Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

Similar documents
AUDITING. Auditing PAGE 1

Strengthening Your Enterprise Risk Management Process

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

COSO Enterprise Risk Management Integra5ng with Strategy and Performance. AFERM Summit November, 2017

Miles CPA Review: BEC Q Updates for 2017 Edition

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

2013 COSO Internal Control Framework Update. September 5, 2013

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

STANDING ADVISORY GROUP MEETING

COSO 2013: Updated internal control framework

Charter for Enterprise Risk Management

Fraud Risk Management

Advisory Services Governance, Risk & Compliance

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

IT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams

Internal Control Integrated Framework. May 2013

The Future of Internal Auditing:

International Finance Corporation

Risk Management Policy

Appointment of the Inspector General and Director of Oversight Office

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

Sample Pages Alliance Management Guidebook

Visionary Leadership. Systems Perspective. Student-Centered Excellence

RISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt. Here s a primer on how to use two well-known approaches.

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

June 2016 Issue 05/2016

Federal Enterprise Risk Management

Organizational Governance: Guidance for Internal Auditors. - July

Core Values and Concepts

CGEIT Certification Job Practice

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

EFFICIENT USE OF AUDIT COMMITTEES

National Defense University. Strategic Plan 2012/2013 to 2017/18 One University Evolution

Clarifying the Role of. Enterprise Risk Management

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Prince William County Public Schools Annual Audit Plan

Audit of Entity Level Controls

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Current State of Enterprise Risk Oversight:

Enterprise Risk Management 2016

Internal Oversight Division. Internal Audit Strategy

Overview of A Guide to the Project Management Body of Knowledge (PMBOK Guide) Fourth Edition

A New Framework for Risk Management

The GRI Sustainability Reporting Guidelines -Main Features of G4- Ásthildur Hjaltadóttir Interim Director Network Relations

Frequently Asked Questions (FAQs) Standards Updates

A Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.

FIS Global Allegis Global Solutions Compass Rose Advisory

Internal Oversight Division. Audit Report. Audit of Enterprise Risk Management

Sarbanes-Oxley and the Need to Audit Your IT Processes. An MKS White Paper By Jeff Smith Vice President Research & Development

Taking ERM to a. 6 GRC Today / October 2015

Should boards and CEOs care about COSO ERM 2017? By Tim J. Leech

Enterprise Risk Management Defined and Explained

THE ENTERPRISE AND RISK MANAGEMENT POLICY

ERM: Mandate & Commitment in 60 Minutes

White Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC

COSO Internal Control Integrated Framework Proposed Update

Heads Up. Control Integrated Framework. COSO Enhances Its Internal. In This Issue: Enhancements in the 2013 Framework

International Ombudsman Association (IOA): Strategic Plan

SARBANES-OXLEY AND NONPROFIT MANAGEMENT: SKILLS, TECHNIQUES, AND METHODS

Informal Consultation on Oversight Matters. September 2017

Research paper on risk management in the light of the results of the global survey of 2012

Service Oriented Architecture

IAASB CAG Public Session (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

Five Guiding Principles of a Successful Center of Excellence

TABLE OF CONTENTS ONLY

Present and functioning: Fine-tuning your ICFR using the COSO update

Business Context of ISO conform Internal Financial Control Assessment

Cloudy skies. How to bring clarity to your cloud platform in order to optimize your investment. September 2016

Insights on the Road to Implementing Process Based Management

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Managing the Risk of Fraud in the Conversion to IFRS

ECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme

Designing Infrastructure Management for the New Era of IT

Core Values and Concepts

Keynote Presentation: Driving the Value of SOA in an Enterprise Architecture

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

METROPOLITAN TRANSPORTATION AUTHORITY

Enterprise Risk Management Handbook. June, 2010

Enterprise risk management Protecting and enhancing value Advisory

The New Engagement: A Bold Statement of Colliding Concepts Transcending Traditional Solutions

Training Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch

CORROSION MANAGEMENT MATURITY MODEL

Risk Advisory Services (RAS)

STRATEGY & RISK OVERSIGHT. David F. Larcker and Brian Tayan Corporate Governance Research Initiative Stanford Graduate School of Business

Increasing External Auditor Reliance

Embracing SaaS: A Blueprint for IT Success

BUS 280f Operational Risk Management Fall 2017

Negotiating in a Sarbanes-Oxley World

Who is the IIRC? Regulators. Standard setters. Investors. Accounting. Companies. NGOs. Chair: Prof Mervyn King CEO: Paul Druckman

Port of Seattle Commission Delegation of Responsibility and Authority to the CEO

Meeting Stakeholder Expectations for Assurance: Internal Audit s Role in a Group Effort

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

PAS 181:2014. Smart city framework Guide to establishing strategies for smart cities and communities. Executive summary.

Critical Success Factor in ERM Implementation

CHAPTER 15: ENTERPRISE RISK MANAGEMENT - SUPPLEMENTAL MATERIAL

UN-HABITAT ENTERPRISE RISK MANAGEMENT IMPLEMENTATION GUIDELINES

Chapter 4 - Recommendations for an Enhanced Enterprise Information Technology Governance Structure

A Risk Management Framework for the CGIAR System

Integrated Reporting: What Is Internal Audit s Role? INTRODUCTION AND INSTRUCTIONS

Transcription:

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update April 4, 2017 Agenda 1. Setting the Stage for Enterprise Risk Management 2. Project Overview 3. Key Changes to the Framework 4. Public Exposure process 5. Next Steps 2 Setting the Stage for Enterprise Risk Management 3 1

The Strategic Value of Enterprise Risk Management Increases the range of opportunities Identifies and manages entity-wide risks Reduces surprises and losses Reduces performance variability Improves resource deployment Anticipates, identifies, adapts, and responds to change 4 A Key Introduction Our understanding of the nature of risk, the art and science of choice lies at the core of our modern market economy. Every choice we make in the pursuit of objectives has its risks. From day-to-day operational decisions to the fundamental trade-offs in the boardroom, dealing with uncertainly in these choices is a part of our organizational lives. 5 Project Overview 6 2

Who is COSO? Refers to the Committee of Sponsoring Organizations of the Treadway Commission Established in 1985 as a joint initiative of five private sector organizations States its mission as providing thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations. 7 Project to Update Enterprise Risk Management Integrated Framework Announced in October 2014 Update the 2004 Enterprise Risk Management Integrated Framework Goal of: Enhancing the framework s content and relevance in an increasingly complex business environment Enabling organizations worldwide to attain better value from their enterprise risk management practices 8 Why Update the ERM Framework Now Since 2004, the market has continued to evolve and the COSO Framework is evolving with it The update will address the call for: Elevating enterprise risk management concepts and practices as the bar continues to rise Incorporating lessons learned from recent crises Responding to business and operating environments that are more complex, technologically driven, and global in scale Increasing stakeholder engagement and greater transparency and accountability Increasing prominence of discussions at the board level 9 3

The Project Update Goals Provide insight into strategy and the role of ERM when setting and executing strategy Enhance alignment between performance and ERM Accommodate expectation for governance and oversight Recognize globalization and need to apply a common albeit tailored approach Present new ways to view risk in setting and achieving objectives in the context of greater complexity Expand reporting to address greater transparency Accommodate evolving technology 10 Project Governance The Advisory Council is comprised of senior executives, academics and professional risk practitioners Observers include representatives from regulators and industry associations COSO Board PwC Project Team Advisory Council Observers 11 ERM Update Approach and Timing Q3 2014 Q4 2014 Q2 2016 Q4 2016 - Q2 2017 Assess and Envision Build and Design Public Exposure Finalization 12 4

What is Being Updated Revises the 2004 Enterprise Risk Management Integrated Framework Includes both the core Framework and related Executive Summary The Application Techniques volume is not being updated Additional thought leadership will be considered by COSO in the future 13 Why Change the Title of the Framework Retitles the framework as Enterprise Risk Management Aligning Risk with Strategy and Performance Recognizes the importance of strategy and entity performance Delineates between internal control and enterprise risk management Integrates enterprise risk management with decision making 14 Key Changes to the Framework 15 5

Top Changes to the Framework Updates components and adopts principles Simplifies definitions Emphasizes value Renews the focus on integration Examines role of culture 16 Top Changes to the Framework, continued Elevates discussion of strategy Enhances alignment with performance Links with decision making Delineates enterprise risk management from internal control Refines risk appetite and acceptable variation in performance 17 1. Updates Components and Adopts Principles 18 6

1. Updates Components and Adopts Principles 19 2. Simplifies Definitions Risk The possibility that events will occur and affect the achievement of strategy and business objectives Enterprise Risk Management The culture, capabilities, and practices, integrated with strategy and execution, that organizations rely on to manage risk in creating, preserving, and realizing value 20 3. Emphasizes Value Enhances the focus on value how entities create, preserve, and realize value Embeds value throughout the framework, as evidenced by its: Prominence in the core definition of enterprise risk management Extensive discussion in principles Linkage to risk appetite Focus on the ability to manage risk to acceptable levels 21 7

4. Renews the Focus on Integration Integrates enterprise risk management with other business processes: Governance Processes Strategy Setting Objectives Setting Performance Management Focuses on applying enterprise risk management at various levels of the organization (e.g. entity level, business unit, division) 22 5. Examines the Role of Culture Addresses the growing focus, attention and importance of culture within enterprise risk management Influences all aspects of enterprise risk management Explores the relationship with culture in the context of: Risk governance Oversight of the entity Connection between framework Components Depicts the behavior within a risk spectrum from risk averse to risk aggressive Affects the entity s decision making Explores the alignment of culture between individual and entity behavior 23 6. Elevates Discussion of Strategy Explores enterprise risk management and strategy from three different perspectives: The possibility of strategy and business objectives not aligning with mission, vision and values The implications from the strategy chosen Risk to executing the strategy 24 8

7. Enhances Alignment with Performance Enables the achievement of business objectives by actively managing risk and performance Focuses on how risk is integral to performance by: Exploring how enterprise risk management practices support the identification and assessment of risks that impact performance Discussing acceptable variations in performance Manages risk in the context of achieving business objectives not as individual risks Seeks to enhance the integrated reporting on risk and performance 25 7. Enhances Alignment with Performance, continued Introduces a new depiction referred to as a risk profile Incorporates: Risk Performance Risk appetite Risk capacity Offers a dynamic and comprehensive view of risk and enables more riskaware decision making The framework provides a complete depiction of how to build a risk profile Illustrative Risk Profile 26 8. Links into Decision Making Explores how enterprise risk management drives risk aware decision making Highlights how risk awareness optimizes and aligns decisions impacting performance Explores how risk aware decisions affect the risk profile Risk Profile Business Context Assumptions Risk Aware Decision Making Risk Appetite Culture Strategy 27 9

9. Delineates Between Enterprise Risk Management and Internal Control The document does not replace the 2013 Internal Control Integrated Framework Most U.S. SEC registrants utilize the COSO Internal Control Framework for Sarbanes Oxley compliance and as their framework for managing internal (financial) controls generally The two frameworks are distinct and complementary Both use a components and principles structure Aspects of internal control common to enterprise risk management are not repeated Some aspects of internal control are developed further in this framework 28 10.Refines Risk Appetite and Acceptable Variation in Performance Risk Appetite The amount of risk, on a broad level, an organization is willing to accept in pursuit of value Acceptable Variation in Performance The boundaries of acceptable outcomes related to achieving business objectives 29 Public Exposure Process 30 10

Public Exposure Period Allowed for the development of awareness and acceptance by the public Provided the ability to gain input across: Geography Industry Risk disciplines Extended from June 15, 2016 through September 30, 2016 and included: Executive Summary Framework Appendices 31 Next Steps 33 Next Steps 1 2 Download draft framework at www.coso.org Framework expected to be finalized Q2 2017 Plan is to translate into: Chinese, Japanese, Spanish, French, Portuguese, Arabic and Russian 3 Stay connected with the Project Team at COSO-ERM_Update@us.pwc.com 4 Visit the www.coso.org website for further updates 33 11

Questions? 34 12

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback