Enterprise Risk Management Integrated with Strategy & Performance

Similar documents
COSO Internal Control Integrated Framework update. INTOSAI Subcommittee on Internal Control Standards

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

COSO s ICIF Update. Discussion with PCAOB s Standing Advisory Group. March 24, 2011

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

altercfo White Paper Series September 2018

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

AUDITING. Auditing PAGE 1

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016

Enterprise Risk Management

SOX FOR NPO S Focus on Control. Stephen L. Kuptz, CPA

ERM Retooled: Driving Performance by Revising and Enhancing Risk Management Governance Wipfli LLP

STANDING ADVISORY GROUP MEETING

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

Technology s Role in Enterprise Risk Management

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

Internal Control Integrated Framework. May 2013

Fraud Risk Management

Advisory Services Governance, Risk & Compliance

Strengthening Your Enterprise Risk Management Process

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Practical Approach to Internal Controls for Pre & Post IPOs in Hong Kong & China

2013 New COSO 2013 Framework and Current Trends in Risk Management

Risk Management 23RD SESSION OF THE STANDING COMMITTEE ON PROGRAMMES AND FINANCE AGENDA ITEM 7

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

COSO 2013: Updated internal control framework

Session 7: Corporate Governance

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

RISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt. Here s a primer on how to use two well-known approaches.

EFFICIENT USE OF AUDIT COMMITTEES

Enterprise risk management (ERM) has been

A more effective audit after COSO ERM 2017 or after ISO 31000:2009?

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

HB Delivering assurance based on AS/NZS 4360:2004 Risk Management

A Discussion About Internal Controls February 2016

For the first time in the history of corporate financial reporting and. Management Reporting on Internal Control. Use of COSO 1992 in.

Enhancing Risk Assessments & Audit Planning

AICPA CITP Credential Examination Series

COSO ERM: Integrating with Strategy and Performance. Paul J. Sobel COSO Chairman Chief Risk Officer Georgia-Pacific

Internal Controls. June-20-17

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Sample Corporate Risk Management Policy

Part 3 Accountability and Audit:

Term Project. Sarbanes-Oxley Act (SOX) Hiroshi Tachibana (MBA 2 nd )

The NYSE Internal Audit Requirement

Internal Controls and External Oversight

Financial Internal Controls Initiative. Martha Kerner Assistant Vice Chancellor for Business Services

REVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION

What s happening at COSO & The importance of Tone at the Top

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Korea Regulatory Reforms

Enterprise Risk Management 2016

From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks

summary summary summary summary

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

The Updated COSO Internal Control Framework

Auditing Governance at Board level October 2017

Despite all of the cataclysmic predictions of computer systems and other

Single Audit and Yellow Book / Govt. Audit Standards Update Presented by: William Blend, CPA, CFE

Effective implementation of COSO s new anti-fraud guidance

Central Florida Expressway Authority

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

A Comprehensive Approach to Building ERM

From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks

Risk frameworks. Driving business strategy with effective risk frameworks

METROPOLITAN TRANSPORTATION AUTHORITY

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Changing Hats: Business Continuity to Operations Risk Manager. Presenter

COSO ERM: Integrating with Strategy and Performance. Paul J. Sobel, CIA, QIAL, CRMA COSO Chairman

STRATEGIC MANAGEMENT ACCOUNTING

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

An Assessment of Texas State Government. Implementation of Enterprise Risk Management Principles

Critical Success Factor in ERM Implementation

Auditing corporate governance

Strategic Risk Management: A

Financial Management in the Federal Government:

IDI Internal Control System

QUICK START Purchase training and reference aids you need to get started in hard copy form see next page for options and pricing

Internal Control. Business Environment

An Introduction to The Three Lines of Defence

PRACTICE. Reframing risk BY MARK BUTTERWORTH

SAMPLE BEC SuperfastCPA Review Notes

Compliance Risk Management

EXPLORING A NEW AUDIT RISK FACTOR THE CIRCUMVENTION ASPECT

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Enterprise Risk Management

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

Sample Strategy and Value Oversight Policy

The 2013 COSO Framework & SOX Compliance

The COSO Approach to Enterprise Risk Management

COSO Internal Control Integrated Framework Public Exposure Feedback Questions, December 2011

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018

Audit of Entity Level Controls

Completing the ERM Circle

International Accounting Standards Board 30 Cannon Street London EC4M 6XH. Our Ref: TECH-CDR March Dear Sirs. Management Commentary

Strategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.

Assessment of the effectiveness of the Audit Committee

Introduction to Risk and Control

Transcription:

Implementing the updated COSO ERM framework Enterprise Risk Management Integrated with Strategy & Performance Frank Balabyeki February 2, 2018

What is the Updated COSO ERM Framework? Key Changes to the framework Objectives of Updated Framework Relevance to Internal Auditors How to manage Implementation of Updated ERM framework Benefits of implementation of the updated framework Limitations of the framework Stakeholders in the development of the Updated Framework

What is the updated COSO ERM Framework? Committee of Sponsoring Organisations (COSO); 5 private sector organisations - Institute of Management Accountants (IMA) - American Accounting Association (AAA) - American Institute of Certified Public Accountants (AICPA) - Institute of Internal Auditors (IIA) - Financial Executives International (FEI)

What is the updated COSO ERM Framework cont d? COSO formation 1985 National Commission on Fraudulent Financial reporting (The Treadway Commission) Mandate To develop integrated guidance on internal control James C Treadway original Chairman of Commission 1985-1987 Duration of the commission; Report of the National Commission on Fraudulent Financial Reporting.

What is the updated COSO ERM Framework cont d? CPA firm (PwC) Produced follow up report; Internal Control Integrated Framework in 1992 Report defined internal control COSO framework usage in USA 82% 2001: Project to develop ERM Integrated framework (PWC) High profile business scandals (Enron, Tyco International, Adelphia, Worldcom etc)

What is the updated COSO ERM Framework cont d? ERM Integrated Framework a robust and extensive focus on the broader subject of enterprise risk management. June 2016 release: ERM Aligning Risk with Strategy and performance. provides boards and management with principles to manage risk, from strategy-setting through execution, and recognizes the increasingly important connection between strategy and performance.

Key changes to the framework Adoption of components and principles structure; Simplifies the definition of enterprise risk management; Emphasises the relationship between risk and value; Renews the focus on integration of enterprise risk management; Examines the role of culture; Elevates discussion of strategy;

Key changes to the framework cont d Enhances the alignment between performance and enterprise risk management; Links enterprise risk management into decision making more explicitly Delineates between enterprise risk management and internal control Refines risk appetite and tolerance

Objectives of the updates framework Review process started Oct 2014 Updated Framework was released in 2004 Enterprise Risk Management Integrated Framework. Changes in complexity of risk Emergence of significant new risks Changing risk management awareness by boards Provision of greater insight into strategy Accommodates expectations for governance and oversight Enhances alignment between organisational performance and ERM

Why IAs should know the updated framework The Framework is complementary to the 3 lines of defence model in risk management Emphasis on ERM gives a holistic understanding of risk management Makes risk profiling of business more effective as a tool in developing IA workplans Linking risk to business strategy, value and performance improves effectiveness of risk monitoring

Why IAs should know the updated framework - ERM Roles & Responsibilities Management The board of directors Risk officers Internal auditors

Why IAs should know the updated framework their role Play an important role in monitoring ERM, but do NOT have primary responsibility for its implementation or maintenance. Assist management and the board or audit committee in the process by: - Monitoring - Evaluating - Examining - Reporting - Recommending improvements

Why IAs should know the updated framework Visit the guidance section of The IIA s Web site for The IIA s position paper, Role of Internal Auditing s in Enterprise Risk Management.

Why IAs should know the updated framework - Standards 2010.A1 The internal audit activity s plan of engagements should be based on a risk assessment, undertaken at least annually. 2120.A1 Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization s governance, operations, and information systems. 2210.A1 When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment.

Implementation of the updated framework

Benefits of implementation of the framework Increasing the range of opportunities: By considering all possibilities both positive and negative aspects of risk. Identifying and managing risk entity-wide: Not managing risks as single events but looking at all risks in the business and their interrelation. Increasing positive outcomes and advantages while reducing negative surprises: better ability to identify risks, establish appropriate responses, reducing surprises and related costs while profiting from advantages

Benefits of implementation of the framework cont d Makes risk management more dynamic as it aligns to changing business environment. Addresses management of risk in the context of all business stakeholders e.g profit for shareholders, regulatory compliance for gov t, performance alignment to strategy for employees etc

Limitations of the framework Framework in many instances is dependent on human judgement making it susceptible to error in decision making; Collusion by two or more people can allow for circumventing of controls; Ability by management to override risk management decisions; It is not mandatory for all companies to implement the framework and may not be appropriate for small businesses

Stakeholders involved in the framework development Committee of sponsoring organisations of the Treadway Commision; The general public; PriceWaterhouseCoopers (PWC);

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback