ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

Similar documents
Managing Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Navigating the New Health Economy

Minimizing fraud exposure with effective ERP segregation of duties controls

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Crowe Caliber. Using Technology to Enhance AML Model Risk Management Programs and Automate Model Calibration. Audit Tax Advisory Risk Performance

Effective Risk Management With AML Risk Assessment. January 25, 2017

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Enterprise Compliance Management for Credit Unions

7 Key Trends in Enterprise Risk Management

Fraud Risk Management

Advisory Services Governance, Risk & Compliance

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

The Future of Accounts Payable

Enterprise Risk Management Workshop Modular Approach

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

Enterprise risk management Protecting and enhancing value Advisory

Analytics in Auditing Is a Game Changer

Strengthening Your Enterprise Risk Management Process

Risk Management Strategy

USING BPM TO ACHIEVE MICROSOFT DYNAMICS AX SUCCESS IN MIDSIZED MANUFACTURERS

Quality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation

Plans for a Balanced Scorecard Approach to Information Security Metrics

Extended Enterprise Risk Management

Energy Future Holdings (EFH)

risk and compliance department business plan

DATA ANALYTICS : THE FUTURE OF AUDIT

SAP Road Map for Governance, Risk, and Compliance Solutions

The Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.

Applying Integrated Assurance Management Scenarios for Governance Capability Assessment

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

The Future of Internal Auditing:

Training Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch

Continuous Monitoring: Getting Results Today!

Guidance Document. Auditing the Cloud Controls Matrix

DFS-Sphere Human Resources Automation Efficient processes, Compliance and Audit Trails: Keys to Success

International Finance Corporation

MICROSOFT DYNAMICS NAV FOR INTERNATIONAL

3 STEPS TO MAKE YOUR SHARED SERVICE ORGANIZATION A DIGITAL POWERHOUSE

Session 4C: Model Governance: What Could Possibly Go Wrong? (Part I) Moderator: Dwayne Allen Husbands, FSA, MAAA

How to Measure the Value of Your Internal Audit Group

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

Maximization of the Finance function through Business Partnering

Law Firm Procurement Survey Executive Summary

ISO Revisions. ISO 9001 Whitepaper. The importance of risk in quality management. Approaching change

The Value of Continuous Accounting for Business. White Paper. Establishing the Foundation for a Strategic Finance Organization.

Achieve greater efficiency in asset management by managing all your asset types on a single platform.

University System of Georgia Enterprise Risk Management (ERM) Creating A More Educated Georgia

Internal Oversight Division. Internal Audit Strategy

Reining in Maverick Spend. 3 Ways to Save Costs and Improve Compliance with e-procurement

Business Process Modeling for Supply Chain Transformation

Spend Management: Key Elements for Realising Cost Savings in Procurement

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

INTEGRATING FORENSIC INVESTIGATION TECHNIQUES INTO INTERNAL AUDITING

Leverage T echnology: July 19 th, 2013 Adil Khan. Move Your Business Forward. Copyright. Fulcrum Information Technology, Inc.

An Oracle White Paper December Reducing the Pain of Account Reconciliations

Customer Due Diligence A Risk Based Approach. Dr Tony Wicks Director of AML Solutions NICE Actimize

S12 - Guidelines for Planning an IS Audit Christopher Chung

SAP at Accenture. The Journey of Running Accenture on a Single Global Instance

ACCOUNTING SOFTWARE FOR LONG TERM CARE. Designed for your unique needs.

DRAFT. Fusion ERP Cloud Service October Oracle Fusion ERP Cloud Service. Magdalene Ritter

Identity and Access Management. Program Primer

Enterprise Risk Management Process Overview

Levers of Organizational Change

Enterprise risk management Protecting and enhancing value Advisory

Internal Audit. Audit of Procurement and Contracting

MSP Purpose, Value & ROI

Data, Analytics and Your Audit

Practice Guide. Developing the Internal Audit Strategic Plan

Turn Your Business Vision into Reality with Microsoft Dynamics SL

Business Case for Value Realization During Implementation Delivering Projects on Time, on Budget, and on Value

Leading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger

Enabling consistent employee experience through HR Shared Services

Services Resource Planning

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

Using a Compliance Program Assessment to Elevate Institutional Compliance Effectiveness

Enterprise Risk Management

Continuous Controls Monitoring for Transactions: The Next Frontier for GRC Automation

The evolution of finance Steps for modernizing the office of the CFO

adp.ca Outsourcing: Today s Approach to Doing More with Less Your guide to getting the most from your HR outsourcing experience

Speed to Value with Documentum xcelerated Composition Platform

NEW SKILLS AND PARTNERSHIPS IN IT ASSET MANAGEMENT

Miles CPA Review: BEC Q Updates for 2017 Edition

Fulfilling CDM Phase II with Identity Governance and Provisioning

Integrated BPO Services for BFSI Industry

Procurement s new operating model

JD Edwards EnterpriseOne Financial Management Overview

Sanjay Srinivas PH:

Solutions for Enterprise Risk Management SAS. Overview. A holistic view of risk of risk and exposures for better risk management SOLUTION OVERVIEW

UNIFI 1.5 : Simplifying Qualification and Validation June 2012

The winning tax transformation trinity. Data, technology and operations

Comprehensive Enterprise Solution for Compliance and Risk Monitoring

IMPLEMENT A PIPELINE SMS

ANNUAL PERFORMANCE REPORT DATA ASSURANCE PLAN 2015/2016

Data Governance and Data Quality. Stewardship

Internal audit insights High impact areas of focus

Internal Controls: Need Them, Have Them, Love Them

Leveraging IT risk management to boost competitive advantage

Transcription:

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS Dan Julevich and Chris Dawes April 17, 2015

Agenda ERM What, Why, How? ERM Keys to Success Fail, Survive, or Thrive? ERM Current State Overview ERM Leading Practices Data Analytics with ERM Industry Trends Health Plans Industry Trends Evolution of Analytics Managing Enterprise Risk Profile of Trusted Advisors Continuous Monitoring 2

ERM What is it? What is Enterprise Risk Management? A discipline for managing uncertainty ISO 31000 A company s process to identify, assess, and manage risk that could interfere with achieving any of its corporate objectives Richard M. Steinberg 3

What kind of risks are we talking about? Strategic Financial Operational Information Systems Compliance Reputation External Basically, anything that can mess up a company s ability to achieve its goals and objectives 4

ERM Why do companies do it? Senior management understands its value Risk awareness leads to better decisions Increased likelihood of reaching strategic objectives Competitive advantage Boards of Directors demand it Regulators require it 5

ERM How do companies do it? Identify Assess Respond Communicate Monitor Repeat! 6

ERM Keys to success Define Measure Customize the approach Get stakeholder input Simplify Demonstrate action 7

Fail, Survive, or Thrive? 8

ERM Current state overview 25% of senior executives believe their organization has a complete formal enterprise risk management process No difference from prior year Larger companies, public companies, and financial services companies higher ( 45%) 23% describe their organization s level of risk management maturity as Mature or Robust Larger companies, public companies, and financial services companies higher ( 33%) Source: ERM Initiative at North Carolina State University 2015 Report on the Current State of Enterprise Risk Oversight http://erm.ncsu.edu/ 9

ERM Current state overview 30% describe their ERM process as systematic, robust, and repeatable with regular reporting of top risks to the board Large companies (55%), Public companies (59%) 48% believe that existing risk exposures are considered mostly or extensively when evaluating new strategic initiatives. However, 36% do no formal assessments of emerging strategic, market, or industry risks Source: ERM Initiative at North Carolina State University 2015 Report on the Current State of Enterprise Risk Oversight http://erm.ncsu.edu/ 10

ERM Current state overview 42% believe that a barrier or significant barrier to ERM is that it is seen as a competing priority to other initiatives at the organization. A similar percentage believes that there are insufficient resources allocated for ERM 60% have not provided or only minimally provided training and guidance on risk management. Source: ERM Initiative at North Carolina State University 2015 Report on the Current State of Enterprise Risk Oversight http://erm.ncsu.edu/ 11

ERM Current state overview 68% indicate that the board of directors is asking somewhat to extensively for increased senior executive involvement in risk oversight Large companies 86%; Public companies 88% Source: ERM Initiative at North Carolina State University 2015 Report on the Current State of Enterprise Risk Oversight http://erm.ncsu.edu/ 12

ERM Leading practices End to End Perspective Key Risk Indicators Resident Contrarian Data Analytics Only 10 percent of respondents describe their utilization of technology to monitor KRIs as very or extensive, 22 percent rate their use as moderate, and 29 percent describe their use as slight. (1) Surprisingly, nearly 40 percent of respondents do not employ technology at all in the KRI monitoring process. (1) The bottom line: 9 in 10 respondents appear to be underutilizing the ability of technology to enhance and streamline the riskmonitoring process. (1) (1) Source: PULSE OF INTERNAL AUDIT: Navigating an Increasingly Volatile Risk Environment, MARCH 2015, The Institute of Internal Auditors 13

Industry Trends (Health Plans) Health Plans are revamping organizational approaches in partnering and utilizing data analytics to monitor and measure key performance indicators to help understand enterprise risk. Organizations are making significant investments to enhance C suite and Board of Directors reporting, dashboards, operational performance and risk monitoring reporting C Suite leadership and the Board of Directors are looking to data analytic programs to help drive growth and reduce G&A, while managing and mitigating risk Health plans are moving toward integrated monitoring of operational performance and compliance Health plans are organizing around their business in order to optimize organizational structure Source: PwC Use and Distribution Limited Solely to Authorized Personnel 14

Industry Trends: Evolution of Analytics Health plans are evolving their analytics with the most significant focus on several core fundamental areas Focus Area Description Results Achieved Integration of regulatory / compliance requirements into operational performance reporting Health plans are re designing operational reports to ensure that how they manage their business is coupled with how they meet regulatory and compliance requirements Improved operational performance Increased regulatory compliance Reduced level of effort related to organizational compliance Transformation of management and executive-level dashboards Evolving analytics for compliance-related audits and reviews Health plans are evolving dashboards to implement more predictive capabilities to trend compliance and integrate indicator flags to detect operational or compliance failures More progressive payers are using targeted sampling methodology aligned with that of CMS, as opposed to random, statistically valid sampling Implemented proactive approach to managing both compliance and operational performance Increased regulatory compliance Reduced effort by business areas to support audits Enhanced value to the business in streamlining remediation and prevention efforts Profiling of providers to link compliance, care management and quality together Use and Distribution Limited Solely to Authorized Personnel Health plans are comparing quality measures across providers with relevant data sets (HEDIS, claims) to look at the end to end care management value chain Source: PwC Enhanced view into the linkage of quality performance to outcomes, down to provider level Remaining on pace with direction regulators are headed 15

Managing Enterprise Risk Corporate Goals & Risk Areas Senior leadership sets the priorities Risk areas are identified (What could go wrong?) Management Controls Management establishes processes, controls, and reporting to achieve corporate priorities and to monitor and respond to risk areas Internal Audit Validates design and operational effectiveness of controls and key business processes Data Analytics Tools and techniques that span across functional areas Management uses analytics to report and monitor operational performance Internal audit uses analytics to validate transactions against risk area metrics 16

Managing Enterprise Risk Data and Analytics Driven Enterprise Risk Corporate priorities, goals, and risks Internal Audit Validation and verification of controls Reduced Risk Business Ownership, management and the monitoring of controls 17 Use and Distribution Limited Solely to Authorized Personnel

Profile of Trusted Advisors 18 Use and Distribution Limited Solely to Authorized Personnel Source: PwC 2014 State of Internal Audit Survey

Managing Enterprise Risk Driver: Lower cost to operate controls Reduce business efforts to operate controls (useful for clients with many manual controls) Identify business exceptions and control breakdowns sooner Increase business flexibility through moving toward realtime detective controls Achieve more coverage of risk Remove obvious pain points Stop known problematic transactions Driver: Lower cost to evaluate controls Lower the cost of compliance efforts Identify control breakdowns sooner Lower the cost of business self-assessment of controls Achieve better visibility of the compliance framework and the overall state of risk Organize risks and controls in a more meaningful fashion Policy management to support controls Continuous Transaction Monitoring (CTM) Solution Document the controls in your Continuous Control Monitoring (CCM) Solution Implement controls in your Continuous Transaction Monitoring (CTM) Solution Continuous Control Monitoring (CCM)Solution 19 Source: PwC Use and Distribution Limited Solely to Authorized Personnel

Examples of Continuous Monitoring: Focusing on Continuous Transaction Monitoring (CTM) and Continuous Controls Monitoring (CCM) CCM CTM Automated controls Master data Transactional data Exceptions relating to Exceptions relating to Exceptions relating to business configuration settings or governance of master transactions within the ERP parameters in the ERP data in the ERP system system based on available system transaction data An exception is reported if the tolerance amount for the three way match control for accounts payable invoices is changed An exception is reported if the credit authorization approval control is turned off An exception is reported if the general ledger field structures have been modified in the master table An exception is reported if changes (including creation, modification and deletion) are made to critical attributes defined in vendor master data An exception is reported if changes have been made to the general ledger account code options and/or account mapping for automatic system processing functions An exception is reported if a purchase order is created on the same day that goods were received for a transaction An exception is reported if a manual journal entry has unusual accounts and/or descriptors An exception is reported if an employee receives more than one pay distribution in a pay period A CCM strategy for configurable controls provides Management with a proactive mechanism to identify when key application control settings have been changed A CTM strategy for master file data provides Management with a proactive mechanism to verify that the integrity of the master file architecture and content is not compromised A CTM strategy for transaction data provides Management with a proactive mechanism to identify potential control exceptions and fraudulent activity 20 Source: PwC Use and Distribution Limited Solely to Authorized Personnel

Discussion Point How have you seen organizations successfully integrate data analytics into an enterprise-wide risk process? 21

Summary ERM Key to Success Define, Measure, Customize, and Simplify ERM Current State Below expectations but there is reason for optimism ERM Leading Practices End to End, KRIs, Contrarian View, Data Analytics ERM with Data Analytics Data based decisions, Tools, Skills, Transactions, Business rules, and data structure are key 22

QUESTIONS? ASK? AWAY 23

Resources NC State University Poole College of Management ERM Initiative http://poole.ncsu.edu/erm/ RIMS Strategic and Enterprise Risk Center http://www.rims.org/resources/erm/pages/default.aspx Norman Marks on Governance, Risk Management, and Audit http://normanmarks.wordpress.com/ PwC State of the Internal Audit Profession http://www.pwc.com/us/en/risk assuranceservices/publications/pwc 2014 state of profession.jhtml 24

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback