Integrating Risk Management with Performance Management * Margaret Woods Aston Business School

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Integrating Risk Management with Performance Management * Margaret Woods Aston Business School"

Transcription

1 Integrating Risk Management with Performance Management * Margaret Woods Aston Business School Why Risk Management Matters Sometimes it is the things you don t see that really matter. Source: Enron Corporation advertisement (2000). Certainly the investors in Enron found this to be true. What they could not see was the existence of fraud, questionable accounting practices and weak internal controls which ultimately resulted in the corporation s bankruptcy, and triggered major governance reforms in the USA and around the globe. Enron is an extreme example which illustrates the core truth that risk management matters. Post Enron, governance reforms around the world have served to raise the profile of risk management, and emphasise the need for a corporate wide approach to internal control that is overseen by the Board of Directors. In the US, this is most clearly demonstrated by the emergence of Enterprise Risk Management (ERM), which is defined as: a process, effected by an entity s board of directors, management and other personnel, applied in strategy setting across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (COSO, 2004, p.2) CIMA s Official Terminology defines risk management as the process of understanding and managing the risks that the organisation is inevitably subject to in attempting to achieve its corporate objectives. Both of these definitions establish common basic principles- that risk management is designed to ensure the achievement of corporate objectives. In practical terms, however, the introduction of an enterprise wide holistic risk management system poses a big challenge to all but the smallest of organisations. The financial crisis has clearly shown that enterprise wide risk management remains a dream rather than a reality for even the world s largest and once highly respected companies. Risk management has traditionally been practiced in a fragmented way, and focused on operational rather than strategic issues. Consequently, strategic risks have been managed * This article was originally published by the Chartered Institute of Management Accountants in 2007 in Excellence in Leadership Vol.2 pp Copyright rests with the author. 1

2 reactively rather than proactively. In contrast, a shift towards an ERM style of approach requires a willingness to move away from this silo based style of management in favour of a portfolio based system of risk management. This means that directors and senior management need to recognise that inter-linked operational activities within a company create exposure to a portfolio of inter-linked risks. Managers need to be encouraged to identify, measure and monitor the upside and downside risks that their decisions may create for the WHOLE of the organisation: the inter-relationship between what goes on in one division or business unit and the organisation s aggregate risk exposure must be clearly understood. The need is for joined up thinking. Senior managers also need to recognise that embedding a culture of risk management which takes an organisation wide perspective on issues can be made difficult by the apparent distance between company strategy and day to day operations. The challenges for risk management are very similar to those of performance management: how can the issue be made relevant to individual employees? How can individual involvement be demonstrated to be relevant to overall company performance? Parallels in risk management and performance management There are strong parallels to be drawn between performance management and risk management because they are both: Designed to ensure the achievement of corporate objectives. Organisation wide in their scope Designed to recognise organisational inter-dependencies The operational responsibility of line management Formalising the links between performance and risk management can begin by reference to the strategic planning process which links strategy and performance across all levels of the organisation. In developing its strategic plan, an organisation begins by defining its strategic focus, and then elaborating on how it will deliver its commitments under the plan and how it will measure success. The detail of the plan breaks this down into significant corporate annual targets and associated action plans which outline how all the various business activities contribute to the achievement of the strategies. If the organization uses a performance management system such as the Balanced Scorecard, individual scorecards can be developed for every level of the organization. The scorecards cascade down from corporate level, through divisional and business units down to the individual line managers. At each level the scorecards will be underpinned by plans showing the linkage between strategic objectives and targeted outcomes for that level. The scorecards may be complemented by strategy diagrams or maps which set out the plans 2

3 and actions that will deliver the performance measured by the scorecards as well as the relevant performance targets. The use of scorecards which cascade down through the corporate hierarchy ensures ownership of targets and also directly links them to the strategic plan. This can be taken down to the level of the individual manager by specifying and agreeing the targets in their personal performance and development appraisal meetings. Recording the allocation of targets to individual managers in the performance database also provides an audit pathway for each performance indicator. Figure 1 illustrates this type of control system, which encompasses performance planning, delivery, and monitoring. Figure 1: Cascading Down of Performance Measures and Monitoring Planning Delivery Monitoring Corporate Plan and Scorecard Divisional Plans and Scorecards Business Unit plans and scorecards Portfolio Strategy Maps & Performance Indicators Comparison of performance against targets Team and individual targets 3

4 The principle of cascading down responsibility for performance as shown in Figure 1 can also be applied to risk management. The underlying aim is to ensure that at all levels of an organisation, staff are: aware of the risks that may affect performance in the areas over which they have responsibility take responsibility for management of those risks performance and risk monitoring work in parallel to ensure achievement of corporate objectives The strategic maps that define how performance targets will be achieved can be complemented by risk maps that identify the key threats to successful delivery at each level of the organization. At the same time, responsibility for management of those risks can be specified by identifying owners of risks, and including details of such ownership in the performance management system. In other words, risk management and performance management can become fully integrated systems. Integrating Risk and Performance Management A key step towards integrating risk and performance management is the creation of a formal procedure for risk identification, assessment and allocation of responsibility. The identification and assessment of risks is vital and it is now common practice for most organizations to maintain a key risk register. The key risks are those which pose a major threat to survival and these must be managed at a very senior level. In their annual reports many large companies now state that responsibility for their management and monitoring rests with the Board of Directors. For example, the 2005 Annual Report of Hammerson plc, a FTSE 100 listed real estate company states: The risk management procedures involve the analysis, evaluation and management of the key risks to the group, including those relating to joint venture arrangements and plans for the continuance of the Company s business in the event of unforeseen interruption. The Board has allocated responsibility for the management of each key risk to Executive Directors and senior executives within the group who report on these risks to the Board. Any recommendations arising from such reports and reviews are implemented under the supervision of the Board. The statement reveals that each key risk is owned by an Executive Director. An identifiable person is thus answerable if the risk becomes effective. If responsibility for management of key risks is in the hands of the board, this leaves open the question of the systems used to manage all other risks i.e. the business level risks that may encompass compliance, financial or operational dimensions. The precise terminology 4

5 varies from company to company, but these are risks which do not pose a major threat to survival but may nonetheless impact upon corporate performance, and may be caused by factors either internal or external to the business. Examples might include property maintenance, regular untimely deliveries of essential components, a shift in consumer taste away from specific products, or a need to recall faulty goods. All of these issues may damage company performance in both financial and non financial terms, but can be overseen by operational managers rather than at Board level. In the view of the Head of International Audit as Tesco plc, accountability for managing risk lies clearly with line managers. If this is the case, then identifiable lines of responsibility and reporting must be established, and risk and performance management inter-linked. Every individual manager should be asked to take each performance target for which they are responsible, and produce a list of the risks that may cause performance to fall below target. In this way the risks become embedded in the performance scorecard and in so doing the practice of risk management matches up to its definition as the process of understanding and managing the risks that the organisation is inevitably subject to in attempting to achieve its corporate objectives. The risks can be ranked by using a matrix system to assess both their likelihood and consequences. This ranking helps to focus attention on potential problems and also facilitate the identification if risks that may need to be managed at a more senior level within the organization. The risk matrices for each manager can also be directly linked to individual appraisal and remuneration plans. The net result is a performance scorecard and risk scorecard that run in parallel and perform strategically important and complementary roles. Management control systems are used to monitor actual against expected results in terms of both performance and risk, and the outcome of these reviews helps to inform future business planning and internal audit planning by highlighting areas where controls may be failing. Figure 2 illustrates how this type of integrated system might work in practice. 5

6 Figure 2: Integrating Performance and Risk Management Performance Corporate plan and scorecard Risk Corporate key risk matrix Monitoring Divisional Plans and scorecards Divisional Risk Matrices Performance Indicators an + Business Unit plans and scorecards Business Unit risk matrices Risk ownership + Team and individual targets Team and Individual risk matrices Comparison of risk and performance against targets 6

7 Conclusion The system outlined above ensures that risk management is cascaded down through an organization so that individual business units and line managers take responsibility for identifying their own risks and are also held accountable for their management. In so doing it provides a governance structure that integrates performance and risk management to facilitate achievement of the priorities laid down in the strategic plan. Reference Committee of Sponsoring Organisations of the Treadway Commission (COSO) (2004), Enterprise Risk Management, AICPA,New York, NY. 7

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management Topic Gateway Series No. 49 1 Prepared by Jasmin Harvey and Technical Information Service July 2008 About Topic Gateways Topic Gateways are intended as a refresher or introduction

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

Critical Change: Enterprise Risk Management Meets Healthcare. 18 TH Annual Compliance Institute San Diego, CA March 31, 2014.

Critical Change: Enterprise Risk Management Meets Healthcare. 18 TH Annual Compliance Institute San Diego, CA March 31, 2014. Critical Change: Enterprise Risk Management Meets Healthcare 18 TH Annual Compliance Institute San Diego, CA March 31, 2014 Marie Moseley, JD, MPH, BSN, NNP-C, CHC, CHC-P 1 Objectives 1 Understand ERM

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.

More information

Clarius Group Risk Management Policy and Framework

Clarius Group Risk Management Policy and Framework 1. Introduction Clarius Group Risk Management Policy and Framework 1.1 Definition Risk is the chance of something happening that will have an impact on objectives. Risk provides the opportunity (upside)

More information

FRAMEWORK FOR AN ETHICAL MATURITY INDEX. Authors: Elena Demidenko and Patrick McNutt

FRAMEWORK FOR AN ETHICAL MATURITY INDEX. Authors: Elena Demidenko and Patrick McNutt FRAMEWORK FOR AN ETHICAL MATURITY INDEX Authors: Elena Demidenko and Patrick McNutt Across key Enterprise risk management frameworks, COSO ERM (http://www.coso.org) and ASNZ4360 (ASNZ 4360: 2004 (http://www.standards.com.au)

More information

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies James Barkley, Simon Property Group, Inc. and David E. Weiss, DDR Corp. Introduction: As lawyers, particularly real estate

More information

Risk Management Policy. Corporate Governance Risk Management Policy

Risk Management Policy. Corporate Governance Risk Management Policy Corporate Governance Risk Management Policy Approved by the Council of Ministers, May 2006 1. Background The Isle of Man Government is working to promote better risk management, with emphasis on the importance

More information

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and

More information

Introduction to Enterprise Risk Management at UVM DRAFT

Introduction to Enterprise Risk Management at UVM DRAFT Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

Hand IN Hand: Balanced Scorecards

Hand IN Hand: Balanced Scorecards ANNUAL CONFERENCE T O P I C Risk Management WORKING Hand IN Hand: Balanced Scorecards AND Enterprise Risk Management B Y M ARK B EASLEY, CPA; A L C HEN; K AREN N UNEZ, CMA; AND L ORRAINE W RIGHT Recent

More information

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 Contents Executive summary Introduction Acknowledgements Part 1: Risk, risk management and ISO 31000 1 Nature

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Risk Management How to manage your brand & build business resilience to improve your bottom line

Risk Management How to manage your brand & build business resilience to improve your bottom line 2010 RMIA Members Forum Primary focus for RMIA in 2011 Risk Management How to manage your brand & build business resilience to improve your bottom line Grant Whitehorn RMIA Chief Executive Officer CPA

More information

International Diploma in Risk Management Syllabus

International Diploma in Risk Management Syllabus International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

Aligning organisational culture with Enterprise Risk Management. Krishna Nagar & Mark Hayes

Aligning organisational culture with Enterprise Risk Management. Krishna Nagar & Mark Hayes Aligning organisational culture with Enterprise Risk Management Krishna Nagar & Mark Hayes Agenda 1. Introduction 2. Enterprise Risk Management (ERM) 3. Organisational culture 4. Linking organisational

More information

P3M3 Portfolio Management Self-Assessment

P3M3 Portfolio Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

COMPARATIVE STUDY BETWEEN TRADITIONAL AND ENTERPRISE RISK MANAGEMENT A THEORETICAL APPROACH

COMPARATIVE STUDY BETWEEN TRADITIONAL AND ENTERPRISE RISK MANAGEMENT A THEORETICAL APPROACH COMPARATIVE STUDY BETWEEN TRADITIONAL AND ENTERPRISE RISK MANAGEMENT A THEORETICAL APPROACH Cican Simona-Iulia Management, Faculty of Economics and Business Administration, West University of Timisoara,

More information

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need

More information

Guiding Principles for Implementing Enterprise Risk Management (ERM)

Guiding Principles for Implementing Enterprise Risk Management (ERM) 1 Guiding Principles for Implementing Enterprise Risk Management (ERM) SEAC Conference New Orleans November 15-17, 2006 Hubert Mueller (860) 843-7079 Towers Towers Perrin Perrin 0 ERM raises many implementation

More information

Top Ten Issues facing Internal Auditing in the Future

Top Ten Issues facing Internal Auditing in the Future Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1

More information

A Risk-Based Audit Strategy November 2006 Internal Audit Department

A Risk-Based Audit Strategy November 2006 Internal Audit Department Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

treasury risk management

treasury risk management Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners

More information

Solutions for Enterprise Risk Management SAS. Overview. A holistic view of risk of risk and exposures for better risk management SOLUTION OVERVIEW

Solutions for Enterprise Risk Management SAS. Overview. A holistic view of risk of risk and exposures for better risk management SOLUTION OVERVIEW SOLUTION OVERVIEW SAS Solutions for Enterprise Risk Management A holistic view of risk of risk and exposures for better risk management Overview The principal goal of any financial institution is to generate

More information

RISK MANAGEMENT POLICY (Revised October 2015)

RISK MANAGEMENT POLICY (Revised October 2015) UNIVERSITY OF LEICESTER RISK MANAGEMENT POLICY (Revised October 2015) 1. This risk management policy ( the policy ) forms part of the University s internal control and corporate governance arrangements.

More information

First Impressions: Consolidated financial statements

First Impressions: Consolidated financial statements IFRS First Impressions: Consolidated financial statements May 2011 kpmg.com/ifrs Contents Consolidation: a new single control model 1 1. Overview 2 2. How this could affect you 4 3. Understanding the project

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

Accreditation Application Forms

Accreditation Application Forms The Institute of Risk Management The Institute of Risk Management Accreditation Application Forms Universities and Professional Associations The Institute of Risk Management Accreditation Application Forms

More information

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework September 2011 Notice This document is intended as a reference tool to assist Ontario credit unions to develop an

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

New Risk Management Paradigms for Asset Managers

New Risk Management Paradigms for Asset Managers April 2014 Asset Management New Management Paradigms for Asset Managers Point of view The financial crisis has caused deep reflection by regulators, asset managers and investors as to the effectiveness

More information

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting

More information

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Governance, Risk Management, and Internal Controls INTERIM REQUIREMENTS CONTENTS 1. INTRODUCTION

More information

OVERBERG DISTRICT MUNICIPALITY

OVERBERG DISTRICT MUNICIPALITY OVERBERG DISTRICT MUNICIPALITY ENTERPRISE RISK MANAGEMENT STRATEGY Contents 1. Introduction.2 2. Legislative mandate... 2 3. Background... 3 3.1 What is risk?... 3 3.2 Enterprise-wide Risk Management...

More information

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

WHITE PAPER. Inside Information: What Business Leaders are Saying About the Complexities of Enterprise Risk Management (ERM)

WHITE PAPER. Inside Information: What Business Leaders are Saying About the Complexities of Enterprise Risk Management (ERM) Inside Information: What Business Leaders are Saying About the Complexities of Enterprise Risk Management (ERM) As the third quarter of 2012 marches to a close and the end of the year approaches, economic

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

16) QUALITY MANAGEMENT SYSTEMS

16) QUALITY MANAGEMENT SYSTEMS INTRODUCTION 16) QUALITY MANAGEMENT SYSTEMS The aim of this paper is to give a brief introduction to the idea of a quality management system and specifically in ISO 9001:2000: Quality Management System.

More information

Linking Balanced Scorecard and COSO ERM in Thai Companies

Linking Balanced Scorecard and COSO ERM in Thai Companies Linking Balanced Scorecard and COSO in Thai Companies Gullanut Wisutteewong Thammasat University Nopadol Rompho Thammasat University This study investigates the relationship between successful Balanced

More information

The audit committee and risk management

The audit committee and risk management Audit Committee Institute Sponsored by KPMG The audit committee and risk management Is the board of directors adequately overseeing management's process for identifying and monitoring key business risks?

More information

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL Evaluation and Inspection Services Memorandum May 5, 2009 TO: FROM: SUBJECT: James Manning Acting Chief Operating Officer Federal Student

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Enterprise Risk Management: Concepts & Issues

Enterprise Risk Management: Concepts & Issues Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1 The Basic Concept of Risk Management The active process of identifying risks,

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

Topic Gateway Series. Operational risk. Operational Risk. Topic Gateway series No. 51

Topic Gateway Series. Operational risk. Operational Risk. Topic Gateway series No. 51 Operational Risk Topic Gateway series No. 51 1 Prepared by Helen Matthews and Technical Information Service September 2008 About Topic Gateways Topic Gateways are intended as a refresher or introduction

More information

The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management

The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management API International Trade and Customs Conference H. Michael Leightman, Partner Customs and International Trade Practice

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February

More information

National Assembly for Wales Internal Audit Charter

National Assembly for Wales Internal Audit Charter National Assembly for Wales Internal Audit Charter Purpose 1.1 This charter is a high level statement of how internal audit will be delivered and developed and formally defines the purpose, authority and

More information

Good practice for annual reports

Good practice for annual reports Guidance note Good practice for Contents: 1 Introduction 2 How the best reports set themselves apart 3 Examples of the best May 2015 1 Introduction An annual report can generate more value if viewed as

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

Guidance on Supervisory Interaction with Financial Institutions on Risk Culture. A Framework for Assessing Risk Culture

Guidance on Supervisory Interaction with Financial Institutions on Risk Culture. A Framework for Assessing Risk Culture Guidance on Supervisory Interaction with Financial Institutions on Risk Culture A Framework for Assessing Risk Culture 7 April 2014 Table of Contents Page Background... i Introduction... 1 1. Foundational

More information

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework. University of Windsor Board of Governors BG130430-4.2.3 4.2.3 Enterprise Risk Management Framework Item for: Approval Forwarded by: Audit Committee MOTION: That the Board of Governors approve of the Enterprise

More information

Developing an Effective Enterprise Risk Management Program

Developing an Effective Enterprise Risk Management Program Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Beyond risk identification Evolving provider ERM programs

Beyond risk identification Evolving provider ERM programs Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many

More information

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb. Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance

More information

MEMORANDUM. Comments on the Updating of the LSC Risk Management Program

MEMORANDUM. Comments on the Updating of the LSC Risk Management Program Office of Inspector General Legal Services Corporation 3333 K Street, NW. 3rd Floor Washington, DC 20007 3558 202.295. 1660 (p) 202.337.6616 (f) www.oig.lsc.gov MEMORANDUM TO: FROM: LSC Audit Committee

More information

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS Standard No. 13 INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS STANDARD ON ASSET-LIABILITY MANAGEMENT OCTOBER 2006 This document was prepared by the Solvency and Actuarial Issues Subcommittee in consultation

More information

Job description. Hong Kong Graduate Program Assurance Audit Staff Accountant (for applicants graduating in 2016) Who we are

Job description. Hong Kong Graduate Program Assurance Audit Staff Accountant (for applicants graduating in 2016) Who we are Assurance Audit Staff Accountant (for applicants graduating in 2016) Background to Assurance Assurance professionals play a vital role in the economy by providing companies, investors and regulators with

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

CAPABILITY MATURITY MODEL & ASSESSMENT

CAPABILITY MATURITY MODEL & ASSESSMENT ENTERPRISE DATA GOVERNANCE CAPABILITY MATURITY MODEL & ASSESSMENT www.datalynx.com.au Data Governance Data governance is a key mechanism for establishing control of corporate data assets and enhancing

More information

Enterprise Risk Management (ERM) & Compliance

Enterprise Risk Management (ERM) & Compliance Enterprise Risk Management (ERM) & Compliance Mid Atlantic Regional Meeting, May 1, 2015 Society of Corporate Compliance and Ethics Jason Lunday, consultant Compliance Opportunities in ERM Increase compliance

More information

Quality Assurance Checklist

Quality Assurance Checklist Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The

More information

Corporate Governance is Stretched to Breaking Point

Corporate Governance is Stretched to Breaking Point Corporate Governance is Stretched to Breaking Point In a recent report to the OECD, I argued that corporate governance in the banking sector has been severely challenged in an extreme Financial Crisis

More information

Operational Risk Management in a Debt Management Office

Operational Risk Management in a Debt Management Office Operational Risk Management in a Debt Management Office Based on Client Presentation January 2008 Outline The importance of operational risk management (ORM) International best practice A high-level perspective,

More information

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT Revised: Page 1 of 8 Introduction The importance to strong corporate governance of managing risk has been increasingly

More information

Corporate Governance and Enterprise Risk Management Derek Jackson, Senior Manager 5 September 2005

Corporate Governance and Enterprise Risk Management Derek Jackson, Senior Manager 5 September 2005 Corporate Governance and Enterprise Risk Management Derek Jackson, Senior Manager 5 September 2005 Corporate Governance Services 0 Overview Hong Kong Code on Corporate Governance Practices Corporate Governance

More information

WFP ENTERPRISE RISK MANAGEMENT POLICY

WFP ENTERPRISE RISK MANAGEMENT POLICY WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

2 From Quality Management

2 From Quality Management 2 From Quality Management Systems Management to Safety Systems an enhancement guide Civil Aviation Authority of New Zealand BOOKLET TWO Preface The Civil Aviation Authority published Advisory Circular

More information

Effective risk management

Effective risk management Effective risk management Our holistic and disciplined risk management program is designed to mitigate risks at all levels of our business in order to protect our clients interests. 2 Vanguard > Effective

More information

Introduction to ISO 31000:2009

Introduction to ISO 31000:2009 Introduction to ISO 31000:2009 ISO 31000 was published as a standard in November of 2009. It provides a standard on how risk should be implemented. The intention of ISO 31000:2009 was to be relevant and

More information

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY Prepared by: SOL PLAATJE MUNICIPALITY RISK MANAGEMENT UNIT AND Consolidated Advisory Services This document should be read in conjunction

More information

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology Inclusive of, framework, procedures and methodology Contents 1 Introduction 1 1.1 Legislative Framework and best practice 1 1.2 Purpose of Enterprise Risk Management 2 1.3 Scope and Applicability 3 1.4

More information

Schroders Investment and Corporate Governance: Schroders Policy

Schroders Investment and Corporate Governance: Schroders Policy January 2013 Schroders Investment and Corporate Governance: Schroders Policy Contents Investment and Corporate Governance: Schroders Policy 2 Corporate Governance: The Role and Objectives of Schroders

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

COBIT 5 Introduction. 28 February 2012

COBIT 5 Introduction. 28 February 2012 COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,

More information

RIIO-ED1 BUSINESS PLAN SA-09 Supplementary Annex Data assurance. June 2013 (Updated April 2014)

RIIO-ED1 BUSINESS PLAN SA-09 Supplementary Annex Data assurance. June 2013 (Updated April 2014) 2015-2023 RIIO-ED1 BUSINESS PLAN SA-09 Supplementary Annex Data assurance June 2013 (Updated April 2014) SA-09 Data assurance Contents 1 Introduction... 3 Structure of this document... 3 2 Data assurance

More information

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk Kevin W Knight AM CPRM; Hon FRMIA; FIRM (UK); LMRMIA: ANZIIF (Mem) ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk History of the ISO and Risk Management Over

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information