The ERM Revolution: Advancing the Cause April 26, 2017

Similar documents
Audit Committee Performance Evaluation

Service Business Plan

Extended Enterprise Risk Management

International Finance Corporation

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

The New Era of Transparent Internal Audit: What You Should Know

See your auditor clearly. Transparency report: How we perform quality audit engagements

DUBAL s ISO based ERM Program

Brink's Modern Internal Auditing

A Strategic Approach to Bank Fraud

Third Party Risk Management ( TPRM ) Transformation

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Auditing Standard 16

Taking ERM to a. 6 GRC Today / October 2015

Advisory Services Governance, Risk & Compliance

Fraud Risk Management

A Changing Profession for a Changing Market: Evolving services, skills and talent to meet business demands

REQUEST FOR PROPOSAL

Report on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)

7 Key Trends in Enterprise Risk Management

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14

ENTERPRISE RISK SERVICES Managing Risk, Driving Results

The Strategic Potential of Internal Audit

Business Resilience: Proactive measures for forward-looking enterprises

Benchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

EFFICIENT USE OF AUDIT COMMITTEES

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

ISO whitepaper, January Inspiring Business Confidence.

VENDOR RISK MANAGEMENT FCC SERVICES

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

Evaluating Internal Controls

The winning tax transformation trinity. Data, technology and operations

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Report on Inspection of KPMG Auditores Consultores Ltda. (Headquartered in Santiago, Republic of Chile)

Risk-Focused Examinations

Practice Guide. Developing the Internal Audit Strategic Plan

AUDITING. Auditing PAGE 1

ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

The New Realities of Executive Compensation in the Banking Industry

BENEFITS OF AN EFFECTIVE OUTSOURCING STRATEGY. March 1, 2017

ISACA. The recognized global leader in IT governance, control, security and assurance

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

Answering the Call. Increased Ethics, Governance & Compliance through the implementation of a Whistleblower Hotline.

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Leading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger

Solution Overview : The IBM Government Industry Framework

Federal Enterprise Architecture

Standards for Excellence Program Organizational Self-Assessment Checklist

Effective implementation of COSO s new anti-fraud guidance

Remediation of Material Weaknesses Related to Employee Compensation

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

RC & CRISIS MANAGEMENT. risk compliance RISK & COMPLIANCE MAGAZINE. risk & compliance REPRINTED FROM: JUL-SEP 2015 ISSUE

Internal Oversight Division. Internal Audit Strategy

IPPF Practice Guide. Assessing the Adequacy of

Converging Ethics, Governance, and Culture

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

ACFE FRAUD PREVENTION CHECK-UP ASSOCIATION OF CERTIFIED FRAUD EXAMINERS

Enterprise Risk Management Handbook. June, 2010

Risk Management Strategy

2008 BUSINESS RESILIENCY SURVEY RESULTS:

Federal Reserve Guidance on Supervisory Assessment of Capital Planning and Positions for Large Financial Institutions.

Business Context of ISO conform Internal Financial Control Assessment

Report on Inspection of Deloitte & Associes (Headquartered in Neuilly-sur-Seine, French Republic) Public Company Accounting Oversight Board

A Risk Practitioners Guide to ISO 31000: 2018

The Future of Internal Auditing:

A FRAMEWORK FOR AUDIT QUALITY. KEY ELEMENTS THAT CREATE AN ENVIRONMENT FOR AUDIT QUALITY February 2014

THE ENTERPRISE AND RISK MANAGEMENT POLICY

Chapter 8: THE MARKETING PLAN. Chapter 11: Strategic Leadership

Continuous Auditing - A Delicate Chemistry

SOX106. Accounts Payable and Sarbanes-Oxley; Strengthening your Internal Controls- 10 hours. Objectives

Increasing the Intensity and Effectiveness of Supervision

Cloud Computing: HCM SaaS

UNF Finance and Audit Committee January 15, 2013

SAS Teleconference

OSHKOSH CORPORATION BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER. As Amended as of May 9, 2016

ADAPT. EVOLVE. THRIVE. HOW CAN LAW FIRMS RETAIN THEIR MARGINS AND GROW THEIR PRACTICES IN CHANGING TIMES?

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF MULESOFT, INC.

Model Risk Management

FINANCIAL INSTITUTIONS AUDIT COMMITTEE GUIDE FOR FINANCIAL INSTITUTIONS

Effect of Financial Crisis in the Internal Audit Profession in Greece

The New Focus on Audit Committees

Commodity & Energy Risk Management. kpmg.com.sg

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

Writing an Audit Finding. Danny M. Goldberg Professional Development Practice Director

Fraud Risk Management

Questions a Board may ask to understand how an organisation controls its risks

Due Diligence And Oversight of Vendors in the Current Regulatory Environment: What Nonprofits Need to Know November 28, 2017

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

BCP Methodology Benefits realisation

Auditing Standards and Practices Council

Special Inspection of Seale and Beers, CPAs, LLC (Headquartered in Las Vegas, Nevada) Public Company Accounting Oversight Board

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

Transcription:

The ERM Revolution: Advancing the Cause April 26, 2017 Presented by: Jim Yard and Don Owens

Contact Information Donald R. Owens, Shareholder Risk Advisory Services CPA, CITP, CFF, CIA, CFSA, CRMA, CBA James B. Yard, Shareholder Risk Advisory Services CPA, CIA, CISA Schneider Downs & Co., Inc. 65 E State Street, Suite 2000 Columbus, OH 43215 Schneider Downs & Co., Inc. One PPG Place Suite 1700 Pittsburgh, PA 15222 dowens@schneiderdowns.com Work Phone: (614) 586-7257 Cell Phone: (614) 271-8551 jyard@schneiderdowns.com Work Phone: (412) 697-5345 Cell Phone: (724) 822-3915 2

Disclaimer IRS CIRCULAR 230 DISCLOSURE: Any tax advice contained in this communication (or in any attachment) is not included or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code, or (ii) for promoting, marketing or recommending to another party any transaction or other matter addressed in this communication (or in any attachment). The views expressed by the presenter do not necessarily represent the views, positions, or opinions of Schneider Downs & Co., Inc. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting, tax or legal advice or create an accountantclient or attorney-client relationship. 3

ERM Advancing the Cause 4

Quotes That Apply to ERM 5

Quotes That Apply to ERM 6

Quotes That Apply to ERM 7

Quotes That Apply to ERM 8

Quotes That Apply to ERM 9

Key Drivers of ERM Protection of Life and Limb Protection of Capital Maximization of Earnings Achievement of Strategic Objectives and Goals Stakeholders Expectations Compliance with Laws and Regulations 10

Key Laws and Enforcement Agencies Dodd-Frank Act Foreign Corrupt Practices Act Sarbanes-Oxley Act U.S. Federal Sentencing Guidelines Whistleblowers Protection Act Occupational Safety and Health Act Equal Employment Opportunity Act Aviation and Transportation Security Act Environmental Protection Act 11

Key Laws and Enforcement Agencies SEC and PCAOB Department of Justice Department of Labor Immigration and Customs Occupational Safety and Health Administration IRS FED/FDIC/OCC/NCUA/CFPB Environmental Protection Agency National Labor Relations Board Department of Homeland Security 12

Where Is Your Organization s Weak Link In Managing Risk? 13

Theory of Risk Relativity 14

Theory of Risk Relativity Einstein s Theory of Relativity Objects, moving at the speed of light, are measured differently given the proximity to the object of the one doing the measuring. This means measurement and proximity, themselves, both function to alter what is being measured. 15

Theory of Risk Relativity Theory of Risk Relativity Risk will be measured differently within the same organization given the proximity to the risk of those doing the measuring. 16

Capturing and Measuring Risk 17

Capturing and Measuring Risk The concept of risk is not easily quantified. is not expressible in a neat, numerical package that all can understand. can be highly subjective, having both qualitative and quantitative elements. 18

Capturing and Measuring Risk Arriving at a universal risk formula to apply to events, occurrences and/or opportunities is very challenging. TRUTH: Every organization, within and outside of a given industry, has its unique applications of risk management policies and practices. 19

Leading Practices of ERM Establish a risk management policy for your organization Communicate your risk management policy Fully engaged board of directors Integration of risk management into the business functions Risk ownership and accountability for risk management Transparency 20

Leading Practices of ERM Integration of risk with strategic planning Intelligence gathering (benchmarking, trend analysis) Continuous monitoring (data analytics) Scenario analysis (stress testing, disaster recovery) Consistent and continuous communication Allocate time and resources 21

Key Drivers of ERM Risk Measurement Inherent and residual risk measurements (establish measurements at the company level) Risk Acceptance (risks in the normal course of business) Risk Appetite (determined based on strategy/long-term business plan) Risk Tolerance (point at which potential impairment occurs, entering crisis mode) 22

ERM Identifying the Risks 23

Key Drivers of ERM Risk Attitude Knowledge of risk Commitment (lack of) to manage Culture of organization 24

Evolution of Risk Management Traditional risk management is characterized by fragmented responsibility rather than a holistic approach encompassing the entire enterprise; a focus on discrete events; a perception of risk management being a product of transaction (insurance) or a reaction to events. The move to today s ERM is strategic and focused. Today s ERM model allows organizations to integrate business managers with risk managers, increase non-financial risk awareness, and increase involvement from all areas of the organization executive management, board members, and business. 25

ERM Advancing the Cause What could possibly go wrong? When it comes to ERM, being proactive is the only course of action. 26

Pitfalls ERM Pitfalls Not linking strategic planning and risk management Not positioning ERM as a management practice Procedural approach (restrictive/limiting) Many failures explained by challenges of responding to a Black Swan event Diminishing transparency Lack of support at the executive level 27

Pitfalls ERM Pitfalls (cont.) Competing priorities of ERM staff Placing risk management oversight with the audit committee Not looking beyond impact and likelihood Lack of understanding on the Big Bets being taken Failure to assess industry and peer dynamics 28

ERM should: ERM Principles Be linked and embedded in your strategy Create and protect value Be part of all processes Be part of your decision making Be used to handle uncertainty Be systematic and timely 29

ERM should: ERM Principles (cont.) Be based on the best data Be tailored to your environment Consider human factors Be transparent and inclusive Be responsive and iterative Support continual improvement 30

ERM Advancing the Cause Traditional vs. Leading Edge Risk Types Financial Operational Compliance Traditionally, risk was viewed more from a financial risk perspective. The new standard is to look at risk throughout the enterprise. Strategy Culture/Conduct Human Capital Operational/Transaction Vendor/Sub-contractor Interdependencies on other units Financial Capture and Reporting Technology Advancing the Cause Environmental Market/Price Legal/Regulatory External - Competitors/ Economy/Innovations Liquidity Reputation Fraud Waste and Mismanagement Safety and Security Other 31

ERM Technology Traditional vs. Leading Edge Technology Technology Privacy and Security Social Media and Networking Mobile Devices Malware and Viruses Spam, Scams and Phishing Corporate Espionage Regulatory (ERM) Cloud Computing Hardware and Software Failure 32

ERM Embracing Analytics DATA and the Digital World: Continuous monitoring of key risk indicators Quantifiable risk measurements Ability to assess entire populations Create risk dashboards Challenges: Technology and talent Quality of data and its availability Access to comparable external data sources 33

DATA Analytics Information = Expectations Expectations = Perceived Pattern/Outcome Perceived Pattern/Outcome = Data Analytics Data Analytics = Information 34

Rating Risks Traditional Risk Rating: Probability Severity Expansive Risk Rating: Probability/likelihood/Vulnerability risk threat level absence controls Impact/Severity/Loss Magnitude measurements include financial, threat to human life, environmental, etc. Also consider future repercussions/secondary effects (prime effects and the secondary effects quake/aftershocks/longer term ramifications) 35

Rating Risks (cont.) Expansive Risk Rating (cont.): Velocity/speed speed at which the risk occurs, and will management have sufficient opportunity to react to its onset Frequency/Persistence one-time event or recurring and at what rate Direction of risk/threat 36

ERM Conceptually 37

Three Lines of Defense 38

ERM is a Continuous Process 39

Risk Qualitative and Quantitative Techniques 40

Cost Benefit of Risk Management 41

Takeaways There is not a uniform definition of risk. We view risk differently (proximity). Attempting to quantify (dollar amount to future contingency) risk is an ever changing dynamic as risk is a subjective (attitudes define it) phenomenon (risk is not stable) that is always changing (impact). 42

Takeaways Risk itself is constantly changing and at the same time, so are attitudes about risk. Objective and subjective measurements of risk are continually interacting, leaving measurement of risk challenging. 43

Thank you! As one of the largest certified public accounting and business advisory firms in the region, Schneider Downs serves clients throughout the country and around the world. By integrating high-quality resources, systems and personnel, Schneider Downs has built a reputation of delivering individualized services built on insight, innovation, and experience to meet each client s specific needs. For more information, visit us at www.schneiderdowns.com Schneider Downs 44

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback