Enterprise Risk Management

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Enterprise Risk Management"

Transcription

1 Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA

2 What is Risk Management? Risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. Source: The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2

3 Risk Management: The Big Picture Strategic Goals Must align with the mission, overall objectives, vision, and values Must be clear & concise Foundation for risk planning and solid internal controls Internal Control Describing Approach to Risk Management Benefits Characteristics Approaches & processes Communication Strategy Foundation Risk Jl 3

4 Key Organizational Concepts Mission Vision Values Strategy Metrics Performance Evaluation

5 The Big Picture Key Relationships!! Governance Enterprise Risk Management Internal Control 5

6 Enterprise Risk Management (ERM) Framework

7 What does risk management encompass? Aligning risk appetite and strategy Enhancing risk response decisions Reducing operational surprises and losses Identifying and managing multiple and crossorganizational risks Seizing opportunities Improving deployment of capital

8 Benefits of Risk Management Achieve the entity s performance targets Achieve the entity s profitability targets Prevent loss of resources Ensure compliance with laws and regulations Avoid damage to entity s reputation It helps the management and board of an organization achieve its goals avoid pitfalls and surprises along the way!

9 Risk management is a process, ongoing and flowing through an entity

10 Key Risk Concepts: Risk Management An Intentional Process Effected by people Applied in strategic context Applied across the enterprise Designed to identify events potentially affecting the entity Intended to manage risk within an entity s risk appetite Provides reasonable assurance Geared to achievement of objectives 10

11 Risk Management: Linking with the Achievement of Objectives Types of objectives: Strategic high level goals, aligned with and supporting its mission Operations effective and efficient use of resources Reporting reliability of reporting Compliance applicable laws and regulations These four categories are distinct, but overlapping One objective can fall into more than one category Top of the cube!

12 Key Concepts: The COSO Enterprise Risk Management Framework Cube Representation

13 Components of Enterprise Risk Management Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring Front of the cube!

14 Key Concepts: The COSO Enterprise Risk Management Framework Cube Representation

15 Effectiveness of Risk Management Effectiveness is a judgment Are the 8 risk management components present and functioning effectively? Are there material weaknesses? Have the risk needs been considered within the entity s risk appetite?

16 Limitations of Risk Management Human judgment can be faulty Risk management decisions need to consider the cost vs. the benefits Human failures errors, mistakes Controls can be overridden by collusion between two or more people Management has the ability to override ERM decisions Culture is critical If these limitations exist, the board and management cannot have absolute assurance that the entity s objectives are being considered

17 Risk Management Encompasses Internal Control Internal control is an integral part of enterprise risk management Internal controls make risk management more robust Internal controls can help with conceptualization of risk management

18 Relationships Between ERM and Internal Control Governance Enterprise Risk Management Internal Control 18

19 Key Concepts: Frameworks for Internal Controls and Risk Management Linking the COSO Internal Control Integrated Framework with the COSO Enterprise Risk Management Framework Internal Control Framework ERM Framework Expanded into 3 components 19

20 Roles and Responsibilities for Risk Management Everyone in the organization has some responsibility Board is ultimately responsible Without board oversight, risk management will fail or be suboptimal Senior management team All levels of management For global organizations, consider ways to communicate responsibilities in a way that supports cultural or educational differences

21 Relationships Between Governance and ERM Governance Enterprise Risk Management Internal Control 21

22 Roles and Responsibilities for Risk Management External entities play an important role in how an entity implements overall risk management: Regulators Customers Vendors Overall supply chain Professional organizations

23 Key Risk Concepts: Risk Management Fundamental Characteristics A portfolio view of risks at the entity level Identification of potential events that may impact objectives Risk identification, prioritization, and response Managing risk within the entity s risk appetite Consideration of risk in formulation of strategy 23

24 Key Risk Concepts: Types of ERM Risks Strategic High-level goals aligned to mission Operations Effective and efficient use of resources Reporting Reliability of entity s reports Compliance Effective and efficient use of resources 24

25 Key Risk Concepts: Effective Risk Management Strategies Identify (internal / external) Risks Develop Risk-based Culture Objectives Value Objectives Link & Values Controls Risk Tolerance/appetite? 25

26 Key Risk Concepts: A Process Overview Risk Assessment and Response Manage Risk Within the Entity s Risk Appetite Identification of Potential events that may impact objectives and values Consideration of Risk in Formation of Strategy Application Across the Entity Take a Portfolio View of Risks at the Entity-level Monitor Performance of ERM 26

27 Discussion Question What areas do you believe have primary responsibility for risk management? 1. Accounting / finance 2. Risk management group 3. Legal 4. Compliance 5. Internal audit 6. Unsure How can this vary by culture or business model? 27

28 Key Risk Concepts: ERM Enhances Management Capabilities Align risk appetite Link growth, risk and return Enhance risk responses decisions Minimize operational surprises and losses Identify and manage cross-enterprise risk Provide integrated responses to multiple risks Seize opportunities Rationalize capital 28

29 Key Risk Concepts: ERM Benefits to Management Promotes awareness of existing risk Establishes common risk language Illustrates risk interrelationships and impacts Enables development of more precise risk information Enhances ability to Identify risk in a timely manner Increases confidence to seize opportunities inherent in potential future events Remember. Manage risk within and across business units A common risk language facilitates communication 29 This helps to minimizes operational surprises and losses

30 Key Risk Concepts: Characteristics of Effective ERM Must be owned and led by the board and senior management Encompasses entire business with connection between functional areas Strategies address a full spectrum of risks Processes augment conventional emphasis on probability by also weighing vulnerability Does not solely consider single events, but considers scenarios and interaction between risks

31 Key Risk Concepts: Characteristics of Effective ERM Effective risk management Is a key element of the organizational culture Focuses not solely on risk avoidance, but also value creation Enables entity to take a portfolio view of risk 31 31

32 Key Risk Concepts: Basic ERM Process Responses Events Objectives 32

33 Key Risk Concepts: The Highs and the Lows High Impact / Low Likelihood High Impact / High Likelihood Risk Low Impact / Low Likelihood Low Impact / High Likelihood 33

34 Examples from our conversation (from audience during session) High impact high likelihood data security breach, foreign regulation, health and safety, foreign competition, competition, substitute products, climate change High impact low likelihood airport tower loses communication, security at airport, terrorism, staff turnover, public register of ownership, technology downtown, internet down Low impact high likelihood petty cash, tropical storm, staff turnover Low impact low likelihood??? Audience did not offer many examples in this category! (discussion centered on other three areas above)

35 Key Risk Concepts: What are the BIG Risks? Failure to identify and pursue opportunities IT System Failures Lack of intelligence about marketplace and competitor actions Attracting Capital Sustainability 35

36 Key Risk Concepts: Board Oversight and ERM 4 Critical Roles! 1. Understand the entity s risk philosophy and concur with the entity s risk appetite 2. Know the extent to which management has established effective enterprise risk management of the organization 3. Review the entities portfolio of risk and consider it against the entity s risk appetite 4. Be apprised of the most significant risks and whether management is responding appropriately Source: Effective Enterprise Risk Oversight Role of the Board of Directors, COSO 36

37 Risk Process Considerations

38 Moving thru the framework.

39 Internal Environment Implementation Strategies Risk management philosophy statement Risk appetite describe and communicate Board of directors regularly include on agenda Integrity and ethical values code of conduct, make sure personnel are aware and that the code is alive in the organization Commitment to competence - be clear on how the leaders in the organization support this Organizational structure must be clear and understood throughout the organization Assignment of authority and responsibility air for clarity and understanding in terms of roles Human resource (HR) standards HR goals are transparent and available to all personnel

40 Internal Environment Follow-up - from our conversation indicators of a healthy culture (responses from participants during session) A healthy culture is key to the Internal Environment component of the ERM Framework Staff retention Environmental responsible Personnel climate survey Adherence to policy at acceptable levels Increased incident reporting Employees are proud Communication style Leadership style Reward and recognition Staff development Team building Staff orientation

41 Can you test for a healthy culture? Risk-Related Culture Survey Sample Items Use Scale of 1-5 The leaders of my area set a positive example for ethical conduct I understand the entity s overall mission and strategy Disciplinary action is taken against those who engage in professional misconduct Turnover of personnel has not significantly affected our ability to achieve objectives The leaders in my department are open to communication about risk The leaders in my department are open to bad news

42 Code of Conduct Sample of Key items for Inclusion Letter from chief executive Goals and philosophy Conflicts of interest Sign-offs Discussion Gifts and gratuities Transparency A best practice in reviewing your code of conduct benchmark with similar entities and/or aspirational entities!

43 Moving thru the framework.

44 Objective Setting Strategic objectives Related objectives Operations Reporting Compliance Overlap of objectives Achievement of objectives Risk appetite Risk tolerances

45 Moving thru the framework.

46 Event Identification Events Influencing factors Event identification techniques event inventories, output from planning process, triggers, workshops, interviews, diagrams, lead indicators, analysis of past losses Interdependencies always consider how one event can trigger another Event categories economic, natural environment, political, infrastructure, personnel, process, technology, social, technological Distinguishing risks and opportunities look at both negative and positive outcomes

47 Moving thru the framework.

48 Risk Assessment Context for risk assessment Inherent risk risk if there are no controls Residual risk risk after controls are implemented Estimate likelihood and impact Assessment techniques benchmarking, using probability models Consider relationships between events

49 Key Concepts: Frameworks for Internal Controls and Risk Management Linking the COSO Internal Control Integrated Framework with the COSO Enterprise Risk Management Framework Internal Control Framework ERM Framework Expanded into 3 components 49

50 Four Key Principles of the COSO Internal Control Framework Related to Risk Assessment 1. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 2. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 3. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 4. The organization identifies and assesses changes that could significantly impact the system of internal control

51 Four Key Principles of the COSO Internal Control Framework Related to Risk Assessment Operations Objectives Reflects management s choices Considers tolerances for risk Includes operations and financial performance goals Forms a basis for committing of resources 51 51

52 Four Key Principles of the COSO Internal Control Framework Related to Risk Assessment Reporting Objectives External financial reporting objectives Complies with applicable accounting standards Considers materiality Reflects entity activities External non-financial reporting objectives Complies with externally established standards and frameworks Considers the required level of precision Reflects entity activities 52 52

53 Four Key Principles of the COSO Internal Control Framework Related to Risk Assessment Reporting Objectives Internal financial reporting objectives Reflects management s choices Considers the required level of precision Reflects entity activities Compliance Objectives Reflects external laws and regulations Considers tolerances for risk 53 53

54 Four Key Principles of the COSO Internal Control Framework Related Characteristics to Risk Assessment (Points of Focus) Associated With Each of the Four Key Principles of Risk Assessment Identifies and Analyzes Risk Includes entity, subsidiary, division, operating unit and functional levels Analyzes internal and external factors Involves appropriate levels of management Estimates significance of risks identified Determines how to respond to risks 54 54

55 Four Key Principles of the COSO Internal Control Framework Related Characteristics to Risk Assessment (Points of Focus) Associated With Each of the Four Key Principles of Risk Assessment Assesses Fraud Risk Considers various types of fraud Assesses incentives and pressures Assesses opportunities Assesses attitudes and rationalizations 55 55

56 Four Key Principles of the COSO Internal Control Framework Related Characteristics to Risk Assessment (Points of Focus) Associated With Each of the Four Key Principles of Risk Assessment Identifies and Analyzes Significant Change Assesses changes in the external environment Assesses changes in the business model Assesses changes in leadership 56 56

57 Process Considerations: Determine Risk Appetite Quantitative or Qualitative Earnings at risk Reputation at risk Risk Tolerance Range of acceptable variation Risk appetite is the amount of risk (on a broad level) an entity is willing to accept in pursuit of value 57

58 Process Considerations: Establish a Portfolio View of Key Risks Impact Likelihood 58

59 Process Considerations: What is the level of your risk appetite? Impact Likelihood 59

60 Process Considerations: Identify Risk Responses Options Available to Quantify Risk Exposure Impact Likelihood 60

61 Process Considerations: Impact Versus Probability High I M P A C T Low Share Accept Medium Risk Low Risk PROBABILITY Mitigate & Control Control High Risk Medium Risk High 61

62 Risk Response Evaluating possible responses Risk likelihood and impact Assessing costs vs. benefits Opportunities in response options Selected responses Portfolio view

63 Moving thru the framework.

64 Control Activities Integration with risk response Types of control activities top level reviews, activity management, information processing, physical controls, performance indicators, segregation of duties Policies and procedures in writing, wellcommunicated, integrated in culture Controls over information systems general controls, application controls Entity specific controls

65 Moving thru the framework.

66 Information and Communication Using relevant quality information to support the functioning of risk management processes Internally communicating information necessary for the functioning of internal control Externally communicating information regarding matters affecting the functioning of internal control

67 Moving thru the framework.

68 Monitoring The entity selects, develops and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action

69 Moving thru the framework.

70 Process Considerations: Common Risk Management Failures Less than robust risk management implementation Not a management or board priority: ineffective board oversight Failure to anticipate and respond to changed internal and external environment Reckless risk taking: Compensation not aligned with risk management Overconfidence: Failure to recognize and prioritize remote risks 70

71 Process Considerations: Key Implementation Factors Organizational design of the business Establishing an ERM organization Performing risk assessments Determining overall risk appetite Identifying risk responses Communication of risk results 7 Monitoring 8 Oversight and periodic review by management 71

72 Questions? Contact me at or

A Practical Approach to Implementing the COSO Internal Control Integrated Framework

A Practical Approach to Implementing the COSO Internal Control Integrated Framework A Practical Approach to Implementing the COSO Internal Control Integrated Framework Dr. Sandra B. Richtermeyer, CPA, CMA IMA s COSO Board Member Professor of Accountancy & Associate Dean Xavier University

More information

A Risk-Based Audit Strategy November 2006 Internal Audit Department

A Risk-Based Audit Strategy November 2006 Internal Audit Department Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

Developing an Effective Enterprise Risk Management Program

Developing an Effective Enterprise Risk Management Program Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied

More information

An overview of COSO s 2013 Internal Control-Integrated Framework

An overview of COSO s 2013 Internal Control-Integrated Framework An overview of COSO s 2013 Internal Control-Integrated Framework Prepared by: Sara Lord, Partner, National Professional Standards Group, McGladrey LLP sara.lord@mcgladrey.com May 2013 Introduction In 1992,

More information

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb. Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance

More information

COSO Internal Control Integrated Framework (2013)

COSO Internal Control Integrated Framework (2013) COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.

More information

ASAE s Job Task Analysis Strategic Level Competencies

ASAE s Job Task Analysis Strategic Level Competencies ASAE s Job Task Analysis Strategic Level Competencies During 2013, ASAE funded an extensive, psychometrically valid study to document the competencies essential to the practice of association management

More information

Analyzing Risks in Healthcare. February 12, 2014

Analyzing Risks in Healthcare. February 12, 2014 Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

Board oversight of risk: Defining risk appetite in plain English

Board oversight of risk: Defining risk appetite in plain English www.pwc.com/us/centerforboardgovernance Board oversight of risk: Defining risk appetite in plain English May 2014 Defining risk appetite in plain English Risk oversight continues to be top-of-mind for

More information

Fraud Prevention and Deterrence

Fraud Prevention and Deterrence Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining

More information

Enterprise Risk Management Integrated Framework. Executive Summary

Enterprise Risk Management Integrated Framework. Executive Summary Enterprise Risk Management Integrated Framework Executive Summary September 2004 Copyright 2004 by the Committee of Sponsoring Organizations of the Treadway Commission. All rights reserved. You are hereby

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

Enterprise Risk Management Framework. Executive Summary. Exposure Draft for Public Comment

Enterprise Risk Management Framework. Executive Summary. Exposure Draft for Public Comment ffad Enterprise Risk Management Framework Executive Summary Committee of Sponsoring Organizations of the Treadway Commission Exposure Draft for Public Comment To submit comments on this document, please

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February

More information

Module 6 Documenting Processes and Controls

Module 6 Documenting Processes and Controls A logical place to begin any comprehensive evaluation of internal controls is at the top entity-level controls that might have a pervasive effect on the organization. This includes a consideration of factors

More information

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Get More Out of Your Risk Assessment. Austin Chapter of the IIA Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Overview Discussion Questions 1) Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization

More information

Enterprise Risk Management in Colleges and Universities

Enterprise Risk Management in Colleges and Universities Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Operational Risk Management in a Debt Management Office

Operational Risk Management in a Debt Management Office Operational Risk Management in a Debt Management Office Based on Client Presentation January 2008 Outline The importance of operational risk management (ORM) International best practice A high-level perspective,

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

The Updated COSO Internal Control Framework. Frequently Asked Questions

The Updated COSO Internal Control Framework. Frequently Asked Questions The Updated COSO Internal Control Framework Frequently Asked Questions Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing thought leadership

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL Evaluation and Inspection Services Memorandum May 5, 2009 TO: FROM: SUBJECT: James Manning Acting Chief Operating Officer Federal Student

More information

Tailoring enterprise risk management strategies to the Main-Street insurer

Tailoring enterprise risk management strategies to the Main-Street insurer Tailoring enterprise risk management strategies to the Main-Street insurer Prepared by: Jay Golonka, Partner, McGladrey LLP 816.751.1830, jay.golonka@mcgladrey.com Discussions of Enterprise Risk Management

More information

RISK MANAGEMENT IN A FOR-

RISK MANAGEMENT IN A FOR- RISK MANAGEMENT IN A FOR- PROFIT ORGANISATION 1 OBJECTIVES Explain the risk management framework The underlying process and cycle, and resources and people involved The framework can be applied in for

More information

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com

More information

Enterprise Risk Management

Enterprise Risk Management 2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

Audit of the Test of Design of Entity-Level Controls

Audit of the Test of Design of Entity-Level Controls Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

Strategic Risk Management for School Board Trustees

Strategic Risk Management for School Board Trustees Strategic Management for School Board Trustees A Management Process Framework May, 2012 Table of Contents Introduction Page I. Purpose....................................... 3 II. Applicability and Scope............................

More information

Audit of the Policy on Internal Control Implementation

Audit of the Policy on Internal Control Implementation Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF

More information

Competency Requirements for Executive Director Candidates

Competency Requirements for Executive Director Candidates Competency Requirements for Executive Director Candidates There are nine (9) domains of competency for association executives, based on research conducted by the American Society for Association Executives

More information

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter Board of Directors Meeting 12/04/2010 Document approved Operational Risk Management Charter Table of contents A. INTRODUCTION...3 I. Background...3 II. Purpose and Scope...3 III. Definitions...3 B. GOVERNANCE...4

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Hand IN Hand: Balanced Scorecards

Hand IN Hand: Balanced Scorecards ANNUAL CONFERENCE T O P I C Risk Management WORKING Hand IN Hand: Balanced Scorecards AND Enterprise Risk Management B Y M ARK B EASLEY, CPA; A L C HEN; K AREN N UNEZ, CMA; AND L ORRAINE W RIGHT Recent

More information

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM)

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM) Department of Veterans Affairs VA Directive 0054 Washington, DC 20420 Transmittal Sheet April 8, 2014 VA Enterprise Risk Management (ERM) 1. REASON FOR ISSUE: This directive provides guidelines to help

More information

Export Development Canada

Export Development Canada Export Development Canada Special Examination Report 2009 Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Office of the Auditor

More information

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office. GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers

More information

Guide to Internal Control Over Financial Reporting

Guide to Internal Control Over Financial Reporting Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).

More information

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework September 2011 Notice This document is intended as a reference tool to assist Ontario credit unions to develop an

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

The Updated COSO Internal Control Framework

The Updated COSO Internal Control Framework The Updated COSO Internal Control Framework Frequently Asked Questions Second Edition Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO T The Revised COSO ERM Framework Robert Hirth Chairman, COSO COSO: Thought Leadership to Improve Your Organization What the Heck is COSO?... Originally formed in 1985, COSO is a joint initiative of five

More information

CFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material

CFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material P a g e 1 CFE 2 Enterprise Risk Management Study Guide - Supplemental Background Material The passing score for this test is 74% Reference Guides: Enterprise Risk Management Best Practices: From Assessment

More information

Effective Enterprise Risk Management with ErmsCo ERM Foundation

Effective Enterprise Risk Management with ErmsCo ERM Foundation Executive Brief Effective Enterprise Risk Management with ErmsCo ERM Foundation Introduction to ErmsCo About ErmsCo ErmsCo is a consulting and training firm that focuses on assisting financial institutions

More information

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal (Provisional translation) On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on

More information

Clarius Group Risk Management Policy and Framework

Clarius Group Risk Management Policy and Framework 1. Introduction Clarius Group Risk Management Policy and Framework 1.1 Definition Risk is the chance of something happening that will have an impact on objectives. Risk provides the opportunity (upside)

More information

Comparison Between Joint Commission Standards, Malcolm Baldrige National Quality Award Criteria, and Magnet Recognition Program Components

Comparison Between Joint Commission Standards, Malcolm Baldrige National Quality Award Criteria, and Magnet Recognition Program Components Comparison Between Joint Commission Standards, Malcolm Baldrige National Quality Award Criteria, and Magnet Recognition Program Components The Joint Commission accreditation standards, the National Institute

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management Topic Gateway Series No. 49 1 Prepared by Jasmin Harvey and Technical Information Service July 2008 About Topic Gateways Topic Gateways are intended as a refresher or introduction

More information

2015-16 Internal Control Questionnaire and Assessment

2015-16 Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 9, 2015 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org TABLE

More information

Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations

Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations Author: Glen C. Mueller, Chief Audit & Compliance Officer, Scripps Health, San Diego, CA Introduction

More information

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson

More information

Introduction to Enterprise Risk Management at UVM DRAFT

Introduction to Enterprise Risk Management at UVM DRAFT Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for

More information

Understanding and articulating risk appetite

Understanding and articulating risk appetite Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,

More information

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing

More information

Internal Controls: Documentation and Testing What the Auditor Is Looking For

Internal Controls: Documentation and Testing What the Auditor Is Looking For What the Auditor Is Looking For Presented by: Dennis F. Dycus, CPA, CFE, CGFM, Director Office of the Comptroller of the Treasury Division of Municipal Audit TAUD Administrative Professional s Conference

More information

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Capital Requirements Directive Pillar 3 Disclosure. December 2015 Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay

More information

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page

More information

10-005 Enterprise Risk Management

10-005 Enterprise Risk Management 10-005 Enterprise Risk Management Current update: 09/16/10 Original Issuance: 03/31/08 Purpose This policy provides guidance and direction to State Board of Administration business unit heads for identifying,

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING

THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING BY JOHN BUGALLA AND KRISTINA NARVAEZ In December 2005, the University of California s Department of Risk Management was

More information

Enterprise Risk Management. California Association of State Auditors October 8, 2015

Enterprise Risk Management. California Association of State Auditors October 8, 2015 Enterprise Risk Management California Association of State Auditors October 8, 2015 Agenda GovOps Agency Overview Civil Service Improvement Initiatives Enterprise Risk Management As a strategy As a framework

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations

More information

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY Prepared by: SOL PLAATJE MUNICIPALITY RISK MANAGEMENT UNIT AND Consolidated Advisory Services This document should be read in conjunction

More information

Internal Control - Integrated Framework

Internal Control - Integrated Framework Internal Control - Integrated Framework Executive Summary Senior executives have long sought ways to better control the enterprises they run. Internal controls are put in place to keep the company on course

More information

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1 ERM and GRC Fundamentals Risk Management Definitions & Guiding Principles Module 1 Agenda Introduction: Purpose and Goal of the Training (5 min.) Section 1: ERM / GRC Terms & Concepts (15 min.) Section

More information

Take the right steps 9 principles for building the Risk Intelligent Enterprise

Take the right steps 9 principles for building the Risk Intelligent Enterprise Take the right steps 9 principles for building the Risk Intelligent Enterprise Contents 9 principles for building a Risk Intelligent Enterprise 2 The Risk Intelligent Framework 4 1. Is risk a threat or

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:

More information

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship

More information

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.

More information

INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00

INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00 APPROVED by Resolution of the Board of Directors of Rosneft Minutes No. 16 dated May 07, 2013 In effect from July 22, 2013 by Order dated July 22, 2013 No. 311 COMPANY POLICY INTERNAL CONTROL AND ENTERPRISE

More information

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012 Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund There are different risk assessments prepared: Annual risk assessment

More information

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY Page 1 CONTENTS 1. Foreword by the Mayor... 3 2. Background... 4 2.1 Introduction... 4 2.2 Overall purpose of the Enterprise Risk Management

More information

FCPA 10 Hallmarks Self- Assessment

FCPA 10 Hallmarks Self- Assessment FCPA 10 Hallmarks Self- Assessment How exposed is your business to corruption risk? Take this assessment to find out if your systems are sufficiently robust to protect your business October 2014 Prepared

More information

INTERNAL AUDIT FRAMEWORK

INTERNAL AUDIT FRAMEWORK INTERNAL AUDIT FRAMEWORK April 2007 Contents 1. Introduction... 3 2. Internal Audit Definition... 4 3. Structure... 5 3.1. Roles, Responsibilities and Accountabilities... 5 3.2. Authority... 11 3.3. Composition...

More information

WFP ENTERPRISE RISK MANAGEMENT POLICY

WFP ENTERPRISE RISK MANAGEMENT POLICY WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement

More information