Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Similar documents
Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

Enterprise risk management Protecting and enhancing value Advisory

Enterprise risk management Protecting and enhancing value Advisory

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Seeking value through Internal Audit

The Future of Internal Auditing:

IIROC 2015 Financial Administrators Section Conference

Third Party Risk Management ( TPRM ) Transformation

Fraud Risk Management

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

SAMPLING AND ERROR EVALUATION RSM US LLP. All Rights Reserved.

Internal controls over financial reporting

IT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams

Risk consulting. Conduct risk: Aligning product, customer and value. kpmg.ie

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

1. Definition & Mission

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

Enterprise risk management for consumer products companies

What s the cost of control? Keeping control of your business when cash is king

METROPOLITAN TRANSPORTATION AUTHORITY

Can the public sector deliver a zero tolerance approach to corruption risk?

Model Risk Management A Southeast Asia Perspective

Andrea ROSIGNOLI Partner KPMG

Organizational Governance: Guidance for Internal Auditors. - July

REPORT 2016/033 INTERNAL AUDIT DIVISION

GRI s G4 Guidelines: the impact on reporting

Session 4C: Model Governance: What Could Possibly Go Wrong? (Part I) Moderator: Dwayne Allen Husbands, FSA, MAAA

Dynamic Risk Assessment

Risk Management Strategy

Advisory Services Governance, Risk & Compliance

Giving you clarity on your change programmes

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

The Role of Internal Auditing in Enterprise-wide Risk Management

UNF Finance and Audit Committee January 15, 2013

Effective and pro-active audit committee reporting

Audit Committee Self Assessment

Commodity & Energy Risk Management. kpmg.com.sg

GRI s G4 Guidelines: the impact on reporting

EFFICIENT USE OF AUDIT COMMITTEES

Working better by working together

Prysmian Group ERM Project. A journey

Make the complex manageable

Short, engaging headline

Strengthening Your Enterprise Risk Management Process

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

Crowe Activity Review System (CARS ) for Loan Review

KPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

EPMO: A Strategic Enabler?

Enterprise Compliance Management for Credit Unions

Session 7: Corporate Governance

Clarifying the Role of. Enterprise Risk Management

Model risk management A sound practice for meeting current challenges

SERBA DINAMIK GROUP BERHAD INTERNAL AUDIT CHARTER

KPMG s Major Projects Advisory Project Leadership Series: Stakeholder Management and Communication

IPPF Practice Guide. Assessing the Adequacy of

An intelligent approach to unlocking value in service delivery transformation Focus on risk from the start

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

A Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.

Enterprise Risk Management. Marc Heneghan. BA 559 Enterprise IT Governance. Professor Michael Shaw

LIVING IN THE REAL WORLD THE LEGAL AND INSURANCE ASPECTS OF SMS

Retail. IFRS 15 Revenue Are you good to go? May kpmg.com/ifrs KPMG IFRG Limited, a UK company limited by guarantee. All rights reserved.

Internal Oversight Division. Internal Audit Strategy

September 9, 2016 kpmg.ca

Changes To the Public Sector Internal Audit Standards April 2017

Enterprise Risk Management Program

INTEGRATING ENTERPRISE RISK MANAGEMENT IN THE FEDERAL GOVERNMENT. Partnership for Public Service September 10, 2015

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Towers Watson s. Principles and Elements of Effective Executive Compensation Design. A Powerful Framework for Pay Decision Makers

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

Strengthening Control and integrity: A Checklist for government Managers

Continuous Auditing - A Delicate Chemistry

Internal Audit Vice Presidency (IADVP) FY12 Third Quarter Activity Report

2017 KPMG N.V., a Dutch limited liability company, is a member firm of the KPMG network of independent member firms affiliated with KPMG

KPMG N.V. Code of Conduct. kpmg.nl

CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE

IoD Code of Practice for Directors

AUDITING. Auditing PAGE 1

International Finance Corporation

Remuneration Committee : Time to Raise the Bar? kpmg.com.my/aci

Risk Based Internal Audit Plan

Critical Success Factor in ERM Implementation

The COSO Approach to Enterprise Risk Management

Energy Trading Risk Management (ETRM) System Selection and Implementation Top Challenges

Conduct risk: Aligning product, customer and value

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Best Practices for Establishing a Cost-Effective Internal Audit Function. Article by Heidi Wier June 2016

Pillars of Success for Your Family Business

Enterprise Risk Management 2016

Embedding Productivity Disciplines:

GOVERNANCE GUIDELINE DRAFT. Initial publication: April 2009 Updated: July Ligne directrice sur la conformité

REVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION

The Value- Driven CFO. kpmg.com

Taking ERM to a. 6 GRC Today / October 2015

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

Transcription:

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation April 2014

Disclaimer This presentation is made by KPMG Kenya, a member firm of the KPMG network of independent firms affiliated with KPMG International, a Swiss cooperative. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. This presentation has been prepared solely and exclusively for the benefit, information and use by the participants of the Enterprise Risk Management training and for the sole and exclusive purposes of communicating material related to the training. These slides cannot be used by the participants of the training for any purposes other than as expressly stated herein; neither can these slides be disclosed to, referred to, or used by, any other third party. KPMG accepts no liability or responsibility whatsoever, resulting directly or indirectly from the disclosure of the presentation contents to any third party and/or the reliance of any third party on the contents of the presentation, either in whole or in part, and the participants of the training agrees to indemnify KPMG in this respect. 2

Agenda: Internal Auditors and Enterprise Risk Management (ERM) 1. What is ERM 2. Drivers of ERM 3. What is Internal Auditing 4. The evolution of Internal Audit and ERM 5. Levels of Risk Within the Enterprise 6. Role of Internal Audit in ERM 04/04/2014 3

What is Enterprise Risk Management (ERM)? COSO defines ERM as: ERM is a process effected by an entities board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and help manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievements of entity objectives. 4 4

What is Enterprise Risk Management (ERM)? The ERM definition broken down Is a process Is effected by people Is applied in strategy setting Is applied across the enterprise Is designed to identify events potentially affecting the entity and manage risk with its risk appetite Provides reasonable assurance Is geared to the achievement of objectives 5 5

Enterprise-wide Risk Management (ERM) ERM is about integrating risk management into business critical systems and processes and in doing that in a consistent way across the organisation The consistency aspect is very important: to enable communications across and up and down the company, to prevent wasted resources from reinventing the wheel and most importantly like with Accounting Standards, to enable consistent and coherent decision making and reporting 6 6

Why is risk a key business issue? Risk is now seen as an issue that affects all parts of the business and influences business success and failure... Risks Risk External Forces Competition Regulation Alliances/Partners + Business Process Business Units Board Executive Executive = Business Risk Profile Performance $ Market Cap/ EPS Suppliers Efficiency and Cost-Based Improvement... consequently, risk management is increasingly the focus of the Board and executive management, and is proactive versus reactive 7

Strategic Operational ERM Drivers What does the picture look like in organizations today? Organizations have historically invested heavily in risk management and internal control but without a clear view of what potential benefit this delivers for the organization. The costs are significant Resulting in a picture like this External Costs Internal Costs Business Unit Costs Reporting and the entire organization is being engaged Board Unclear definition and objectives Compliance Research and Development R&D Production Sales Executive management Committees of the Board Group Functions (insurance, OH&S) Risk and Governance Audit Committee Internal Audit External audit 8

Effective Enterprise Risk Management Is Essentially Doing Two Things Well Creating Content Profiling your business risks by leveraging existing risk assessment documents Creating Process Building and maintaining a dynamic risk management process

ERM Content and Process Catastrophic Major Moderate Minor Insignificant 1 12 10 13 11 7 14 15 Likelihood 9 3 16 17 Remote Unlikely Possible Likely Almost certain 5 8 6 Top Risks (those that threaten) 4 1. Strategic Priorities 2. Business Model 3. Corporate Existence KPMG ERM Framework Framework Element 1. Risk Governance 2. Risk Assessment 3. Risk Quantification & Aggregation 4. Risk Monitoring and Reporting Create Content Creating Content Identifying, evaluating and prioritizing enterprise risks Creating Process Building and maintaining a dynamic risk management framework and process to achieve sustainability 5. Risk & Control Optimization Create Process 04/04/2014 10

What is Internal Auditing? The Institute of Internal Auditors defines Internal auditing as: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. 11

What do internal auditors do? Systematically analyzing business processes. Objectively assessing the effectiveness of processes. Independently reporting on their findings and making recommendations to improve the effectiveness of the processes. Using their knowledge to help spread good practices throughout the organization. 12

Setting the Scene A Compelling Case for Change The risk landscape is changing rapidly. Capital markets Single view of risk Globalization New risk types Credit downturn Innovation Energy markets Economic downturn Competition New regulation & compliance burden Technology Cost optimization and Internal Audit departments must be structured to change with it. 04/04/2014 13

The Evolution of Internal Audit Adding Value to the Business in New Ways New demands from the board, senior organizational leaders, and regulators are requiring Internal Audit functions to refocus their efforts beyond regulatory compliance issues. Many leaders have recognized the need for Internal Audit to play an expanded role one that builds on its historic focus on value preservation (a control focus) to encompass activities related to value creation (a performance focus). Such a shift should enable Internal Audit with the objectivity of its perspective and the rigor of its processes to add value to the business in new ways. Achieving leading Internal Audit capabilities, however, requires a significant investment in skilled resources, methods, training, career paths and technical infrastructure. Maintaining those capabilities requires a sustained level of investment. 04/04/2014 14

Growth/Operations Risk/Compliance The Evolution of Internal Audit Adding Value to the Business in New Ways Core Functions Executive Functions (Board/CEO) VALUE CREATION Strategic Planning M&A Tax Strategy and Planning Raising Capital Continuous Monitoring/Auditing Operational/Growth Initiative Legal/Fraud ERM Accounting/Finance/Treasury Compliance; S-O Procurement Tax Compliance Human Resources Information Technology Report to Regulators Facilities Management VALUE PRESERVATION Core Functions 04/04/2014 15

The Evolution of Risk Management The old ways of managing risk no longer work The Past The Present The Future Risk as individual hazards Risk identification and assessment Focus on all risks Risk Risk mitigation limits Risks with no owners Haphazard risk quantification Risk is not my responsibility Risk in the context of business strategy Risk portfolio development Focus on critical risks Risk optimization Risk strategy Defined risk responsibilities Monitoring and measurement Risk is everyone s responsibility Consideration of enterprise risk management in rating agencies (i.e., Standard and Poor's, Moody s) rating of corporations Increased ERM regulatory scrutiny by Banking regulators (i.e., Federal Housing Finance Board, Fed, OCC) New publicly listed ERM requirements (e.g., NYSE) 04/04/2014 16

Enterprise Risk Management Creating Process Role of Internal Audit Core internal audit roles in regard to ERM Legitimate internal audit roles with safeguards Source: IIA UK and Ireland Roles internal audit should not undertake

Role of Internal Audit in ERM Primary functions Assess sufficiency of ERM program and processes. Provide liaison between risk owners/senior management and the Board. Assess adequacy of risk evaluation and quantification. Provide special investigations as requested. Test organizational compliance with risk management processes & functions. Evaluate risk reporting processes and templates. Review and assess risk management of identified risks, including key risks. Secondary functions Inappropriate functions Provide risk consulting services, including facilitating risk awareness workshops. Assist risk management and the Board with improving risk reporting. Leverage Internal Audit s control and organizational experience during risk assessments. Help champion ERM within the organization while performing its Internal Audit functions. Assume management responsibilities within ERM processes. Set or approve the risk appetite. Approve risk management policies, procedures and/or framework. Implement any risk mitigation or risk response measure. Assume accountability for risk management. TITLE HERE (GO HEADER & FOOTER TO EDIT THIS TEXT) 04/04/2014 18

Board, Excom & Audit Committee Roles and Responsibilities Lines of defence You need a simple philosophy to be clear on accountabilities as outlined by the Three Lines of Defense model below. 1 st Business operations: RISK & CONTROL An established risk and control environment First line The first level of the control environment is the business operations which perform day to day risk management activity 2 nd Oversight functions: Finance, HR, Quality and Risk Management RISK & CONTROL Strategic management Policy and procedure setting Functional oversight Second line Oversight functions in the company, such as Finance, HR and Risk Management set direction, define policy and provide assurance 3 rd Independent assurance: Provide independent Internal Audit, External challenge and Audit and other independent assurance assurance providers RISK & CONTROL Third line Internal and external audit are the third line of defense, offering independent challenge to the levels of assurance provided by business operations and oversight functions 19

Roles and Responsibilities Lines of Defense against Risk Executive Management s Role Accountable to the board and shareholders for ensuring that the organization is: Compliant with laws and regulations Reporting complete and accurate financial and operational information Establishes the strategic and operational objectives that direct the organization s tolerance for risk Sponsors the Enterprise Risk Management (ERM) program and Internal Audit reviews Executive Management Process Owner Risk Risk Management Internal Audit 2008 KPMG LLP, a U.S. limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 20

Roles and Responsibilities Lines of Defense against Risk Process Owner s Role Key responsibility includes identification and management of risks. Monitors organizational processes during the normal course of business to ensure that: Executive Management Risk Risk Management New risks are identified and reported to Risk Management Process Owner Internal Audit Risk events and triggers are monitored Internal controls are appropriately designed and operating effectively 2008 KPMG LLP, a U.S. limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 21

Roles and Responsibilities Lines of Defense against Risk Executive Management Process Owner Risk Risk Management Internal Audit Risk Management s Role Establish policy and process for risk management including guidance and coordination between constituencies Defines risk events based on executive management s strategic and operational objectives and liaison with Senior management and Board Identify enterprise trends, synergies, and opportunities for change Develops an ERM program to manage that risk: Define the organization s tolerance and appetite for risk Catalogs and quantifies risk events and triggers Coordinates the development of mitigation strategies Monitors progress and reports 2008 KPMG LLP, a U.S. limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 22

Roles and Responsibilities Lines of Defense against Risk Executive Management Process Owner Risk Risk Management Internal Audit Internal Audit s Role Conducts objective reviews to provide assurance that the internal controls are appropriately designed and operating effectively and mitigate the appropriate risks. Advocates and provides recommendations for continuous improvement to organizational processes Provide assurance that riskmanagement processes are adequate and appropriate. 2008 KPMG LLP, a U.S. limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 23

Questions Questions 04/04/2014 24

Thank you Presenter s contact details Daniel Karuga Senior Manager Risk Consulting KPMG Kenya +254 709 576 262 dkaruga@kpmg.co.ke

The KPMG name, logo and "cutting through complexity" are registered trademarks or trademarks of KPMG International

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback