Enterprise Risk Management Panel Discussion

Size: px
Start display at page:

Download "Enterprise Risk Management Panel Discussion"

Transcription

1 Enterprise Risk Management Panel Discussion Facilitators Bill Cole, VCU and VCUHS CAE Michael Bordoni, former Emory University CAE, now DHG (Dixon Hughes Goodman LLP) Risk Advisory Services Partner Gary Nimax, UVA Assistant VP for Compliance and ERM David Litton, VCU and VCUHS Audit Director

2 Source: VCU Enterprise Risk Management White Paper 2012

3 A. Definitions of Key Terms Acceptable Risk Action Plan 2012 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International. Shared with permission from KPMG LLP for educational use. 3

4 Panel Discussion Topics Adoption and Support Risk Data Collection Risk Categories Addressed Risk Mitigation and Management Plans Prioritization Monitoring Communication to VPs and Board Obstacles / Successes

5 Enterprise Risk Management Program Overview

6 Comprised of: Nine schools Five hospitals The Emory clinic Emory Specialty Associates JVs with the VA and Grady Revenues $4B Research $600M Employees 27K Students 12K

7 Rules: 1. Keep it simple 2. Support from the top 3. Organization and infrastructure 4. Define the program s objective 5. Customize the program for your institution 6. Create a charter 7. Define roles and responsibilities

8 From the Charter: Risk, in one form or another, is present in virtually all worthwhile endeavors. We recognize that not all risk is bad; thus our goal is not to eliminate all risk, for by doing so we would limit productive activity. Rather, our goal is to assume risk judiciously, mitigate it when possible, and prepare ourselves to respond effectively and efficiently when necessary.

9 ERM Executive Sponsors Committee (Reputational & Strategic Risks) President (Committee Chair) Executive VP for Finance and Administration Executive VP for Health Affairs Executive VP for Academic Affairs and Provost President and CEO, Emory Healthcare Senior VP and General Counsel Senior VP and Dean for Campus Life VP and Secretary VP of Communications Senior VP for Development and Alumni Relations ERM Steering Committee Chief Risk Officer (Co-Chair) Vice President of Investments, Chief Investment Officer Vice President of Finance Senior Vice Provost for Academic Planning and Faculty Development Special Assistant to Sr. VP & Dean, Campus Life Vice President of Human Resources Vice President of Campus Services Chief Audit Officer (Co-Chair) Deputy General Counsel Vice President of Research Vice President of IT, Chief Information Officer Executive Special Assistant to the VP, Campus Services Director of Critical Event Preparedness and Response Vice President for Research Administration Finance and Investment Healthcare Research Information Technology Campus Safety and Physical Plant Governance and Corporate Affairs Academic and Student Affairs Human Resources

10 Frequency (likelihood of occurring) 1-low: <10% chance of occurring in 2 years 2-medium: <25% chance of occurring in 2 years 3-high: <50% chance of occurring in 2 years 4-very high: >50% chance of occurring in 2 years or already occurring Severity (potential impact) 1-minor: unlikely to have permanent or significant effect on institution s reputation or achievement of its strategic objectives 2-moderate: will have significant impact on institution but can be managed without major impact 3-serious: will have significant effect on institution and require major effort to manage and resolve occurrence, as well as its ramifications 4-very serious: will threaten existence of institution if not resolved

11 Definitions: Primary Operational Leader (POL) - Emory manager/executive with primary (but often NOT sole) operational responsibility over the functional area where the risk has the greatest potential impact. Risk Management Process Owner (RMPO) - Individual assigned the responsibility for drafting the Risk Management Plan and keeping it current. The RMPO is NOT necessarily the individual who has primary operational responsibility for managing the risk, but must be sufficiently familiar with the risk to prepare a coherent Risk Management Plan Code Risk Frequency (1-4) Severity (1-4) Adjusted Risk Factor RMPO POL Assigned Risk Committee Committee Chair(s) ASA1 Academic and Student Affairs ASA2 Academic and Student Affairs ASA3 Academic and Student Affairs ASA4 Academic and Student Affairs

12 Risk: Examples and/or components of the risk : Steps currently in place to manage the risk: Issues:

13 Risk Identification (Aug to Sept) Risk Management Plans (Oct to Dec) Risk Hearings (Jan to Aug) Monitoring and Evaluation (On Going) Steering Committee identifies risks for major operational areas Risks ranked by frequency (likelihood of occurring within two years) and severity (potential impact on system) Top 50 risks, based on decreasing risk factor, are designated Key Risks Committee identifies individuals responsible for overseeing management of each key risk ( Risk Management Process Owner ) Key Risks reviewed with Executive Committee President charges Risk Management Process Owners with preparing two page plan within 90 days Plans include detailed description of risk, risk components, steps being taken to manage the risk, operational and communication responses to adverse occurrences Plans must clearly identify who is responsible and accountable for specific actions Steering Committee reviews Risk Management Plans Risk Management Process Owners revise plans based on Steering Committee feedback Risk Management Plans go to Executive Committee Risk Management Process Owners present to Executive Committee Five risk hearings, three hours each Process Owners provide five minute overview of each risk, followed by five minutes Q&A Executive Committee probes for potential gaps between the risk and the response plan Process Owners may be asked to return with additional information at the next hearing Participants identify best practices Executive Session includes overview of total risk for specific operational area and ERM process overall Key Risks and specific Risk Management Plans are reviewed throughout the year Relative frequency and severity may be adjusted resulting in the addition or deletion of key risks Updates to the Risk Management Plans are requested as needed

14 University of Virginia Enterprise Risk Management (ERM) College and University Auditors of Virginia May 19, 2015

15 UNIVERSITY OF VIRGINIA ENTERPRISE RISK MANAGEMENT (ERM) Executed risk assessment process with input from Deans and Vice Presidents. Rated the potential likelihood and impact. Refined the primary risks refined to top nine categories focused on most important to institutional continuity. Represented the key risks that merit further BOV understanding and discussion. Develop mitigation strategies to identify risk owner, action plans, due dates, and responsible parties. Share mitigation strategies with the BOV.

16 ENTERPRISE RISK MANAGEMENT (ERM) Sample Survey Items

17 TYPES OF RISK Strategic Risk Reputational Risk Enterprise Risk Management Financial Risk Legal and Regulatory Risk Operational Risk

18 Top Institutional Risks 1. Sufficient funding/resources to achieve goals Maintain core programs and pursue strategic objectives Align fundraising with strategic priorities Maintain historical Grounds, infrastructure and address needed capital projects Maintain State appropriations at a level necessary to accommodate enrollment growth and inflation Sustain and grow research mission Sustain AccessUVa Continue top decile performance of endowment 2. Management of human capital Achieve competitive compensation Manage generational turnover in faculty Effective succession planning 18

19 Top Institutional Risks 3. Legal compliance risks (state/federal/other) Comply with federal, state, or other established regulatory requirements (e.g. NCAA, SACS) 4. Keeping pace with changes in higher education Effectively implement strategic plan Ensuring adequate learning spaces to offer competitive graduate and undergraduate curricula 5. Failure to maintain reputation with key stakeholders Maintain/improve higher education rankings Maintain key accreditations 19

20 Top Institutional Risks 6. Failure to manage geo-political and economic risks Manage risks of increasing international experiences of faculty and students Effectively manage changing economic circumstances (e.g. growth/hyperinflation) 7. Safety/security of student, faculty and staff Effectively mitigate and respond to incidents on Grounds or at University-affiliated programs (e.g. racial incidents, harassment, pandemic risk, sexual assault, or other violence) Manage risks of increasing international experiences of faculty and students 20

21 Top Institutional Risks 8. Cybersecurity/leveraging IT Protect sensitive data and information Effectively leverage technology in the residential educational experience 9. Capitalize on organizational/operational efficiencies Effectively pursue organizational excellence Manage risk of differing priorities, inefficiencies, and complexity in decentralized operations and authority 21

22 Enterprise Risk Management Program Overview

23 ERM Abbreviated Timeline 2012 Identified need for ERM Developed white paper Established ERM Implementation Committee Selected KPMG as consultant Developed ERM website 2013 Conducted focus group interviews Identified risks and consolidated into risk themes Reviewed and prioritized risks Trained risk and process owners on preparation of Risk Mitigation and Management (RMM) Plans Provided preliminary review of RMM Plans

