A New Framework for Risk Management

Similar documents
Executive Teams and the Use of ISO in Decision Making. Scott Wightman, ARM-E National Director Gallagher ERM Practice

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

Texas Tech University System

Charter for Enterprise Risk Management

Enterprise Risk Management Defined and Explained

Enterprise Risk Management

Enterprise Risk Management Implementation Foundations and Reflections of a University Chief Risk Officer at the Five Year Milestone

Enterprise Risk Management. Focus on the Future June 2017

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

Office of Compliance, Risk and Ethics Program Report. January 2016 December 2016

B U S I N E S S R I S K M A N A G E M E N T L T D

Strengthening Your Enterprise Risk Management Process

Sample Corporate Risk Management Policy

Enterprise Risk Management (ERM) Program Primer

The ERM Journey. Best practices and lessons learned. AFERM Summit 2014

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

Risk Management at Statistics Canada

Who Should be on Your Project Team: The Importance of Project Roles and Responsibilities

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

Tactical Implementation of Enterprise Risk Management

CHAPTER 4 THE EVOLVING/ STRATEGIC ROLE OF HUMAN RESOURCE MANAGEMENT

International Finance Corporation

Using a Compliance Program Assessment for Strategic Impact

The power of collaboration: A Business Continuity Management System for the Alberta Post-Secondary Sector. Jim Ross CISA CRMA MacEwan University

Internal Audit Division FY 17 - Audit Plan Overview

29/11/2017. Risk Management Policy

Finance Division Strategic Plan

Enterprise Risk Management Demystified

Enterprise Risk Management

The Ohio State University Human Resources Strategic Plan

Estrella Mountain Core Values Survey. Fall Executive Summary and Report Card

5 DAY MBA. Certified Enterprise Risk Management

Technical Director, Humanitarian Partnerships

THE ENTERPRISE AND RISK MANAGEMENT POLICY

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Enterprise Risk Management Course outline

HUMAN RESOURCES MANAGER

UN-HABITAT ENTERPRISE RISK MANAGEMENT IMPLEMENTATION GUIDELINES

RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM

Enterprise Risk Management Handbook. June, 2010

Office of Internal Auditing

Presentation to the General Committee. City of Markham. January 18, Auditor General Services. Presented by: Geoff Rodrigues & Veronica Bila

U.S. Census Bureau Enterprise Risk Management Program Operationalizing ERM A Top-down, Bottom-Up Approach

Sample Strategy and Value Oversight Policy

Enterprise Risk Management

Example Job #21 Director, Strategic Human Resources

These guidelines describe how Hamilton College approaches the development, measurement and management of information security. Version 3.03.

Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014

A Guide to IT Risk Assessment for Financial Institutions. March 2, 2011

OFFICE OF HUMAN RESOURCES. William & Mary Employee Climate Survey Final Report and Recommendations to the President February 22, 2016

FMEP: Facilities Management Evaluation Program

No Problem s Too Big. Now from SMU s Lyle School of Engineering: Four Graduate-Level Certificates

Contracts Develop and implement an effective contract administration program;

Healthy Workplace Advisory Committee: Terms of Reference

ENGAGEME ENT PLAN AND RISK. his/her own. and controls. annual plan. approach. Identify. objectives. Risks (START) Select Audits and.

INTENTIONAL AND STRATEGIC MANAGEMENT OF ALUMNI VOLUNTEERS. February 12-14, 2019 San Antonio, TX

risk and compliance department business plan

Enterprise Risk Management at

Enterprise Risk Management, Compliance, and Management Advisory Services: An Integrated Approach. SCCE s Higher Education Compliance Conference

Advancing your BCP Program

University of North Carolina at Greensboro ATHLETICS PROGRAM REVIEW EXECUTIVE SUMMARY

REPORT 2015/077 INTERNAL AUDIT DIVISION

OFFICE OF GENERAL SERVICES CONTROLS OVER OVERTIME COSTS. Report 2007-S-125 OFFICE OF THE NEW YORK STATE COMPTROLLER

Office of Technology Services IT Strategy

DIRECTOR OF COUNSELLING STUDENT WELLNESS CENTRE

St. Philip s College REPORT OF THE BOARD OF EXAMINERS. Quality Texas Foundation

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

Operational Plan

A Strategic Plan for the University of Wyoming Office of General Counsel

UNHCRlHCP/ Antonio Guterres, United Nations High Commissioner for Refugees. Approval date: _::t_~_-_1-:...-_u_l--,~~_

Certificate in Enterprise Risk Management

Vectren/ PHMSA SMS Info Share. WEI April 2018

Calgary Housing Company Asset Management Audit

Managing Conflicts of Interest:

Enterprise Risk Management Plan FY Submitted: April 3, 2017

University Risk Management Topics Assigned to Committee

ACADEMIC DIVISION ENTERPRISE RISK MANAGEMENT (ERM) GARY NIMAX ASSISTANT VICE PRESIDENT FOR COMPLIANCE AND ENTERPRISE RISK MANAGEMENT

Informed Decision Making

CGIAR System Management Board Audit and Risk Committee Terms of Reference

Modernizing compliance: Moving from value protection to value creation

IMPLEMENT A PIPELINE SMS

Richland Community College May 2009

Active Essex Risk Management Strategy

Office of Compliance Program Report

ENTERPRISE RISK MANAGEMENT

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

ERM: Mandate & Commitment in 60 Minutes

Advanced Audit Techniques

Concept of Operations. Disaster Cycle Services Program Essentials DCS WC OPS PE

Case study: Developing effective risk management in a global mining group

Mandate of the Board of Directors

Institute of Internal Auditors 2018

Administrative Services

Durham Crisis Response Center Executive Director Position Description

About Human Resources

National Director, Jerusalem West Bank Gaza

2100 Chester Avenue, Bakersfield, CA 93301

Conducting Compliance Assessments and Building Internal Controls In Pharmaceutical R&D

Transcription:

A New Framework for Risk Management JOHN MCLAUGHLIN, MANAGING DIRECTOR, ARTHUR J. GALLAGHER & CO.

Traditional Risk Management Without guidance an organization s risk strategy will be made and repeatedly redefined accidentally by dozens of everyday financial and business decisions. McKinsey Survey 2

Enterprise Risk Management Approach ERM is a process that seeks to preserve and create value Protection of Assets Effective Utilization of Resources Optimization of Results Risk is defined as the effect of uncertainty on objectives Ultimate goal is to create a risk aware culture where consideration of risk is part of the decision making process 3

Commitment Tone at the top matters; Champions are essential Principles and Mandate (SAMPLE) The University is committed to developing and supporting an ERM policy that: a) incorporates a consistent approach to risk management into the culture and strategic planning processes of the university that supports decision making and resource allocation at both the strategic and operational levels. Or b) applies a consistent approach to risk management to support the college s governance responsibilities for innovation and responsible risk-taking, policy development, programs and objectives. In all cases, appropriate measures will be put in place to address unfavorable impacts from risks and favorable benefits from opportunities. Understand and embrace specific roles, while building bridges across campus Question sacred cows Incorporate RM into planning Annual, strategic and project planning Ask questions, require annual updates, establish accountability 4

Framework A business process that expands the core (traditional) concepts of risk management: Identify risks and opportunities across the enterprise Assess the impact of the risks to the plans and mission Develop and test mitigation plans Monitor identified risks and consistently scan for emerging risks Repeat and improve 5

Risk Management Process (ISO 31000) Establishing the context Risk assessment Risk identification Communication and consultation Risk analysis Monitoring and review Risk evaluation Risk treatment 6

Roles Senior Administration Owns ERM Department heads involved in operational risks Full Board/Executive Committee Sets tone, addresses strategic and governance risks and fills in gaps Standing Committees Understand programs and risks Audit Committee Owns specific risks and process 7

College Risk Register 1. Reputational Risk: a) Assessments and outcomes not meeting expectations b) Governance c) Effective crisis planning/communication 2. Strategic Risk: a) Aging workforce, lack of succession planning b) Misalignment between operations and strategic plans c) Expanding mission to four year degree programs d) Uncertain economic environment e) IT infrastructure investments f) Changing regulatory environment g) Implement Program to support Full Spectrum Learning 8

College Risk Register 3. Operational Risk: a) Lack of disaster preparedness and BCP b) Minors on campus c) Outside violence coming to campus d) Title IX and sexual assault e) Cyber Security/Breach Response f) International risks 9

In To Action (5 STEP PROCESS) 1. Establish Organizational Principles and Mandate - COMMITMENT 2. Establish leadership Structure and Discussion of erm context - FRAMEWORK 3. Conduct risk assessment and assign of Risk Owners RISK ASSESSMENT/OWNERS 4. Begin risk treatment and Organizational integration RISK TREATMENT 5. Follow Consistent Process to MONITOR and IMPROVE 10

1. Commitment Building the case for ERM Discussion of mandate & commitment Definition of roles Begin meeting with ERM leaders to discuss organizational goals and objectives Develop description of benefits and reasons to implement ERM Discuss broad roles of senior administration, risk management, legal, internal audit, and compliance Establish advisory group composition, meeting schedule and initial agenda 11

2. Leadership, Framework & Context ERM leaders and advisory group establish framework, describe context, stakeholders, roles and responsibilities, and implementation plan Facilitation of ½-day workshop focused on development of framework, description of context, identification of internal/external stakeholders, discussion of risk criteria and performance measures Establish roles and responsibilities of administrators and other key stakeholders Develop implementation plan 12

3. Risk Assessment & Ownership Begin risk assessment including scope and process, assignment of risk owners, planning for data management, reporting and communication Consult and advise, or facilitate, the risk assessment process through surveys, interviews, and/or workshops Oversee development of risk register in relationship to organizational objectives Facilitate the risk analysis and evaluation/prioritization process Assist in the assignment of risk owners Sample reports developed for advisory group, senior admin, and governing boards 13

4. Risk Treatment & Integration Development and approval of risk treatment plans, training of supervisors, integration into position descriptions, reviews, and employee onboarding Beginning of work on risk treatment plans including risk owner training Leadership approval of priority risk treatment plans Supervisor training materials drafted Position description wording drafted and approved New employee orientation materials developed 14

5. Monitor & Improve Development and incorporation of continuous improvement model, monitoring and review of progress, and assessing communication and engagement Review existing ERM program Report on congruence with best practices and suggest improvements Evaluate performance management objectives and outcomes Assess progress of risk treatment plans Evaluate accountability and reporting chains Incorporate lessons learned 15

Culinary Adventures USE THE ERM PROCESS TO HELP MAKE INFORMED DECISION College A at the height of the Arab Spring is invited to a culinary arts symposium in Dubai. 2 faculty members and 5 stds. are invited. Symposium concludes with an Int l cook off competition! College wants to attend but concerned about safety and cost. College B is considering opening a high end restaurant, staffed by professionals as means to attract community members, support functions at Performing Arts Center, expose students to classic restaurant operations. Major financial investment that does not directly support educational mission. 16

Culinary Adventures College A Mission Consistent Risk Owner Financial Reputational Strategic Compliance Hazard/life safety Risk Treatment College B Mission Consistent Risk Owner Financial Reputational Strategic Compliance Hazard/life safety Risk Treatment 17

Lessons learned from others: Focus on high-impact risks Focus on mitigation/continuity plans Take on the tough issues and sacred cows All risks must have owners Involve other departments in risk register and responses It s a process and business tool, not a project Set yourself up for some near terms wins 18

Stay Connected 19

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback