management 3. Considerations for a CRO 4. How to get Started

Learning Objective 1: Understanding the Role of Risk Management The impact of Change The goal of stakeholder value 4

5 Which environment most reflects your world in making progress?

Life would be simple if only it were not for Change External Change Internal Change 6

Reactive Internal Change Today s Environment External Change Organization Actions The Future Environment Proactive Internal Change Many organizations act as if in Groundhog Day, focused on improving effectiveness and efficiency for today s organization but without much attention to tomorrow s needs A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be. ~ Wayne Gretzky ~ Wayne Gretzky 7

Value Maximization Performance Stakeholder Satisfaction and others 14

Value Maximization Performance Stakeholder Satisfaction Cost Resource Consumption 15

Value Maximization Performance Performance Stakeholder Satisfaction Value Maximization Cost Resource Consumption - Cost Reward (Return) Risk Opportunity/ Loss Balance Possible Return ROI ( ) Return Cost Most Likely Return Risk 16

Value Maximization Performance Stakeholder Satisfaction Value Maximization Cost Resource Consumption Strategic Tactical Risk Opportunity/ Loss Balance Operational 17

Learning Objective 2: Clarifying the distinction between internal controls, risk management, and Enterprise Risk Management A Risk Management Process Internal Controls as an Element of Risk Management The Role of Enterprise Risk Management 12

The What of ERM Does a Label Really Matter? If you gave the command "SECURE THE BUILDING", here is what the different military services might do: NAVY ARMY MARINE CORPS AIR FORCE Turn out the lights and lock the doors. Surround the building with defensive fortifications, tanks and concertina wire. Assault the building, using overlapping fields of fire from all appropriate points on the perimeter. Take out a three-year lease with an option to buy the building. 13

The Risk Management Process Communication and Consultation Risk Assessment Establish the Context Identify Risks Analyze Risks Evaluate Risks Treat Risks Monitoring and Review 14

Risk Management vs. Internal Controls Risk Management Internal Controls for Compliance Risk Treatments Accept Avoid Transfer Mitigate (Use Internal Controls) Internal Controls for Compliance Low Risk Appetite Higher Risk Appetite Low Risk Appetite 15

Challenges in Traditional Risk Management Risk Coverage 16 Interest Rate Credit Market IT Compliance Other Differences in general criticality of the risk category to the organization mission and stakeholders Differences in maturity in the practice of risk management in each silo (inconsistent policies and practices) Differences in risk appetite lead to differences in risk mitigation Potential ROI on risk treatments can vary

Some Risks Addressed More Completely Than Others Enterprise Strategic Goals/Objectives Unmanaged Risk: Risk Coverage Interest Rate Credit Market IT Compliance Other Differences in thoroughness of risk identification Differences in risk appetite lead to differences in risk mitigation Potential ROI on risk treatments can vary greatly 17

Top-Down Risk Assessment Identifies Risk in the White Space Enterprise Strategic Goals/Objectives Risk Coverage Interest Rate Credit Market IT Compliance Other 18

19 Risks and Risk Mitigations can have Cross-Functional Impacts (+ and -) Enterprise Strategic Goals/Objectives Risk Coverage Investments in risk management should maximize ROI at the enterprise level Interest Rate Credit Market IT Compliance Other

Strategy, Performance, Cost and Risk Must all Interconnect Performance Performance Sub- Objectives Risks Risks Risks Objectives CostsPerformance Costs Risks External Demands/ Internal Capabilities Sub- Objectives Costs Risks Performance Sub- Objectives Performance Risks Objectives Risks Costs CostsPerformance Sub- Objectives Costs Requirements Requirements/Capabilities Capabilities C/P/R C/P/R = V = V = V C/P/R = V Risks Risks Risks Risks C/P/R 20

Removing the Ambiguity Around ERM 1. Compliance and Internal Controls 2. Risks exclusively at the enterprise level (e.g., strategic risks) 3. Functional risks that cross the enterprise (e.g., IT risk) 4. Integration of some partial set of risks (e.g., financial risks or operational risks) frequently seen in financial services 5. Traditional risk management across all of the enterprise While all of the above are important elements of risk management, they are not synonyms for ERM 6. "Enterprise Risk Management (ERM) is a discipline that addresses the full spectrum of an organization s risks, including challenges and opportunities, and integrates them into an enterprise-wide, strategically-aligned portfolio view. ERM contributes to improved decision-making and supports the achievement of an organization s mission, goals, and objectives. ~ Association for Federal Enterprise Risk Management (AFERM) 21

ERM vs. Risk Management Across the Enterprise CFO CIO HR Program A Program B Program C Etc. Internal Controls/SOX = IT Security/PII Supply Chain Risk Management Financial Risk Continuity of Ops (COOP) And many more... 22

ERM is more than Reporting Too often, organizations claim ERM implementation due to reporting key risks to top executives/board Low level risks may be so broadly present across the organization that they would rise to enterprise level risks if aggregated, but that aggregation is never accomplished. Applying ERM only at the highest organizational level limits the opportunity to integrate risks at lower organizational levels. This precludes lower level capabilities being leveraged to deliver maximum value at the highest levels. ERM is about enterprise risk management. Risk management is much more than simply reporting to the board or equivalent. 23

Learning Objective 3: Considerations for a CRO The need for centralized coordination The potential roles for a CRO and risk organization Locating the CRO 24

Centralized Coordination 1. The essence of ERM is coordination and prioritization across silos 2. Such coordination does not happen alone; a central function is essential for facilitating the cross-functional dialog that must occur for ERM to be effective

The Role of a CRO 1. Establish/facilitate adoption of a common risk framework and process 2. Facilitate cross-functional dialog on risks 3. Monitor consistent application of risk management policy across the enterprise 4. Educate and champion the role of risk management in maximizing organizational stakeholder value 5. Serve as an impartial advisor to top management on risk and risk management 6. Serve as a safeguard for signaling risks inconsistent with the risk appetite Note: CROs do not own the residual risk. Accountability for risk rests with those making the decisions that incur risk.

Locating the CRO position A CRO to be effective must have sufficient influence to bring together the various barons leading the silos, and facilitate a collaborative approach 1. Sufficiently senior to engage directly with functional leads 2. Viewed as a direct representative of the agency s leader for risk management 3. Viewed as not favoring any particular part of the organization An ideal location would report directly to the agency head or COO Note: While some central risk management policy functions report through the CFO, it is essential this function not be viewed as reflecting only a financial or CFO perspective.

Learning Objective 4: How to Get Started I. Keys to Success: Overarching themes to provide management with a strong foundation for an effective ERM program as they develop and tailor their specific approach to implementing ERM. II. Initial Action Steps: Action oriented, how to steps to implement an initial ERM effort. These steps support development and implementation of a tailored ERM initiative. III. Continuing ERM Implementation: Next steps to further develop and broaden the organization s initial ERM effort. Source: COSO, Thought Leadership in ERM, Embracing Enterprise Risk Management http://www.coso.org/documents/embracingerm-gettingstartedforwebpostingdec110_000.pdf

How to Get Started: Keys to Success 1. Support from the Top is a Necessity 2. Build ERM Using Incremental Steps 3. Focus Initially on a Small Number of Top Risks 4. Leverage Existing Resources 5. Build on Existing Risk Management Activities 6. Embed ERM into the Business Fabric of the Organization 7. Provide Ongoing ERM Updates and Continuing Education for Leadership and Senior Management Source: COSO, Thought Leadership in ERM, Embracing Enterprise Risk Management http://www.coso.org/documents/embracingerm-gettingstartedforwebpostingdec110_000.pdf

How to Get Started: Initial Action Steps 1. Seek Board and Senior Management Leadership, Involvement and Oversight 2. Select a Strong Leader to Drive the ERM Initiative 3. Establish a Management Risk Committee or Working Group 4. Conduct the Initial Enterprise-wide Risk Assessment & Develop an Action Plan 5. Inventory the Existing Risk Management Practices 6. Develop Your Initial Risk Reporting 7. Develop the Next Phase of Action Plans & Ongoing Communications Source: COSO, Thought Leadership in ERM, Embracing Enterprise Risk Management http://www.coso.org/documents/embracingerm-gettingstartedforwebpostingdec110_000.pdf

How to Get Started: Continuing ERM Implementation A program of continuing ERM education for leaders and executives ERM education and training for business-unit management Policies and action plans to embed ERM processes into the organization s functional units Continuing communications across the organization on risk and risk management processes and expectations Development and communication of a risk management philosophy for the organization Identification of targeted benefits to be achieved by the next step of ERM deployment Source: COSO, Thought Leadership in ERM, Embracing Enterprise Risk Management http://www.coso.org/documents/embracingerm-gettingstartedforwebpostingdec110_000.pdf

How to Get Started: Continuing ERM Implementation (cont d) Development of board and corporate policies and practices for ERM Further discussion and articulation of a risk appetite for the organization and /or significant business units, including quantification Establishment of clear linkage between strategic planning and risk management Integration of risk management processes into an organization s annual planning and budgeting processes Expansion of the risk assessment process to include assessments of both inherent and residual levels of risk Exploration of the need for a dedicated Chief Risk Officer or ERM functional unit Source: COSO, Thought Leadership in ERM, Embracing Enterprise Risk Management http://www.coso.org/documents/embracingerm-gettingstartedforwebpostingdec110_000.pdf

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback