IIA ERM Summit. August 22, 2010

Similar documents
Transforming Internal Audit to Drive Business Performance. 21 June, 2011

Performance Risk Management Jonathan Blackmore, May 2013

Terms of Reference Governance Committee

Maximizing value from your lines of defense

Operation Excellence Dashboard Text. Metrics and Processes. Carole Cornell & Aba Diakite ICANN BIPMO 25 June 2014

Case study: Experian plc

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

Internal Controls Optimization

Capital project planning, design, delivery and operation process review City of Nanaimo November 20, 2017

EY Center for Board Matters. Leading practices for audit committees

DeVry Approach to ERM

International Finance Corporation

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Communities Roadmap. As of July 24, PJM 2018

Workday Network. Patti Rowe Julie Vlier Jane Zbyszynski

TERMS OF REFERENCE FOR THE HUMAN RESOURCES COMMITTEE

Turning risk into results. How leading companies use risk management to fuel better performance

TERMS OF REFERENCE FOR THE HUMAN RESOURCES AND COMPENSATION COMMITTEE

Session 102: Benchmark Your Way to World-Class Performance! Jeff Rumburg, Managing Partner, MetricNet, LLC

CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting

Operationalizing" Excellence with ERM. Wesley Morgan Andrew Bent

FINANCE AND STRATEGY PRACTICE CFO EXECUTIVE BOARD. Safeguarding Supply. Protecting the Enterprise from Unforeseen Supply Chain Risks

the council initiative on public engagement

Current State of Enterprise Risk Oversight:

King III Apply or Explain

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?

Building Resiliency Across the Value Chain The Bigger Picture

Approved by the Board on July 27, 2017 Page 1

Unleashing the Enormous Power of Call Center KPI s. Call Center Best Practices Series

Introduction. The Assessment consists of:

Formalize Corporate Social Responsibility Information Disclosure System and Improve Transparency (also through the supply chain reporting practices)

Enterprise Risk Management Montana State Fund

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Sample Corporate Risk Management Policy

On the road(map) again. Balancing the emerging regulatory requirements in the Middle East public sector

Governance, Risk and Compliance (GRC)

Management Systems. Linkage. 26 March Text #ICANN49

Reporting on internal control. A South African Experience. Presented by Shelmadene Petzer. April Reputation promise/mission

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be

Montana DPPHS Enterprise Architecture. Montana Department of Public Health and Human Services Deloitte Consulting LLP

Creating an agile control environment

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Extended Enterprise Risk Management

Charter for Enterprise Risk Management

PMO In A Box. Prepared for UBS

The Ohio State University April 6, 2018 Board of Trustees

Leveraging IT risk management to boost competitive advantage

CORPORATE GOVERNANCE KING III COMPLIANCE

The Ohio State University June 8, 2018 Board of Trustees

Boards and internal audit: Working together to strengthen risk management

High Impact Internal Audit Leadership. Contents are subject to change. For the latest updates visit

Enterprise Risk Management at

SCCE Compliance & Ethics Institute. Agenda. Trust & Verify: Investigation and Compliance Forensic Tools. September 16, 2014

VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY COMPLIANCE, AUDIT, AND RISK COMMITTEE OF THE BOARD OF VISITORS COMPLIANCE, AUDIT, AND RISK CHARTER

LEADING WITH GRC. The Return of the ERM Extending Beyond It s Past Scope. Brenda Boultwood, SVP Industry Solutions, MetricStream

TransCelerate Overview. Tozheg Roshankar

Session 7: Corporate Governance

TOR NAME Responsible Owner Effective date Technology Strategy Committee (TSC) Terms of Reference (TOR) College Board

Fraud Risk Management

High Impact Internal Audit Leadership. Contents are subject to change. For the latest updates visit

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

CORPORATE GOVERNANCE REPORT 2012/13

The Future of Internal Auditing:

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

The 80/20 Rule for Service and Support KPIs: The Metrics of Success!

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

Energy Future Holdings (EFH)

Three Lines of Defense vs. Five Lines of Assurance

Positioning Internal Audit to Deliver Value

Agenda. Agenda. Definitions and Processes. Risks. Audit & ERM. Key Strategies. Conclusions ERM and Audit 1. ERM and Audit.

