Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation
|
|
- Maude Stewart
- 8 years ago
- Views:
Transcription
1 Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16,
2 Agenda Basis for ERM Integration ERM Objectives ERM Focus Program Development ERM Oversight Information Flow ERM Process / Risk Coverage Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Pages 9-11 ERM Process/Function Integration Pages ERM Aggregation and Reporting Pages
3 Basis for ERM integration A risk assessment process is in place (i.e. standard approach) An enterprise risk profile exists and is continuously updated Management has made a visible commitment to ERM Risks are discussed across business areas and functions Leadership promotes a risk aware culture An awareness of the ERM approach exists among business leaders 3
4 ERM Objectives Reduce potential exposure through formal and consistent risk management Develop a pragmatic, sustainable framework Create positive business impact due to fewer predictable failures Ensure that risks are considered in decision making Create an integrated approach to manage risk across the business Prioritize risk management initiatives as part of strategic and operating planning Understand impact of risk across businesses, functions and processes Integrate ERM with existing risk related functions and processes Standardize risk monitoring and reporting Conduct ongoing, independent assessment of enterprise-level risks Provide meaningful risk reporting to the Risk Committee and the Board Provide risk information to key business leaders Promote a risk aware culture Provide for effective risk focus and communication across business areas Create awareness of risk interdependencies and impact (break down silos) 4
5 ERM Focus ERM is Focused Primarily on Three Key Areas Risk Identification, Assessment and Remediation Integration with Processes and Functions Risk Aggregation, Monitoring and Reporting Benefits Tools / Activities Enterprise Risk Profile Inherent Risk Inventory Consistent Process Focus on Key Risks Risk discussion across businesses Proactive risk identification and remediation Operational improvements Risk-based decisions Reduce negative surprises Coordinated risk planning and execution Process Integration Strategic Planning Operational Planning Disclosure Functional Integration Internal Audit Compliance SOX Information Protection Six Sigma Eliminate redundancy of risk management efforts Leverage existing risk management processes Common understanding of risks across the business Identification of risk interdependencies Risk Monitor Risk Dashboard Risk Committee Review Board Review ERM Technology ERM Business Committee Review Functional Risk Review Enhance corporate governance / transparency Continuous flow of riskbased information Risk communications Early detection system 5
6 ERM Program Development ERM development, a two year view Quarterly Review and Reporting Risk Committee & Audit Committee ERM Formalized ERM Framework & Process S&P S&P ERM ERM Rating Rating Criteria Criteria Strategic Plan Integration / Divisional Risk Profiles Risk Champions Named for Remediation of Key Risks Disclosure Process ERM Oversight (Risk Committees) Enterprise Risk Profile (Exec. Driven) Internal Internal Audit Audit Planning Planning Six Six Sigma Sigma Enterprise Risk Profile (Business Driven) Compliance, SOX & Info. Protection Risk Monitor Risk Identification, Assessment and Remediation ERM Integration Risk Aggregation, Monitoring & Reporting 6
7 ERM Oversight Enterprise Focus Risk Champions Board of Directors Senior Management Risk Committee Business Area Focus ERM Business Committee Business Areas Identify risks Assess risks Develop risk strategy and remediation plans Evaluate risk exposure Monitor/manage risks ERM Information flow Framework/Methodology Monitor risk exposure Aggregate risk reporting and status to the Risk Committee and Board Support remediation of key enterprise risks Monitor ERM practices Internal Audit Validate remediation Independent review of risk management processes Assurance to senior management and the Board regarding risk exposure Risk Management Risk Support Assurance 7
8 ERM Information Flow Risk Information Enterprise Risk Data Enterprise Issues Risk Tolerance Levels Risk Policies/Procedures Corporate Risk Strategies Information Flow Board of Directors Senior Management Risk Committee - Illustrative - Consolidated Risk Data Integrated Remediation Reports ERM Metrics Risk Committee Reports Board Reports ERM Function Corporate Committees Emerging Issues Risks Exceeding Tolerances Risk Metrics Strategic Planning Data Corporate Functions Risk Review Committee Division B ERM Business Committee Business Units Division A ERM Business Committee Business Units Division C ERM Business Committee Business Units 8
9 ERM Process ERM has enterprise-wide responsibility for helping business leaders to identify, assess, manage and report risk The ERM Process: Aligns risks with strategies and objectives Allows for proactive and consistent assessment of risk across business areas Identify & Assess Risks Ensures development and execution of coordinated remediation efforts Integrate Risk Information with Corp. Processes and Functions Analyze & Quantify Risks Includes measurement of both remediation progress and ongoing management of key risks Provides aggregated reporting and monitoring of risk information Consolidate, Monitor and Report Risks Strategic Plans and Objectives Develop/Execute Remediation Plans Integrates business and functional risk management activities and provides information for strategic and operational planning Develop Measures 9
10 Inherent Risk Inventory - Illustrative - A risk inventory assists in risk identification and prioritization Development Sales & Marketing Setup / Administration Service Delivery Performance Mgmt O p e r a t i o n a l Product innovation Product development / integration Product introduction Product mix Customer needs Intellectual Property Human Capital Integrity Succession plans Communication Statutory regulations Pricing Sales practices Growth challenges Sales compensation Vendor relationships Distribution channel Brand image Skills/Competencies Accountability Change Mgmt. Diversity Culture Role clarity Hiring Retention Key person dependency Process Information Technology Financial Strategic Legal/Regulatory / Compliance Environmental 10
11 Key Risk Focus and Coverage - Illustrative - An integrated approach ensures enterprise focus and coverage for remediation of key risks Enterprise Risks based on input from internal/external stakeholders Business Coverage Audit Coverage Third Party Relationships ERM Coverage Reputation Project Management Privacy Compliance Fraud Management Information Supply Chain Changing Laws and Regulations International Operations Business Continuity Highlighted risks potential areas for increased ERM focus 11
12 ERM Integration ERM is the umbrella for Internal Audit and Compliance, and provides for formal relationships between other risk based functions Enterprise Risk Management Legal, Regulatory and Compliance Risk Strategic Risk Operational Risk Environmental Risk Financial Risk Internal Audit / BCP / Information Protection / SOX / Compliance / Six Sigma Benefits - Reduce the redundancy and overlap of risk management efforts Leverage existing risk management processes and resources Create a common understanding of risks across the business Better identify risk interdependencies Improve the consistency and timeliness of risk identification and assessment Improve risk management coverage Allow for subject matter expert focus on key risks Improve risk reporting 12
13 ERM Integration Two Broad Areas of Focus Process examples Process Strategic/Operational Planning Disclosure Product Development Integration Points Risks aligned with business strategy Business self-assessment ERM risk aggregation Drives ERM and Audit plans / priorities Ongoing comparison of enterprise risks and emerging issues with disclosure risk factors Coordination with Legal & Compliance Product / project risk profile Alignment of risk with upstream / downstream interdependencies M&A Integration with planning and development areas Risk management due diligence and integration assessment 13
14 ERM Integration Two Broad Areas of Focus Functions Stakeholders Control / Attest Functions Internal Audit Compliance SOX Other Risk Functions Bus. Continuity Planning Information Protection Privacy Legal Continuous Improvement Six Sigma Risk Financing Insurance Integration Points Risk based Audit planning (Enterprise Risk Profile) Coordinated coverage for enterprise risks Aggregate flow and reporting of issues Leverage existing risk management processes Identification/prioritization of emerging legal/regulatory and information related risks Front end, proactive review/support of risk assessment activity for new initiatives Common use of ERM methodology Integrated ERM and Six Sigma (DMAIC) methodology Six Sigma supports risk identification Risk assessments trigger improvement projects Risk data used as input to Six Sigma methodology Linkage of risk indicators to business dashboards Continuous review of Enterprise Risk Profile and emerging issues to identify potential risk financing / transfer opportunities 14
15 Corporate Strategic Planning/ERM Integration ERM Supports Enterprise and Business Unit Planning Strategic Planning Function Business Units Sr. Mgmt. / Board Plan Input Planning Context Strategy Drivers External Environment Risk Factors Business Outlook Business Drivers Challenges Opportunities Assessment Enterprise Risk Assessment (update) Enterprise Risk Profile Strategic/Operational SWOT/Assessment Risks / Opportunities (Divisional Risk Profiles) Aggregate Risk Review Plan Output Corporate Strategic Plan Business Plans / Budgets Risk Appetite/ Tolerance Levels Results Communication Strategy (Employees, Clients, Investors, Regulators) Operations Management (Key Metrics/Monitoring) (Critical Projects/Initiatives) Employee Performance Objectives 15
16 Risk Metrics Risk metrics are prioritized and aligned with business targets Strategic and Operational Metrics Objectives: Financial Operational Regulatory Strategic Performance Targets Strategic and operational planning Strategic/ operational metrics Risk identification Risk Thresholds Risk remediation integrated into planning Business Scorecard: Financial Operational Regulatory Strategic Risk Metrics Risks: Financial Operational Regulatory Strategic All risks Impact Criteria Highpriority risks Risk remediation processes and plans Risk metrics 16
17 Risk Reporting (Risk Monitor) In addition to risk metrics, a proactive Risk Monitor can be used to improve management of key risks Purpose Enhance the tracking and flow of risk information across the organization and increase the focus, transparency and urgency of remediation. Audience Company leadership, the Risk Committee and the Board of Directors Key Points Alignment with enterprise risk profile allows for ongoing focus Input from business areas and functions (through ERM Business Committee) Risk functions (ex. Compliance, Internal Audit, SOX and ERM) coordinate and review issues and interdependencies, and assess impact Remediation of issues is tracked and reported ensuring accountability Emerging issues (a watch list) provides a forward looking view of potential impact (positive or negative) An external scan allows for continuous view of industry, competitor and environmental issues 17
How to Develop Successful Enterprise Risk and Vendor Management Programs
Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate
More informationRISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY
RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationMeasuring Continuity Planning Program. Performance
Measuring Continuity Planning Program Performance Carl B Jackson Director Crisis Management & Continuity Planning Resource Center (CMCPRC) Measuring Continuity Planning Program Performance Session Agenda
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationOperational Risk Management Program Version 1.0 October 2013
Introduction This module applies to Fannie Mae and Freddie Mac (collectively, the Enterprises), the Federal Home Loan Banks (FHLBanks), and the Office of Finance, (which for purposes of this module are
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationTHE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT
THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.
More informationEnterprise Risk Management in Colleges and Universities
Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationEnterprise-Wide Risk Assessment
Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,
More informationLinking Risk Management to Business Strategy, Processes, Operations and Reporting
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
More informationThe Role of the Board in Enterprise Risk Management
Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationMetrics by design A practical approach to measuring internal audit performance
Metrics by design A practical approach to measuring internal audit performance September 2014 At a glance Expectations of Internal Audit are rising. Regulatory pressure is increasing. Budgets are tightening.
More informationEffective Enterprise Risk Management with ErmsCo ERM Foundation
Executive Brief Effective Enterprise Risk Management with ErmsCo ERM Foundation Introduction to ErmsCo About ErmsCo ErmsCo is a consulting and training firm that focuses on assisting financial institutions
More informationEnterprise Risk Management (ERM): In Action. January 2010. Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport
January 2010 Enterprise Risk Management (ERM): In Action Co-presented by: Michael Yip, Risk Consulting Norma Essary, DFW International Airport www.marsh.com Discussion Topics Enterprise Risk Management
More informationProactive Risk Management with SAP BusinessObjects
Proactive Risk Management with SAP BusinessObjects Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions INTRODUCTION What is the totality of our enterprise
More informationXBRL & GRC Future opportunities?
XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul
More informationTransforming risk management into a competitive advantage kpmg.com
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationEnterprise Risk Management: Taking the First Steps
Enterprise Risk Management: Taking the First Steps TN PRIMA, 2012 DOROTHY GJERDRUM, ARM, CIRM NOVEMBER 15, 2012 Agenda Goal: To understand how to begin to implement a broader approach to risk management
More informationbuilding a business case for governance, risk and compliance
building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationEnterprise Risk Management & Information Technology
Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management
More informationVermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0
Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 EA APPROVALS EA Approving Authority: Revision
More informationAn Effective Approach to Transition from Risk Assessment to Enterprise Risk Management
Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without
More informationUniversity of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007
University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas
More informationBeyond risk identification Evolving provider ERM programs
Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many
More informationFramework for Enterprise Risk Management
Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationwww.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012
www.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012 Agenda Introduction Mark Gibbons 12:00 12:05 Governance, Risk and Compliance Overview Mark Gibbons
More informationUnderstanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher
Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role
More informationS24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma
S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to
More informationRSA ARCHER AUDIT MANAGEMENT
RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures
More informationRisk Assessment & Enterprise Risk Management
Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less
More informationGetting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP
Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory
More informationEnterprise Risk Management
Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),
More informationPharmaceutical Compliance and Regulatory Congress 2009
Pharmaceutical Compliance and Regulatory Congress 2009 Compliance Program Elements Track I: How Program Management Can Keep You On Track Edward H. Leskauskas Director, Compliance and Ethics Operations
More informationIntroduction to Enterprise Risk Management at UVM DRAFT
Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for
More informationStrategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.
Strategic Risk Assessment ILLUSTRATION: TIM LEE/WWW.LEEILLO.COM A first step for improving risk management and governance. By Mark L. Frigo and Richard J. Anderson December 2009 I STRATEGIC FINANCE 25
More informationGAINING CONTROL: Building Your Existing Framework into an ERM Model
GAINING CONTROL: Building Your Existing Framework into an ERM Model RIMS Northeast Ohio Chapter Education Day Carol Fox, ARM RIMS Director of Strategic and Enterprise Risk Practice November 19, 2013 Copyright
More informationVendor risk management leading practices Glenn Siriano KPMG LLP DRAFT
Vendor risk management leading practices Glenn Siriano KPMG LLP KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent member firms. KPMG International
More informationMaster Data Management, Risk and Governance
Master Data Management, Risk and Governance Look for more expanded versions of this and more material in EIM for Business Managing Information as an Asset, in May 2010 by Morgan Kaufman Publishing, Elsevier
More information4th Annual ISACA Kettle Moraine Spring Symposium
www.pwc.com 4th Annual ISACA Kettle Moraine Spring Symposium Session 2 Big Data May 14th, 2014 Session Objective Learn about governance, risks, and compliance considerations that become particularly important
More informationGuiding Principles for Implementing Enterprise Risk Management (ERM)
1 Guiding Principles for Implementing Enterprise Risk Management (ERM) SEAC Conference New Orleans November 15-17, 2006 Hubert Mueller (860) 843-7079 Towers Towers Perrin Perrin 0 ERM raises many implementation
More informationEnabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
More informationand Risk Tolerance in an Effective ERM Program
The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationPlacing a Value on Enterprise Risk Management ADVISORY
Placing a Value on Enterprise Risk Management ADVISORY Placing a Value on Enterprise Risk Management 1 In turbulent economic times, the case for investing in an enterprise risk management (ERM) program
More informationEnterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012
Enterprise Risk Management in a Highly Uncertain World A Presentation to the Government-University- Industry Research Roundtable June 20, 2012 CRO Council Introduction Mission The North American CRO Council
More informationImplementing Information Governance: A Best Practice Approach to Enable Compliance and Reduce Costs & Risks
Implementing Information Governance: A Best Practice Approach to Enable Compliance and Reduce Costs & Risks July 23, 2015 2015 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationFunctional and technical specifications. Background
Functional and technical specifications Background In terms of the Public Audit Act, 2004 (Act No. 25 of 2004) (PAA), the deputy auditor-general (DAG) is responsible for maintaining an effective, efficient
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT John Deere Supply Chain Risk Management INTERVIEWS Glen Schwab Director of Supply Management Robert Smola Manager, Supply Chain Risk The Next New Things
More informationCYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY
CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationDesigning an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting
Consulting and Professional Services Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Designing an Operational Risk Program for
More informationMatthew E. Breecher Breecher & Company PC November 12, 2008
Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:
More informationKPMG Internal Audit: Top 10 considerations in 2015 for technology companies. kpmg.com
KPMG Internal Audit: Top 10 considerations in 2015 for technology companies kpmg.com INTERNAL AUDIT TOP 10 CONSIDERATIONS IN 2015 1 Our annual compilation of Internal Audit considerations for technology
More informationORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION
ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with
More informationDriving business performance with enterprise risk management
Driving business performance with enterprise risk management Empowering business managers to make smarter decisions that maximize value, reduce costs and balance risk with returns Contents: 1 Executive
More informationBlending Corporate Governance with. Information Security
Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power
More information<Insert Picture Here> Financial Audit Scoping Tool Blueprint for Oracle GRC Applications
Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Implement Audit Standard 5 (AS5) scoping to streamline financial reporting compliance Agenda Financial Audit Scoping
More informationGet More Out of Your Risk Assessment. Austin Chapter of the IIA
Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis
More informationThe College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012
The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why
More informationHow To Save Money At The University Of California
THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING BY JOHN BUGALLA AND KRISTINA NARVAEZ In December 2005, the University of California s Department of Risk Management was
More informationAudit, Risk Management and Compliance Committee Charter
Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition
More informationRisk management and the transition of projects to business as usual
Advisory Risk management and the transition of projects to business as usual Financial Services kpmg.com 2 Risk Management and the Transition of Projects to Business as Usual Introduction Today s banks,
More informationHow To Understand And Understand The Value Of Enterprise Risk Management
GLOBAL ENTERPRISE RISK MANAGEMENT SURVEY 10 ii GLOBAL ENTERPRISE RISK MANAGEMENT SURVEY 2010 GLOBAL ENTERPRISE RISK MANAGEMENT SURVEY 2010 1 Table of Contents introduction................................................
More informationOperational Risk Management - The Next Frontier The Risk Management Association (RMA)
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
More informationEnterprise risk management: A pragmatic, four-phase implementation plan
Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com
More informationIT Governance Regulatory. P.K.Patel AGM, MoF
IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation
More informationExecutive Dashboards:
Executive Dashboards: An Effective Tool for Managing Enterprise Project Risk In the current health IT environment, for most provider organizations, enterprise-wide EHR implementation projects represent
More informationPolicy 10.105: Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January
More informationThe seven essential practices for effective business continuity management
IBM Global Technology Services Thought Leadership White Paper April 2014 The seven essential practices for effective business continuity management Building a business-centric program to help reduce risk
More informationThird-Party Cybersecurity and Data Loss Prevention
Third-Party Cybersecurity and Data Loss Prevention SESSION ID: DSP-W04A Brad Keller Sr. Vice President Santa Fe Group Jonathan Dambrot, CISSP CEO, Co-Founder Prevalent Networks 3rd Party Risk Management
More informationManaging Risk at Bank of America Corporation. Overview
Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationSTANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework
STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework September 2011 Notice This document is intended as a reference tool to assist Ontario credit unions to develop an
More information2012 US Insurance ERM & ORSA Survey Key results and findings
www.pwc.com 2012 US Insurance ERM & ORSA Survey Key results and findings June 2013 Henry Jupe Director, Insurance Risk and Capital Practice henry.m.x.jupe@us.pwc.com Antitrust notice The Casualty Actuarial
More informationThe Evolution of HR Audits
Laurdan Associates, Inc. Editorial for HRM Website The Evolution of HR Audits Evolution is a process of change. Over the last 25 years we have seen significant change in the HR auditing process, the value
More informationHow To Understand The Role Of An Internal Audit
Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1
More informationHow To Integrate Hr
Houston Compensation & Benefits Post-Deal Integration Planning for Compensation & Benefits Wednesday, April 22, 2015 Agenda Deal Timeline/Background Integration of Compensation and Benefits Medical/Retirement
More informationEnterprise Risk Management: Concepts & Issues
Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1 The Basic Concept of Risk Management The active process of identifying risks,
More informationThe Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management
The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management API International Trade and Customs Conference H. Michael Leightman, Partner Customs and International Trade Practice
More informationCorporate Governance and Enterprise Risk Management Derek Jackson, Senior Manager 5 September 2005
Corporate Governance and Enterprise Risk Management Derek Jackson, Senior Manager 5 September 2005 Corporate Governance Services 0 Overview Hong Kong Code on Corporate Governance Practices Corporate Governance
More informationA Risk-Based Audit Strategy November 2006 Internal Audit Department
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
More informationAn Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime
An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.
More informationIT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma
IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program
More informationDeveloping an Effective Enterprise Risk Management Program
Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationwww.pwc.com/modelrisk New supervisory guidance on model Overview, analysis, and next steps
www.pwc.com/modelrisk New supervisory guidance on model risk management: Overview, analysis, and next steps Features of new guidance Issued as supervisory guidance (21 pages) not as a risk bulletin. This
More informationCyber Security and the Board of Directors
Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Cyber Security and the Board of Directors An essential responsibility in financial services About Delta Risk is a
More informationUSING SPREADSHEETS TO MANAGE GOVERNANCE, RISK AND COMPLIANCE:
USING SPREADSHEETS TO MANAGE GOVERNANCE, RISK AND COMPLIANCE: PROS, CONS AND HIDDEN DANGERS MIKE ROST CONTENTS INTRODUCTION... 3 GRC DISCIPLINES REQUIRE PURPOSE-BUILT TECHNOLOGY... 3 USING SPREADSHEETS
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationEnterprise Risk Management (ERM) & Compliance
Enterprise Risk Management (ERM) & Compliance Mid Atlantic Regional Meeting, May 1, 2015 Society of Corporate Compliance and Ethics Jason Lunday, consultant Compliance Opportunities in ERM Increase compliance
More informationProject Management for Process Improvement Efforts. Jeanette M Lynch CLSSBB Missouri Quality Award Examiner Certified Facilitator
Project Management for Process Improvement Efforts Jeanette M Lynch CLSSBB Missouri Quality Award Examiner Certified Facilitator 2 Project and Process Due to the nature of continuous improvement, improvement
More informationCorporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015
Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory Iain Wright Ian Francis, IBM 4 June 2015 Corporate Challenges in the Development and Implementation of Effective Model Risk
More information