Fraud Risk Management

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Fraud Risk Management"

Transcription

1 Fraud Risk Management Overview

2 Discussion Questions 1) Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization faces? Why or why not? 2 of 27

3 Discussion Questions 2) What are some of the risks your organization faces? Where does the risk of fraud fit into your organization s risk hierarchy? 3 of 27

4 Discussion Questions 3) Does your organization have a formal risk management function? If so, are anti-fraud initiatives integrated into the risk management initiatives? 4 of 27

5 Discussion Questions 4) How does your organization categorize the risks that are identified in the risk management process? 5 of 27

6 Learning Objectives Analyze current state of the risk management landscape. Compare different risk management frameworks. Recognize what fraud risk is and the factors that influence it. Understand the reasons for effectively managing fraud risk. Determine who is responsible for managing fraud risk within an organization. 6 of 27

7 Introduction to Risk Management Risk management involves: Identification of risks Prioritization of risks Treatment of risks Monitoring of risks 7 of 27

8 Introduction to Risk Management Balancing risk appetite with ability to meet strategic, operational, reporting, and compliance objectives Requires a proactive, rather than reactive, approach 8 of 27

9 Report on Current State of Risk Management Risk management initiatives appear relatively immature: 30% describe their risk management implementation as systematic, robust, and repeatable. 43% described their risk management processes as very immature or developing. 9 of 27

10 Report on Current State of Risk Management 43% minimally or not at all satisfied with the nature and extent of reporting of key risk indicators to senior executives. More than half do not have risk oversight activities formally assigned to a board subcommittee. Boards of directors are placing greater expectations on management to strengthen risk oversight. 10 of 27

11 Risk Management Frameworks An entity s risk management program should be specifically tailored to its unique needs. But, the use of a framework can provide guidance and structure in developing the program. 11 of 27

12 COSO Enterprise Risk Management Integrated Framework Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring 12 of 27

13 COSO Enterprise Risk Management Integrated Framework 13 of 27

14 COSO Internal Control Framework COSO ERM Framework ACFE Fraud Risk Management Control (Internal) environment (1) Internal environment (1) Internal environment Defined roles and reporting Communicate expectations Tone at the top Code of conduct, ethics policy Training Objective setting (2) Objective setting Define program objectives Risk assessment (2) Risk assessment (4) Risk assessment Assemble the right team Event identification (3) Catalogue and evaluate risks Evaluate existing fraud controls Create mitigating controls Risk response (5) Risk reponse Control Activities (3) Control Activities (6) Control Activities Ensure compliance Investigate violations Monitoring (5) Monitoring (8) Monitor - mitigating controls Information and Communication (4) Information and Communication (7) Information and Communication Report Findings Evaluate risk assessment process 14 of 27

15 ISO 31000:2009 Lays out 11 principles of effective risk management Provides guidance on developing both a framework and a process for managing risk that is based on those principles 15 of 27

16 ISO 31000:2009 Risk Management Principles Creates value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured, and timely Based on best available information Tailored Takes human and cultural factors into account Transparent and inclusive Dynamic, iterative, and responsive to change Facilitates continual improvement and enhancement 16 of 27

17 ISO 31000:2009 (Source: ISO 31000:2009, Risk Management Principles and Guidelines ) 17 of 27

18 What Is Fraud Risk? The vulnerability that an organization has to those capable of overcoming the three elements of the fraud triangle Comes from both internal and external sources Differs from other risks because fraud, by definition, entails intentional misconduct designed to evade detection 18 of 27

19 Types of Fraud Risk Inherent risk risk present before management takes action Residual risk risk that remains after management takes action 19 of 27

20 Factors Influencing Fraud Risk The nature of the business The operating environment The ethics and values of the entity and its people The effectiveness of internal controls 20 of 27

21 Business Case for Managing Fraud Risk Organizations that deny the true possibility of fraud are at the greatest risk. 21 of 27

22 Business Case for Managing Fraud Risk The typical organization stands to lose an estimated 5% of its annual revenues to fraud. Recovery is typically very little, if any. Additional time and money invested in: Investigating how frauds happened Pursuing action against perpetrators Remediating system weaknesses 22 of 27

23 Business Case for Managing Fraud Risk 23 of 27

24 Business Case for Managing Fraud Risk 24 of 27

25 Business Case for Managing Fraud Risk A proactive fraud risk management program: Directly increases the bottom line Sends a clear anti-fraud message Demonstrates a sound business strategy Enhances the organization s image and reputation Promotes goodwill Ensures compliance with laws and regulations 25 of 27

26 Who Is Responsible for Managing Fraud Risk? Team responsible for executing, monitoring, and ensuring success Executive management Audit committee Investigations group Compliance Controller s group Internal audit IT Security Legal department Human resources 26 of 27

27 Who Is Responsible for Managing Fraud Risk? Team should have designated leader. Synergy and communication are key. 27 of 27

Fraud Prevention and Deterrence

Fraud Prevention and Deterrence Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Introduction to Enterprise Risk Management at UVM DRAFT

Introduction to Enterprise Risk Management at UVM DRAFT Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

Developing an Effective Enterprise Risk Management Program

Developing an Effective Enterprise Risk Management Program Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Risk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015

Risk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015 + Risk, Risk Assessments and Risk Management Christopher Bowler CPA, CISA August 10, 2015 + Agenda A Few Thoughts Fundamentals of Risk Assessments Fundamentals of Risk Management Assessments vs. Management

More information

Enterprise Risk Management: Taking the First Steps

Enterprise Risk Management: Taking the First Steps Enterprise Risk Management: Taking the First Steps TN PRIMA, 2012 DOROTHY GJERDRUM, ARM, CIRM NOVEMBER 15, 2012 Agenda Goal: To understand how to begin to implement a broader approach to risk management

More information

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology Inclusive of, framework, procedures and methodology Contents 1 Introduction 1 1.1 Legislative Framework and best practice 1 1.2 Purpose of Enterprise Risk Management 2 1.3 Scope and Applicability 3 1.4

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk Kevin W Knight AM CPRM; Hon FRMIA; FIRM (UK); LMRMIA: ANZIIF (Mem) ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk History of the ISO and Risk Management Over

More information

Antifraud program and controls assessment grid*

Antifraud program and controls assessment grid* Advisory Services Antifraud program and * Fraud risks & controls February 2008 *connectedthinking 2008 PricewaterhouseCoopers LLP. All rights reserved. PricewaterhouseCoopers refers to PricewaterhouseCoopers

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

AMTRAK CORPORATE GOVERNANCE: Implementing a Risk Management Framework is Essential to Achieving Amtrak s Strategic Goals

AMTRAK CORPORATE GOVERNANCE: Implementing a Risk Management Framework is Essential to Achieving Amtrak s Strategic Goals AMTRAK CORPORATE GOVERNANCE: Implementing a Risk Management Framework is Essential to Achieving Amtrak s Strategic Goals Report No. OIG-A-2012-007 March 30, 2012 NATIONAL RAILROAD PASSENGER CORPORATION

More information

Deloitte Forensic Fraud Risk Management

Deloitte Forensic Fraud Risk Management Deloitte Forensic Fraud Risk Management Introduction Organizations cannot afford to be unconcerned about the risk of fraud. Directors and management have a fiduciary obligation and a corporate responsibility

More information

Fraud-Related Compliance

Fraud-Related Compliance Fraud-Related Compliance R. A. (Andy) Wilson, CFE, CPP VP Fraud & Compliance Sedgwick Claims Management Services, Inc. Introduction: Why Compliance Is Essential 2015 Association of Certified Fraud Examiners,

More information

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied

More information

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption Toby Bishop, Director, Deloitte Forensic Center Deloitte Financial Advisory Services LLP Contents Why corporate resiliency? What

More information

WFP ENTERPRISE RISK MANAGEMENT POLICY

WFP ENTERPRISE RISK MANAGEMENT POLICY WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement

More information

Effective Enterprise Risk Management with ErmsCo ERM Foundation

Effective Enterprise Risk Management with ErmsCo ERM Foundation Executive Brief Effective Enterprise Risk Management with ErmsCo ERM Foundation Introduction to ErmsCo About ErmsCo ErmsCo is a consulting and training firm that focuses on assisting financial institutions

More information

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Overview In late 2006 and 2007, Protiviti commissioned a study to gauge the fraud risk management (FRM)

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb. Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance

More information

FRAUD RISK MANAGEMENT

FRAUD RISK MANAGEMENT FRAUD RISK MANAGEMENT Fraud and Corruption Ian Bowyer 28 March 2014 Objectives Developing an effective Fraud Risk Management Framework The Context of fraud Determining the health of your Framework for

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Get More Out of Your Risk Assessment. Austin Chapter of the IIA Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis

More information

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework September 2011 Notice This document is intended as a reference tool to assist Ontario credit unions to develop an

More information

Key Elements of Effective FCPA Remediation: Earning DOJ and SEC s High Premium Jonny Frank Rex Homme * February 2013

Key Elements of Effective FCPA Remediation: Earning DOJ and SEC s High Premium Jonny Frank Rex Homme * February 2013 Key Elements of Effective FCPA Remediation: Earning DOJ and SEC s High Premium Jonny Frank Rex Homme * February 2013 Executive Summary: The DOJ and SEC place a high premium on remediation efforts, in determining

More information

Risk Management Basics - ISO 31000 Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company

Risk Management Basics - ISO 31000 Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company Risk Management Basics - ISO 31000 Standard Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company Risk Management Basics - ISO 31000 Standard 1. Risk Management Basics 2. ISO 31000 Risk Management

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

1/17/2013 FRAUD RISK MANAGEMENT PROGRAM SESSION OBJECTIVE AND OUTLINE

1/17/2013 FRAUD RISK MANAGEMENT PROGRAM SESSION OBJECTIVE AND OUTLINE FRAUD RISK MANAGEMENT PROGRAM SHERYL VACCA SENIOR VICE PRESIDENT AND CHIEF COMPLIANCE AND AUDIT OFFICER MIKE JENSON UCR AUDIT DIRECTOR SESSION OBJECTIVE AND OUTLINE Assist campus managers in the development

More information

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down Types of and Recent Cases Developing an Effective Anti-fraud Program from the Top Down 1 Types of and Recent Cases Chris Grippa (404-817-5945) FIDS Senior Manager with Ernst & Young LLP Works with clients

More information

MEMORANDUM. Comments on the Updating of the LSC Risk Management Program

MEMORANDUM. Comments on the Updating of the LSC Risk Management Program Office of Inspector General Legal Services Corporation 3333 K Street, NW. 3rd Floor Washington, DC 20007 3558 202.295. 1660 (p) 202.337.6616 (f) www.oig.lsc.gov MEMORANDUM TO: FROM: LSC Audit Committee

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

Enterprise Risk Management in Colleges and Universities

Enterprise Risk Management in Colleges and Universities Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,

More information

March 2015. Internal audit insights High impact areas of focus

March 2015. Internal audit insights High impact areas of focus March 2015 Internal audit insights High impact areas of focus Introduction Internal audit is widely, if not universally, viewed as a key pillar in effective governance with expectations of internal audit

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

Operational Risk Management in a Debt Management Office

Operational Risk Management in a Debt Management Office Operational Risk Management in a Debt Management Office Based on Client Presentation January 2008 Outline The importance of operational risk management (ORM) International best practice A high-level perspective,

More information

Enterprise Risk Management in Compliance 360

Enterprise Risk Management in Compliance 360 Enterprise Risk Management in Compliance 360 2 Enterprise Risk Management in Compliance 360 Effective risk management involves identifying and understanding the risks the organization is faced with, analyzing

More information

Board oversight of risk: Defining risk appetite in plain English

Board oversight of risk: Defining risk appetite in plain English www.pwc.com/us/centerforboardgovernance Board oversight of risk: Defining risk appetite in plain English May 2014 Defining risk appetite in plain English Risk oversight continues to be top-of-mind for

More information

Forensic Audit Building a World Class Program

Forensic Audit Building a World Class Program Forensic Audit Building a World Class Program PAUL E. ZIKMUND DIRECTOR GLOBAL INTEGRITY AND FORENSIC AUDIT 1 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL Why the Need for Forensic Audit Program In response

More information

Fraud Control Theory

Fraud Control Theory 13 Fraud Control Theory Using a variation of a saying from the 1960s, fraud happens. Like all costs of doing business, fraud must be managed. Management must recognize that people commit fraudulent acts

More information

FRAUD RISK ASSESSMENT

FRAUD RISK ASSESSMENT FRAUD RISK ASSESSMENT All agencies are subject to fraud risks and need to complete a fraud risk assessment for their agency at least every biennium. A detailed fraud assessment needs to be performed by

More information

Fraud Risk Management

Fraud Risk Management RISK CONSULTING Fraud Risk Management A proactive approach to counter the risk of fraud and misconduct kpmg.ca/forensic 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the

More information

Information Technology Governance. Steve Crutchley CEO - Consult2Comply www.consult2comply.com

Information Technology Governance. Steve Crutchley CEO - Consult2Comply www.consult2comply.com Information Technology Governance Steve Crutchley CEO - Consult2Comply www.consult2comply.com What is IT Governance? Information Technology Governance, IT Governance is a subset discipline of Corporate

More information

ISO 31000 and Risk Management

ISO 31000 and Risk Management ISO 31000 and Risk Management August 19, 2010 What is risk? All management is risk management! Risk Management Boot camp Threat + Vulnerability = Risk Risk Controls = Residual Risk Residual Risk Probability

More information

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO T The Revised COSO ERM Framework Robert Hirth Chairman, COSO COSO: Thought Leadership to Improve Your Organization What the Heck is COSO?... Originally formed in 1985, COSO is a joint initiative of five

More information

Audit of the Policy on Internal Control Implementation

Audit of the Policy on Internal Control Implementation Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF

More information

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com

More information

Transmittal Letter... 1. Objectives and Scope... 2. Approach... 3-7. Financial System... 8. Permitting Application... 9

Transmittal Letter... 1. Objectives and Scope... 2. Approach... 3-7. Financial System... 8. Permitting Application... 9 Internal Audit Committee of Information Technology Risk Assessment Public Report Prepared By: Internal Auditors of Brevard County September 30, 2009 Table of Contents Transmittal Letter... 1 Objectives

More information

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter Board of Directors Meeting 12/04/2010 Document approved Operational Risk Management Charter Table of contents A. INTRODUCTION...3 I. Background...3 II. Purpose and Scope...3 III. Definitions...3 B. GOVERNANCE...4

More information

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role

More information

Convergence of Internal Audit, Compliance, and Risk Management. Frank Bossle Executive Director- Office of Hopkins Internal Audits April 2014

Convergence of Internal Audit, Compliance, and Risk Management. Frank Bossle Executive Director- Office of Hopkins Internal Audits April 2014 Convergence of Internal Audit, Compliance, and Risk Management Frank Bossle Executive Director- Office of Hopkins Internal Audits April 2014 1 Summary Plan to share with you the maturation process at Johns

More information

Practical and ethical considerations on the use of cloud computing in accounting

Practical and ethical considerations on the use of cloud computing in accounting Practical and ethical considerations on the use of cloud computing in accounting ABSTRACT Katherine Kinkela Iona College Cloud Computing promises cost cutting efficiencies to businesses and specifically

More information

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations

More information

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

Improving Financial Performance, Governance and Compliance

Improving Financial Performance, Governance and Compliance Enterprise Risk Management Improving Financial Performance, Governance and Compliance Through A Structured Approach Experis Finance By: Fred E. Lutzeier National ERM Director Fred.Lutzeier@Experis.Com

More information

Sound Practices for the Management of Operational Risk

Sound Practices for the Management of Operational Risk 1 Sound Practices for the Management of Operational Risk Authority 1.1 Section 316 (4) of the International Business Corporations Act (IBC Act) requires the Commission to take any necessary action required

More information

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Mike Brown Senior Vice President, Corporate Audit State Street Corporation Rich Reynolds Partner PricewaterhouseCoopers

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

ENTERPRISE RISK MANAGEMENT FOR BANKS

ENTERPRISE RISK MANAGEMENT FOR BANKS ENTERPRISE RISK MANAGEMENT FOR BANKS Seshagiri Rao Vaidyula, Senior Manager, Governance, Risk and Compliance Jayaprakash Kavala, Consultant, Banking and Financial Services 1 www.wipro.com/industryresearch

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

Risk Management Services

Risk Management Services Risk Management Services GridSME is proud to offer organizations a variety of risk management services, including the following: RISK ASSESSMENTS Strategic identification of enterprise risks & latent organizational

More information

Enterprise Risk Management in UNHCR

Enterprise Risk Management in UNHCR Enterprise Risk Management in UNHCR Briefing for Members and Observers of the Executive Committee and the Standing Committee Mr. Arman Harutyunyan, Chief Risk Officer 7 May 2015 Towards Enterprise Risk

More information

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012 Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund There are different risk assessments prepared: Annual risk assessment

More information

ERM Symposium April 2009. Moderator Nancy Bennett

ERM Symposium April 2009. Moderator Nancy Bennett ERM Symposium April 2009 RI4-Implementing a Comprehensive Privacy Program John Kelly Joseph Nocera Moderator Nancy Bennett Data & Identity Theft: Keeping sensitive data out of the wrong hands Presented

More information

Implementing an Integrated City-wide Risk Management Framework

Implementing an Integrated City-wide Risk Management Framework AUDITOR GENERAL S REPORT ACTION REQUIRED Implementing an Integrated City-wide Risk Management Framework Date: June 11, 2015 To: From: Wards: Audit Committee Auditor General All Reference Number: SUMMARY

More information

Internal Audit Terms of Reference

Internal Audit Terms of Reference Internal Audit Terms of Reference Introduction 1. The Internal Audit Terms of Reference (ToR) describes the framework within which the Internal Audit Service is delivered. It is intended to act as a guide

More information

Enterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A

Enterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A Brochure More information from http://www.researchandmarkets.com/reports/2243175/ Enterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A Description: High-level

More information

Infosys: Treating Governance and Compliance Strategically with SAP Access Control

Infosys: Treating Governance and Compliance Strategically with SAP Access Control Infosys: Treating Governance and Compliance Strategically with SAP Access Control Stringent management of user access controls and the segregation of duties are becoming a strategic concern for businesses

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need

More information

Risk Management Framework

Risk Management Framework Risk Management Framework THIS PAGE INTENTIONALLY LEFT BLANK Foreword The South Australian Government Risk Management Policy Statement 2009 advocates that consistent and systematic application of risk

More information

Regulatory Compliance Framework An Electric Utility Model. Abstract. Grier Consulting Group LLC

Regulatory Compliance Framework An Electric Utility Model. Abstract. Grier Consulting Group LLC Regulatory Compliance Framework An Electric Utility Model Abstract This presentation will describe the development of a regulatory compliance framework and toolset for use by a utility regulatory services

More information

Analyzing Risks in Healthcare. February 12, 2014

Analyzing Risks in Healthcare. February 12, 2014 Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise

More information

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services Agenda Fraud Overview Fraud Prevention Fraud Detection Fraud Response Questions Page 2 Fraud Overview

More information

Top Ten Issues facing Internal Auditing in the Future

Top Ten Issues facing Internal Auditing in the Future Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Fraud Risk Management Procedures

Fraud Risk Management Procedures Fraud Risk Management Procedures 1. Introduction KCE Electronics Public Company Limited ( KCE or the Company ) is committed to achieving the highest levels of business integrity, morals and transparency

More information

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

Enterprise Risk Management & Information Technology

Enterprise Risk Management & Information Technology Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management

More information

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework. University of Windsor Board of Governors BG130430-4.2.3 4.2.3 Enterprise Risk Management Framework Item for: Approval Forwarded by: Audit Committee MOTION: That the Board of Governors approve of the Enterprise

More information

ACFE FRAUD PREVENTION CHECK-UP

ACFE FRAUD PREVENTION CHECK-UP One of the ACFE s most valuable fraud prevention resources, the ACFE Fraud Prevention Check-Up is a simple yet powerful test of your company s fraud health. Test fraud prevention processes designed to

More information

Enterprise Risk Management

Enterprise Risk Management 2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

KEYS TO AN EFFECTIVE DIRECTOR CORPORATE COMPLIANCE AND INTERNAL AUDIT MULTICARE HEALTH SYSTEM TACOMA, WA

KEYS TO AN EFFECTIVE DIRECTOR CORPORATE COMPLIANCE AND INTERNAL AUDIT MULTICARE HEALTH SYSTEM TACOMA, WA KEYS TO AN EFFECTIVE ANTI-FRAUD PROGRAM WAYNE PURVES DIRECTOR CORPORATE COMPLIANCE AND INTERNAL AUDIT MULTICARE HEALTH SYSTEM TACOMA, WA AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois

More information