IIA ERM Summit. Jim DeLoach and Steve Jameson August 22, 2010

Similar documents
Strengthening Your Enterprise Risk Management Process

The Future of Internal Auditing:

Charter for Enterprise Risk Management

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Internal Control Integrated Framework. An IAASB Overview September 2016

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Internal Audit Best Practices for Community Banks. A CSH White Paper

About the Pulse of Internal Audit

Fraud Risk Management

Analytics in Auditing Is a Game Changer

REPORT 2015/077 INTERNAL AUDIT DIVISION

REVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION

More than 2000 organizations use our ERM solution

The Updated COSO Internal Control Framework

12/28/2017. ERM and Audit 2. ERM Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions. ERM and Audit

COSO s ICIF Update. Discussion with PCAOB s Standing Advisory Group. March 24, 2011

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Implementation Guides

International Finance Corporation

Meeting stakeholder expectations strategies for responding to the challenges. Mark Stock, Partner PwC

Practice Guide ASSESSING ORGANIZATIONAL GOVERNANCE IN THE PUBLIC SECTOR

Fraud Risk Management

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

From Dubai to Beijing

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Internal Control Integrated Framework. May 2013

DeVry Approach to ERM

Meeting Stakeholder Expectations for Assurance: Internal Audit s Role in a Group Effort

Current State of Enterprise Risk Oversight:

METROPOLITAN TRANSPORTATION AUTHORITY

Baptist Health South Florida

Risk Advisory Services Developing your organisation s governance for competitive advantage

EFFICIENT USE OF AUDIT COMMITTEES

Should boards and CEOs care about COSO ERM 2017? By Tim J. Leech

Audit Committee Reporting: Trends and Best Practices. Claudio de los Rios CPA, CA, Wolters Kluwer November 1, 2016

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

Whitepaper September Middle East Perspective State of the Internal Audit Profession 2016

Integrated Reporting: What Is Internal Audit s Role? INTRODUCTION AND INSTRUCTIONS

Enterprise Risk Management 2016

ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA

Risk Management Strategy

ENTERPRISERISK WHY YOU NEED RISK COMMITTEE. 18 April 2014 The RMA Journal Copyright 2014 by RMA

Quality Assessments what you need to know

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

Audit of Entity Level Controls

Training Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch

How to Help Boards Approach Risk Management

Implementation Guide 1312

PULSE OF INTERNAL AUDIT Navigating an Increasingly Volatile Risk Environment.

Moving Internal Audit Back into Balance

AUDITING. Auditing PAGE 1

Corporate Risk Management Audit

Champions. The Role of Risk

2017 ENTERPRISE RISK MANAGEMENT BENCHMARK SURVEY

Risk Based Internal Audit Plan

Today s Discussion. Background 3/3/2011

Best Practices for Establishing a Cost-Effective Internal Audit Function. Article by Heidi Wier June 2016

REPORT 2016/033 INTERNAL AUDIT DIVISION

Clause-byclause. Interpretation. Transitioning to ISO 9001:2015

Policy and Procedures Date: November 5, 2017

Practice Advisory : Quality Assurance and Improvement Program

Stress-Testing Frameworks and Techniques in the Banking Industry Donovan Hutchinson

Tools & Techniques II: Lead Auditor

Benchmarking 101: Shaping your E&C Program for Maximum Value

The ERM Process: Evidence from Interviews of ERM Champions

IT GOVERNANCE. WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC. April 4, 2013

This document contains a summary of the Group s application of all of the principles contained in King III.

FOREWORD... 3 INTRODUCTION... 4 EXECUTIVE SUMMARY... 5 RESEARCH METHODOLOGY Outline of the survey questionnaire... 6 SURVEY RESULTS...

Report on the Current State of Enterprise Risk Oversight

TOYOTA FINANCIAL SERVICES (SOUTH AFRICA) LIMITED

CGEIT Certification Job Practice

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

IPPF Practice Guide. Assessing the Adequacy of

2012 IIA Standards Update

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

AUDIT UNDP ENTERPRISE RISK MANAGEMENT SYSTEM. Report No Issue Date: 4 April 2014

POLARIS INDUSTRIES INC.

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Value-Added Internal Audit: Myth or Reality?

COSO 2013: Updated internal control framework

Enterprise Risk Management Defined and Explained

What We Will Cover Today

Session 7: Corporate Governance

Implementing Employee Incentive Programs to Help Drive Higher Engagement.

Good Practices of the Audit Committee

Organizational Governance: Guidance for Internal Auditors. - July

RISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt. Here s a primer on how to use two well-known approaches.

CREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

STOP ACTING LIKE AUDITORS!

Enterprise Risk Management Program

2017 North American Pulse of Internal Audit. Public Sector Focus. Courageous Leadership: Instilling Confidence from Within

A Risk Management Framework for the CGIAR System

Advisory Services Governance, Risk & Compliance

Case Study: The Three Lines of Defense Model for Risk Management and Control Adaptation to an In-house Asset Manager

Enterprise Risk Management. Focus on the Future June 2017

Leveraging ERM & Compliance. About me DISCLAIMER

Transcription:

IIA ERM Summit Jim DeLoach and Steve Jameson August 22, 2010

Agenda Background on COSO ERM Framework How COSO Compares with Other Frameworks The Role of the IIA Questions 2

The COSO ERM Framework Project COSO initiated the developmental project in 2001 Issued final framework in September of 2004 Companies were predominately focused on financial reporting controls at the time A lot has happened since issuance 3

The Current State of ERM For companies participating: 63% see change in volume and complexity of risks over last five years 76% communicate key risks on ad hoc basis Almost 70% don t routinely report the entity s top risks to the board 48% must improve KRI reporting to senior executives Risk management processes are relatively immature and ad hoc * Source: 2010 Report on the Current State of Enterprise Risk Oversight: 2nd Edition, North Carolina State University, 2010. 4

S&P Has Reinforced the Immaturity Message Current state at most nonfinancial companies across a wide variety of sectors*: Less than a majority of companies have a "formal ERM program" Most "formal ERM programs" have generally just come under development The most common approach is to maintain a risk register or heat map that classifies the top risks by likelihood and severity along with a mitigation strategy for each Fewer companies assign specific ownership for key risks, develop alternative mitigation strategies and communicate risk tolerances clearly across their organizations Very few companies have a culture that integrates risk assessment into strategic decision-making, clearly communicates risk appetite and have a fully engaged board of directors overseeing risk * Source: Standard & Poor s Looks Further Into How Nonfinancial Companies Manage Risk, June 24, 2010. 5

The Current State of ERM A Summary ERM is relatively immature For many companies, ERM has either: Not been implemented or Has been implemented in a manner that adds limited value in strategy setting Risk is often an afterthought to strategy and risk management is an appendage to performance management 6

Six Implementation Issues (1) Rarely enterprise-wide or integrated with strategy-setting (2) Too granular and mired into minutiae, losing interest of the C-Suite (3) Sometimes gets implemented as an assurance initiative, not as a way to better run and manage the business (4) COSO Framework designed as an evaluation tool, not as an implementation tool (5) ERM is a journey (6) Only in the last 18 months or so have many companies and their boards started to warm up to the notion of implementing some form of ERM 7

COSO ERM-Related Initiatives Currently conducting a survey the preliminary results: 461 respondents and U.S. centric 40.7% publicly traded, 35% private, for-profits 57.9% look to the COSO ERM framework 66.6% selected a score of 4 or 5 on a scale where 1= "Not at All" and 5 = "A Great Deal" when responding to the statement that they believe the "COSO ERM Framework provides theoretically sound principles and guidance for ERM" Only 25% selected a 4 or 5 response (using the same scale) to the statement that "COSO ERM provides clear and practical direction and guidance for the implementation of ERM" Turning to thought leadership: Recently issued two thought papers Getting Started coming out soon Three others in the pipeline: Risk Appetite, Key Risk Indicators and the results of a survey on the current and desired future states of the board risk oversight process 8

Discussion of Strengths and Weaknesses of COSO Framework 9

Comparison with COSO Framework with Other Frameworks 10

Do We Need a Global Framework? Frameworks have a role There are other important factors, some of which are conditions precedent for risk management to function effectively We need a market-facing statement of the problem we are trying to solve 11

Five Realities for Every CEO and Board Reality The time may come when the fundamentals of your business are about to change It is not what you know that matters; it is what you don t know that makes the difference between winning and losing Your business is boundaryless and is not an island in and of itself Sooner or later, there will be a crisis that will test your company Management and directors are struggling with delineating between risk management and risk oversight Are the available frameworks helping business leaders advance the dialogue? 12

The IIA s Role Compare the various ERM frameworks and develop a point of view of the strong points of each Any determination that a global framework is needed or the IIA should endorse one framework over another should be based on a market-facing view What problem are we trying to solve? Risk management does not function in isolation Given that the IIA definition of internal auditing recommends a consultative approach, the question arises as to whether the internal auditing profession needs to up its game to remain relevant 13

Is Role of IA in Risk Management Adequately Defined and Is IIA Guidance Sufficient? The challenge lies more with skillsets and comfort level, including transitioning away from current perceptions and expectations of IA s role The final frontier for the profession Demands skilled maneuvering by the CAE and a staff equipped with the skills to back up his or her commitments Won t happen overnight Whether IIA can do more, a fact-based assessment of what the IIA is currently doing would be helpful 14

IIA Recommendations to COSO Regarding a global standard: A major undertaking Unclear what problem a global framework would solve that existing frameworks cannot address Doubtful a new framework is going to solve the issues that compromise risk management If ERM is not required by regulatory authorities on a global basis, what is the value proposition? Re IIA s Research Foundation: Compare existing frameworks using appropriate criteria and identify strong points Define market-facing issues pertaining to risk management Using the market-facing issues as a context, develop a point of view regarding whether or not improvements are needed Three Options: Mine s better than yours Throw away what we ve got and start over with a global framework Use em all and drive continuous learning 15

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback