Beyond risk identification Evolving provider ERM programs

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Beyond risk identification Evolving provider ERM programs"

Transcription

1 Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many are operating at comparable levels to their peers, in that they have established risk identification and assessment processes. However, given the increasingly complex and risk saturated environment providers operate in, there s an urgency to continuously enhance and improve ERM programs beyond their current capabilities.

2 The top priority of every healthcare organization is patient quality. Yet new forms of competition, changing regulatory requirements, technology advances, and rapidly evolving patient expectations are driving immense change in the healthcare landscape and introducing risks to both patient quality and provider long-term prosperity. Recognizing the risks associated with managing change, healthcare providers have invested in ERM. However, in today s environment, ERM programs must continuously evolve and seek new ways to bring relevant information to their key stakeholders. Through in-depth interviews with leading U.S. healthcare providers we found that, while many provider programs are comparable to their peers, there are additional opportunities to further enhance the risk management investments healthcare providers have made. If providers are going to effectively manage risks and meet their stakeholders risk management expectations, they must evolve their ERM programs to do so. PwC 1

3 Change, complexity and intensified risk Numerous changes are amplifying the complexity of the healthcare landscape and driving the risk profile of provider organizations to expand significantly (Figure 1). The underlying economics of healthcare delivery are transforming as health initiatives target specific populations and health conditions, driving a move away from volume-based service to value-based outcomes via bundled and performance-based payment models. Government program reimbursement changes are also impacting healthcare providers bottom line. As overall expenditures on the Medicare and Medicaid eligible population increases, reimbursement rates paid to providers is decreasing. New market entrants into healthcare, such as traditional retailers and technology companies, are pushing healthcare companies toward new competitive strategies, while the consumerism of healthcare is driving demand for pricing and service transparency and support of care consumption decision-making. In this tumultuous environment, CEOs definitely see more opportunities for their organizations, however, they also see significantly more risk arising from the transformation their sector is undergoing. While 60% of CEOs participating in PwC s 19th Annual Global CEO Survey 1 see more opportunities for their business today, 66% see more risk. As opportunities arise, so do risks. Understanding and responding to the impact of these risk, requires organizations to increasingly invest in capabilities that allow them to proactively identify and manage known and unknown risks to take advantage of opportunities. Thus, to embrace the new health economy, maintain a focus on patient quality, and achieve objectives beyond incremental growth, providers strategic decision-making should be inclusive of comprehensive risk identification, assessment, prioritization, and management. In situations similar to those facing the provider sector, effective risk management has become a competitive advantage, enabling the achievement of strategic objectives. This makes risk management increasingly important to the organization as it navigates both the upside and downside risks associated with their strategies. Top risks identified by healthcare providers 1. Security and privacy 2. Revenue cycle management/icd Payer reimbursement 4. IT infrastructure 5. Third party risk 6. Regulatory environment 7. Patient quality/safety 8. Talent management, clinical labor shortage (nurses primarily), and physician alignment strategy 9. Business sustainability and resiliency/pandemics 10. Mergers, acquisitions and divestitures (including international) 11. Strategic initiatives to address new entrants 1 PwC s 19 th Annual Global CEO Survey (http://www.pwc.com/gx/en/ceo-survey/) PwC 2

4 Figure 1: A snapshot of major trends impacting healthcare providers Reimbursement models being redefined Shifting from volume to value as population health initiatives drive a move toward bundled and global payment models Declines in overall Medicare and Medicaid payments New entrants changing the competitive landscape Retailers becoming healthcare providers Companies with new technologies such as wearables and tele-health Mergers and acquisitions Consumerism Consumers, forced to make more of their own care decisions, demanding transparency and enablement of consumer care decision-making Protecting patient privacy and information security while providing transparency and convenience Technology underpinning healthcare is rapidly transforming Increasing use of data to inform decision-making Adoption of electronic medical records Regulatory changes such as ICD-10 coding See PwC s Top health industry issues of for a more complete review of trends. 2 PwC s Top health industry issues of 2015 (http://www.pwc.com/us/en/health-industries/top-health-industryissues/assets/pwc-hri-top-healthcare-issues-2015.pdf) PwC 3

5 The need to move beyond risk identification Risk management within healthcare providers can drive greater relevance and value by expanding its focus, moving from a historical scope of risk identification and avoidance, to helping the organization assure it takes the right risks to succeed and manages them effectively. In its whitepaper, Leveraging COSO Across the Three Lines of Defense 3, the Institute of Internal Auditors notes that risk management is strongest when there is distinct responsibility for monitoring risk as well as for ownership and assurance. In many industries these responsibilities fall to three lines of defense that effectively coordinate the management of risk, share information across the organization and maintain the control environment. The lines of defense work together to comprise an enterprise s risk management capability. In many organizations there is an opportunity for the ERM function to coordinate and lead these efforts. In the last three to five years, healthcare providers have invested in risk management and made progress toward building and formalizing their ERM programs. Most have built an infrastructure to identify and assess risk. In some instances, Chief Compliance Officers are in place, and compliance program structures and focus are being continuously evaluated to align with changing regulatory requirements and the expectations of regulatory agencies. Yet, to drive greater relevance and help their organizations better understand and manage risk, risk management with healthcare providers needs to continuously evolve An effective ERM program for providers would not only address compliance-related risk, but also existing strategic, operational, technological, and financial risks and emerging risks that are derived from organizational and industry changes. In some cases capacity is limiting current ERM program effectiveness. In others, the lack of integration across the organization is driving tremendous inefficiency in managing the organization s risk profile. A siloed view of risk creates inertia across the organization and a negative perception of risk. At the same time, an aggregated, summary view of risk tends to make organizations overly cautious about their strategies, such as getting into new markets or care delivery. In most provider organizations more sophisticated ERM programs are needed to manage the risks associated with their growth strategies versus avoiding them. Understanding the correlation and interdependencies of risks will help drive organizations toward making better strategic decisions. As stated earlier, ERM programs focus on risk identification and assessment and are underserving their stakeholders. These stakeholders, who support the programs, have yet to experience the full potential that ERM can provide. Below we characterize where the industry stands in ERM maturity, identify common attributes of ERM in healthcare today and highlight opportunities for the industry to evolve ERM to improve value and performance. 3 Leveraging COSO Across the Three Lines of Defense (http://www.coso.org/documents/coso lod- PDF.pdf) PwC 4

6 Where healthcare providers are today Despite the growing importance of effective risk management, our interviews confirmed that many healthcare providers are slow to adapt a more sophisticated approach to ERM. The current state of healthcare providers risk management capabilities can best be described by the maturity model in Figure 2. Basic: Organizations classified as basic recognize the implications of risk to achieving the organization s financial, operational, compliance, technology and strategic objectives and are increasing discussions accordingly. Risks are typically defined as hazards and considered only in the context of their consequences. There is an understanding of the need to conduct an enterprise risk assessment, risks are identified on a periodic basis and risk reporting is provided to the Audit Committee and senior leadership on an annual basis. A separate risk management process exists outside of the organization s normal management process or cadence. The ERM risk assessment is not coordinated with any other risk assessments conducted in the organization. The ERM risk assessment is focused primarily on the identification and avoidance of risk. Risk rating criteria may be defined, but the assessment lacks any substantive data or analysis and is typically financial in nature. Risk appetites and other risk metrics are not used to measure or monitor risk performance. Risks are not directly linked to the strategic goals or performance initiatives or objectives, and are typically viewed in the aggregate with no correlation of risks or portfolio point of view. Risk information is typically collected and reported up the organization chain of command with no reciprocal information used to enhance management s effectiveness. Evolving: Organizations classified as evolving conduct risk assessments across the second line of defense, but do so with limited coordination or alignment (usually two to three groups). At the enterprise level, the risk assessment is supported by the board and the risk evaluation and rating criteria have been defined with limited use of risk data and metrics. During the evolving phase, the organization s risk universe expands in size and complexity, forcing a narrowing down of risks to the top 10 to 15 enterprise risks. Risk owners are identified for mitigation of risks and are responsible for the development of risk action plans to mitigate risks, but little rigor or discipline is provided to support the monitoring. Alignment between the risk management process and the business management process starts to form, but is limited (usually involving Strategy, Planning or Finance). A Risk appetite statement may exist, but is formulated at the enterprise versus the risk level. Some risks may be directly linked to strategic or performance initiatives and objectives. Established: Organizations with established risk management capabilities have elevated their risk management to incorporate all of the capabilities deficient in basic and evolving functions, including the collection and use of risk data and full use of technology enablement. Established risk management organizations perform risk assessments in a coordinated manner and risk information is integrated into key business processes such as the development of new services, mergers and acquisitions. The results of the risk assessment as well as on going risk data is considered in senior management decision making. Risk owners report the status of risk action plans, and trends in risk activity, to the board. Metrics are used to monitor risk, risk response is tracked and changes are incorporated into the risk profile on a continuous basis. Risk is monitored across a classic three lines of defense structure, with coordination of responsibilities and definition of roles and responsibilities working more in unison. A process and structure is in place to govern across all risks that are relevant and appropriate. PwC 556

7 Figure 2: ERM maturity model Based on these definitions, PwC s assessment of the ERM attributes identified in our interviews places healthcare providers primarily in the basic or evolving maturity level. For example, in most healthcare organizations, a governance, risk, and compliance (GRC) structure to coordinate and simplify the various risk functions and processes does not exist. We found that ERM may coordinate with either internal audit or compliance, but the coordination is primarily around the risk assessment process and does not extend into the other activities of ERM. In the majority (approximately 70%) of study participants, responsibility for ERM-related activities falls under internal audit. ERM-focused resources are limited to less than a single FTE in most cases. Where strong CEO sponsorship exists it has not cascaded down through management levels with, for instance, risk identification and reporting remaining at the leadership team level. Further, our research found that, at virtually 100% of study participants, ERM performs an annual risk assessment that stands alone, outside the normal management process, typically including a survey or management interviews. The ERM process focuses primarily on collecting information from the business, and reporting through a governance process. It is not integrated into existing management processes (such as the planning and reporting cycle or regular leadership meetings) on a consistent basis and information does not typically flow back to help manage the business. Risk functions within the second line of defense create disparate risk management processes and taxonomy that are not integrated into risk discussions across the three lines of defense. PwC 6

