Charter for Enterprise Risk Management

Similar documents
Strengthening Your Enterprise Risk Management Process

ISACA. The recognized global leader in IT governance, control, security and assurance

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting

More than 2000 organizations use our ERM solution

Fraud Risk Management

The Future of Internal Auditing:

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

Levers of Organizational Change

Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director

IT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams

DeVry Approach to ERM

AUDITING. Auditing PAGE 1

Post: Head of Standards Governance Department/Region: Science and Standards Location: London Purpose of post:

Integrated Planning and Institutional Effectiveness: Improvement and Renewal

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

THE ENTERPRISE AND RISK MANAGEMENT POLICY

Enterprise Risk Management Demystified

Taking ERM to a. 6 GRC Today / October 2015

Enterprise Risk Management Handbook. June, 2010

Advisory on UNESCO s Enterprise Risk Management. Internal Oversight Service Audit Section. IOS/AUD/2016/05 Original: English.

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

Practice Guide. Developing the Internal Audit Strategic Plan

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Business Planning and Governance for Corporate Training

Enterprise risk management Protecting and enhancing value Advisory

Enterprise Risk Management, Compliance, and Management Advisory Services: An Integrated Approach. SCCE s Higher Education Compliance Conference

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Risk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

INFORMATION TECHNOLOGY SERVICES. KEY PRIORITIES for CSU Information Technology In support of Graduation Initiative 2025

ICMA PRACTICES FOR EFFECTIVE LOCAL GOVERNMENT LEADERSHIP Approved by the ICMA Executive Board June 2017; effective November 2017

Strengthening Control and integrity: A Checklist for government Managers

Portfolio Management Professional (PfMP)

Managing Successful Programmes 2011 Glossary of Terms and Definitions

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

COMPETENCIES AND SKILLS REQUIRED FOR CERTIFICATION IN EDUCATIONAL LEADERSHIP IN FLORIDA, Fourth Edition 2012

Critical Success Factor in ERM Implementation

Clarifying the Role of. Enterprise Risk Management

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

A Risk Management Framework for the CGIAR System

METROPOLITAN TRANSPORTATION AUTHORITY

A Risk Practitioners Guide to ISO 31000: 2018

Public Engagement with Research

Practitioners Network for Large Landscape Conservation Organizational Charter

Beginning a Business Sustainability Plan

IMPLEMENT A PIPELINE SMS

A New Framework for Risk Management

Finance Division. Strategic Plan

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

The New Engagement: A Bold Statement of Colliding Concepts Transcending Traditional Solutions

Superintendent Performance Review Survey Board of Directors

Enterprise Risk Management Implementation Foundations and Reflections of a University Chief Risk Officer at the Five Year Milestone

Risk Management Strategy

AUDIT UNDP ENTERPRISE RISK MANAGEMENT SYSTEM. Report No Issue Date: 4 April 2014

Concept of Operations. Disaster Cycle Services Program Essentials DCS WC OPS PE

EFFICIENT USE OF AUDIT COMMITTEES

UNF Finance and Audit Committee January 15, 2013

Ministry of Finance Comptroller General Victoria, BC

IT Prioritization CHARTER

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

Executive Director Profile

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

RISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt. Here s a primer on how to use two well-known approaches.

Information Technology Services Project Management Office Operations Guide

About the Pulse of Internal Audit

DIVERSITY. Strategic Plan. Office of Institute Diversity. Achieving Inclusive Excellence

KENT STATE UNIVERSITY UNIVERSITY EMPLOYEE SEPARATION PLAN (UESP) STRATEGIC HIRING PROCESS OVERVIEW FY 2017

TOOL 8.1. HR Transformation Milestones Checklist. The RBL Group 3521 N. University Ave, Ste. 100 Provo, UT

A Roadmap for Developing Effective Collaborations & Partnerships to Advance the Employment of Individuals with Disabilities in the Federal Sector

Corporate Risk Management Audit

The 9 knowledge Areas and the 42 Processes Based on the PMBoK 4th

Dallas Center for Performance Excellence (CPE) Executive Summary

International Finance Corporation

IPPF Practice Guide. Assessing the Adequacy of

Ready to help lead a dynamic team that is reshaping health care shared services and how they re delivered?

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Project Management Overview 4/17/2013 1

Enterprise Risk Management

Introducing ISO 22301

Session 7: Corporate Governance

OPERATIONAL EXCELLENCE ACROSS THE ERO ENTERPRISE: Adding Value to the Compliance Monitoring and Enforcement Program

Advisory Services Governance, Risk & Compliance

DEPUTY CHIEF OF POLICE RECRUITMENT PACKAGE

2014 Integrated Internal Control Plan. FRCC Spring Compliance Workshop April 8-10, 2014

Agenda. Enterprise Risk Management Leads to Strategic Alignment and Value Creation 9/12/2013

Changes Reviewed by Date. JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology: Issa Laty. CIO, Jordan- Mohammad Aburoub

H U M A N R E S O U R C E S M A N A G E R

Credit Union Social Responsibility Tool GOVERNANCE AND MANAGEMENT FOR CREDIT UNION SOCIAL RESPONSIBILITY

Tools & Techniques II: Lead Auditor

Program Management Professional (PgMP)

Informed Decision Making

LIVING IN THE REAL WORLD THE LEGAL AND INSURANCE ASPECTS OF SMS

ECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme

SUSTAINABILITY ACTION PLAN

Plans for a Balanced Scorecard Approach to Information Security Metrics

Transcription:

for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date

TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1 Inclusions... 2 3.2 Exclusions... 2 4. Key Project Deliverables... 2 5. Project Authority... 3 5.1 Authorization... 3 5.2 Project Manager... 3 5.3 Staffing... 3 6. Management Approach... 4 6.1 Quality Management... 4 6.2 Risk Management... 4 7. Charter Approvals... 5 8. Appendix... 6 8.1 Project Schedule... 6 Page i

1. Background According to the EDUCAUSE article: Leveraging Enterprise Risk Management: Opportunity for Greater Relevance, colleges and universities were asked to begin Enterprise Risk Management (ERM) programs during the first decade of the 21 st century. As a result of these requests and financial pressures, public and private institutions have been implementing ERM business processes to support strategic and annual planning as well as major new initiatives. Risk management is happening sporadically across campus with varying perceptions of Mines risk appetite. This was identified through a 7-question survey of 16 participants, across three areas. The survey was intended to provide a pulse of where we are at as an Institution. It also identified there was not a common meaning of risk across campus as well as challenges and barriers to risk management including: lack of tools, resources, training, collaboration, knowledge, and authority. According to the Committee of ing Organizations of the Treadway Commission, Enterprise Risk Management (ERM) is a process, effected by an entity s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. It provides structure to avoid downside risk and take advantage of upside risk. The basic steps of ERM include: identification of risks, assessment of the likelihood and impact on the institution, aggregation and integration of risks, development of a risk management plan, and measure, track and communicate risks. Benefits include: Developing a holistic and cohesive system aimed at achieving Mines objectives Enhancing decision making and purposeful resource allocation Assisting management in making informed decisions regarding risk Fostering collaboration through an organization-wide risk language Breaking down barriers between departments and support beneficial change Improving understanding of the interrelated impacts of risk at Mines Without ERM there could be an inconsistent definition of risk, haphazard decision making, silos, challenges to managing risk, and unidentified emerging risks. ERM is intended to progress the mission, vision, core values and strategic and business objectives of the Institution to enhance overall performance. It should become a mindset that is engrained in our decision making process throughout campus. 2. Objectives Define acceptable levels of risk (e.g., Mines Risk Appetite) by August 31, 2017. Determine ERM framework to be followed by Institution by October 31, 2017. Perform the first round of risk assessment at the University-level (risks identified, prioritized, and management response plans) performed by March 31, 2018. Develop Key Risk Indicators (KRIs) by June 30, 2018. Report to the Finance & Audit Committee (FAC) by fall 2018. Page 1

Expand the team for the second phase implementation of department-level risk assessment (risks identified, prioritized, and management response plans) performed by March 31, 2019. 3. Scope 3.1 Inclusions While ERM is an on-going process, for purposes of this project, the scope will be defined as follows. The ERM Advisory will initially consist of a core group of members across campus (~12 participants). The team will receive training on ERM and will develop a definition and framework for ERM that fits Mines operations. The team will perform the risk assessment(s) aggregate and determine the most critical risks to the Institution, and determine response plans. KRIs will be developed for monitoring and decision making. The process will then be expanded and monitored on an ongoing basis. Plans will be developed to communicate and engage the Mine s community in ERM to embed risk thinking into the culture and mindset of its constituents. Resources will also be available. 3.2 Exclusions No impact to current systems. Management of all risks at every level of the organization. State risk management will not be included, beyond participation on the team. 4. Key Project Deliverables The deliverable due dates are indicated in Section 8.1: Project Schedule. Key Deliverable Acceptance Criteria Approval By: Project Charter - Core team agrees that it defines the project appropriately - It is in the accepted format ERM Advisory Project Plan Requirements document Risk Appetite Definition ERM Framework - Core team agrees that it defines the project appropriately - It is in the accepted format - Core team agrees that it defines the project appropriately - It is in the accepted format - Statement or guidelines that reflect the tolerance for risk the Institution is willing to take, which is accepted by Executive Leadership - Structured framework based on established guidelines that is repeatable for any department or area ERM Advisory ERM Advisory Executive Leadership ERM Advisory Page 2

Risk assessment Response plans Presentation of top risks (e.g., critical, high) Development of KRIs - Operationally fits the Mines environment - Acceptable to Executive and Senior Leadership - Documentation of the risk register (top risks), considering impact and likelihood - Mines leadership agrees with the overall assessment - Documentation of the response plans - Mines leadership agrees with the response plans - Summary of risks (format to be determined heat map, list, balanced scorecard, etc.) - Mines leadership agrees with the identified risks - Metrics that can be monitored to facilitate decision making - Mines leadership agrees with KRIs Report to FAC - Summary of project status Executive Leadership 5. Project Authority 5.1 Authorization This Charter has been initiated by the Office of Internal Audit and authorizes the use of organizational resources to accomplish the objectives of the project. 5.2 Project Manager The Director of Internal Audit will administer and oversee this project on a day-to-day basis. The Director will not be assuming a management role (e.g., making decisions on behalf of the institution or accountable for risk management), but rather facilitating, coaching, coordinating, reporting, and championing the project. 5.3 Staffing Project Manager Director of Internal Audit* ERM Advisory o Academic Affairs representation* o Student Life representation* o Administration & Operation representation* * - Core team Other needed input o Communications and Marketing (consultation) Page 3

o o o Consideration of technology and related support Additional departments and units to subsequently join the ERM Advisory team Work study (possible web development, other tasks) Staffing for Mines roles will be drawn from existing staff. ERM Advisory team will meet on a regular basis (frequency to be determined) and will perform tasks between meetings. One-off meetings will be scheduled depending on project needs. 6. Management Approach 6.1 Quality Management There are two governing frameworks for ERM: the International Organization of Standardization (ISO) and the Committee of ing Organizations (COSO). ISO 31000:2009, Risk management Principles and guidelines, provides principles, framework and a process for managing risk. Using ISO 31000 can help increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. It provides guidance for internal programs. Institutions using it can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management and corporate governance. COSO s ERM Integrated Framework accommodates different viewpoints and enhances strategies and decision-making. It also sets out core definitions, components, principles, and provides direction for all levels of management involved in designing, implementing, and conducting enterprise risk management practices. The Framework presiding framework will be selected by the team during the project. However, neither ISO nor COSO have specific quality management requirements. As such, lessons learned will be assessed by the participants at the end of phase 1 and changes will be made to the process going forward. Feedback / evaluation will be requested from the stakeholders of the process to assess value. 6.2 Risk Management Risk will be managed throughout the project with initial risks being identified and monitored going forward. The initial risks identified include: 1. Personnel resources will not be available to accomplish project work. 2. Development of a risk definition and framework may take longer than expected. 3. Risk definition and framework may not fit the Institution s environment. 4. Processes or systems will not be available or efficient for managing the documentation. 5. Tools/resources will not be readily available. 6. Lack of collaboration to identify interrelated risks. 7. Selection of KRIs that do not facilitate decision making. Page 4

7. Charter Approvals Project Date Project Manager Date Page 5

8. Appendix 8.1 Project Schedule Deliverable Target Date Determine need for centralized ERM process; make 12/31/2016 recommendation Socialize the ERM idea and identify participants for ERM Advisory 2/28/2017 Approval of project management documents including charter, plan, 3/31/2017 and requirements Train participants risks and controls 4/30/2017 Formalize mission, objectives, goals 5/31/2017 Define Mines risk appetite get buy-in from Executives 8/31/2017 Training/ Development of Mines framework to assess risk 10/31/2017 Perform initial risk assessment (University-wide top risks) 2/28/2018 Prioritize risks and develop/obtain response plans 3/31/2018 Monitor performance and reporting 6/30/2018 Communication of risk, status to campus and leadership Ongoing Page 6

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback