Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation"

Transcription

1 Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16,

2 Agenda Basis for ERM Integration ERM Objectives ERM Focus Program Development ERM Oversight Information Flow ERM Process / Risk Coverage Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Pages 9-11 ERM Process/Function Integration Pages ERM Aggregation and Reporting Pages

3 Basis for ERM integration A risk assessment process is in place (i.e. standard approach) An enterprise risk profile exists and is continuously updated Management has made a visible commitment to ERM Risks are discussed across business areas and functions Leadership promotes a risk aware culture An awareness of the ERM approach exists among business leaders 3

4 ERM Objectives Reduce potential exposure through formal and consistent risk management Develop a pragmatic, sustainable framework Create positive business impact due to fewer predictable failures Ensure that risks are considered in decision making Create an integrated approach to manage risk across the business Prioritize risk management initiatives as part of strategic and operating planning Understand impact of risk across businesses, functions and processes Integrate ERM with existing risk related functions and processes Standardize risk monitoring and reporting Conduct ongoing, independent assessment of enterprise-level risks Provide meaningful risk reporting to the Risk Committee and the Board Provide risk information to key business leaders Promote a risk aware culture Provide for effective risk focus and communication across business areas Create awareness of risk interdependencies and impact (break down silos) 4

5 ERM Focus ERM is Focused Primarily on Three Key Areas Risk Identification, Assessment and Remediation Integration with Processes and Functions Risk Aggregation, Monitoring and Reporting Benefits Tools / Activities Enterprise Risk Profile Inherent Risk Inventory Consistent Process Focus on Key Risks Risk discussion across businesses Proactive risk identification and remediation Operational improvements Risk-based decisions Reduce negative surprises Coordinated risk planning and execution Process Integration Strategic Planning Operational Planning Disclosure Functional Integration Internal Audit Compliance SOX Information Protection Six Sigma Eliminate redundancy of risk management efforts Leverage existing risk management processes Common understanding of risks across the business Identification of risk interdependencies Risk Monitor Risk Dashboard Risk Committee Review Board Review ERM Technology ERM Business Committee Review Functional Risk Review Enhance corporate governance / transparency Continuous flow of riskbased information Risk communications Early detection system 5

6 ERM Program Development ERM development, a two year view Quarterly Review and Reporting Risk Committee & Audit Committee ERM Formalized ERM Framework & Process S&P S&P ERM ERM Rating Rating Criteria Criteria Strategic Plan Integration / Divisional Risk Profiles Risk Champions Named for Remediation of Key Risks Disclosure Process ERM Oversight (Risk Committees) Enterprise Risk Profile (Exec. Driven) Internal Internal Audit Audit Planning Planning Six Six Sigma Sigma Enterprise Risk Profile (Business Driven) Compliance, SOX & Info. Protection Risk Monitor Risk Identification, Assessment and Remediation ERM Integration Risk Aggregation, Monitoring & Reporting 6

7 ERM Oversight Enterprise Focus Risk Champions Board of Directors Senior Management Risk Committee Business Area Focus ERM Business Committee Business Areas Identify risks Assess risks Develop risk strategy and remediation plans Evaluate risk exposure Monitor/manage risks ERM Information flow Framework/Methodology Monitor risk exposure Aggregate risk reporting and status to the Risk Committee and Board Support remediation of key enterprise risks Monitor ERM practices Internal Audit Validate remediation Independent review of risk management processes Assurance to senior management and the Board regarding risk exposure Risk Management Risk Support Assurance 7

8 ERM Information Flow Risk Information Enterprise Risk Data Enterprise Issues Risk Tolerance Levels Risk Policies/Procedures Corporate Risk Strategies Information Flow Board of Directors Senior Management Risk Committee - Illustrative - Consolidated Risk Data Integrated Remediation Reports ERM Metrics Risk Committee Reports Board Reports ERM Function Corporate Committees Emerging Issues Risks Exceeding Tolerances Risk Metrics Strategic Planning Data Corporate Functions Risk Review Committee Division B ERM Business Committee Business Units Division A ERM Business Committee Business Units Division C ERM Business Committee Business Units 8

9 ERM Process ERM has enterprise-wide responsibility for helping business leaders to identify, assess, manage and report risk The ERM Process: Aligns risks with strategies and objectives Allows for proactive and consistent assessment of risk across business areas Identify & Assess Risks Ensures development and execution of coordinated remediation efforts Integrate Risk Information with Corp. Processes and Functions Analyze & Quantify Risks Includes measurement of both remediation progress and ongoing management of key risks Provides aggregated reporting and monitoring of risk information Consolidate, Monitor and Report Risks Strategic Plans and Objectives Develop/Execute Remediation Plans Integrates business and functional risk management activities and provides information for strategic and operational planning Develop Measures 9

10 Inherent Risk Inventory - Illustrative - A risk inventory assists in risk identification and prioritization Development Sales & Marketing Setup / Administration Service Delivery Performance Mgmt O p e r a t i o n a l Product innovation Product development / integration Product introduction Product mix Customer needs Intellectual Property Human Capital Integrity Succession plans Communication Statutory regulations Pricing Sales practices Growth challenges Sales compensation Vendor relationships Distribution channel Brand image Skills/Competencies Accountability Change Mgmt. Diversity Culture Role clarity Hiring Retention Key person dependency Process Information Technology Financial Strategic Legal/Regulatory / Compliance Environmental 10

11 Key Risk Focus and Coverage - Illustrative - An integrated approach ensures enterprise focus and coverage for remediation of key risks Enterprise Risks based on input from internal/external stakeholders Business Coverage Audit Coverage Third Party Relationships ERM Coverage Reputation Project Management Privacy Compliance Fraud Management Information Supply Chain Changing Laws and Regulations International Operations Business Continuity Highlighted risks potential areas for increased ERM focus 11

12 ERM Integration ERM is the umbrella for Internal Audit and Compliance, and provides for formal relationships between other risk based functions Enterprise Risk Management Legal, Regulatory and Compliance Risk Strategic Risk Operational Risk Environmental Risk Financial Risk Internal Audit / BCP / Information Protection / SOX / Compliance / Six Sigma Benefits - Reduce the redundancy and overlap of risk management efforts Leverage existing risk management processes and resources Create a common understanding of risks across the business Better identify risk interdependencies Improve the consistency and timeliness of risk identification and assessment Improve risk management coverage Allow for subject matter expert focus on key risks Improve risk reporting 12

13 ERM Integration Two Broad Areas of Focus Process examples Process Strategic/Operational Planning Disclosure Product Development Integration Points Risks aligned with business strategy Business self-assessment ERM risk aggregation Drives ERM and Audit plans / priorities Ongoing comparison of enterprise risks and emerging issues with disclosure risk factors Coordination with Legal & Compliance Product / project risk profile Alignment of risk with upstream / downstream interdependencies M&A Integration with planning and development areas Risk management due diligence and integration assessment 13

14 ERM Integration Two Broad Areas of Focus Functions Stakeholders Control / Attest Functions Internal Audit Compliance SOX Other Risk Functions Bus. Continuity Planning Information Protection Privacy Legal Continuous Improvement Six Sigma Risk Financing Insurance Integration Points Risk based Audit planning (Enterprise Risk Profile) Coordinated coverage for enterprise risks Aggregate flow and reporting of issues Leverage existing risk management processes Identification/prioritization of emerging legal/regulatory and information related risks Front end, proactive review/support of risk assessment activity for new initiatives Common use of ERM methodology Integrated ERM and Six Sigma (DMAIC) methodology Six Sigma supports risk identification Risk assessments trigger improvement projects Risk data used as input to Six Sigma methodology Linkage of risk indicators to business dashboards Continuous review of Enterprise Risk Profile and emerging issues to identify potential risk financing / transfer opportunities 14