8 Most healthcare providers use different GRC technologies such as Open Pages and Archer to support SOX and IT security. However, our research found that there are opportunities to utilize GRC technologies to support ERM or integrate risk management processes. Healthcare providers primarily use Excel, PowerPoint and other desktop applications to execute and capture ERM processes. When a GRC technology is used, it is primarily used as a single risk solution versus an integrated risk management capability. Across healthcare organizations, the scope of risk assessment is typically limited to the identification and assessment of the top risks from a risk avoidance perspective, primarily using likelihood and impact (and sometimes velocity) as evaluation criteria. Even though the evaluation criteria may be well defined, a robust methodology or data to accurately calculate such risk measures lack substance. Management capabilities, risk intersections (linkage to one another or to strategies), risk consequences and risk appetite and tolerances are not considered in the assessment, evaluation or management plans. Risk appetite, if used, is only considered at the enterprise level not at the individual risk level during the risk evaluation or mitigation process. Risk reporting is focused on the most significant risks (usually the top 10 to 15 risks). The study participants, share that beyond the risks, the most frequent risk attributes reported include risk definitions, risk ratings, risk owners, and mitigation plans. Study participants also stated that monitoring of risk and in some cases mitigation plans were limited, with a small group citing risk owners provide annual risk mitigation plan progress updates to the board. Monitoring primarily focuses on the development of remediation plans and high level tracking of progress. Risk metrics, analysis and risk indicators are not routinely used to monitor or report on the risks. None of the study participants cited that testing of management s risk action or mitigation plan progression was incorporated into the ERM program capabilities. With this assessment as context, there is progress occurring in advancing ERM within the healthcare provider sector. ERM teams are starting to educate management that the role of ERM is to assist them in seeking ways to build an understanding of the organization s risk, how those risks are to be managed, and tracking the management and progression of the risks. The objective is to generate a dialog around the business objective and associated risks, create a more detailed understanding and better information about the risk, and provide input on how to manage it to accomplish the business goals. PwC 7

9 Evolving ERM to help achieve growth Given the state of ERM represented by our research, healthcare providers have the opportunity to evolve their ERM program to drive greater relevance, performance and value. Where a company focuses its efforts, of course, is determined by its existing position: Basic functions would focus on building the foundational elements of a risk management framework, while established functions would concentrate on broadening organizational support and embedding and sustaining risk management throughout the enterprise. From PwC s experience, the best programs have a continuous improvement approach where even those doing well are finding ways to enhance their program and drive value to the organization. For all organizations, an important starting point to evolve the ERM program is to clearly define or review the ERM program purpose and value proposition to the program s key stakeholders. Based upon the input gathered from the study participants, the ERM program s purpose and value proposition in the sector is underserving their organizations and stakeholder group. This is demonstrated through the focus of activities in the risk assessment while the activities in the management, monitoring and testing and reporting activities are less robust and in some cases absent all together. Overall, ERM should be well positioned to drive the level of change needed for organizations to reach their goals while managing risk in a dynamic and complex environment. To do so, it must see its role as more than performing an enterprise risk assessment and tracking its status. This requires change, from creating the risk culture and governance in alignment with the organization s strategic planning process to building out the risk processes that are supported by GRC technologies. Key components and behaviors needed to establish an effective ERM program include: Build a risk culture When a strong risk culture exists, a focus on risk has been embedded in the culture through the code of conduct and performance measurements. There are ongoing awareness and training programs designed to explain and reinforce employee roles and responsibilities. Identifying, understanding and managing risk is a priority and responsibility of all members of the management team. To evolve the risk culture: Create the vision for ERM for the organization and embed risk management activities into business, operational and clinical processes. Define risks more broadly than an event that results in challenges and issues that must be avoided. Understand both the opportunity presented as well as the uncertainty that needs to be discussed and effectively managed. Ensure the ERM program is institutionalized such that it is sustainable across the organization and not reliant on any one individual. Build buy-in across the organization. Demonstrate the value that can be derived from ERM through a pilot or proof of concept. Communicate success stories telling how ERM actions have contributed to the achievement of business goals such as managing the increasing cost of providing healthcare by focusing on those areas presenting the most significant risks. One of the nation s largest health systems operationalized ERM by embedding discussions on risk topics into day-to-day operations including quarterly performance reporting, existing committee meetings and discussions with the executive team on specific topics and the implications of risk. PwC 8

10 Formalize risk governance When risk governance is well-defined the board and senior management have specific roles and the three lines of defense are established, with ERM coordinating and driving consistency across the various risk assessment, monitoring and testing activities that occur across the three lines. Actions to formalize risk governance include: Clearly articulate, define, and communicate the roles and responsibilities of the three lines of defense for all key stakeholders from board members through senior leadership and functional management. Educate and train both the board and management on the ERM program s objectives and activities, as well as alignment with strategic and business goals. Provide each of the three lines of defense the means to fulfill those roles, ensuring proper knowledge and staffing of resources including GRC technology to facilitate information sharing, and coordination of risk management activities such as risk assessment, monitoring, and reporting. Create a community among the existing second line risk management functions to break down traditional silos. Develop accountability and escalation guidelines so that it is clear when and to whom issues will escalate. At a national healthcare provider operating in over 20 states, risk owners are responsible for developing and monitoring risk response plans as well as updating, identifying, and analyzing new and emerging risks. This information is used to update the risk profile on a periodic basis. Align to strategic planning Alignment of ERM to the strategic planning process enables ERM capabilities to be used to support the implementation of strategic initiatives. In other words, risk management becomes a strategic enabler. For example, acquisitions are an increasing focus among healthcare providers. Beyond risk identification during the due diligence process, ERM when embedded in the acquisition continuum, provides tools that can help with the successful integration and achievement of synergies by applying the foundational elements to monitor and track progress against risk factors and proactively trigger corrective action if needed. Across strategic initiatives, ERM can enable better business decision making by providing a broader understanding of risks that includes identifying the challenges and opportunities they present and facilitating deeper analysis and management discussion. Actions to take to achieve greater alignment to the organization s strategic planning process include: Leverage the results of the risk assessment to promote a discussion around the implications of the risk profile on the achievement of the operational and financial priorities of the institution. Champion the use of ERM capabilities to support the implementation of strategic initiatives. Integrate ERM processes within key functions such as, planning, mergers and acquisitions, and program management for strategic initiatives. Position the role of ERM as a core management capability relied upon to make key business decisions related to planned initiatives or unanticipated business events. Periodically update the risk profile based on changes in the business environment and emerging risks to help mitigate or anticipate the impact of uncertainties that could change the course on strategy. Use data analytics to help the business better understand the implications of risk and define the correlation between risks. PwC 10 9

11 At one Midwestern healthcare system, key risks are linked to strategic initiatives when evaluating cost and return on investment to determine whether or not the initiative falls within the organization s risk tolerance. One leading healthcare provider incorporates the process of linking all of its top risks to the stated company strategy and underlying strategic objectives, while also tying them back to risks identified in the company s 10K. Standardize risk management processes As ERM matures, the three lines of defense need to evolve to leverage a common risk framework and standardized set of processes. Consistent definition and application of risk rating criteria (impact, likelihood, management effectiveness, velocity) and a standard approach and format for monitoring and reporting risk management activities used across risk functions facilitate a coordinated process. To evolve risk management processes: Establish ERM foundational elements to standardize and create consistency in approach and weed out unnecessary uniqueness and areas of duplicate effort across the various risk management functions or capabilities in the organization. Foundational elements include risk identification, risk appetite, management of risk, testing and monitoring, and reporting. Use of GRC technology drives unification of the risk management processes as well as provides a platform to sustain them over time. Leverage GRC technology to improve existing ERM practices and processes. For example, GRC capabilities facilitate the ability to aggregate risk information across the organization; reduce redundancies resulting from duplication in the identification and assessment of risk occurring in other parts of the organization; improve coordination between control functions and ERM to focus on the most significant risk areas; and enhance the ability to respond to regulatory expectations and identify emerging risks and control issues through better visibility and understanding of risks. Enhance key processes within ERM to fully realize their intent and value. For example, incorporate key metrics in risk action plans and actively monitor the impact of risk and the controls in place to manage them. Identifying changes to key business processes not only improves the control environment, it drives performance improvement for the organization. Apply analytics to further define the qualitative and quantitative impact of risk on the achievement of strategic initiatives and day-today business decisions. Leverage risk information to monitor business activities. Consider risk scenarios to understand the implications of changing business models, industry events and trends, and the interrelatedness and combined impact of risk. Apply risk limits, appetite, and tolerances to measure and monitor the results of risk mitigation activities. Embrace the concept that tolerance changes over time and can drive resource allocation discussions. To maintain currency in risk management processes, the ERM organization at one leading provider meets with risk owners one-on-one on a quarterly basis. The meetings are used to capture changes in risk activity and discuss the effectiveness of risk action plans. Key risk indicators are applied. PwC 1 10

12 Leverage GRC technology to better capture and coordinate risk management activities As the risk environment evolves, enhanced and more sophisticated tools help to support and sustain an advancing risk management process. GRC technologies improve coordination of core risk management activities such as risk assessment, testing and reporting across risk functions that include compliance, internal audit, billing, quality, policy management, privacy, business continuity management and ERM. In addition, it provided greater access to shared data and information across the organization and improved resiliency. To better leverage GRC technologies: Identify existing tools being used across the organization by risk functions and obtain an understanding of how these tools are being used and their capabilities Obtain feedback from users of the existing tools to determine their effectiveness and applicability for use across risk functions to achieve efficiencies by streamlining the risk management process, improving coordination and facilitating risk information sharing Evaluate the capabilities not being used and determine which tools will support an integrated risk management program Develop a GRC technology roadmap that aligns current and future ERM processes and organization level goals or objectives Define a common framework, structure, and taxonomy to implement a GRC technology solution that will support the integration of risk functions with the intent of aligning compliance, risk management and operational initiatives Develop a foundational data model to categorize existing control and risk information to support the current initiatives and possible future initiatives Consider application interconnectivity to other GRC technologies and with other applications in the organization where linkage is required, such as human resources information system. Create a governance structure and high-level responsibility assignment matrix for future GRC technology-enabled risk management processes such as business continuity and ensure stakeholders are involved in future design and implementation activities Conduct a thoughtful and thorough selection process that includes a cross-functional GRC team PwC 111

13 Capitalizing on the upside of risk When benchmarking against peers, most healthcare providers can be confident they are comparable or perhaps even best in class. But, as other industries have demonstrated, there is an opportunity to move beyond current performance and evolve provider ERM programs to add greater value. This is a journey based on continuous improvement and enhancement of the program. As healthcare providers progress along this journey, they can shift ERM from a focus on avoiding risk to one of successfully managing risk. They can link risk management with the strategic objectives of the organization to assure they take the right risks to succeed and manage them effectively. And, they can demonstrate greater relevance and create value for management as they operate in an increasingly complex and risk-filled environment. Contact information For a deeper discussion on where your organization s ERM capabilities stand and how to evolve them, please contact: Stephen V. Zawoyski Enterprise Risk Management Leader (612) LaVern Miles Managing Director (678) Chris Toppi Director (630) PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details.

Enterprise Risk Management

Enterprise Risk Management 2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion

More information

How ERM programs evolve

How ERM programs evolve How to achieve excellent Enterprise Risk Management series www.pwc.com/us/ermexcellenceseries Article 3: June 2015 How ERM programs evolve Overview An organization s enterprise risk management (ERM) program

More information

Board oversight of risk: Defining risk appetite in plain English

Board oversight of risk: Defining risk appetite in plain English www.pwc.com/us/centerforboardgovernance Board oversight of risk: Defining risk appetite in plain English May 2014 Defining risk appetite in plain English Risk oversight continues to be top-of-mind for

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

The Business Case for Using Big Data in Healthcare

The Business Case for Using Big Data in Healthcare SAP Thought Leadership Paper Healthcare and Big Data The Business Case for Using Big Data in Healthcare Exploring How Big Data and Analytics Can Help You Achieve Quality, Value-Based Care Table of Contents

More information

Transforming risk management into a competitive advantage kpmg.com

Transforming risk management into a competitive advantage kpmg.com INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.

More information

July 2015. New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity

July 2015. New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity July 2015 New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity The new health economy is bringing change and new entrants from diverse industries are

More information

As is the case in many industries today, corporate governance

As is the case in many industries today, corporate governance How Health Care Organizations Risk and Compliance Executives Can Become Strategic Board Advisors Terry Puchley, Partner, PwC, terry.puchley@us.pwc.com Mitchel Harris, Director, PwC, mitchel.s.harris@us.pwc.com

More information

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg. Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.com June 2015 Companies which adopt CSR or sustainability 1

More information

The transformation of IT Risk Management. kpmg.com

The transformation of IT Risk Management. kpmg.com The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help

More information

NEW PERSPECTIVES. Data Analysis Challenges: C1 is customer provided. Anticipate IRS Audits: System Development and Implementation Projects:

NEW PERSPECTIVES. Data Analysis Challenges: C1 is customer provided. Anticipate IRS Audits: System Development and Implementation Projects: NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 31, No. 2, Summer, 2012 C1 is customer provided Data Analysis

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

Enterprise contact center A strategic opportunity for health care providers

Enterprise contact center A strategic opportunity for health care providers Enterprise contact center A strategic opportunity for health care providers What s at stake? A new customer interaction model can lead to an increase in revenue and market share for health care providers

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

Enterprise risk management and business continuity management Together at last

Enterprise risk management and business continuity management Together at last www.pwc.com Enterprise risk management and business continuity management Together at last March 2016 Overview The necessity to define, create and maintain an organization s business continuity management

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

Enterprise Risk Management in Colleges and Universities

Enterprise Risk Management in Colleges and Universities Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,

More information

Eight principles of risk convergence

Eight principles of risk convergence Eight principles of risk convergence Managing risk, achieving efficiencies and supporting business decision-making with Governance, Risk and Compliance (GRC) Contents: 1 Executive overview 2 What needs

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

Introduction to Enterprise Risk Management at UVM DRAFT

Introduction to Enterprise Risk Management at UVM DRAFT Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for

More information

Metrics by design A practical approach to measuring internal audit performance

Metrics by design A practical approach to measuring internal audit performance Metrics by design A practical approach to measuring internal audit performance September 2014 At a glance Expectations of Internal Audit are rising. Regulatory pressure is increasing. Budgets are tightening.

More information

building and sustaining productive working relationships p u b l i c r e l a t i o n s a n d p r o c u r e m e n t

building and sustaining productive working relationships p u b l i c r e l a t i o n s a n d p r o c u r e m e n t building and sustaining productive working relationships p u b l i c r e l a t i o n s a n d p r o c u r e m e n t INTRODUCTION 1 1 THE GROWING INFLUENCE OF PROCUREMENT PROFESSIONALS 2 2 GUIDELINES FOR

More information

FRAMEWORK FOR AN ETHICAL MATURITY INDEX. Authors: Elena Demidenko and Patrick McNutt

FRAMEWORK FOR AN ETHICAL MATURITY INDEX. Authors: Elena Demidenko and Patrick McNutt FRAMEWORK FOR AN ETHICAL MATURITY INDEX Authors: Elena Demidenko and Patrick McNutt Across key Enterprise risk management frameworks, COSO ERM (http://www.coso.org) and ASNZ4360 (ASNZ 4360: 2004 (http://www.standards.com.au)

More information

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff The Challenge IT Executives are challenged with issues around data, compliancy, regulation and making confident decisions on their business

More information

Principles for An. Effective Risk Appetite Framework

Principles for An. Effective Risk Appetite Framework Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective

More information

Healthcare Internal Audit: In a Time of Transition

Healthcare Internal Audit: In a Time of Transition The 2015 State of the Internal Audit Profession Study Healthcare Internal Audit: In a Time of Transition The healthcare industry in the United States is facing many challenges with the enactment of legislation

More information

Tapping the benefits of business analytics and optimization

Tapping the benefits of business analytics and optimization IBM Sales and Distribution Chemicals and Petroleum White Paper Tapping the benefits of business analytics and optimization A rich source of intelligence for the chemicals and petroleum industries 2 Tapping

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

LARGE SCALE NETWORKS NEXT WAVE OF CLINICAL INTEGRATION

LARGE SCALE NETWORKS NEXT WAVE OF CLINICAL INTEGRATION CENTER FOR INDUSTRY TRANSFORMATION MAY 2015 LARGE SCALE NETWORKS NEXT WAVE OF CLINICAL INTEGRATION Authors Michael Strilesky Principal, DHG Healthcare michael.strilesky@dhgllp.com DHG HEALTHCARE CENTER

More information

Population Health Management: Advancing your Position in the Journey to Value-Based Care

Population Health Management: Advancing your Position in the Journey to Value-Based Care Population Health Management: Advancing your Position in the Journey to Value-Based Care Population Health Management as a term serves as a helpful starting point to describe the evolution of care delivery

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,

More information

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Consulting and Professional Services Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Designing an Operational Risk Program for

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM)

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM) Department of Veterans Affairs VA Directive 0054 Washington, DC 20420 Transmittal Sheet April 8, 2014 VA Enterprise Risk Management (ERM) 1. REASON FOR ISSUE: This directive provides guidelines to help

More information

Physician Enterprise The Importance of Charge Capture, Business Intelligence and Being a Data Driven Organization

Physician Enterprise The Importance of Charge Capture, Business Intelligence and Being a Data Driven Organization Physician Enterprise The Importance of Charge Capture, Business Intelligence and Being a Data Driven Organization Executive Summary Physician-hospital alignment is a key strategy for most hospitals across

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

Agile Master Data Management A Better Approach than Trial and Error

Agile Master Data Management A Better Approach than Trial and Error Agile Master Data Management A Better Approach than Trial and Error A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary Market leading corporations are

More information

ENTERPRISE RISK MANAGEMENT FOR BANKS

ENTERPRISE RISK MANAGEMENT FOR BANKS ENTERPRISE RISK MANAGEMENT FOR BANKS Seshagiri Rao Vaidyula, Senior Manager, Governance, Risk and Compliance Jayaprakash Kavala, Consultant, Banking and Financial Services 1 www.wipro.com/industryresearch

More information

P3M3 Portfolio Management Self-Assessment

P3M3 Portfolio Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction

More information

Building and Sustaining a Strong Organization Amid Challenge And Change KPMG LLP

Building and Sustaining a Strong Organization Amid Challenge And Change KPMG LLP Building and Sustaining a Strong Organization Amid Challenge And Change KPMG LLP The Issue Today s market realities offer businesses little choice but to embrace change. Companies in almost every industry

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

Compliance & Internal Audit Collaboration

Compliance & Internal Audit Collaboration www.pwc.com Compliance & Internal Collaboration Developing a compliance third line of October 2015 The Society of Corporate Compliance & Ethics 14 th Annual Compliance & Ethics Institute Conference Introductions

More information

Designing a Modern, Holistic ECM Strategy for Healthcare. How ECM consulting helps healthcare providers thrive in an atmosphere of change.

Designing a Modern, Holistic ECM Strategy for Healthcare. How ECM consulting helps healthcare providers thrive in an atmosphere of change. Designing a Modern, Holistic ECM Strategy for Healthcare How ECM consulting helps healthcare providers thrive in an atmosphere of change. Executive Summary Today s healthcare industry is undergoing continual

More information

Using Organizational Change Management Principles to Create a Scalable OCM Methodology

Using Organizational Change Management Principles to Create a Scalable OCM Methodology Using Organizational Change Management Principles to Create a Scalable OCM Methodology Cynthia Onstott John Spurrell May 16, 2016 2 Today s Learning Objectives How to develop a new Organizational Change

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February

More information

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without

More information

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a

More information

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive

More information

Adopting a Continuous Integration / Continuous Delivery Model to Improve Software Delivery

Adopting a Continuous Integration / Continuous Delivery Model to Improve Software Delivery Customer Success Stories TEKsystems Global Services Adopting a Continuous Integration / Continuous Delivery Model to Improve Software Delivery COMMUNICATIONS AGILE TRANSFORMATION SERVICES Executive Summary

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

How to achieve excellent enterprise risk management Why risk assessments fail

How to achieve excellent enterprise risk management Why risk assessments fail How to achieve excellent enterprise risk management Why risk assessments fail Overview Risk assessments are a common tool for understanding business issues and potential consequences from uncertainties.

More information

Risk Management Strategy & Implementation Plan 2014 2016

Risk Management Strategy & Implementation Plan 2014 2016 St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received

More information

Considering Meaningful Use Participation when Acquiring a Hospital or Professional Practice

Considering Meaningful Use Participation when Acquiring a Hospital or Professional Practice WHITE PAPER Considering Meaningful Use Participation when Acquiring a Hospital or Professional Practice An Encore Point of View By Paul Murphy, MBA & Amy Thorpe MBA, PMP, FHIMSS February 2015 AN ENCORE

More information

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization?

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization? Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization? Background Everyone within an organization has some responsibility for managing risk. In the

More information

Strategic Risk Management for School Board Trustees

Strategic Risk Management for School Board Trustees Strategic Management for School Board Trustees A Management Process Framework May, 2012 Table of Contents Introduction Page I. Purpose....................................... 3 II. Applicability and Scope............................

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE ITA Strategic Plan FY 2011 - FY 2016 U.S. Army Information Technology Agency REALIZING The DoD ENTERPRISE COMPUTING ENVIRONMENT Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE Provide Quality

More information

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO T The Revised COSO ERM Framework Robert Hirth Chairman, COSO COSO: Thought Leadership to Improve Your Organization What the Heck is COSO?... Originally formed in 1985, COSO is a joint initiative of five

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

Framework for Enterprise Risk Management

Framework for Enterprise Risk Management Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach

More information

KPMG s Financial Management Practice. kpmg.com

KPMG s Financial Management Practice. kpmg.com KPMG s Financial Management Practice kpmg.com 1 KPMG s Financial Management Practice KPMG s Financial Management (FM) practice, within Advisory Management Consulting, supports the growing agenda and increased

More information

Managing and Coordinating Non-Acute Care in an ACO Environment

Managing and Coordinating Non-Acute Care in an ACO Environment Managing and Coordinating Non-Acute Care in an ACO Environment By Glen Roebuck, Vice President of Business Development, Health Dimensions Group Hospital and health care systems across the country are engaging

More information

A Risk-Based Audit Strategy November 2006 Internal Audit Department

A Risk-Based Audit Strategy November 2006 Internal Audit Department Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal

More information

ACCOUNTABLE CARE ANALYTICS: DEVELOPING A TRUSTED 360 DEGREE VIEW OF THE PATIENT

ACCOUNTABLE CARE ANALYTICS: DEVELOPING A TRUSTED 360 DEGREE VIEW OF THE PATIENT ACCOUNTABLE CARE ANALYTICS: DEVELOPING A TRUSTED 360 DEGREE VIEW OF THE PATIENT Accountable Care Analytics: Developing a Trusted 360 Degree View of the Patient Introduction Recent federal regulations have

More information

Enterprise Analytics Strategic Planning

Enterprise Analytics Strategic Planning Enterprise Analytics Strategic Planning June 5, 2013 1 "The first question a data driven organization needs to ask itself is not "what do we think?" but rather "what do we know? Big Data: The Management

More information

WHITE PAPER APRIL 2012. Leading an Implementation Campaign to Address the Convergence of Healthcare Reform Initiatives

WHITE PAPER APRIL 2012. Leading an Implementation Campaign to Address the Convergence of Healthcare Reform Initiatives WHITE PAPER APRIL 2012 Leading an Implementation Campaign to Address the Convergence of Healthcare Reform Initiatives New healthcare reforms have created an unprecedented impact on hospital systems operations.

More information

How to stay competitive in a converging healthcare system kpmg.com

How to stay competitive in a converging healthcare system kpmg.com Managing risk in a transforming healthcare organization How to stay competitive in a converging healthcare system kpmg.com 2 Healthcare Risk Management Managing the risk of healthcare transformation Healthcare

More information

Assessing the Appropriate Level of Project, Program, and PMO Structure

Assessing the Appropriate Level of Project, Program, and PMO Structure PMI Virtual Library 2011 Daniel D. Magruder Assessing the Appropriate Level of Project, Program, and PMO Structure By Daniel D. Magruder, PMP Executive Summary Does your organization have in-flight projects

More information

Five Levels of Project Portfolio Management

Five Levels of Project Portfolio Management Five Levels of Project Portfolio Management Figure 49 summarizes five levels of project portfolio management maturity [1]. Each level represents the adoption of an increasingly comprehensive and effective

More information

Hand IN Hand: Balanced Scorecards

Hand IN Hand: Balanced Scorecards ANNUAL CONFERENCE T O P I C Risk Management WORKING Hand IN Hand: Balanced Scorecards AND Enterprise Risk Management B Y M ARK B EASLEY, CPA; A L C HEN; K AREN N UNEZ, CMA; AND L ORRAINE W RIGHT Recent

More information

Healthcare Technology Project Ownership

Healthcare Technology Project Ownership Healthcare Technology Project Ownership Celwyn C. Evans A B S T R A C T Hospitals have great expectations that technology will address their critical strategic issues. However, obtaining satisfactory results

More information

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified. Asset management Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified. Data is about more than numbers. It tells

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

Clarius Group Risk Management Policy and Framework

Clarius Group Risk Management Policy and Framework 1. Introduction Clarius Group Risk Management Policy and Framework 1.1 Definition Risk is the chance of something happening that will have an impact on objectives. Risk provides the opportunity (upside)

More information

Essentials to Building a Winning Business Case for Tax Technology

Essentials to Building a Winning Business Case for Tax Technology Essentials to Building a Winning Business Case for Tax Technology The complexity of the tax function continues to evolve beyond manual and time-consuming processes. Technology has been essential in managing

More information

How to Develop Successful Enterprise Risk and Vendor Management Programs

How to Develop Successful Enterprise Risk and Vendor Management Programs Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate

More information

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

Improving Financial Performance, Governance and Compliance

Improving Financial Performance, Governance and Compliance Enterprise Risk Management Improving Financial Performance, Governance and Compliance Through A Structured Approach Experis Finance By: Fred E. Lutzeier National ERM Director Fred.Lutzeier@Experis.Com

More information

ASAE s Job Task Analysis Strategic Level Competencies

ASAE s Job Task Analysis Strategic Level Competencies ASAE s Job Task Analysis Strategic Level Competencies During 2013, ASAE funded an extensive, psychometrically valid study to document the competencies essential to the practice of association management

More information

Finding, Fixing and Preventing Data Quality Issues in Financial Institutions Today

Finding, Fixing and Preventing Data Quality Issues in Financial Institutions Today Finding, Fixing and Preventing Data Quality Issues in Financial Institutions Today FIS Consulting Services 800.822.6758 Introduction Without consistent and reliable data, accurate reporting and sound decision-making

More information

The South Staffordshire and Shropshire Health Care NHS Foundation Trust Digital Strategy 2014 2019

The South Staffordshire and Shropshire Health Care NHS Foundation Trust Digital Strategy 2014 2019 The South Staffordshire and Shropshire Health Care NHS Foundation Trust Digital Strategy 2014 2019 Peter Kendal Associate Director for Information Management and Technology Development 01/12/2014 1 Page

More information

The Role of Internal Audit in Risk Governance

The Role of Internal Audit in Risk Governance The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any

More information

XBRL & GRC Future opportunities?

XBRL & GRC Future opportunities? XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul

More information

Enterprise Risk Management: Concepts & Issues

Enterprise Risk Management: Concepts & Issues Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1 The Basic Concept of Risk Management The active process of identifying risks,

More information

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013 State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council

More information

Trends In Data Quality And Business Process Alignment

Trends In Data Quality And Business Process Alignment A Custom Technology Adoption Profile Commissioned by Trillium Software November, 2011 Introduction Enterprise organizations indicate that they place significant importance on data quality and make a strong

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

Risk management and the transition of projects to business as usual

Risk management and the transition of projects to business as usual Advisory Risk management and the transition of projects to business as usual Financial Services kpmg.com 2 Risk Management and the Transition of Projects to Business as Usual Introduction Today s banks,

More information

Health Data Analytics. Data to Value For Small and Medium Healthcare organizations

Health Data Analytics. Data to Value For Small and Medium Healthcare organizations Health Data Analytics Data to Value For Small and Medium Healthcare organizations HEALTH DATA ANALYTICS WHITE PAPER JULY 2013 GREENCASTLE CONSULTING Abstract This paper is targeted toward small and medium

More information