Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

Size: px
Start display at page:

Download "Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm"

Transcription

1 Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Mike Brown Senior Vice President, Corporate Audit State Street Corporation Rich Reynolds Partner PricewaterhouseCoopers

2 Presentation overview Transforming your focus on the real risks A practical framework for risk assessment Open discussion

3 Transforming your focus on the real risks

4 Transforming your focus on the real risks The Credit Crisis has surfaced new challenges for risk management and challenged internal audit to reconsider its role Board oversight. Shareholders are demanding that Boards demonstrably strengthen their oversight of risk management activities. No Silver Bullets in terms of risk management design, methodology or technology. Execution has been the clear differentiator. Timely and effective identification, communication and escalation of issues combined with clear roles and responsibilities, strong supervisory oversight, and good judgment have separated the market causalities from the big lossers. Change management is key to risk management. In general, there has been an overreliance among all firms on objective factors and historical data points. As a result, many firms were on auto pilot and did not identify or appropriately react to changes in market conditions, increases in risk appetite and/or aggressive business strategies. Operating style and culture are critical to execution effectiveness. Accountability clear roles and responsibilities from top to bottom Full transparency rapid escalation of issues, quick to admit mistakes Attention to detail applies to all levels Continuous improvement emphasis on lessons learned from unexpected events (positive or negative) Collegial tension challenging others is the expected behavior of real partners Leaders of support and control functions have equal stature to front office personnel no overrides Page 4

5 Transforming your focus on the real risks Are you focused on the real risks? Source: The Future of Internal Audit, Corporate Executive Board, 2010 (see Appendix for breakdown of value decline drivers) How value is destroyed in companies reasons for decreases in shareholder value Strategic & Business 68% Operational 13% Financial 12% Compliance 6% However, a significant percentage of internal audit resources are focused on financial controls in most organizations Page 5

6 Transforming your focus on the real risks Transformed vs. traditional risk assessment approach Page 6

7 Transforming your focus on the real risks Strategic Alignment of Internal Audit s Plan Focus should be on processes that are critical to shareholder value Internal Audit scope should be directly linked to the organization s strategic themes and critical processes Prioritize Internal Audit resources to audits with potential for greatest impact A value driver analysis can be a holistic way of capturing and understanding company business strategy and shareholder value driving activities. The underlying logic is that Financial performance is a result of delivering an attractive Customer value proposition The combination of Value Creating Activities and Core Enablers deliver value for customers and shareholders The value driver analysis allows Internal Audit to catalog key value drivers and better link audit activities to shareholder value Page 7

8 Transforming your focus on the real risks Using a strategy map Page 8

9 Transforming your focus on the real risks Audit universe is constructed from these critical processes and programs, and key change initiatives Process, Programs and Initiatives Targeted Improvement Capital Management 1. Balance sheet management Significant 2. Liquidity risk management and reporting Limited 3. Global cash management Significant 4. Capital allocation and RAPM Limited 5. TARP compliance Major Customer Service 6. Off-shored processes Limited 7. Client relationship management Significant 8. Lean initiative Limited Innovation and Branding 9. Alliance development Limited 10. New product development and launch Limited 11. Research and Development Significant Corporate and Social Responsibility 12. CSR reporting Significant 13. Labor compliance program Significant 14. Social responsibility program Significant 15. Diversity program Significant Audit Priority Matrix Impact on Shareholder Value Insignificant Low Moderate Major Critical 5 7, , ,6,9 4, Optimized Managed Defined Repeatable Ad-hoc Current Process & Control Maturity Audit universe is prioritized based on impact on shareholder value drivers, and the current and targeted maturity of the processes, programs and initiatives Page 9

10

11 Key Considerations for Designing a Risk Assessment Process There is no one size fits all solution and no two audit departments have identical processes. Sample leading practice elements include Top-down versus bottoms-up approach Macro and micro plan Continuous risk assessment and dynamic plan Tiered audit scoping approach The solution should focus on resolving known weaknesses without losing current strengths High performing audit departments have approaches to address emerging risks and incorporate them into their current audit plans Regulatory and other stakeholder expectations must be considered but should not be the sole driver of a solution Technology is an enabler, not a solution Ultimately, the risk assessment process must align with the company s strategic objectives Page 11

12 Establishing the Overall Objectives of the Process Since there are practical limitations to any approach to assessing risk and developing an audit plan, it is important to establish and prioritize the primary objectives of the process. Some typical objectives include: Protecting and help focus resources appropriately (i.e., in areas of high risk) Empowering auditors with the appropriate flexibility to decide the right product, at the right time Rationalizing the audit universe while ensuring completeness and consistency Ensuring convergence coordinate with other governance and control functions to the extent practical Creating a responsive, dynamic planning and risk assessment process Promoting more effective relationship management / regular engagement with the business Establishing clear linkage among risk assessment, continuous monitoring and audit plan to ensure appropriate coverage Increasing efficiency and effectiveness Satisfying key parties (management, external clients, regulators, E&AC) in a manner that is demonstrable Page 12

13 Banks differ in their approaches to risk assessment Attribute* Description # Institutions Audit Universe Risk Rating Methodology Business Monitoring Basis Objective view of organization taken from other sources 6 Audit s view of the organization, no formal reconciliation to objective source 2 Audit s view of organization, reconciliation to objective source 2 Purpose Audit entity audit 6 Basis for risk assessment 4 Scoring Formal scoring model with weighting of risk categories 3 Judgmental based on risk factor and/or category ratings 7 Basis of rating Inherent risk 2 Residual risk 8 Process Formal (established process and outputs) 5 Informal (process and outputs are ad-hoc or inconsistent) 3 No business monitoring process (or very light) 2 Frequency 4-year risk based cycle 6 Audit Plan 2-year risk based cycle 1 Dynamic audit plan 2 Annual but vary intensity based on risk 1 Products Dedicated portion of plan devoted to non-traditional products 5 Limited (or no) portion of plan devoted to non-traditional products 5 * Attributes are mutually exclusive (e.g., formal scoring model and judgmental based on do not align within same approach) Page 13

14 A Sample Risk Assessment Framework 6. Continuous Risk Assessment and Monitoring Encourages changes to plan to focus on emerging risks Mandates regular engagement with the business 1. Define Audit Universe 2. Conduct Top-down Analysis 3. Conduct Bottom-up Risk Assessment 4. Develop Audit Plan 5. Audit Level Planning Key Considerations Aligns to organization not audits Ensures completeness of risk coverage Covers legal entities and local jurisdictions Uncovers issues impacting shareholder value Links to strategic objectives Identifies most critical risks Leads to targeted audits, horizontal audits and special projects Risk unit priority based on inherent risk and control environment ratings Ratings based on objective guidance judgmentally applied, not mathematical model Priority drives the frequency and level of intensity Based on prioritized audit universe, topdown analysis, and local regulatory requirements Multiple audit products Coverage will be assessed against a risk priority matrix Analyzed periodically Considers output of risk assessment Leverages documented business profile and cumulative knowledge Focuses on risks assessed as high Level of assurance based on risk category ratings Page 14

15 Defining the Audit Universe The audit universe will Align to how management views the organization Represent a complete and relatively static picture of the company with multiple levels that can be aggregated and drilled down Be defined based on Management Committee accountable units to ensure ownership Be mapped to other elements (e.g., legal entities, jurisdiction, HR organizational structure) periodically to ensure completeness Audit entities ( risk units ) Are defined at a level of granularity at which risk can be effectively identified, rated and monitored Do not necessarily map 1:1 to audits Objectives Rationalize universe while ensuring completeness and consistency Satisfy key parties (management, external clients, regulators, E&AC) in a manner that is demonstrable Page 15

16 Addressing Legal and Regulatory Requirements Legal entities/jurisdictions requiring independent universe/risk assessment Global Markets International Limited (England) State Street Management S.A. (Luxembourg) International Fund Services Ireland Limited (Ireland) Risk unit impact rating Audit Universe Securities Finance Medium Not Applicable Not Applicable High Global Human Resources Medium Medium Low Medium Global Security High Low Medium Low 97 other risk units Page 16

17 Conducting a Top-Down Analysis Perform Company Analysis Develop Value Driver Analysis Evaluate Enterprise Risk Themes 1. Gather information: A research template will be used as a tool to gather the required information. The tool will highlight relevant points of information to use during the research process. Information will be collected and retained in a central location. a. Review External Data: External data points such as SSC s website, company press releases, industry-related articles, and reports will be utilized. b. Review Internal Data: Strategic plan, ERM output, compliance and regulatory reports, external auditor management letter comments, and high risk SOX findings will be reviewed to extract significant risk themes. 2. Develop value-driver analysis: Once information has been gathered, the cross-functional team will be able to review relevant information and collectively discuss themes and trends within the organization and industry. This information will be used to complete and update the Value Driver Analysis. 3. Understand and evaluate enterprise risk themes: Meet with key stakeholders to collaboratively discuss key themes and start to form assumptions around the risks associated with the key company initiatives/strategies/etc. Brainstorm potential audit activities considering the risk themes identified and the overall management of risks. Page 17

18 Sample Value Driver Analysis This SAMPLE value driver analysis depicts how a large bank creates value by demonstrating the connection of strategic objectives to underlying activities in causeand-effect relationships. 6 Page 18

19 Evaluating Risk Unit Priority Assess Inherent Risk Assess Control Environment Determine Risk Unit Priority 1. Assess inherent risk: Each risk unit s potential impact on the corporation will be assessed by considering the risk unit s inherent risk across risk categories a. Risk categories will be rated relative to each other within that risk unit on a 0-5 scale b. Risk category ratings will be determined judgmentally by considering (not rating) a series of risk factors for each category c. Taking into account each risk unit s rated risk categories, the unit s impact to the entire corporation will be assessed considering three dimensions (financial, reputation/brand, regulatory) on a three-point scale (high, medium, low) 2. Assess control environment: Each risk unit s control environment will be assessed by considering the control effectiveness and culture of the risk unit a. Taking into account each risk unit s control effectiveness and culture, the unit s control environment will be assessed on a three-point scale (light, sound, robust) 3. Determine risk unit priority: Risk unit priority will be derived from a matrix of inherent risk and control environment Page 19

20 Developing the Audit Plan 6 Page 20

21 Audit Level Planning Audit planning and scoping will Consider output of risk assessment as outlined in SSCA s Audit Methodology and Guidance Leverage documented business profile and cumulative knowledge of risk unit s business strategies, objectives, and risks Focus on risks assessed as high per applicable risk unit Involve application of the three levels of assurance (testing, assessment, validation) based on risk category ratings Objectives Create a responsive, dynamic planning and risk assessment process Establish clear linkage among risk assessment, continuous monitoring and audit plan to ensure appropriate coverage Empower auditors with the appropriate flexibility to decide the right product, at the right time Satisfy key parties (management, external clients, regulators, E&AC) in a manner that is demonstrable Page 21

22 Continuous Risk Assessment and Monitoring Key attributes: Frequency and focus of all three processes will be based on the priority and risks identified for each risk unit. Formal process for elevating and reporting output from all three processes. Continuous risk assessment Continuous monitoring Benefits/Attributes Periodic update of bottom-up and top-down risk assessment Provides early warning of high risk activities Can trigger changes to risk assessment and/or audit plan Involves monitoring of KRIs and KPIs Provides insights into current performance, changes, emerging risks, etc. Can trigger changes to risk assessment and/or an audit Continuous auditing Can detect control deficiencies Can trigger and/or direct additional audit procedures Involves independent automated testing (e.g., use of CAATs) Findings require management response and remediation Linkage to audit plan - Business/risk monitoring as required in the audit frequency and intensity matrix ideally entails a well-developed continuous risk assessment and monitoring process for each risk unit Page 22

23 Open discussion

24 For more information contact Mike Brown Senior Vice President Rich Reynolds Internal Audit Partner State Street Corporation PricewaterhouseCoopers LLP Page 24

25 Appendix Root Cause Analysis of Large Market Declines Source: The Future of Internal Audit, Corporate Executive Board, 2010 Page 25

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory

More information

The transformation of IT Risk Management. kpmg.com

The transformation of IT Risk Management. kpmg.com The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

Enterprise Risk Management & Information Technology

Enterprise Risk Management & Information Technology Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management

More information

Enterprise Risk Management in Colleges and Universities

Enterprise Risk Management in Colleges and Universities Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an

More information

Data & Analytics in Internal Audit. January 13, 2015

Data & Analytics in Internal Audit. January 13, 2015 Data & Analytics in Internal Audit January 13, 2015 With You Today KPMG Brian Greenberg, Director, Data & Analytics-enabled Internal Audit (National) Sean Mulyanto, Manager IT Advisory (Los Angeles) 1

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Solvency II Data audit report guidance. March 2012

Solvency II Data audit report guidance. March 2012 Solvency II Data audit report guidance March 2012 Contents Page Introduction Purpose of the Data Audit Report 3 Report Format and Submission 3 Ownership and Independence 4 Scope and Content Scope of the

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

Executive summary... 3 Overview of S&OP and financial planning processes... 4 An in-depth discussion... 5

Executive summary... 3 Overview of S&OP and financial planning processes... 4 An in-depth discussion... 5 Table of contents Executive summary... 3 Overview of S&OP and financial planning processes... 4 An in-depth discussion... 5 What are the benefits of S&OP and financial planning integration?... 5 Why is

More information

www.pwc.com Internal Audit Data Analytics

www.pwc.com Internal Audit Data Analytics www.pwc.com Internal Audit Data Analytics What s driving the need for enhanced data analytics in the market Analytics maturity model Capabilities developed and adopted Capabilities used to drive audits

More information

Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance

Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance ADVISORY SERVICES Transforming Internal Audit: A Model from Data Analytics to Assurance kpmg.com Contents Executive summary 1 Making the journey 2 The value of identifying maturity levels 4 Internal audit

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

FRAMEWORK FOR AN ETHICAL MATURITY INDEX. Authors: Elena Demidenko and Patrick McNutt

FRAMEWORK FOR AN ETHICAL MATURITY INDEX. Authors: Elena Demidenko and Patrick McNutt FRAMEWORK FOR AN ETHICAL MATURITY INDEX Authors: Elena Demidenko and Patrick McNutt Across key Enterprise risk management frameworks, COSO ERM (http://www.coso.org) and ASNZ4360 (ASNZ 4360: 2004 (http://www.standards.com.au)

More information

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016 Guideline Subject: Category: Sound Business and Financial Practices No: E-21 Date: June 2016 1. Purpose and Scope of the Guideline This Guideline sets out OSFI s expectations for the management of operational

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

How quality assurance reviews can strengthen the strategic value of internal auditing*

How quality assurance reviews can strengthen the strategic value of internal auditing* How quality assurance reviews can strengthen the strategic value of internal auditing* PwC Advisory Internal Audit Table of Contents Situation Pg. 02 In response to an increased focus on effective governance,

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Overview Discussion Questions 1) Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization?

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization? Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization? Background Everyone within an organization has some responsibility for managing risk. In the

More information

Placing a Value on Enterprise Risk Management ADVISORY

Placing a Value on Enterprise Risk Management ADVISORY Placing a Value on Enterprise Risk Management ADVISORY Placing a Value on Enterprise Risk Management 1 In turbulent economic times, the case for investing in an enterprise risk management (ERM) program

More information

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive

More information

Principles for An. Effective Risk Appetite Framework

Principles for An. Effective Risk Appetite Framework Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

Coordinated Governance: A Winning Relationship Between Internal Audit and the Organization s Other Risk and Control Functions

Coordinated Governance: A Winning Relationship Between Internal Audit and the Organization s Other Risk and Control Functions Coordinated Governance: A Winning Relationship Between Internal Audit and the Organization s Other Risk and Control Functions Coordinated Governance: A Winning Relationship Between Internal Audit and the

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

UPTIME MAGAZINE. june/july15 JUNE/JULY 2015. uptimemagazine.com

UPTIME MAGAZINE. june/july15 JUNE/JULY 2015. uptimemagazine.com june/july15 UPTIME MAGAZINE JUNE/JULY 2015 uptimemagazine.com AM Developing Plans Creating Value From Physical Assets by Mark Ruby 46 june/july 15A sset management plans form the cornerstone of an effective

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

Metrics by design A practical approach to measuring internal audit performance

Metrics by design A practical approach to measuring internal audit performance Metrics by design A practical approach to measuring internal audit performance September 2014 At a glance Expectations of Internal Audit are rising. Regulatory pressure is increasing. Budgets are tightening.

More information

Enterprise Risk Management (ERM)

Enterprise Risk Management (ERM) IIA presentation Enterprise Risk Management (ERM) Key Concepts & Trends August 5, 2010 Enterprise Risk Management (ERM) Key Concepts & Trends I. Trends in Enterprise Risk Management (ERM) Factors Driving

More information

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

How to Develop Successful Enterprise Risk and Vendor Management Programs

How to Develop Successful Enterprise Risk and Vendor Management Programs Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate

More information

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with

More information

Risk management and the transition of projects to business as usual

Risk management and the transition of projects to business as usual Advisory Risk management and the transition of projects to business as usual Financial Services kpmg.com 2 Risk Management and the Transition of Projects to Business as Usual Introduction Today s banks,

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Wednesday February 15, 10AM EST

Wednesday February 15, 10AM EST Global Risk Management Webcast Wednesday February 15, 10AM EST Speakers: Curt Burmeister, Vice President, Algorithmics Gordon Burnes, Worldwide Marketing Leader, IBM s Risk Analytics business Moderator:

More information

6/8/2016 OVERVIEW. Page 1 of 9

6/8/2016 OVERVIEW. Page 1 of 9 OVERVIEW Attachment Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion [Fotnote1 6/8/2016 Managing risks is fundamental to

More information

Internal audit value optimization for insurance organizations

Internal audit value optimization for insurance organizations Internal audit value optimization for insurance organizations Webinar May 13, 2015 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

Relationship Manager (Banking) Assessment Plan

Relationship Manager (Banking) Assessment Plan 1. Introduction and Overview Relationship Manager (Banking) Assessment Plan The Relationship Manager (Banking) is an apprenticeship that takes 3-4 years to complete and is at a Level 6. It forms a key

More information

www.pwc.com PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

www.pwc.com PwC The Path Forward for Data Analysis and Continuous Auditing May 2011 www.pwc.com The Path Forward for Data Analysis and Continuous Auditing May 2011 Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

An Innovative Approach to Close Cycle Reduction

An Innovative Approach to Close Cycle Reduction An Innovative Approach to Close Cycle Reduction As filing deadlines are accelerated and regulatory requirements become more stringent, companies are discovering that their financial close process does

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting. Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Internal Controls Over Financial Reporting Prepared by: Audit and Assurance Services Branch Project #: 14-05 November 2014

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

Fraud Prevention and Deterrence

Fraud Prevention and Deterrence Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining

More information

New Risk Management Paradigms for Asset Managers

New Risk Management Paradigms for Asset Managers April 2014 Asset Management New Management Paradigms for Asset Managers Point of view The financial crisis has caused deep reflection by regulators, asset managers and investors as to the effectiveness

More information

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,

More information

Oracle Value Chain Planning Demantra Real-Time Sales and Operations Planning

Oracle Value Chain Planning Demantra Real-Time Sales and Operations Planning Oracle Value Chain Planning Demantra Real-Time Sales and Operations Planning Do you want to implement a more demand-driven sales and operations planning process? Do you want to incorporate emerging best

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a

More information

A Closer Look Financial Services Regulation

A Closer Look Financial Services Regulation A Closer Look Financial Services Regulation To view our other A Closer Look pieces, please visit www.pwcregulatory.com \ Model risk mitigation and cost reduction through effective documentation June 2013

More information

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

CFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material

CFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material P a g e 1 CFE 2 Enterprise Risk Management Study Guide - Supplemental Background Material The passing score for this test is 74% Reference Guides: Enterprise Risk Management Best Practices: From Assessment

More information

Enterprise Risk Management A View. Clive Kelly CRO Zurich Insurance plc/zfs Europe (GI)

Enterprise Risk Management A View. Clive Kelly CRO Zurich Insurance plc/zfs Europe (GI) Enterprise Risk Management A View Clive Kelly CRO Zurich Insurance plc/zfs Europe (GI) Topics ERM some basics Responsibilities CRO evolution Challenges and priorities Conclusion Introduction 3 Zurich s

More information

ก ก Tools and Techniques for Enterprise Risk Management (ERM) Balanced Scorecard for Objective Setting in ERM

ก ก Tools and Techniques for Enterprise Risk Management (ERM) Balanced Scorecard for Objective Setting in ERM ก ก Tools and Techniques for Enterprise Risk Management (ERM) Balanced Scorecard for Objective Setting in ERM. 31 2554 10:45 12:15. ( ก) ก ก Balanced Scorecard for Objective Setting in ERM Assistant Professor

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

The changing role of Risk Management in insurance

The changing role of Risk Management in insurance The changing role of Risk Management in insurance Fribourg, 2. September 2016 Hansjörg Germann Head Risk Europe Middle East & Africa Group Risk Management The changing role of Risk Mgmt in insurance Key

More information

Auto Days 2011 Predictive Analytics in Auto Finance

Auto Days 2011 Predictive Analytics in Auto Finance Auto Days 2011 Predictive Analytics in Auto Finance Vick Panwar SAS Risk Practice Copyright 2010 SAS Institute Inc. All rights reserved. Agenda Introduction Changing Risk Landscape - Key Drivers and Challenges

More information

Re-engineering the Credit Approval Process. Presented by: Nancy Hasey-Ross Date: October 5, 2011

Re-engineering the Credit Approval Process. Presented by: Nancy Hasey-Ross Date: October 5, 2011 Re-engineering the Credit Approval Process Presented by: Nancy Hasey-Ross Date: October 5, 2011 1 Agenda Credit life cycle assessment Opportunities for credit re-engineering Key accomplishments of credit

More information

DATA AUDIT: Scope and Content

DATA AUDIT: Scope and Content DATA AUDIT: Scope and Content The schedule below defines the scope of a review that will assist the FSA in its assessment of whether a firm s data management complies with the standards set out in the

More information

Solutions for Enterprise Risk Management SAS. Overview. A holistic view of risk of risk and exposures for better risk management SOLUTION OVERVIEW

Solutions for Enterprise Risk Management SAS. Overview. A holistic view of risk of risk and exposures for better risk management SOLUTION OVERVIEW SOLUTION OVERVIEW SAS Solutions for Enterprise Risk Management A holistic view of risk of risk and exposures for better risk management Overview The principal goal of any financial institution is to generate

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Public Report. Professional discipline. Financial Reporting Council. May Ernst & Young LLP. Audit Quality Inspection

Public Report. Professional discipline. Financial Reporting Council. May Ernst & Young LLP. Audit Quality Inspection Public Report Professional discipline Financial Reporting Council May 2016 Ernst & Young LLP Audit Quality Inspection The FRC is responsible for promoting high quality corporate governance and reporting

More information

Introduction to TTC s Enterprise Risk Management (ERM) Program. TTC Audit and Risk Management Committee

Introduction to TTC s Enterprise Risk Management (ERM) Program. TTC Audit and Risk Management Committee STAFF REPORT INFORMATION ONLY Introduction to TTC s Enterprise Risk Management (ERM) Program Date: September 11, 2015 To: From: TTC Audit and Risk Management Committee Chief Executive Officer SUMMARY This

More information

Audit of the Policy on Internal Control Implementation

Audit of the Policy on Internal Control Implementation Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF

More information

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net

More information

Risk Management to Contingency Planning. ICD-10 Operational Readiness Keith Hatch, Florida Blue (BCBS of Florida), Senior Manager

Risk Management to Contingency Planning. ICD-10 Operational Readiness Keith Hatch, Florida Blue (BCBS of Florida), Senior Manager Risk Management to Contingency Planning ICD-10 Operational Readiness Keith Hatch, Florida Blue (BCBS of Florida), Senior Manager Agenda Definitions Relationship between risk management, contingency planning

More information

ACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES

ACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES THOMSON REUTERS ACCELUS ACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES PROACTIVE. CONNECTED. INFORMED. THOMSON REUTERS ACCELUS Compliance management Solutions Introduction The advent of new and pending

More information

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits.

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits. Feature A Higher Level of Governance Monitoring IT Internal Controls Mike Garber, CGEIT, CIA, CITP, CPA, has many years experience as both director for IT governance and as IT audit director for Motorola

More information

Portfolio Company Performance Analysis and Reporting Automation

Portfolio Company Performance Analysis and Reporting Automation Portfolio Company Performance Analysis and Reporting Automation Providing transparent and accurate performance data to investors, partners and auditors is becoming increasingly important, if not critical

More information

Preserving and Growing Value Through Enterprise Risk Management

Preserving and Growing Value Through Enterprise Risk Management SAP Solution in Detail SAP Solutions for Governance, Risk, and Compliance SAP Risk Management Preserving and Growing Value Through Enterprise Risk Management Table of Contents 3 Quick Facts 4 Understanding

More information

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015 Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory Iain Wright Ian Francis, IBM 4 June 2015 Corporate Challenges in the Development and Implementation of Effective Model Risk

More information

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

AGA Kansas City Chapter Data Analytics & Continuous Monitoring AGA Kansas City Chapter Data Analytics & Continuous Monitoring Agenda Market Overview & Drivers for Change Key challenges that organizations face Data Analytics What is data analytics and how can it help

More information

Final. North Carolina Procurement Transformation. Governance Model March 11, 2011

Final. North Carolina Procurement Transformation. Governance Model March 11, 2011 North Carolina Procurement Transformation Governance Model March 11, 2011 Executive Summary Design Approach Process Governance Model Overview Recommended Governance Structure Recommended Governance Processes

More information

ENTERPRISE RISK MANAGEMENT AN OVERVIEW. November 2011

ENTERPRISE RISK MANAGEMENT AN OVERVIEW. November 2011 ENTERPRISE RISK MANAGEMENT AN OVERVIEW November 2011 Overview Overview of Enterprise Risk Management (ERM) Risk Assessment Process Identifying Business Risks Consideration of Impact and Likelihood Soliciting

More information

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report A&CS Assurance Review Accounting Policy Division Rule Making Participation in Standard Setting Report April 2010 Table of Contents Background... 1 Engagement Objectives, Scope and Approach... 1 Overall

More information

Introduction to IT Audit

Introduction to IT Audit Introduction to IT Audit January 23, 2008 Who We Are Randy Roehm Technology Risk Director Jason Brucker Technology Risk Manager Zeb Buckner Internal Audit Consultant Zeb.buckner@protiviti.com Darcie Allen

More information

Risk Management. Group Standard

Risk Management. Group Standard Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

Governance SPICE. ISO/IEC 15504 for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H)

Governance SPICE. ISO/IEC 15504 for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H) Governance SPICE ISO/IEC 15504 for Internal Financial Controls and IT Management By János Ivanyos, Memolux Ltd. (H) 1. Evaluating Internal Controls against Governance Frameworks Corporate Governance is

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Consulting and Professional Services Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Designing an Operational Risk Program for

More information

Exhibit 1: Structure of a heat map

Exhibit 1: Structure of a heat map Integrating risk and performance management processes Werner Bruggeman Geert Scheipers Valerie Decoene 1. Introduction Years ago, Kaplan & Norton interviewed managers about their time consumption and they

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Financial services regulatory compliance. Changing demands require the right perspective

Financial services regulatory compliance. Changing demands require the right perspective Financial services regulatory compliance Changing demands require the right perspective The role of compliance is being elevated as regulatory demands increase. Compliance leaders are facing the greatest

More information

www.pwc.com Developing a robust cyber security governance framework 16 April 2015

www.pwc.com Developing a robust cyber security governance framework 16 April 2015 www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October

More information