Organizational Change Management: A Best Practice to Effective ERM Implementation
|
|
- Godfrey Lawrence
- 8 years ago
- Views:
Transcription
1 Organizational Change Management: A Best Practice to Effective ERM Implementation Christine Ackerman, CPA Associate Vice President & Director of Internal Audit University of Cincinnati Anita Ingram, ARM Assistant Vice President & Chief Risk Officer University of Cincinnati
2 Learning Objectives After attending this session, participants will be able to: Build a successful case and framework for ERM with a defined approach, assessment tools and outcomes. List key collaboration and consultative techniques deployed in the partnership between risk management and internal audit to gain top-level support and build consensus with institutional stakeholders for ERM. Navigate the challenges and pitfalls of implementing and sustaining a successful ERM program. 2
3 Agenda I. University of Cincinnati II. Building the Case for ERM III. Higher Education ERM Environment IV. Roles of Internal Audit and Risk Management in ERM V. Leveraging Collaboration VI. ERM at the University of Cincinnati VII.Managing Organizational Change VIII.Developing Key Risk Indicators IX. Successful ERM 3
4 University of Cincinnati who are we? UC Facts: UC is a public research university with an enrollment of more than 43,000 students; 372 programs of study; 16 to 1 student to faculty ratio; 14 Colleges Arts and Sciences; Allied Health; Business; Clermont & Blue Ash Colleges (2 Year); Music; Design, Architecture, Art & Planning; Education, Criminal Justice, and Human Services; Engineering & Applied Science; Law; Medicine; Nursing; Pharmacy; Graduate School 4
5 Building the Case for ERM The decentralized nature and entrepreneurial environment in higher education institutions can lead to challenges in coordinating risk management activities across the institution The dynamic nature of higher education requires ongoing assessment and management of a variety of issues to be able to identify, evaluate, and respond to risks 5
6 Building the Case for ERM Demonstrate small victories with something smaller than full ERM implementation - Demonstrate ERM approach using compliance as an example - Collaborated on launch of ERM program for UC Foundation Hired consultant to assist with developing and implementing ERM framework Cost of implementing ERM not unreasonable Board of Trustees and senior administration support Be careful not to fall into compliance or tactical trap Be careful that ERM isn t seen as a way to avoid risk 6
7 Higher Ed ERM Environment Some Higher Education organizations have robust ERM programs, yet many do not With those programs that are in place, they may not be working as intended AICPA reports on enterprise risk oversight across a range of industries: 51% of the respondents reported that their organizations had no formal enterprise-wide approach to risk oversight; and Only 14.9% said they had a complete formal enterprise-wide risk management process in place 7
8 Roles of Internal Audit and Risk Management in ERM 8
9 Roles of Internal Audit and Risk Management in ERM Internal audit champions adoption of ERM Internal audit participates in ERM interviews and risk advisory council - Important that internal audit be positively perceived throughout organization - Audit assists with identifying and evaluating risks - Audit assists with consolidating and reporting on risks Audits can inform and evaluate how units are responding to risk mitigation 9
10 Roles of Internal Audit and Risk Management in ERM Risk management deals with risks from a broad perspective of strategic, operational, financial, compliance and reputational risks as an interrelated portfolio Risk management both leads & participates in risk assessment process and leads the risk advisory counsel Provides the process and methods to manage unwanted variations from expectations, which are linked directly to the organization s strategy View risks in a way that crosses silos, builds internal alliances, exhibits flexibility, expands to include emerging risks, and enhances strategic decision-making capabilities 1 0
11 Leveraging Collaboration Enterprise risk assessment informs annual audit plan Reports are shared, both functions identify different types of risks - Chief Risk Officer, by receiving internal audit reports, can help connect the dots, identify trends occurring in internal audit reports - Internal audit can utilize knowledge of specific risks to scope and tailor audit procedures Collaboration builds efficiencies and improves results by crossleveraging competencies, roles & responsibilities Enhances communication depth and consistency, especially at board and management level 1 1
12 Leveraging Collaboration Internal Audit Defines ERM as a process Use specific risk management standard; usually COSO Develops audit plan to define the scope of work Links findings from any riskbased audit plans and the enterprise risk assessment Discuss the risk-based audit plan with risk management Risk Management Defines ERM as a discipline Use specific risk management standard; either ISO or COSO Develops the enterprise risk assessment designed to get a sense of the risks and call attention to most severe risks. Share ERM results with internal audit 1 2
13 Leveraging Collaboration Enterprise Risk Management (ERM) is about supporting opportunities as well as preventing problems It is tied to business objectives & strategies and supports them It works within the entity s culture and will become integral to decision making It will ensure that Risk Management applies to all levels of the organization and to all activities 13
14 ERM at UC: Program Context Effort Began in 2012 VISION STATEMENT: Create a risk-aware culture, permitting the University to ensure an effective means to identify, measure, control, and assign responsibility to manage risks, while encouraging the acceptance of reasonable opportunities hired consultant to assist with developing ERM framework 2014 launched search for CRO; launched formal ERM program 4 14
15 ERM at UC: Timeline Phase 1: Build the Case for ERM 1.Understand the institution s strategic plans, environment, and culture 2.Determine the status of existing risk management program & processes 3.State goals and objectives (Dec 2014) 4.Obtain top level commitment, support, and participation Estimated date to completion: June 2015 Phase 2: Build the ERM Foundation 5.Name a Project Leader 6.Plan project and define timeline (Jan 2015) 7.Create a cross functional Risk Council & related subcommittees (Nov 2014) 8.Create mission and goals statement (Jan 2015) 9.Create top-level ERM Executive Committee GREEN: COMPLETED RED: IN PROGRESS; PARTIALLY COMPLETED BLACK: FUTURE ACTION Phase 3: Implementation 10. Assess risks and update risk portfolio: validate and prioritize (Jan 2015 and ongoing) 11. Assign ownership and take action (Sept/Oct 2015) 12.Train & educate to assist board, academics & administrators with ERM process Phase 4: Sustain the ERM Program 13.Measure and assess results; monitor 14.Meet and review regularly; realign risk treatments as appropriate with available resources (periodically) 15. Report results (annually and upon request) 16. Do not neglect traditional risk management functions 17. Develop and implement institution-wide systems for communicating 1 5
16 ERM at UC: Framework Principles Framework Monitoring & review, continual improvement and communication occur throughout RM Process AS/NZS ISO 31000:2009 Overview of the relationships between the risk management principles, framework, and process Note: The brown arrow depicts that the principles inform the mandate and commitment for managing risk (reflected in the organizations management system). The light blue arrow shows that the framework enables the application of the risk management process. The dark blue arrow indicates that experience in applying the process can improve the organizations management system 1 6
17 ERM at UC: Governance Structure Audit & Risk Committee of the Board ERM Executive Committee ERM Risk Council Communications Risk Review 1 7
18 ERM at UC: Role of the Board Participating in their committees risk reviews Board/Committees should hear from the risk s designated leader, once each year, minimally. Ask appropriate, sometimes tough questions and in general, provide oversight. Also, board members will be apprised of the university s risk posture by hearing the other committees reports. Committee reports will be summarized for the full board. The president works with the board to set the high-level ERM agenda and develop a statement of risk appetite
19 ERM at UC: Risk Identification Identified through Interviews, Brainstorming, Emerging Trends, Benchmarking With Peer Institutions, Surveys Risks will be categorized: (i) Compliance (ii) Financial (iii) Operational, (iv) Strategic, or (v) Reputational Top Highest Priority risks will be assigned for oversight by committees of the Board of Trustees Remaining High/Medium Priority risks will receive oversight from the Risk Council 11 19
20 ERM at UC: Findings Information Security/Disaster Recovery Planning/UCIT Operations Student Enrollment and Enrollment Management Public Safety Funding Resources & Budget Emergency Management & Business Continuity Building/Facilities and Deferred Maintenance Strategic Planning Dealing with Minors On and Off Campus Compliance & Regulatory Issues (various) HR Processes & HR Leadership Environmental Hazards (Chemical Stores) Student Mental Health Issues Staffing & Succession Planning Preliminary research was conducted by ERM personnel with over 70 interviews involving more than 100 individuals, including the President s Executive Cabinet, Deans, Provosts, and key external partners. Research indicates the highest ERM concerns at UC currently focus on the items above. 2 0
21 Risk & Opportunity Heatmap From: University of Vermont ERM website: 2 1
22 ERM at UC: What happens next? Develop and implement institution wide systems for communicating (Feb to Dec 2015) Assess risks, update risk portfolio: validate and prioritize; input to new RMIS (October 2014 to October 2015) ERM Executive Committee Risk Workshop (September 15) Deliverable: HeatMap Assign/define ownership of risk areas and initiate, and verify action steps (October to December 2015) 2 2
23 Managing Organizational Change P E R F O R M A N C E Impact of Organizational 1. Denial/ Shock Change 2. Anger/ Betrayal 3. Pain/ Sadness Decreased Trust, Poor Communication & Increased Disengagement T I M E Recovery Phase: Some Improvement in Communication, Trust & Productivity 4. Acceptance/ Recovery 2 3
24 Managing Organizational Change: P E R F O R M A N C E Cumulative Effect T I M E Disengagement 2 4
25 Managing Organizational Change P E R F O R M A N C E Key: Manage the Depth and Duration T I M E Recovery Renewal 2 5
26 Developing Key Risk Indicators (KRI) Linking objectives to strategies to risks to KRI s Effective KRI s can provide value in a variety of ways, including: - Risk appetite - Risk and opportunity identification - Risk treatment - Risk reporting - Compliance efforts - Improved performance, process, and improved workplace environment 2 6
27 Developing Key Risk Indicators (KRI) Depends on risk identified Campus safety - Crime statistics, # of NightRide users, international student safety rankings, etc. Emergency preparedness and business continuity - # and results of drills and exercises, faculty, staff and student education and outreach, # of business continuity plans, results of business continuity tests Information Security - # of breaches, results of external penetration tests and vulnerability scans (# of critical/significant vulnerabilities) Enrollment - # of births, # of projected high school graduates 2 7
28 Successful ERM Program Buy in and support from the top Sustainable process slow progress is still progress! Continuous improvement Tools: RMIS/GRC, Interviews, Surveys, Questionnaires Strong marketing & communication Personnel resources Don t use as a means to say no, create additional administrative burden, or create another level of bureaucracy 2 8
29 Successful ERM Program A successful ERM program allows for: Assignment of risks Distribution of enterprise risks encourages ownership of mitigating and managing risk at the individual/unit level Resource optimization Individuals have autonomy and flexibility to maximize their talents and resources while working within their scope; individuals do not unknowingly complete redundant tasks, reducing the likelihood of expending unnecessary effort, resources and time Assignment of accountability Each individual is uniquely accountable for individual risks as they contribute to a larger, more comprehensive enterprise wide risk strategy Coordination Higher levels of communication across units and knowledge sharing regarding challenges and perspectives creates opportunities to break down silos resulting in greater, more collaborative coordination 2 9
30 Dilbert on Risk Management Risk in itself is not bad; risk is essential to progress, and failure is often a key part of learning. But we must learn to balance the possible negative consequences of risk against the potential benefits of its associated opportunity. 3 0
31 Questions? Thank you! 3 1
32 Resources oexecutive Report: The Risk Perspective, Risk Management and Internal Audit: Forging a Collaborative Alliance Risk and Insurance Management Society Inc., and the Institute of Internal Auditors Inc., opacific Northwest Enterprise Risk Forum, University of Washington Enterprise Risk Management A Journal of Discovery November 7, ocoso Thought Leadership in ERM Developing Key Risk Indicators to Strengthen Enterprise Risk Management, How Key Risk Indicators Can Sharpen Focus on Emerging Risks, by Mark Beasley, Bruce Branson, Bonnie Hancock, Sources of Information: oansi/asse/iso the only international standard on risk management 2009 ocoso ERM Framework 2004 o Risk Management An Accountability Guide for University and College Boards by Janice Abraham AGB & UE 2013 oconsulting firms Huron ogrc Governance, Risk & Compliance (software and consulting): Riskonnect, Ventiv, Marsh Clearsights, etc. Helpful websites: risk management/ erm.htm
Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher
Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role
More informationIntroduction to Enterprise Risk Management at UVM DRAFT
Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for
More informationUniversity of Oregon Information Technology Risk Assessment. December 2, 2015
December 2, 2015 Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 APPROACH... 4 IT UNITS... 5 NOTED STRENGTHS... 5 THEMES... 6 IT RISKS... 11 IT RISKS DESCRIPTIONS... 12 APPENDIX A: BAKER TILLY
More informationThe College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012
The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why
More informationEnterprise Risk Management VCU Process
VCU Process What is Enterprise Risk Management? An organization-wide systematic approach to identify and tactically manage risk. A best practice to prioritize risk and implement processes to monitor risk.
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February
More informationAttorney Perspectives: Enterprise Risk Management in a Time of Innovation
Attorney Perspectives: Enterprise Risk Management in a Time of Innovation Nancy Pringle, Vice President and General Counsel, Ithaca College Stephen Sencer, Senior Vice President and General Counsel, Emory
More informationEnterprise Risk Management Panel Discussion
Enterprise Risk Management Panel Discussion Facilitators Bill Cole, VCU and VCUHS CAE Michael Bordoni, former Emory University CAE, now DHG (Dixon Hughes Goodman LLP) Risk Advisory Services Partner Gary
More informationOpportunity. for Greater Relevance LEVERAGING ENTERPRISE RISK MANAGEMENT: By Janice M. Abraham, Robert Baird, and Frank Neugebauer
LEVERAGING ENTERPRISE RISK MANAGEMENT: Opportunity for Greater Relevance By Janice M. Abraham, Robert Baird, and Frank Neugebauer Enterprise Risk Management (ERM) gained a foothold in higher education
More informationEnterprise Risk Management: Taking the First Steps
Enterprise Risk Management: Taking the First Steps TN PRIMA, 2012 DOROTHY GJERDRUM, ARM, CIRM NOVEMBER 15, 2012 Agenda Goal: To understand how to begin to implement a broader approach to risk management
More informationEnterprise-Wide Risk Assessment
Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,
More informationGAINING CONTROL: Building Your Existing Framework into an ERM Model
GAINING CONTROL: Building Your Existing Framework into an ERM Model RIMS Northeast Ohio Chapter Education Day Carol Fox, ARM RIMS Director of Strategic and Enterprise Risk Practice November 19, 2013 Copyright
More informationDIANNA SADLOUSKOS BACKGROUNDER www.sadlouskos.com EXPERIENCE
EXPERIENCE SADLOUSKOS CONSULTING SERVICES March 2006 to present FOUNDER, PRINCIPAL CONSULTANT Dianna Sadlouskos is a management consultant with twenty years experience supporting higher education institutions
More informationEnterprise Risk and Compliance Management
Enterprise Risk and Compliance Management Their Integral Roles in Higher Education Governance Gallagher Higher Education Practice NOVEMBER 2015 Introduction Anyone involved in the management of higher
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationBoard of Trustees IT Subcommittee Meeting. November 3, 2014 2:00-2:50 PM Harper Center 3023
Board of Trustees IT Subcommittee Meeting November 3, 2014 2:00-2:50 PM Harper Center 3023 Agenda Introductions June 2, 2014 Meeting Minutes Creighton University Digital Strategy Information Technology
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationEnterprise Risk Management in Colleges and Universities
Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationRice University Task Force on Information Technology. Report on IT Principles, Governance & Organization
Rice University Task Force on Information Technology Report on IT Principles, Governance & Organization April 22, 2014 1 IT Principles, Governance, Organization Information technology, across all missions
More informationEnterprise Risk Management
2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationIRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS
IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and
More informationLinking Risk Management to Business Strategy, Processes, Operations and Reporting
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
More informationThe New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework
The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,
More informationFraud Risk Management
Fraud Risk Management Overview Discussion Questions 1) Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization
More informationInternational Diploma in Risk Management Syllabus
International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.
More informationOPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.
OPTIMUS SBR CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. Optimizing Results with Business Intelligence Governance This paper investigates the importance of establishing a robust Business Intelligence (BI)
More informationGet More Out of Your Risk Assessment. Austin Chapter of the IIA
Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis
More informationPositioning Pima County Community College District s Human Capital Management for the Future
Positioning Pima County Community College District s Human Capital Management for the Future February 4, 2015 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member
More informationAnalyzing Risks in Healthcare. February 12, 2014
Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise
More informationThe Role of Internal Audit in Risk Governance
The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any
More informationUsing Strategic Risk Management to Gain Assurance and Communicate More Effectively
Using Strategic Risk Management to Gain Assurance and Communicate More Effectively Julie Englund Board Member, Treasurer and Finance Committee Chair Wilson College Raina Rose Tagle, CPA, CISA, CIA National
More informationIIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT
IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT Revised: Page 1 of 8 Introduction The importance to strong corporate governance of managing risk has been increasingly
More informationIT Governance Overview
IT Governance Overview Contents Executive Summary... 3 What is IT Governance?... 4 Strategic Vision and IT Guiding Principles... 4 Campus-Wide IT Strategic Vision... 4 IT Guiding Principles... 4 The Scope
More informationBeyond risk identification Evolving provider ERM programs
Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many
More informationEnterprise Risk Management
Enterprise Risk Management EACUBO Workshop March 20, 2014 Janice M. Abraham, President & CEO ERM: A process forward 2 ERM A business process, led by senior leadership, that expands the core concepts of
More informationEnterprise Risk Management at Pennsylvania State University (A) Strategy Implementation in a Decentralized Organization
Enterprise Risk Management at Pennsylvania State University (A) Strategy Implementation in a Decentralized Organization Case study Reference no 308-372-1 This case was written by Assistant Professor Harvey
More informationfmswhitepaper Why community-based financial institutions should practice enterprise risk management.
fmswhitepaper Why community-based financial institutions should practice enterprise risk management. By Michael D. Cohn, CPA, CISA, CGEIT Director, WolfPAC Solutions Group Unique Insights Implementation
More informationEnterprise Risk Management for International Schools
Enterprise Risk Management for International Schools 2014 NESA Business Managers Conference Presented by Michael Rodman & Timothy King Albert Risk Management Consultants INTRODUCTION Michael Rodman Principal
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationFINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund
FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012 Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund There are different risk assessments prepared: Annual risk assessment
More informationDepartment of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM)
Department of Veterans Affairs VA Directive 0054 Washington, DC 20420 Transmittal Sheet April 8, 2014 VA Enterprise Risk Management (ERM) 1. REASON FOR ISSUE: This directive provides guidelines to help
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationIowa State University Proposal for HR-01 ISU HR Operating Model
Iowa State University Proposal for HR-01 ISU HR Operating Model Overview: Iowa State University proposes undertaking the HR-01 ISU HR Operating Model business case to transform the quality, manner and
More informationStreamlining the Annual Risk Assessment Process
Streamlining the Annual Risk Assessment Process Presenter: Gregory Jordan, CPA, CIA, CRMA, FLMI Senior Vice President, Chief Audit Executive Nationwide Insurance Gregory Jordan, CPA, CIA, CRMA, FLMI Chief
More informationIntegrated Risk Management:
Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)
More informationAccreditation Application Forms
The Institute of Risk Management The Institute of Risk Management Accreditation Application Forms Universities and Professional Associations The Institute of Risk Management Accreditation Application Forms
More informationDeveloping an Effective Enterprise Risk Management Program
Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationEffective Enterprise Risk Management with ErmsCo ERM Foundation
Executive Brief Effective Enterprise Risk Management with ErmsCo ERM Foundation Introduction to ErmsCo About ErmsCo ErmsCo is a consulting and training firm that focuses on assisting financial institutions
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business
More information(Instructor-led; 3 Days)
Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of
More informationPerforming a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations
Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations Author: Glen C. Mueller, Chief Audit & Compliance Officer, Scripps Health, San Diego, CA Introduction
More informationMaryland Association of Boards of Education Insurance Programs
Insurance Programs ENTERPRISE RISK MANAGEMENT John Magoon, ARM (P, E), CBCP, MBCI Risk Management Officer, MABE jmagoon@mabe.org 443 603 0399 A PERFECT DAY Our Goals 1.2 1 0.8 0.6 0.4 0.2 0 Actual Goal
More informationAn Effective Approach to Transition from Risk Assessment to Enterprise Risk Management
Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without
More informationA Risk-Based Audit Strategy November 2006 Internal Audit Department
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
More informationIT Governance Action Team Report & Recommendations
IT Governance Action Team Report & Recommendations March 15, 2012 Action Team Members: Vivek Choudhury Associate Dean, College of Business William Fant Interim Dean, College of Pharmacy Mark Faulkner (Co-chair)
More informationEnterprise Risk Management Program
Enterprise Risk Management Program APPA s Risk Management & Insurance Meeting Austin, Texas March 29, 2007 Presented by: L.D. Hollingsworth Agenda Introduction - Why ERM? Governance & Reporting Structure
More informationEmergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program.
Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program. Or: How I Learned to Stop Worrying and Love the ERM! Is this You?
More informationDallas Center for Performance Excellence (CPE) Executive Summary
Dallas Center for Performance Excellence (CPE) Executive Summary Publication Date: January 8, 2015 The Center for Performance Excellence (CPE) is a continuous improvement initiative commissioned by the
More informationInternal Audit and Advisory Services DRAFT
Internal Audit and Advisory Services DRAFT PAGE(S) Message from the Internal Audit and Advisory Services...1-2 Internal Audit and Advisory Services Plan...3-5 Objectives...6-7 Risk Assessment Process...8
More informationEnterprise risk management: A pragmatic, four-phase implementation plan
Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com
More information2015 Report on the Current State of Enterprise Risk Oversight:
2015 Report on the Current State of Enterprise Risk Oversight: Update on Trends and Opportunities 6 th Edition February 2015 Mark Beasley Deloitte Professor of ERM Director, ERM Initiative Bruce Branson
More informationEnterprise Risk Management
Enterprise Risk Management The Basics or ERM 101 1 Enterprise Risk Management Enterprise risk management deals with risks and opportunities affecting value creation or preservation, defined as: COSO s
More informationPolicy 10.105: Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January
More informationEnterprise Risk Management
Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),
More informationIn accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:
Enterprise Risk Management Process and Procedures Scope In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including: Risk identification
More informationMatthew E. Breecher Breecher & Company PC November 12, 2008
Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:
More informationENTERPRISE RISK MANAGEMENT. J. Joseph Hoey, Ed.D. Bridgepoint Education CAIR 2015
ENTERPRISE RISK MANAGEMENT J. Joseph Hoey, Ed.D. Bridgepoint Education CAIR 2015 Enterprise Risk Management (ERM) Defined ERM is a principles-based approach to manage, not eliminate risk. ERM is a process
More informationThe Johns Hopkins University Human Resources Competency Dictionary
The Johns Hopkins University Human Resources Competency Dictionary JHU Human Resources Competencies (Applies to All HR Functional Areas) Business Partnership and Consultation Ethics and values Decision
More informationEnterprise Projects Fiscal Year 2009/2010 Third Quarter Report
Enterprise Projects Fiscal Year 2009/2010 Third Quarter Report Enterprise Projects Fiscal Year 2009/2010 - Third Quarter Report The Enterprise Program Investment Council (EPIC) is responsible for governance
More informationTable of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS
SECTION 270 PERFORMANCE AND STRATEGIC REVIEWS Table of Contents 270.1 To which agencies does this section apply? 270.2 What is the purpose of this section? PERFORMANCE REVIEWS 270.3 What is the purpose
More informationEnterprise Risk Management & Information Technology
Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management
More informationProcess Validation Workshops. Overview Session
Process Validation Workshops Overview Session 2 Session Objectives: Prepare staff for participating in a Process Validation Workshop Clarify the Purpose of Process Validation Workshops Clarify Expected
More informationFY 2015 Year in Review Internal Audit Division
P a g e 1 FY 2015 Year in Review Internal Audit Division Over the past year, Emory s Internal Audit Division (Internal Audit) advanced our mission to add value and improve the institution s operations
More informationOffice of Internal Audit May 6, 2015. Strategic Internal Audit Plan
Office of Internal Audit May 6, 2015 Strategic Internal Audit Plan Table of Contents I. Executive Summary...2 II. Office of Internal Audit Staffing and Status of 2014-15 Activities...5 III. Proposed Five
More informationThe Integration of Strategic Planning and Portfolio Management
The Integration of Strategic Planning and Portfolio Management Bank of Canada Management Offices (PMO s) International Summit Brasilia, Brazil, April 9-10, 2014 Presented by: Sheila Vokey, Chief Financial
More informationStrategic Direction 7 Vision for Shared Administrative Services
Strategic Direction 7 Vision for Shared Administrative Services Strategic Direction 7 - Centralize the System s business/administrative functions, where appropriate, in order to leverage resources and
More informationINFORMATION SECURITY STRATEGIC PLAN
INFORMATION SECURITY STRATEGIC PLAN UNIVERSITY OF CONNECTICUT INFORMATION SECURITY OFFICE 4/20/10 University of Connecticut / Jason Pufahl, CISSP, CISM 1 1 MISSION STATEMENT The mission of the Information
More informationPublic Accounting Firms Aetna Yale New Haven Health System Landmark Medical Center
Works like a Charm: Combined Shops of Audit, Compliance and Privacy! (Professional Development and Leadership Track) Thursday Oct 1, 2015 8-9.40a Sonal J. Shah, CPA, MSPA, CHC, CGMA Senior Director, Compliance,
More informationStrategic Risk Management for School Board Trustees
Strategic Management for School Board Trustees A Management Process Framework May, 2012 Table of Contents Introduction Page I. Purpose....................................... 3 II. Applicability and Scope............................
More informationRIMS Risk Management Models. Traditional Risk Management Progressive Risk Management Strategic Risk Management
Risk Management vs. Enterprise Risk Management Kate Lark Dartmouth College Paul L. Walker - University of Virginia Feb 4 th, 2008 Definition of Risk Management the process of planning, organizing, leading,
More informationEnterprise Risk Management Handbook. June, 2010
Enterprise Risk Management Handbook June, 2010 Table of Contents Overview... 4 What is Enterprise Risk Management?... 5 Why Undertake Enterprise Risk Management?... 6 Draft UW System ERM Vision, Mission,
More informationThe Communications Audit NEVER MORE RELEVANT, NEVER MORE VALUABLE:
WHITE PAPER The Communications Audit NEVER MORE RELEVANT, NEVER MORE VALUABLE: VALUE PROPOSITION OBJECTIVES METHODOLOGY BY GARY DOLZALL CHIEF COMMUNICATIONS OFFICER I. INTRODUCTION: THE VALUE PROPOSITION
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationThe Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies
The Essentials of Enterprise Risk Management Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies Introduction How should an organization think about the management
More informationAcademic Division Enterprise Risk Management (ERM)
Academic Division Enterprise Risk Management (ERM) Audit and Compliance Committee March 24, 2015 Achieve competitive compensation Risk Category Risk Description Risk Owner Key Stakeholders Management of
More informationUNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework
UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.
More informationThe PMO as a Project Management Integrator, Innovator and Interventionist
Article by Peter Mihailidis, Rad Miletich and Adel Khreich: Peter Mihailidis is an Associate Director with bluevisions, a project and program management consultancy based in Milsons Point in Sydney. Peter
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationTake the right steps 9 principles for building the Risk Intelligent Enterprise
Take the right steps 9 principles for building the Risk Intelligent Enterprise Contents 9 principles for building a Risk Intelligent Enterprise 2 The Risk Intelligent Framework 4 1. Is risk a threat or
More informationHedge fund launch considerations Reaching new boundaries. Investment Management
Hedge fund launch considerations Reaching new boundaries Investment Management There are people who make things happen, there are people who watch things happen, and there are people who wonder what happened.
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationA Framework for Managing Crime and Fraud
A Framework for Managing Crime and Fraud ASIS European Security Conference & Exhibition Gothenburg, April 15, 2013 Torsten Wolf Group Head of Crime and Fraud Prevention Agenda Introduction Economic Crime
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationSUMMARY PROFESSIONAL EXPERIENCE. IBM Canada, Senior Business Transformation Consultant
Doreen Funk, MA 191 Discovery Ridge Blvd SW, Calgary Cell: 587-434- 0811 E- mail: dorfunk@hotmail.com SUMMARY Senior management consultant with 20 years of experience in applying strategies and implementing
More informationEnterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management
Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits
More informationHigh Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director
High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role
More informationManaging Risk at Bank of America Corporation. Overview
Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,
More information