15 Corporate Strategic Planning/ERM Integration ERM Supports Enterprise and Business Unit Planning Strategic Planning Function Business Units Sr. Mgmt. / Board Plan Input Planning Context Strategy Drivers External Environment Risk Factors Business Outlook Business Drivers Challenges Opportunities Assessment Enterprise Risk Assessment (update) Enterprise Risk Profile Strategic/Operational SWOT/Assessment Risks / Opportunities (Divisional Risk Profiles) Aggregate Risk Review Plan Output Corporate Strategic Plan Business Plans / Budgets Risk Appetite/ Tolerance Levels Results Communication Strategy (Employees, Clients, Investors, Regulators) Operations Management (Key Metrics/Monitoring) (Critical Projects/Initiatives) Employee Performance Objectives 15

16 Risk Metrics Risk metrics are prioritized and aligned with business targets Strategic and Operational Metrics Objectives: Financial Operational Regulatory Strategic Performance Targets Strategic and operational planning Strategic/ operational metrics Risk identification Risk Thresholds Risk remediation integrated into planning Business Scorecard: Financial Operational Regulatory Strategic Risk Metrics Risks: Financial Operational Regulatory Strategic All risks Impact Criteria Highpriority risks Risk remediation processes and plans Risk metrics 16

17 Risk Reporting (Risk Monitor) In addition to risk metrics, a proactive Risk Monitor can be used to improve management of key risks Purpose Enhance the tracking and flow of risk information across the organization and increase the focus, transparency and urgency of remediation. Audience Company leadership, the Risk Committee and the Board of Directors Key Points Alignment with enterprise risk profile allows for ongoing focus Input from business areas and functions (through ERM Business Committee) Risk functions (ex. Compliance, Internal Audit, SOX and ERM) coordinate and review issues and interdependencies, and assess impact Remediation of issues is tracked and reported ensuring accountability Emerging issues (a watch list) provides a forward looking view of potential impact (positive or negative) An external scan allows for continuous view of industry, competitor and environmental issues 17

How to Develop Successful Enterprise Risk and Vendor Management Programs

How to Develop Successful Enterprise Risk and Vendor Management Programs Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Enterprise Risk Management in Colleges and Universities

Enterprise Risk Management in Colleges and Universities Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,

More information

The transformation of IT Risk Management. kpmg.com

The transformation of IT Risk Management. kpmg.com The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

Metrics by design A practical approach to measuring internal audit performance

Metrics by design A practical approach to measuring internal audit performance Metrics by design A practical approach to measuring internal audit performance September 2014 At a glance Expectations of Internal Audit are rising. Regulatory pressure is increasing. Budgets are tightening.

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

Measuring Continuity Planning Program. Performance

Measuring Continuity Planning Program. Performance Measuring Continuity Planning Program Performance Carl B Jackson Director Crisis Management & Continuity Planning Resource Center (CMCPRC) Measuring Continuity Planning Program Performance Session Agenda

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.

More information

Metrics that Matter Security Risk Analytics

Metrics that Matter Security Risk Analytics Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk

More information

Framework for Enterprise Risk Management

Framework for Enterprise Risk Management Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach

More information

Introduction to Enterprise Risk Management at UVM DRAFT

Introduction to Enterprise Risk Management at UVM DRAFT Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for

More information

Operational Risk Management Program Version 1.0 October 2013

Operational Risk Management Program Version 1.0 October 2013 Introduction This module applies to Fannie Mae and Freddie Mac (collectively, the Enterprises), the Federal Home Loan Banks (FHLBanks), and the Office of Finance, (which for purposes of this module are

More information

Effective Enterprise Risk Management with ErmsCo ERM Foundation

Effective Enterprise Risk Management with ErmsCo ERM Foundation Executive Brief Effective Enterprise Risk Management with ErmsCo ERM Foundation Introduction to ErmsCo About ErmsCo ErmsCo is a consulting and training firm that focuses on assisting financial institutions

More information

XBRL & GRC Future opportunities?

XBRL & GRC Future opportunities? XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul

More information

Transforming risk management into a competitive advantage kpmg.com

Transforming risk management into a competitive advantage kpmg.com INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.

More information

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

Enterprise Risk Management: Taking the First Steps

Enterprise Risk Management: Taking the First Steps Enterprise Risk Management: Taking the First Steps TN PRIMA, 2012 DOROTHY GJERDRUM, ARM, CIRM NOVEMBER 15, 2012 Agenda Goal: To understand how to begin to implement a broader approach to risk management

More information

Enterprise Risk Management: Concepts & Issues

Enterprise Risk Management: Concepts & Issues Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1 The Basic Concept of Risk Management The active process of identifying risks,

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING

THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING BY JOHN BUGALLA AND KRISTINA NARVAEZ In December 2005, the University of California s Department of Risk Management was

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

FRAMEWORK FOR AN ETHICAL MATURITY INDEX. Authors: Elena Demidenko and Patrick McNutt

FRAMEWORK FOR AN ETHICAL MATURITY INDEX. Authors: Elena Demidenko and Patrick McNutt FRAMEWORK FOR AN ETHICAL MATURITY INDEX Authors: Elena Demidenko and Patrick McNutt Across key Enterprise risk management frameworks, COSO ERM (http://www.coso.org) and ASNZ4360 (ASNZ 4360: 2004 (http://www.standards.com.au)

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

New Risk Management Paradigms for Asset Managers

New Risk Management Paradigms for Asset Managers April 2014 Asset Management New Management Paradigms for Asset Managers Point of view The financial crisis has caused deep reflection by regulators, asset managers and investors as to the effectiveness

More information

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory

More information

building a business case for governance, risk and compliance

building a business case for governance, risk and compliance building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT John Deere Supply Chain Risk Management INTERVIEWS Glen Schwab Director of Supply Management Robert Smola Manager, Supply Chain Risk The Next New Things

More information

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

Proactive Risk Management with SAP BusinessObjects

Proactive Risk Management with SAP BusinessObjects Proactive Risk Management with SAP BusinessObjects Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions INTRODUCTION What is the totality of our enterprise

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

Enterprise Risk Management (ERM): Getting Beyond Risk Identification to Sustainability

Enterprise Risk Management (ERM): Getting Beyond Risk Identification to Sustainability May 20, 2005 Enterprise Risk Management (ERM): Getting Beyond Risk Identification to Sustainability Michael Chagares - Washington, DC Christopher McCarthy - Atlanta, GA C O N F I D E N T I A L CORPORA

More information

www.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012

www.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012 www.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012 Agenda Introduction Mark Gibbons 12:00 12:05 Governance, Risk and Compliance Overview Mark Gibbons

More information

Enterprise Risk Management (ERM): In Action. January 2010. Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport

Enterprise Risk Management (ERM): In Action. January 2010. Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport January 2010 Enterprise Risk Management (ERM): In Action Co-presented by: Michael Yip, Risk Consulting Norma Essary, DFW International Airport www.marsh.com Discussion Topics Enterprise Risk Management

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Beyond risk identification Evolving provider ERM programs

Beyond risk identification Evolving provider ERM programs Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many

More information

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Get More Out of Your Risk Assessment. Austin Chapter of the IIA Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis

More information

Enterprise Risk Management & Information Technology

Enterprise Risk Management & Information Technology Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management

More information

GAINING CONTROL: Building Your Existing Framework into an ERM Model

GAINING CONTROL: Building Your Existing Framework into an ERM Model GAINING CONTROL: Building Your Existing Framework into an ERM Model RIMS Northeast Ohio Chapter Education Day Carol Fox, ARM RIMS Director of Strategic and Enterprise Risk Practice November 19, 2013 Copyright

More information

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 EA APPROVALS EA Approving Authority: Revision

More information

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework September 2011 Notice This document is intended as a reference tool to assist Ontario credit unions to develop an

More information

Strategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.

Strategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J. Strategic Risk Assessment ILLUSTRATION: TIM LEE/WWW.LEEILLO.COM A first step for improving risk management and governance. By Mark L. Frigo and Richard J. Anderson December 2009 I STRATEGIC FINANCE 25

More information

Master Data Management, Risk and Governance

Master Data Management, Risk and Governance Master Data Management, Risk and Governance Look for more expanded versions of this and more material in EIM for Business Managing Information as an Asset, in May 2010 by Morgan Kaufman Publishing, Elsevier

More information

Vendor risk management leading practices Glenn Siriano KPMG LLP DRAFT

Vendor risk management leading practices Glenn Siriano KPMG LLP DRAFT Vendor risk management leading practices Glenn Siriano KPMG LLP KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent member firms. KPMG International

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

Placing a Value on Enterprise Risk Management ADVISORY

Placing a Value on Enterprise Risk Management ADVISORY Placing a Value on Enterprise Risk Management ADVISORY Placing a Value on Enterprise Risk Management 1 In turbulent economic times, the case for investing in an enterprise risk management (ERM) program

More information

4th Annual ISACA Kettle Moraine Spring Symposium

4th Annual ISACA Kettle Moraine Spring Symposium www.pwc.com 4th Annual ISACA Kettle Moraine Spring Symposium Session 2 Big Data May 14th, 2014 Session Objective Learn about governance, risks, and compliance considerations that become particularly important

More information

Managing Risk at Bank of America Corporation. Overview

Managing Risk at Bank of America Corporation. Overview Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,

More information

The Evolution of HR Audits

The Evolution of HR Audits Laurdan Associates, Inc. Editorial for HRM Website The Evolution of HR Audits Evolution is a process of change. Over the last 25 years we have seen significant change in the HR auditing process, the value

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),

More information

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies The Essentials of Enterprise Risk Management Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies Introduction How should an organization think about the management

More information

Top Ten Issues facing Internal Auditing in the Future

Top Ten Issues facing Internal Auditing in the Future Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

Guiding Principles for Implementing Enterprise Risk Management (ERM)

Guiding Principles for Implementing Enterprise Risk Management (ERM) 1 Guiding Principles for Implementing Enterprise Risk Management (ERM) SEAC Conference New Orleans November 15-17, 2006 Hubert Mueller (860) 843-7079 Towers Towers Perrin Perrin 0 ERM raises many implementation

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

Third-Party Cybersecurity and Data Loss Prevention

Third-Party Cybersecurity and Data Loss Prevention Third-Party Cybersecurity and Data Loss Prevention SESSION ID: DSP-W04A Brad Keller Sr. Vice President Santa Fe Group Jonathan Dambrot, CISSP CEO, Co-Founder Prevalent Networks 3rd Party Risk Management

More information

Financial Audit Scoping Tool Blueprint for Oracle GRC Applications

<Insert Picture Here> Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Implement Audit Standard 5 (AS5) scoping to streamline financial reporting compliance Agenda Financial Audit Scoping

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

Pharmaceutical Compliance and Regulatory Congress 2009

Pharmaceutical Compliance and Regulatory Congress 2009 Pharmaceutical Compliance and Regulatory Congress 2009 Compliance Program Elements Track I: How Program Management Can Keep You On Track Edward H. Leskauskas Director, Compliance and Ethics Operations

More information

Risk management and the transition of projects to business as usual

Risk management and the transition of projects to business as usual Advisory Risk management and the transition of projects to business as usual Financial Services kpmg.com 2 Risk Management and the Transition of Projects to Business as Usual Introduction Today s banks,

More information

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Mike Brown Senior Vice President, Corporate Audit State Street Corporation Rich Reynolds Partner PricewaterhouseCoopers

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

A Risk-Based Audit Strategy November 2006 Internal Audit Department

A Risk-Based Audit Strategy November 2006 Internal Audit Department Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal

More information

Functional and technical specifications. Background

Functional and technical specifications. Background Functional and technical specifications Background In terms of the Public Audit Act, 2004 (Act No. 25 of 2004) (PAA), the deputy auditor-general (DAG) is responsible for maintaining an effective, efficient

More information

Enterprise Risk Management (ERM) & Compliance

Enterprise Risk Management (ERM) & Compliance Enterprise Risk Management (ERM) & Compliance Mid Atlantic Regional Meeting, May 1, 2015 Society of Corporate Compliance and Ethics Jason Lunday, consultant Compliance Opportunities in ERM Increase compliance

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012 Enterprise Risk Management in a Highly Uncertain World A Presentation to the Government-University- Industry Research Roundtable June 20, 2012 CRO Council Introduction Mission The North American CRO Council

More information

Reputation, Brand & Communications

Reputation, Brand & Communications Group Standard Reputation, Brand & Communications Serco is committed to building a positive reputation with its stakeholders, wherever we operate SMS-GS-BC4 Reputation, Brand and Communication December

More information

Coordinated Governance: A Winning Relationship Between Internal Audit and the Organization s Other Risk and Control Functions

Coordinated Governance: A Winning Relationship Between Internal Audit and the Organization s Other Risk and Control Functions Coordinated Governance: A Winning Relationship Between Internal Audit and the Organization s Other Risk and Control Functions Coordinated Governance: A Winning Relationship Between Internal Audit and the

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Enterprise Risk Management

Enterprise Risk Management 2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion

More information

Introduction to ISO 31000:2009

Introduction to ISO 31000:2009 Introduction to ISO 31000:2009 ISO 31000 was published as a standard in November of 2009. It provides a standard on how risk should be implemented. The intention of ISO 31000:2009 was to be relevant and

More information

Enhancing Audit Technology Effectiveness Key Insights from TeamMate s 2014 Global Technology Survey

Enhancing Audit Technology Effectiveness Key Insights from TeamMate s 2014 Global Technology Survey Key Insights from TeamMate s 0 Global Technology Survey Survey Results Portray Audit Committee Reporting Practices, Provide Useful Benchmarking Data This year s Internal Audit Technology Survey (IATS)

More information

Hand IN Hand: Balanced Scorecards

Hand IN Hand: Balanced Scorecards ANNUAL CONFERENCE T O P I C Risk Management WORKING Hand IN Hand: Balanced Scorecards AND Enterprise Risk Management B Y M ARK B EASLEY, CPA; A L C HEN; K AREN N UNEZ, CMA; AND L ORRAINE W RIGHT Recent

More information

IT Insights. Managing Third Party Technology Risk

IT Insights. Managing Third Party Technology Risk IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate

More information

Developing an Effective Enterprise Risk Management Program

Developing an Effective Enterprise Risk Management Program Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Aligning Compliance Program Priorities with Business Objectives

Aligning Compliance Program Priorities with Business Objectives Aligning Compliance Program Priorities with Business Objectives By Jay G. Martin Vice President, Chief Compliance Officer and Senior Deputy General Counsel Baker Hughes Incorporated CAIL Institute for

More information

The seven essential practices for effective business continuity management

The seven essential practices for effective business continuity management IBM Global Technology Services Thought Leadership White Paper April 2014 The seven essential practices for effective business continuity management Building a business-centric program to help reduce risk

More information

The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management

The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management API International Trade and Customs Conference H. Michael Leightman, Partner Customs and International Trade Practice

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with

More information

Houston Compensation & Benefits. Post-Deal Integration Planning for Compensation & Benefits. Wednesday, April 22, 2015

Houston Compensation & Benefits. Post-Deal Integration Planning for Compensation & Benefits. Wednesday, April 22, 2015 Houston Compensation & Benefits Post-Deal Integration Planning for Compensation & Benefits Wednesday, April 22, 2015 Agenda Deal Timeline/Background Integration of Compensation and Benefits Medical/Retirement

More information

Audit, Risk Management and Compliance Committee Charter

Audit, Risk Management and Compliance Committee Charter Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition

More information

RISK AND PERFORMANCE MANAGEMENT. Copyr i g ht 2012, SAS Ins titut e Inc. All rights res er ve d.

RISK AND PERFORMANCE MANAGEMENT. Copyr i g ht 2012, SAS Ins titut e Inc. All rights res er ve d. . TODAY S DISCUSSION What is Risk Management? Emerging Trends Risk and Performance Management Synergies WHAT IS RISK? RISK RISK Co-ordinated activities to direct and control an organization with regard

More information