24 ERM Abbreviated Timeline 2014 Continued to evaluate risk theme prioritization and consolidation Transitioned ERM Implementation Committee to ERM Steering Committee Developed ERM Blackboard site Began recruitment for Assistant Vice President for Safety and Risk Management 2015 Completed review of all RMM Plans Updated heat map Source: VCU ERM Recent Events Website

25 Risk Name Here Deep Dive Risk defined here. If this risk encompasses multiple areas, subrisk sheets can be added to further refine specifics making up the overall risk. Risk Risk Considerations: Potential Impacts: Risk Owner: Usually a VP Process Owner: Typically that who is closest to managing the risk Key Stakeholders Who is impacted by the risk the most? Impact Insert rating Likelihood Insert rating Speed of Onset Insert rating Current Mitigation Activities Identify what is currently being done to mitigate risk. Mitigation Effectiveness Action Plans Insert expected effectiveness rating Identify what actions are planned to be done to mitigate risk Responsible Person Due Date Template shared with permission from KPMG LLP for educational use.

26 ERM Steering Committee Progress

27 ERM Steering Committee Progress Risk Likelihood x Impact Risk A 16 Risk B 16 Risk C 15 Risk D 14 Risk E 14 Risk F 13 Risk G 13 Risk H 12 Risk I 12 Risk J 10 Risk K 10 Risk L 10 Risk M 10 Risk N 9 Risk O 9 Risk P 8 Risk Q 7 Risk R 5 Risk S 5

28 Resources COSO Enterprise Risk Management Integrated Framework Executive Summary (September 2004) IIA Position Paper: The Role of Internal Auditing in Enterprise-wide Risk Management (January 2009) A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO (2010) VCU ERM Website

Enterprise Risk Management. Breaking Down the Barriers at Emory

Enterprise Risk Management. Breaking Down the Barriers at Emory Enterprise Risk Management Breaking Down the Barriers at Emory Willis Healthcare Forum Nashville, TN July 10, 2007 Shulamith Klein Senior Director Office of Risk & Insurance Services The Emory Enterprise

More information

Enterprise Risk Management VCU Process

Enterprise Risk Management VCU Process VCU Process What is Enterprise Risk Management? An organization-wide systematic approach to identify and tactically manage risk. A best practice to prioritize risk and implement processes to monitor risk.

More information

Attorney Perspectives: Enterprise Risk Management in a Time of Innovation

Attorney Perspectives: Enterprise Risk Management in a Time of Innovation Attorney Perspectives: Enterprise Risk Management in a Time of Innovation Nancy Pringle, Vice President and General Counsel, Ithaca College Stephen Sencer, Senior Vice President and General Counsel, Emory

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including: Enterprise Risk Management Process and Procedures Scope In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including: Risk identification

More information

04A. RISK MANAGEMENT: HOW TO MAKE IT PART OF YOUR STRATEGY. November 6 8, 2013. Shulamith Klein Chief Risk Officer Emory University Emory Healthcare

04A. RISK MANAGEMENT: HOW TO MAKE IT PART OF YOUR STRATEGY. November 6 8, 2013. Shulamith Klein Chief Risk Officer Emory University Emory Healthcare 04A. RISK MANAGEMENT: HOW TO MAKE IT PART OF YOUR STRATEGY November 6 8, 2013 Shulamith Klein Chief Risk Officer Emory University Emory Healthcare I. ERM ANNUAL PROCESS Risk Identification June - July

More information

Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program.

Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program. Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program. Or: How I Learned to Stop Worrying and Love the ERM! Is this You?

More information

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012 Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund There are different risk assessments prepared: Annual risk assessment

More information

Florida A&M University O CTOBER 2008

Florida A&M University O CTOBER 2008 Florida A&M University O CTOBER 2008 2013-14 Risk assessment and internal audit plan May 2013 Contents 2013-14 Risk assessment & internal audit plan... 1 Risk assessment matrix development process... 2

More information

Enterprise Risk Management & Information Technology

Enterprise Risk Management & Information Technology Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management

More information

Arizona State University Fiscal Year 2009 IT Risk Assessment Methodology Prepared for the January 22, 2009 Audit Committee Meeting

Arizona State University Fiscal Year 2009 IT Risk Assessment Methodology Prepared for the January 22, 2009 Audit Committee Meeting Arizona State University Fiscal Year 2009 IT Risk Assessment Methodology Prepared for the January 22, 2009 Audit Committee Meeting This document provides an overview of the methodology used by ASU University

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

Governance Processes and Organizational Structures for Information Management

Governance Processes and Organizational Structures for Information Management UNIVERSITY BUSINESS EXECUTIVE ROUNDTABLE Governance Processes and Organizational Structures for Information Management Custom Research Brief Research Associate Lauren Edmonds Research Manager Priya Kumar

More information

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM)

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM) Department of Veterans Affairs VA Directive 0054 Washington, DC 20420 Transmittal Sheet April 8, 2014 VA Enterprise Risk Management (ERM) 1. REASON FOR ISSUE: This directive provides guidelines to help

More information

Analyzing Risks in Healthcare. February 12, 2014

Analyzing Risks in Healthcare. February 12, 2014 Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Controlling for change: A consolidation case study

Controlling for change: A consolidation case study Controlling for change: A consolidation case study May 20, 2013 Beth Brigdon VP for Institutional Effectiveness Learning Objectives Understand the importance of identifying and engaging key stakeholders

More information

APPLICATION ANNUAL WORK PLAN (ONE OBJECTIVE PER PAGE)

APPLICATION ANNUAL WORK PLAN (ONE OBJECTIVE PER PAGE) GOVERNANCE Objective 1A Ensure program success through effective governance structures. The successful applicant will be required to work with a representative advisory group developed in consultation

More information

Organizational Change Management: A Best Practice to Effective ERM Implementation

Organizational Change Management: A Best Practice to Effective ERM Implementation Organizational Change Management: A Best Practice to Effective ERM Implementation Christine Ackerman, CPA Associate Vice President & Director of Internal Audit University of Cincinnati Anita Ingram, ARM

More information

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP 2 AGENDA About RLB / About Our Not-for-Profit Team Defining Risk Types of Organizational Risk

More information

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role

More information

Periodic risk assessment by internal audit

Periodic risk assessment by internal audit Periodic risk assessment by internal audit I Introduction The Good Practice Internal Audit Manual Template, developed by the Internal Audit CoP of Pempal, defines the importance and the impact that an

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Enterprise Risk Management, Compliance, Management Advisory Services: An Integrated Approach

Enterprise Risk Management, Compliance, Management Advisory Services: An Integrated Approach Enterprise Risk Management, Compliance, and Management Advisory Services: An Integrated Approach SCCE s Higher Education Compliance Conference June 13, 2011 Objectives Implementing Enterprise Risk Management

More information

Appendix A - Charter of the Academic and Student Affairs Committee

Appendix A - Charter of the Academic and Student Affairs Committee ATTACHMENT 2 Appendix A - Charter of the Academic and Student Affairs Committee A. Purpose. The Academic and Student Affairs Committee shall be well informed about, provide strategic direction and oversight,

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

College of Business Vision, Rationale, and Process. February 17, 2016 Provost Michael I. Kotlikoff

College of Business Vision, Rationale, and Process. February 17, 2016 Provost Michael I. Kotlikoff College of Business Vision, Rationale, and Process February 17, 2016 Provost Michael I. Kotlikoff The Cornell College of Business (CCB) o A unified College of Business consisting of: School of Hotel Administration

More information

University of Oregon Information Technology Risk Assessment. December 2, 2015

University of Oregon Information Technology Risk Assessment. December 2, 2015 December 2, 2015 Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 APPROACH... 4 IT UNITS... 5 NOTED STRENGTHS... 5 THEMES... 6 IT RISKS... 11 IT RISKS DESCRIPTIONS... 12 APPENDIX A: BAKER TILLY

More information

University of Rhode Island IT Governance

University of Rhode Island IT Governance University of Rhode Island IT Governance The Information Technology Review Steering Committee invites you to comment on a proposed IT governance structure for the University. The proposal is based on recommendations

More information

Using Strategic Risk Management to Gain Assurance and Communicate More Effectively

Using Strategic Risk Management to Gain Assurance and Communicate More Effectively Using Strategic Risk Management to Gain Assurance and Communicate More Effectively Julie Englund Board Member, Treasurer and Finance Committee Chair Wilson College Raina Rose Tagle, CPA, CISA, CIA National

More information

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com ADVISORY SERVICES Risk management in an evolving world Making the case for social media governance kpmg.com Risk management in an evolving world 3 Why good governance should be the foundation of your social

More information

Enterprise Risk Management Handbook. June, 2010

Enterprise Risk Management Handbook. June, 2010 Enterprise Risk Management Handbook June, 2010 Table of Contents Overview... 4 What is Enterprise Risk Management?... 5 Why Undertake Enterprise Risk Management?... 6 Draft UW System ERM Vision, Mission,

More information

Blending Sponsorship with Change Management

Blending Sponsorship with Change Management Blending Sponsorship with Change Management A case study of implementing a new financial model at the University of Virginia Lee Baszczewski Sarah Collie July 27, 2012 July 2012 1 Objective of Session

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

OAC Presentation to UNESCO Member States

OAC Presentation to UNESCO Member States OAC Presentation to UNESCO Member States Scope and Purpose of Audit and Risk Committees 29 June 2016 1 Content: 1. Context 2. Audit and Risk Management in UNESCO today 3. Relationship between Entreprise

More information

Offshore and Cross-Border Programs

Offshore and Cross-Border Programs Offshore and Cross-Border Programs FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Procedures Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related Information Effective:

More information

Date Submitted: October 1, 2013. Unit: The Office of Institutional Research, Planning, and Effectiveness I. MISSION STATEMENT

Date Submitted: October 1, 2013. Unit: The Office of Institutional Research, Planning, and Effectiveness I. MISSION STATEMENT 1 EMORY UNIVERSITY 2012 2013 Assessment Report for Administrative and Educational Support Units Assessment Period Covered: September 1, 2012 August 31, 2013 Unit: The Office of Institutional Research,

More information

UNIVERSITY FLU PANDEMIC PLAN Preparation, Management and Recovery

UNIVERSITY FLU PANDEMIC PLAN Preparation, Management and Recovery UNIVERSITY FLU PANDEMIC PLAN Preparation, Management and Recovery Objectives The objectives of establishing and implementing a University Flu Pandemic Plan are: 1. to protect the physical, mental and overall

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

Streamlining the Annual Risk Assessment Process

Streamlining the Annual Risk Assessment Process Streamlining the Annual Risk Assessment Process Presenter: Gregory Jordan, CPA, CIA, CRMA, FLMI Senior Vice President, Chief Audit Executive Nationwide Insurance Gregory Jordan, CPA, CIA, CRMA, FLMI Chief

More information

Enterprise Risk Management Risk Inventory Summary. Prepared by: December 1, 201X

Enterprise Risk Management Risk Inventory Summary. Prepared by: December 1, 201X Enterprise Risk Management Risk Inventory Summary Prepared by: December 1, 201X Definition Enterprise Risk Management (ERM) is a comprehensive, systematic approach to identifying events, and measuring,

More information

Federal Reserve System Secure Payments Task Force

Federal Reserve System Secure Payments Task Force 2015 Federal Reserve System. Materials are not to be used without Federal Reserve consent. Federal Reserve System Secure Payments Task Force Teleconference June 4, 2015 Secure Payments Task Force Anti-Trust

More information

Information Security Program CHARTER

Information Security Program CHARTER State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information

More information

Position Description Cover Sheet. Executive Director, Risk Management and Compliance Division/department: GCO/Risk Management & Compliance

Position Description Cover Sheet. Executive Director, Risk Management and Compliance Division/department: GCO/Risk Management & Compliance Position Description Cover Sheet In order to make an objective and accurate evaluation of a position, it is very important that the position description (PD) contain specific data. Therefore, please provide

More information

IT GOVERNANCE AT CARLETON UNIVERSITY

IT GOVERNANCE AT CARLETON UNIVERSITY IT GOVERNANCE AT CARLETON UNIVERSITY Version 4.5 March 2015 Office of the Chief Information Officer, Computing and Communication Services This Document provides the terms of reference and structure for

More information

Conducting Market Analysis for New Programs

Conducting Market Analysis for New Programs Academic Affairs Forum Conducting Market Analysis for New Programs Developing Financially Viable Programs and Meeting Market Demand Custom Research Brief eab.com Academic Affairs Forum Emily McKelvey Research

More information

2012 Audit Plan. Finance, Audit and Facilities Committee Board of Regents. November 2011 ATTACHMENT

2012 Audit Plan. Finance, Audit and Facilities Committee Board of Regents. November 2011 ATTACHMENT 2012 Audit Plan Finance, Audit and Facilities Committee Board of Regents November 2011 ATTACHMENT Table of Contents Executive Summary...1 2012 Audit Plan...2 Analysis of Coverage of University Auditable

More information

OAS 2015 Final Progress Report and 2016 Annual Audit Plan

OAS 2015 Final Progress Report and 2016 Annual Audit Plan OAS 2015 Final Progress Report and 2016 Annual Audit Plan TAB C BACKGROUND As outlined in the charter of the Oregon State University (OSU) Board of Trustees Executive & Audit Committee (Committee), the

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

International Agreements

International Agreements International Agreements Handbook of Procedures & 2011 Guidelines Office of International Affairs Ronan Hall www.oia.cmich.edu Phone: 989-774-4308 Fax: 989-774-3690 Central Michigan University International

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Academic Division Enterprise Risk Management (ERM)

Academic Division Enterprise Risk Management (ERM) Academic Division Enterprise Risk Management (ERM) Audit and Compliance Committee March 24, 2015 Achieve competitive compensation Risk Category Risk Description Risk Owner Key Stakeholders Management of

More information

How to stay competitive in a converging healthcare system kpmg.com

How to stay competitive in a converging healthcare system kpmg.com Managing risk in a transforming healthcare organization How to stay competitive in a converging healthcare system kpmg.com 2 Healthcare Risk Management Managing the risk of healthcare transformation Healthcare

More information

Federal Bureau of Investigation s Integrity and Compliance Program

Federal Bureau of Investigation s Integrity and Compliance Program Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

More information

Healthcare Internal Audit: In a Time of Transition

Healthcare Internal Audit: In a Time of Transition The 2015 State of the Internal Audit Profession Study Healthcare Internal Audit: In a Time of Transition The healthcare industry in the United States is facing many challenges with the enactment of legislation

More information

Strategic Planning Procedure Manual

Strategic Planning Procedure Manual Strategic Planning Procedure Manual Adopted by the Strategic Planning Committee January 2003; revised December 2007, revised November 2011; revised September 2012; revised October 2014; revised June 2015

More information

Enterprise Risk Management Plan FY 2015. December 2014

Enterprise Risk Management Plan FY 2015. December 2014 1 Enterprise Risk Management Plan FY 2015 December 2014 2 Enterprise Risk Management Plan, FY 2015 Introduction Enterprise Risk Management (ERM) at the Texas A&M Transportation Institute (TTI) identifies

More information

Southern University College of Business Strategic Plan

Southern University College of Business Strategic Plan Southern University College of Business Strategic Plan 2012-2017 Baton Rouge, Louisiana February 24, 2012 This document is the draft Strategic Plan of the College of Business for the period 2012 2017.

More information

Enterprise Risk Management at Pennsylvania State University (A) Strategy Implementation in a Decentralized Organization

Enterprise Risk Management at Pennsylvania State University (A) Strategy Implementation in a Decentralized Organization Enterprise Risk Management at Pennsylvania State University (A) Strategy Implementation in a Decentralized Organization Case study Reference no 308-372-1 This case was written by Assistant Professor Harvey

More information

Enterprise Risk Management Task Force Report to UNC Board of Trustees. Trustee Sallie Shuping-Russell, Chair May 2015

Enterprise Risk Management Task Force Report to UNC Board of Trustees. Trustee Sallie Shuping-Russell, Chair May 2015 Enterprise Risk Management Task Force Report to UNC Board of Trustees Trustee Sallie Shuping-Russell, Chair May 2015 0 In all well regulated governments it is the indispensable duty of every legislature

More information

Fraud Prevention and Deterrence

Fraud Prevention and Deterrence Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining

More information

St. John s University. College of Pharmacy and Allied Health Professions. Annual Objectives. 2010-2011 Revised 7/22/10

St. John s University. College of Pharmacy and Allied Health Professions. Annual Objectives. 2010-2011 Revised 7/22/10 1 St. John s University College of Pharmacy and Allied Health Professions Annual Objectives 2010-2011 Revised 7/22/10 Institutional Goal I: Develop our academic and institutional culture to be studentcentered

More information

Self-Study Town Hall Session. Working Group #1 Educational Innovation and Transformation

Self-Study Town Hall Session. Working Group #1 Educational Innovation and Transformation Self-Study Town Hall Session Working Group #1 Educational Innovation and Transformation Steering Committee Co-Chairs Dean Natalie Eddington Dr. Roger Ward September 2, 2015 Town hall objectives 1. Provide

More information

Dean of the College of Pharmacy and Health Sciences

Dean of the College of Pharmacy and Health Sciences 1 Dean of the College of Pharmacy and Health Sciences Texas Southern University invites nominations and applications for the position of Dean of the College of Pharmacy and Health Sciences (COPHS). Reporting

More information

Self-Study Town Hall Session. Working Group #2 Research, Scholarship and Entrepreneurship

Self-Study Town Hall Session. Working Group #2 Research, Scholarship and Entrepreneurship Self-Study Town Hall Session Working Group #2 Research, Scholarship and Entrepreneurship Steering Committee Co-Chairs Dean Natalie Eddington Dr. Roger Ward September 9, 2015 Town hall objectives 1. Provide

More information

ITS Project Management

ITS Project Management ITS Project Management Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED QUESTIONS

More information

Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations

Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations Author: Glen C. Mueller, Chief Audit & Compliance Officer, Scripps Health, San Diego, CA Introduction

More information

Enterprise Risk Management in Colleges and Universities

Enterprise Risk Management in Colleges and Universities Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management 1 Agenda Definition & Risk Response Environment Scan news from Insurance Confusion Reduction Lessons Learned from Others with an ERM program 2 Enterprise Risk Management Defined:

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

KPMG LLP Credit Risk Management Practices 2014 Survey on Credit Bureau Reporting

KPMG LLP Credit Risk Management Practices 2014 Survey on Credit Bureau Reporting KPMG LLP Credit Risk Management Practices 2014 Survey on Credit Bureau Reporting July 2014 kpmg.com Introduction Dear Colleagues: Credit reports play an important role in the lives of consumers. As the

More information

Office of the President University Policy

Office of the President University Policy Office of the President University Policy SUBJECT: UNIVERSITY ENVIRONMENTAL HEALTH AND SAFETY Effective Date: 7-3-12 Policy Number: 4.1.2 Supersedes: Page Of Presidential 1 6 Memorandum #85 Responsible

More information

SENIOR ACADEMIC ADMINISTRATOR POSITIONS RESPONSIBILITY STATEMENTS TABLE OF CONTENTS

SENIOR ACADEMIC ADMINISTRATOR POSITIONS RESPONSIBILITY STATEMENTS TABLE OF CONTENTS SENIOR ACADEMIC ADMINISTRATOR POSITIONS RESPONSIBILITY STATEMENTS TABLE OF CONTENTS Vice Chancellor and CEO... 2 Deputy Vice Chancellor for Academic Affairs (Provost)... 4 Deans of Colleges... 7 Dean of

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

Organization and Job Profile

Organization and Job Profile Organization and Job Profile New Orleans, Louisiana Position: Reports to: Location: System Vice President for Research New Orleans, Louisiana CORPORATE BACKGROUND is a non-profit, academic, multi-specialty,

More information

Auditing Campus Shared Services. Audit Services Monthly Webinar Presentation March 19, 2015

Auditing Campus Shared Services. Audit Services Monthly Webinar Presentation March 19, 2015 Auditing Campus Shared Services Audit Services Monthly Webinar Presentation March 19, 2015 Your Speakers Wanda Lynn Riley Chief Audit Executive, Audit and Advisory Services UC Berkeley Wanda Lynn Riley

More information

IT Governance Action Team Report & Recommendations

IT Governance Action Team Report & Recommendations IT Governance Action Team Report & Recommendations March 15, 2012 Action Team Members: Vivek Choudhury Associate Dean, College of Business William Fant Interim Dean, College of Pharmacy Mark Faulkner (Co-chair)

More information

PLAN FOR INSTITUTIONAL SELF-STUDY NCA Accreditation A DECADE OF RENAISSANCE

PLAN FOR INSTITUTIONAL SELF-STUDY NCA Accreditation A DECADE OF RENAISSANCE PLAN FOR INSTITUTIONAL SELF-STUDY NCA Accreditation A DECADE OF RENAISSANCE Saint Louis University, a Jesuit, catholic university, founded in 1818 is undertaking the process of institutional self-examination

More information

Performance Measures for Internal Auditing

Performance Measures for Internal Auditing Performance Measures for Internal Auditing A simple question someone may ask is Why measure performance? An even simpler response would be that what gets measured gets done. McMaster University s discussion

More information

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents 2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management EACUBO Workshop March 20, 2014 Janice M. Abraham, President & CEO ERM: A process forward 2 ERM A business process, led by senior leadership, that expands the core concepts of

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

Internal Audit and Advisory Services DRAFT

Internal Audit and Advisory Services DRAFT Internal Audit and Advisory Services DRAFT PAGE(S) Message from the Internal Audit and Advisory Services...1-2 Internal Audit and Advisory Services Plan...3-5 Objectives...6-7 Risk Assessment Process...8

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/Continuous Monitoring INTRODUCTION New demands from the board, senior organizational

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION The Enterprise Systems Management Program Is Making Progress to Improve Service Delivery and Monitoring, but Risks Remain September 12, 2008 Reference

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

Strategic Direction 7 Vision for Shared Administrative Services

Strategic Direction 7 Vision for Shared Administrative Services Strategic Direction 7 Vision for Shared Administrative Services Strategic Direction 7 - Centralize the System s business/administrative functions, where appropriate, in order to leverage resources and

More information

Introduction to Enterprise Risk Management at UVM DRAFT

Introduction to Enterprise Risk Management at UVM DRAFT Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for

More information

Enterprise Risk Management (ERM): In Action. January 2010. Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport

Enterprise Risk Management (ERM): In Action. January 2010. Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport January 2010 Enterprise Risk Management (ERM): In Action Co-presented by: Michael Yip, Risk Consulting Norma Essary, DFW International Airport www.marsh.com Discussion Topics Enterprise Risk Management

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting. Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Internal Controls Over Financial Reporting Prepared by: Audit and Assurance Services Branch Project #: 14-05 November 2014

More information

REQUESTS FOR PROPOSAL RFP TGF-16-017. Title: Professional Services for the Implementation of the Board Governance Performance Assessment Framework

REQUESTS FOR PROPOSAL RFP TGF-16-017. Title: Professional Services for the Implementation of the Board Governance Performance Assessment Framework REQUESTS FOR PROPOSAL RFP TGF-16-017 Title: Professional Services for the Implementation of the Board Governance Performance Assessment Framework Issue Date: March, 9th 2016 RFP Submission Date: March,

More information

The Position The Primary Responsibilities

The Position The Primary Responsibilities Blackburn College in Carlinville, Illinois invites nominations and applications for the position of Vice President for Finance and Administration (VPFA). The VPFA is a key member of the President s leadership

More information

EQT GP HOLDINGS, LP (EQT GP Services, LLC) Corporate Governance Guidelines. (Adopted by the Board on April 30, 2015)

EQT GP HOLDINGS, LP (EQT GP Services, LLC) Corporate Governance Guidelines. (Adopted by the Board on April 30, 2015) EQT GP HOLDINGS, LP (EQT GP Services, LLC) Corporate Governance Guidelines (Adopted by the Board on April 30, 2015) 1. Statement of Governance. EQT GP Holdings, LP (the Partnership ) is governed by a limited

More information

83. Standard 9. Financial Resources. 1. Description. 1.1. Financial stability

83. Standard 9. Financial Resources. 1. Description. 1.1. Financial stability 83. Standard 9. Financial Resources 1. Description 1.1. Financial stability Bentley University has not reported an operating deficit since it became a not-for-profit organization in 1948. Fiscal year 2012

More information

Allison D. Garrett Executive Vice President Abilene Christian University

Allison D. Garrett Executive Vice President Abilene Christian University Allison D. Garrett Executive Vice President Abilene Christian University Cell number: Office number: Email: EDUCATION Georgetown University Law Center, LLM in Securities Regulation, with honors University

More information

Public Sector Pension Investment Board

Public Sector Pension Investment Board Public Sector Pension Investment Board Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Her Majesty the Queen in Right of Canada,

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information