U.S. Census Bureau Enterprise Risk Management Program Operationalizing ERM A Top-down, Bottom-Up Approach

SUPPLY CHAIN EXCELLENCE IN WIDEX. June 2016

Risk management is changing. Act now.

Advisory Services Governance, Risk & Compliance

9/15/2014. Building A Strategy, Spreading Best Practice and Leveraging Vendors Gail Greco-Bieir Sarah Chartier Practice Greenhealth

For more than a century, Southern Company has been delivering clean, safe, reliable and affordable energy for our customers and communities.

Gartner IAM Maturity Scale

Powerful Mechanism for Deployment. November 2004 Copyright 2004 Raytheon Company. All rights reserved.

THE ENTERPRISE AND RISK MANAGEMENT POLICY

Reinventing Record to Report For Worry-Free Governance

Aegon Global Charter Framework

Certificate in Advanced Governance, Risk and Compliance (GRC)

Optimizing financial performance

Internal Controls. June-20-17

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

Dynamic Reallocation of Portfolio Funds

TTC CORPORATE PLAN OVERVIEW

EY Center for Board Matters Boards and internal audit

Automation of Enterprise IT with ManageEngine. Mohamed Nayaz, Director, IT Risk & Assurance Services 7 th March 2012

Deloitte Governance Framework and Maturity Model

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Utility Bill Data Accounts Payable s Secret Weapon for Managing Costs and Addressing Stakeholder Questions

EY Center for Board Matters

IBM Internal Audit: An Essential Component of Governance, Risk and Compliance

Business Framework Change How You Manage Safety

WHITE PAPER THE 6 DIMENSIONS (& OBSTACLES) OF RISK MANAGEMENT

Toyota Financial Services (South Africa) Limited: King III Principles

Building an Intelligent Risk Organization Case Studies in Strategic Risk Management

Risk Management Policy and Framework

Leading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger

Transcription:

IIA ERM Summit August 22, 2010

Key market drivers have created a perfect storm for risk transformation Trends Challenges Opporties SEC rule changes requiring additional disclosures in proxy and information statements regarding risk, compensation and governance Rating agency guidelines for evaluating a company s enterprise risk management practices that impact the organization s overall credit rating Increased Board and Executive response to regulatory, environment, and market changes Legal standards, regulatory requirements and increasing third party security requirements Elevated conversation of the value risk management can have on strategic and business level performance Not enough resources, competing and multiple risk priorities Creating value from managing risk at an enterprise level Sustaining consistent, standardized processes to manage risk and measure the effectiveness of risk capabilities Overcoming barriers that exists from a poor operational performance Effectively balancing cost associated with managing risk to achieve desired levels of business performance (value) Understanding what and how risk should be managed to effectively respond to business demands Emerging technology capabilities Perform enterprise wide diagnostic to understand current risk capabilities Identify redundancy, overlap and gaps within risk functions Align risk management capabilities to increase response and agility Embed effective risk management capabilities into the rhythm of the business through inclusion of strategic, financial and operational planning processes Reduce the risk and compliance burden at the business level Enable technology to create a common standard platform to integrate risk processes Create a holistic view of risk to address multiple, siloed risk management practices Page 2

Value, cost and risk considerations for implementing risk transformation Execution of a future state will help achieve a sustainable and responsive EGRC organization Integrated and coordination of risk functions drive improved agility and risk response to complex and increasing business challenges. Effective risk function/processes that provide increased assurance that governance, risk and compliance objectives are achieved. Transformation from a reactive to a proactive risk posture Improved visibility and transparency of risk functions. A balanced approach to risk transformation Value Cost Redundant, duplicative and or overlapping of risk practices across enterprise generate non value-added costs. Inefficiency of risk management practices add to overall cost of managing risk. Compensation, skills and abilities of resources are unaligned with strategic and business objectives impeding business performance. Flexible/variable cost models are not utilized to capitalize on business, organizational and risk management needs. Alternative sourcing and resource management strategies are not leveraged or optimized. Entity fails to respond to increasing and complex business challenges. management practices are not aligned with strategic objectives. Unmanaged risks impact reputation, shareholder value and stakeholder relationships. Disparate risk functions and lack of discipline in managing risk interdependencies throughout the organization. Decision making is not optimized. Other business issues have higher visibility resulting in a lack of attention to governance, risk, and compliance related risks. Page 3

Coordinate risk functions to reduce overlap, redundancy and decrease costs Current State Board/senior management oversight Other s No documented charters for board or s Board does not have oversight of company identified risks Processes not formal to disclose company s performance with regulatory and compliance stakeholders Strategic plan does not support effective governance objectives Is the total cost of risk functions at $25 million annually cost effective? Management Compliance Control Information Technology Legal and Regulatory External 13 different risk assessments are performed by various functions Technology is not leveraged across risk functions to create efficiencies and reduce costs A standard taxonomy for evaluation of risk is not utilized Siloed risk functions reduce value, increase costs, and impact business performance level controls and processes are not standardized or relevant to meet business objectives metrics have not been established and linked to a business and risk strategy Improvement programs/initiatives do not include a risk review/assessment Page 4

What is the new risk management? Current state Future state Board/senior management oversight Other s Board oversight Compensation s Executive management Other CEO CFO CRO General Counsel control Management Compliance Control Information Technology Legal and Regulatory External audit Aligned mandate and scope External audit Coordinated infrastructure and people Consistent methods and practices Common information and technology Siloed risk functions reduce value, increase costs, and impact business performance Page 5

Align and integrate risk activities to improve business performance Compensation Future State Board oversight s Executive management Other CEO CFO CRO General Counsel Enhanced board-level reporting and communications Enhanced structure to implement risk oversight capabilities Processes are formal to disclose company s performance with regulatory and compliance stakeholders Strategic planning supports effective governance objectives control Aligned mandate and scope Coordinated infrastructure and people Consistent methods and practices Common information and technology Total cost of risk functions is reduced from integrating risk functions Redundancy, overlap and risk activities are performed in a coordinated manner Technology is leveraged across risk functions to create efficiencies and reduce costs A standard taxonomy for evaluating risk is utilized Increased value, reduced costs, and improved business performance level controls and processes are standardized to support business objectives metrics are established and linked to a business and risk strategy Improvement programs/initiatives include a risk review and assessment Page 6

The future state leverages a holistic, aligned risk performance model The performance model supports a desired future state Compensation Board oversight s Executive management Other CEO CFO CRO General Counsel control Aligned mandate and scope Coordinated infrastructure and people Consistent methods and practices Common information and technology transformation embodies a holistic view risk across the organization Page 7

Link risk management practices to business planning processes Strategic plan and financial target development Strategy and Value drivers Long-range strategic plan Strategic risk assessment Strategic initiatives and financial targets 1 Strategic risk assessment Creates enterprise level risk profile aligned to strategy and business objectives planning, budget and forecast process -level objectives Detailed planning analysis for business plan level risk assessment level budget, forecast and operating plan 2 level risk assessment Provides basis for structured consideration of risk relative to business plan process Quarterly revenue and earnings Quarterly business performance review process Quarterly review against business plan Quarterly risk assessment review -level performance measurement 3 Quarterly risk assessment review Routinely challenges the impact of key risks on budget, plan, forecast and performance Ongoing risk & control monitoring and support 4 audit Regulatory and compliance control (Sox) Other risk and control groups Provides key risk and control groups with routine updates on emerging risk issues Page 8

Define the Rhythm of the and points of integration Q1 Q2 Q3 Q4 Board and audit meetings Executive-level strategy JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC 1/xx 4/xx 7/xx 10/xx update and IA plan review Strategy and Value drivers Long-range strategic plan 1 Strategic risk assessment 1 review Strategic initiatives & financial targets -level planning -level objectives Planning analysis for business plan 2 risk assessment Budget, forecast & operating plan Quarterly business review 3 Quarterly review Quarterly review Quarterly review Quarterly review QBR risk review QBR risk review QBR risk review QBR risk review Regulatory and compliance 4 Quarterly ECC Quarterly ECC Quarterly ECC Quarterly ECC audit 4 Quarterly updated Quarterly updated Annual plan Kick-off Annual plan finalized financial controls (SOX) 4 Quarterly 302/404 certification process Quarterly 302/404 certification process Quarterly 302/404 certification process Quarterly 302/404 certification process Monthly/ quarterly close 1/xx 2/xx 3/xx 4/xx 5/xx 6/xx 7/xx 8/xx 9/xx 10/xx 11/xx 12/xx Page 9

Representative organizational structure Example 3 Board of Directors Committee CEO CFO CRO Unit Presidents w/ Champions Controller Control Compliance Enterprise Mgmt. Annual Plan and Quarterly Reviews Monthly and Quarterly Close with Control Self Assessment Sarbanes Oxley 302/404 Certification Corporate Ethics and Compliance Program Enterprise Assessment and Monitoring Annual Plan leveraged from the Enterprise Assessment Representative Leading Organizational Structure Integrated and Compliance Functions Coordinated Under Global Chief Compliance Officer With Direct Reporting To The CFO and AC Page 10

Observations and other considerations

The risk transformation strategy roadmap Value to the business Identify/Diagnose Phase I 100 day Diagnose 1. Plan and mobilize 2. Assess risk management culture 3. Understand current risk capabilities (high level) 4. Identify redundancy, overlap and duplication 5. Assess risk reporting frequency and performance 6. Identify high level risk spend (costs) 7. Assess risk process maturity 8. Assess coordination/integration maturity 9. Assess GRC capability maturity 10. Identify gaps to achieve future state 11. Establish a business case and roadmap for change Design/Deliver Phase II 1. Plan and Mobilize 2. Adopt a common risk framework 3. Assess risk strategy 100 day Implement 4. Identify and review business and GRC objectives 5. Define governance model (Board/executive level risk oversight) 6. Define risk appetite (sufficient to support the business case) 7. Assess risk ( assessment-condensed) 8. Document rhythm of the business and integration points (effectiveness, efficiency and agility) 9. Assess risk management model 10. Design/Revise Reporting (Board/executive level) 11. Demonstrate technology enablement 12. Validate target pilot for Phase I 13. Develop a business case and roadmap Design/Deliver Phase II 1. Plan and mobilize 2. Identify focused Initiatives 3. Enable risk culture 100 day Launch 4. Operationalize effective reporting to the board 5. Refine Appetite 6. Refine risk governance model 7. Embed risk capabilities into the business 8. Pilot risk Integration across processes, functions or domain 9. Pilot an enabling technology to support risk integration across processes, functions, or domain 10. Implement other initiatives (opporties to reduce costs, improve efficiency or enhance GRC capabilities) Design/Deliver Phase II 100 day Beyond (enterprise wide) 1. Roll-out risk integration enterprise-wide 2. Institutionalize self-assessment at the business level 3. Implement formal policies and procedures, communication strategy, cascade a technology initiative 4. Develop/validate risk and control measures 5. Continue to coordinate interactions with business s to achieve risk convergence 6. Migrate manual processes to automated processes to gain leverage and efficiency through the use of IT 7. Create common data structure across enterprise to allow efficient sharing of risk and control information 8. Establish risk data analytics/predictive modelling to proactively manage risk 9. Evaluate continued relevance of risks, competencies and risk processes given changes in the business Page 12

Representative organizational structure Example 1 Board of Directors Committee CEO CFO Corporate Counsel Unit Leadership Mgmt. Control Compliance Annual Plan and Quarterly Reviews Ongoing Assessment & Monitoring Monthly and Quarterly Close with Control Assessment Annual Plan Based On Enterprise Profile w/ Quarterly Updates Corporate Ethics & Compliance Program Representative Established Organizational Structure Aligned and Coordinated, Control and Compliance Functions Coordinated Under CFO, CRO and Corporate Counsel with integrated reporting to the CEO and Committee Page 13

Representative organizational structure Example 2 Board of Directors Committee CEO Chief Officer Corporate Counsel CFO Unit Leadership w/ Champions Enterprise Mgmt. Compliance Control (Sox) Annual Plan and Quarterly Reviews Ongoing Assessment & Monitoring Corporate Ethics & Compliance Program Monthly and Quarterly Close with Control Assessment Annual Plan Based On Enterprise Profile w/ Quarterly Updates Representative Advanced Organizational Structure Aligned and Coordinated, Control and Compliance Functions Coordinated Under CFO and Corporate Counsel with integrated reporting to the CEO, Committee and the Board of Directors Page 14

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback