Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher"

Transcription

1 Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher

2 Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role of the CBO in ERM Assess your institution s readiness

3 Agenda What does a successful ERM program look like? Five key questions what, why, who, how and when? Roles and responsibilities Recommendations for next steps

4 ERM What s in a Name? 2004 COSO ERM Framework 2009 ISO (ANSI/ASSE), the international standard on risk management Other references NACUBO, GRC, AGB

5 Key Differentiators Definition of risk Accountability and ownership Managing risk is part of every decision, project and activity Prioritization of risk is linked to key objectives & strategy

6 Defining Risk Risk = the effect of uncertainty on your objectives (ISO 31000) The effects can be positive or negative Anything that could harm, prevent, delay or enhance your ability to achieve your objectives = risk

7 Why Does it Make Sense to Take a Broader Approach to Risk? Only 20-30% of all risks are insurable Global interconnectedness forces us to think more broadly for example: o Pandemic flu o o Cyber attacks World economy & supply chain risks Now more than ever, we need all stakeholders to be risk aware

8 The Intent of ERM To manage risk better to support opportunities To identify, assess and prepare for what could go wrong To focus on what s most important to the institution and its stakeholders and link key risks to key goals & objectives

9 Profiles of Successful Programs President endorsed the project ERM Advisory Committee created to create lexicon/framework, implementation plan and provide oversight Facilitated Risk Assessment processes rolled out applied broadly Software implemented to track progress Education offered across institution Management of risk performance reviews #1

10 Profiles of Successful Programs CRO hired; Chancellor & Board endorsed program Cross functional Risk Council formed Developed risk portfolio Biannual review of risk treatment plans by Risk Council Good engagement of stakeholders #2

11 Risk, in one form or another, is present in virtually all worthwhile endeavors. We recognize that not all risk is bad, and our goal is not to eliminate all risk, for by doing so we would cease all productive activity. Rather, our goal is to assume risk judiciously, mitigate it when possible, and prepare ourselves to respond effectively and efficiently when necessary. #3

12 The reasons we implemented ERM: Break through operational silos Identify key exposures Assess appetite for risk Identify best practices Plan proactively Prioritize resources NO SURPRISES! #3

13 Five Key Questions To Begin (or Improve) 1. What is ERM? 2. Why is ERM relevant to my institution? 3. Who knows about ERM and What do they know? 4. How can you create a sustainable framework for managing risk? 5. When do you know you ve succeeded? When do you stop?

14 What is ERM? How will your institution define ERM? Do you have an elevator speech? What are the benefits of taking a broader approach to managing risk?

15 What is ERM? from ISO Key outcomes: The organization has a current, correct and comprehensive understanding of its risks. The organization s risks are within its risk criteria Attributes: Continual improvement Full accountability for risks Application of risk management in all decision making Continual communication Full integration into the organization s governance structure

16 What is ERM? Sample Elevator Speech Risk management is about supporting opportunities as well as preventing problems ERM is tied to business objectives and strategies and supports them ERM works within the institution s culture and will become integral to decision making The initiative will ensure that risk management applies to all levels of the organization and to all activities

17 The Benefits of Risk Management Increase likelihood of achieving objectives Encourage proactive management Be aware of the need to identify and treat risk throughout the organization Improve the identification of opportunities & threats Effectively allocate and use resources ISO/ANSI/ASSE 31000:2009 Risk management Principles and Guidelines Comply with relevant legal and regulatory requirements and international norms Improve mandatory and voluntary reporting Improve operational effectiveness & efficiency Improve stakeholder confidence and trust Establish a reliable basis for decision making & planning Improve controls Improve governance

18 Why is ERM Relevant to My Institution? Bond rating Better & more thorough decision making Response to regulatory oversight Peer influence Governing board members influence Desire to be a progressive industry leader To manage resources more effectively

19 Why ERM? Example 1: We strategically manage risk to create greater financial stability and help the university achieve its mission. Example 2: Our goal is to assume risk judiciously, mitigate it when possible and prepare ourselves to respond effectively and efficiently when necessary.

20 Who Knows about ERM and What do they Know? Internal Audit from the IIA/COSO ERM Framework Governing Board Members from peers, conferences, AGB Compliance GRC, legal framework General Counsel NACUA, governance models CFO from financial rating companies, NACUBO

21 Sources of Information ANSI/ASSE/ISO the only international standard on risk management 2009 COSO ERM Framework 2004 Risk Management An Accountability Guide for University and College Boards by Janice Abraham AGB & UE 2013 Consulting firms KPMG, Protiviti, Deloitte, PwC & brokerage firms, too GRC Governance, Risk & Compliance (software and consulting)

22 $$ (Download this one free) (Download this one free)

23 $$

24 Four Primary Objectives: Strategic, Operations, Reporting, Compliance Control Activities Source: Committee of Sponsoring Organizations of the Treadway Commission

25 Published in 2013 by AGB Press, the Association of Governing Boards of Universities and Colleges and United Educators Insurance, a Reciprocal Risk Retention Group or $$

26 Enterprise Risk Management (ERM) is a business process, led by senior leadership, that extends the concepts of risk management and includes: Identifying risks across the entire enterprise Assessing the impact of risks to the operations and mission Developing and practicing response or mitigation plans, and Monitoring the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks Risk Management An Accountability Guide for University and College Boards by Janice Abraham, 2013, AGB Press, Washington DC

27 RM Accountability Guide Board and President jointly articulate commitment Senior management implements Emphasis on roles and oversight Sample risk registers Board committee oversight of key risks by category: Strategic Board governance Financial Operational Risk Management An Accountability Guide for University and College Boards by Janice Abraham, 2013, AGB Press, Washington DC

28 High Financial Impact $ 10 Million 3-Corporate Investments 32-Brand Reputation 13-Tax 39-Bio/ Epidemic Event 28-Cost of Quality 38-Terrorism 40-Customer Experience Green:: Perceived as well controlled 35-Product Innovation 14-Regulatory Compliance Light Green: Perceived as medium to good controls 30-Cost Competitiveness Yellow: Perceived as moderately well controlled 34-Distribution Strategy Red: Perceived as poorly controlled 33- Pricing Strategy Low Financial Impact 36-Market Share 6-Cash Mgmt & Liquidity 25-SAP Manufacturing LOW 16-Record Retention 15-Intellectual Property 1-Working Capital 27-Complexity 18-Employee Relations 19-Cost of Health Care 29-Capacity Management 5-Foreign Exchange 23-Logistics/ Transportation 24-Supply Chain Mgmt 12-Sarbanes -Oxley 11-Management Reporting 22A-Business Continuity-Mfg. 7-Dealer Credit MEDIUM LIKELIHOOD OF PROBLEM OCCURRING IN AREA 2-Dealer Transition 17-Productivity Improvements 4-Derivatives Management 20-Retirement Plans 21-Compensation Strategies HIGH 31-Commodity Pricing 9-IT Systems Integration 8-Data Security 41-China Strategy 22B-Business Continuity-IT Rectangles represent risks identified as Corporate risks The numbers present correspond to the Business Risk Inventory chart.

29 How can you create a sustainable framework? Need a common language Need to tailor processes and structure to your operations Need to communicate with and engage stakeholders Need to monitor & review and continually improve

30 Principles Framework RM Process Creates value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured & timely Based on best available info Tailored Takes human & cultural factors into account Transparent & inclusive Dynamic, iterative & responsive to change Facilitates continual improvement & enhancement of the organization Continually improve the framework Mandate & Commitment Design framework for managing risk Monitor and review the framework Implement risk management Communicate and consult Establish the context Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitor and review From ISO 31000

31 Principles Creates and protects value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured & timely Based on best available info Tailored Takes human & cultural factors into account Transparent & inclusive Dynamic, iterative & responsive to change Facilitates continual improvement & enhancement of the organization The principles provide guidance on the rationale for managing risk and the characteristics of effective risk management These shape the design and structure of your framework for managing risk The principles can assist in continual improvement and serve as a maturity model for implementation

32 Framework Building the framework includes planning for implementation, monitoring & review and communication Continually improve the framework Mandate & Commitment Design framework for managing risk Implement risk management Based upon a model of continual improvement, the framework is what will sustain your risk management efforts Monitor and review the framework This assures that you are consistent, processfocused and held accountable

33 ISO Guidance for Implementation Annex C How to express mandate & commitment C.2.1 Key characteristics The expression of the mandate and commitment should meet the following criteria: a) It should be compatible with the organization s strategic plan, objectives, policies, styles of communication and management system; b) It should be compatible with the risk criteria determined by the oversight body; c) It should meet the principles of ISO as well as strive for excellence in risk management as outlined in Annex A; d) It should be easy to communicate and be tested for comprehension inside and outside the organization; e) It should have reasonable expectations of being successfully implemented; and f) It should address the responsibilities of risk owners.

34 ISO Guidance for Implementation Components of the Framework Understanding the organization & its context Establishing RM policy Accountability & Authority Integration into organizational processes Determining appropriate resources Establishing internal communication & reporting mechanisms Establishing external communication & reporting mechanisms ISO 31000:2009 Risk management Principles and guidelines

35 ISO 31000: Establishing RM Policy Rationale for managing risk Links between objectives and policies and the risk management policy Accountabilities & responsibilities for managing risk How you ll deal with conflicting interests Commitment to provide necessary resources How you ll measure & report Commitment to review & revise

36 The context applies to both the organization as a whole and the specific project, risk or portfolio of risks RM Process Establish the context Several elements take stakeholder interest and perceptions into account Monitor and review continually asks: Do we have this right? Communication and consultation is how the management of risk stays connected and relevant Communicate and consult Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitor and review The same consistent process used across the organization

37 A Few Definitions from ISO Risk = the effect of uncertainty on objectives (ISO 31000) An effect is a deviation from the expected positive or negative Uncertainty is the state of deficiency of information Risk is often expressed in terms of a combination of consequences and likelihood. Risk Management = the coordinated activities to direct and control an organization with regard to risk (ISO 31000) Risk Owner = the person or entity with the accountability and authority to manage risk (ISO 31000) Stakeholder = any person or organization that can affect, be affected by or perceive themselves to be affected by a decision or activity. They are both internal and external. Stakeholders are important to the process and key to activities like communication, consultation and reporting. Stakeholders interests and fears should be taken into account (ISO 31000) 2012 ARTHUR J. GALLAGHER & CO.

38 Risk is present in everything we do Risk = the effect of uncertainty on your objectives Objectives = the outcomes you seek, the highest expression of intent and purpose Uncertainty = the state of not knowing, a deficiency of information Anything that could harm, prevent, delay or enhance your ability to achieve your objectives = risk ISO/ANSI/ASSE 31000:2009 Risk management Principles and Guidelines 2012 ARTHUR J. GALLAGHER & CO.

39 When do you know you ve succeeded? When do you stop? Implementation takes time You do need to measure success This is an iterative, continual process

40 NACUBO Example Risk ID Description Actions to Manage Risk Risk Direction Strategic Objectives Interrelated Risks Risk Ownership Board Comm Oversight 1 UG and grad enrollment and aid strategies Reputation, $$ Stability 2,4,6,7,8,9,10 Provost, VP Enrollment Enrollment & Marketing 2 Tuition dependency, fundraising strategy Reputation, $$ Stability 1,3,4,6,7,9,10 President, VP Advancement Advancement 3 Tuition dependency, alternative revenue strategies Stability, Operational Efficiency 1,2,4,7,9,10 Cabinet Academic, Finance 4 Sustainable long range $$ plan Stability, Operational Efficiency 1,2,3,7,8,9,10 Cabinet, CFO Business & Finance 5 IT security & privacy Reputation 6,8,9,10 CIO, GC IT 6 Website Reputation 1,2,5,9 Provost, VP Marketing Enrollment & Mkting 7 Investment strategy $$ Stability, Reputation 1,2,3,4,9,10 VP Business & Finance Investment 8 Debt strategy $$ Stability 1,2,3,4,9,10 VP Business & Finance Business & Finance Safe and secure living environment Financial operations & controls $$ Stability, Reputation $$ Stability, Operational Efficiency All Cabinet, VP Stud Affairs 1,2,3,4,5,7,9 CFO Audit Student Affairs

41 Standard and Poor s recognized the University of CA for its ERM program. The UC has implemented a system wide enterprise risk management information system which, in our opinion, is a credit strength. September 9, 2010 Ratings Direct Global Credit Portal

42 Principles of Effective Risk Oversight 1. Understand the company s key drivers of success 2. Assess the risk in the company s strategy 3. Define the role of the full board and its standing committees with regard to risk oversight 4. Consider whether the company s risk management system including people and processes is appropriate and has sufficient resources 5. Work with management to understand and agree on the types (and format) of risk information the board requires 6. Encourage a dynamic and constructive risk dialogue between management and the board, including a willingness to challenge assumptions 7. Closely monitor the potential risks in the company s culture and its incentive structure 8. Monitor critical alignments of strategy, risk, controls, compliance, incentives & people 9. Consider emerging and interrelated risks: What s around the next corner? 10. Periodically assess the board s risk oversight processes Excerpted from Risk Governance: Balancing Risk and Reward 2009, NACD Blue Ribbon Commission

43 Open Discussion re Roles Line of authority Who s responsible for the oversight of risk? Who are your risk leaders?

44 Is Your Institution Ready for ERM? It can support key management initiatives Can be implemented without lots of $$$ It instructs and spreads understanding about risk and everyone s role re risk Think about the why

45 ERM Checklist Educate yourself Talk to your peers Review your answers to the 5 questions Identify your champions, skeptics and supporters engage them to make a plan

46 How to Implement ERM Using ISO Three-part training: Webinar How to apply the standard Workshop Introduction to ERM & ISO Workshop Implementing ERM Info at or PRIMA = Public Risk Management Assoc URMIA = University Risk Management and Insurance Association

47 Thank You! Dorothy M. Gjerdrum Senior Managing Director Public Sector & ERM Consultant Higher Education Arthur J. Gallagher & Co.

Enterprise Risk Management: Taking the First Steps

Enterprise Risk Management: Taking the First Steps Enterprise Risk Management: Taking the First Steps TN PRIMA, 2012 DOROTHY GJERDRUM, ARM, CIRM NOVEMBER 15, 2012 Agenda Goal: To understand how to begin to implement a broader approach to risk management

More information

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Today s Agenda What are we talking about today? What is Risk Evolution of risk management Understand the importance of Risk

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

Introduction to Enterprise Risk Management at UVM DRAFT

Introduction to Enterprise Risk Management at UVM DRAFT Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

Convergence of Internal Audit, Compliance, and Risk Management. Frank Bossle Executive Director- Office of Hopkins Internal Audits April 2014

Convergence of Internal Audit, Compliance, and Risk Management. Frank Bossle Executive Director- Office of Hopkins Internal Audits April 2014 Convergence of Internal Audit, Compliance, and Risk Management Frank Bossle Executive Director- Office of Hopkins Internal Audits April 2014 1 Summary Plan to share with you the maturation process at Johns

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Enterprise Risk Management

Enterprise Risk Management 2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion

More information

The transformation of IT Risk Management. kpmg.com

The transformation of IT Risk Management. kpmg.com The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help

More information

Organizational Change Management: A Best Practice to Effective ERM Implementation

Organizational Change Management: A Best Practice to Effective ERM Implementation Organizational Change Management: A Best Practice to Effective ERM Implementation Christine Ackerman, CPA Associate Vice President & Director of Internal Audit University of Cincinnati Anita Ingram, ARM

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

Attorney Perspectives: Enterprise Risk Management in a Time of Innovation

Attorney Perspectives: Enterprise Risk Management in a Time of Innovation Attorney Perspectives: Enterprise Risk Management in a Time of Innovation Nancy Pringle, Vice President and General Counsel, Ithaca College Stephen Sencer, Senior Vice President and General Counsel, Emory

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

Maryland Association of Boards of Education Insurance Programs

Maryland Association of Boards of Education Insurance Programs Insurance Programs ENTERPRISE RISK MANAGEMENT John Magoon, ARM (P, E), CBCP, MBCI Risk Management Officer, MABE jmagoon@mabe.org 443 603 0399 A PERFECT DAY Our Goals 1.2 1 0.8 0.6 0.4 0.2 0 Actual Goal

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

ENTERPRISE RISK MANAGEMENT. J. Joseph Hoey, Ed.D. Bridgepoint Education CAIR 2015

ENTERPRISE RISK MANAGEMENT. J. Joseph Hoey, Ed.D. Bridgepoint Education CAIR 2015 ENTERPRISE RISK MANAGEMENT J. Joseph Hoey, Ed.D. Bridgepoint Education CAIR 2015 Enterprise Risk Management (ERM) Defined ERM is a principles-based approach to manage, not eliminate risk. ERM is a process

More information

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb. Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO

T The Revised COSO ERM Framework. Robert Hirth Chairman, COSO T The Revised COSO ERM Framework Robert Hirth Chairman, COSO COSO: Thought Leadership to Improve Your Organization What the Heck is COSO?... Originally formed in 1985, COSO is a joint initiative of five

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

GAINING CONTROL: Building Your Existing Framework into an ERM Model

GAINING CONTROL: Building Your Existing Framework into an ERM Model GAINING CONTROL: Building Your Existing Framework into an ERM Model RIMS Northeast Ohio Chapter Education Day Carol Fox, ARM RIMS Director of Strategic and Enterprise Risk Practice November 19, 2013 Copyright

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.

More information

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP 2 AGENDA About RLB / About Our Not-for-Profit Team Defining Risk Types of Organizational Risk

More information

ISO 31000 and Risk Management

ISO 31000 and Risk Management ISO 31000 and Risk Management August 19, 2010 What is risk? All management is risk management! Risk Management Boot camp Threat + Vulnerability = Risk Risk Controls = Residual Risk Residual Risk Probability

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies James Barkley, Simon Property Group, Inc. and David E. Weiss, DDR Corp. Introduction: As lawyers, particularly real estate

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Overview Discussion Questions 1) Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization

More information

Enterprise Risk Management, Compliance, Management Advisory Services: An Integrated Approach

Enterprise Risk Management, Compliance, Management Advisory Services: An Integrated Approach Enterprise Risk Management, Compliance, and Management Advisory Services: An Integrated Approach SCCE s Higher Education Compliance Conference June 13, 2011 Objectives Implementing Enterprise Risk Management

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

When Recognition Matters WHITEPAPER ISO 31000 RISK MANAGEMENT PRINCIPLES AND GUIDELINES. www.pecb.com

When Recognition Matters WHITEPAPER ISO 31000 RISK MANAGEMENT PRINCIPLES AND GUIDELINES. www.pecb.com When Recognition Matters WHITEPAPER ISO 31000 RISK MANAGEMENT PRINCIPLES AND GUIDELINES www.pecb.com CONTENT 3 4 4 5 7 7 7 7 8 Introduction An overview of ISO 31000:2009 Structure of ISO 31000:2009 Key

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

Principled Performance & GRC

Principled Performance & GRC part of GRC Fundamentals Principled Performance & GRC How principled performance is the new normal and the imperative for integrating governance, performance, risk, internal control and compliance management

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Framework for Enterprise Risk Management

Framework for Enterprise Risk Management Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach

More information

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand Integration of Risk Management and Internal Audit Chartered Institute of Management Accountants, New Zealand Contents Understanding the three lines of defense governance model What is Risk? Risk Management

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

Hand IN Hand: Balanced Scorecards

Hand IN Hand: Balanced Scorecards ANNUAL CONFERENCE T O P I C Risk Management WORKING Hand IN Hand: Balanced Scorecards AND Enterprise Risk Management B Y M ARK B EASLEY, CPA; A L C HEN; K AREN N UNEZ, CMA; AND L ORRAINE W RIGHT Recent

More information

The Role of Internal Audit in Risk Governance

The Role of Internal Audit in Risk Governance The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Analyzing Risks in Healthcare. February 12, 2014

Analyzing Risks in Healthcare. February 12, 2014 Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),

More information

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk Kevin W Knight AM CPRM; Hon FRMIA; FIRM (UK); LMRMIA: ANZIIF (Mem) ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk History of the ISO and Risk Management Over

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

Enterprise Risk and Compliance Management

Enterprise Risk and Compliance Management Enterprise Risk and Compliance Management Their Integral Roles in Higher Education Governance Gallagher Higher Education Practice NOVEMBER 2015 Introduction Anyone involved in the management of higher

More information

Fraud Prevention and Deterrence

Fraud Prevention and Deterrence Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining

More information

Enterprise Risk Management Panel Discussion

Enterprise Risk Management Panel Discussion Enterprise Risk Management Panel Discussion Facilitators Bill Cole, VCU and VCUHS CAE Michael Bordoni, former Emory University CAE, now DHG (Dixon Hughes Goodman LLP) Risk Advisory Services Partner Gary

More information

Corporate Governance and Enterprise Risk Management Derek Jackson, Senior Manager 5 September 2005

Corporate Governance and Enterprise Risk Management Derek Jackson, Senior Manager 5 September 2005 Corporate Governance and Enterprise Risk Management Derek Jackson, Senior Manager 5 September 2005 Corporate Governance Services 0 Overview Hong Kong Code on Corporate Governance Practices Corporate Governance

More information

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM)

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM) Department of Veterans Affairs VA Directive 0054 Washington, DC 20420 Transmittal Sheet April 8, 2014 VA Enterprise Risk Management (ERM) 1. REASON FOR ISSUE: This directive provides guidelines to help

More information

Enterprise Risk Management Handbook. June, 2010

Enterprise Risk Management Handbook. June, 2010 Enterprise Risk Management Handbook June, 2010 Table of Contents Overview... 4 What is Enterprise Risk Management?... 5 Why Undertake Enterprise Risk Management?... 6 Draft UW System ERM Vision, Mission,

More information

Enterprise Risk Management & Information Technology

Enterprise Risk Management & Information Technology Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework. University of Windsor Board of Governors BG130430-4.2.3 4.2.3 Enterprise Risk Management Framework Item for: Approval Forwarded by: Audit Committee MOTION: That the Board of Governors approve of the Enterprise

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg. Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.com June 2015 Companies which adopt CSR or sustainability 1

More information

Managing Risk at Bank of America Corporation. Overview

Managing Risk at Bank of America Corporation. Overview Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,

More information

Strategic Risk Management for School Board Trustees

Strategic Risk Management for School Board Trustees Strategic Management for School Board Trustees A Management Process Framework May, 2012 Table of Contents Introduction Page I. Purpose....................................... 3 II. Applicability and Scope............................

More information

ERM Standards of Practice and Shared Risk Principles

ERM Standards of Practice and Shared Risk Principles ERM Standards of Practice and Shared Risk Principles ERM 2011 Symposium Chicago IL March 15, 2011 Carol Fox Director, Strategic and Enterprise Risk Practices Agenda Global risk governance drivers Evolving

More information

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K VERSION REV 4.0 OWNER VP OPS AND ENG EFFECTIVE DATE MARCH 2014 REVIEW DATE MARCH 2014 1. PURPOSE, APPLICATION AND SCOPE This Management System

More information

ENTERPRISE RISK MANAGEMENT in the Great City Schools

ENTERPRISE RISK MANAGEMENT in the Great City Schools ENTERPRISE RISK MANAGEMENT in the Great City Schools SPRING 2016 ABOUT THE COUNCIL The Council of the Great City Schools is the only national organization exclusively representing the needs of urban public

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

Leveraging Effective Risk Management and Internal Control

Leveraging Effective Risk Management and Internal Control Leveraging Effective Risk Management and Internal Control By J. Stephen McNally, CPA, and Vincent H. Tophoff, RA Effective risk management and internal control (RM/IC) is an important driver of business

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

Developing a Corporate Governance Framework

Developing a Corporate Governance Framework Developing a Corporate Governance Framework About ERM About The Speaker Karen Livingstone Practice Director at ERM Risk Management, Governance, Regulatory Compliance CPA, CISA, CIA, CRMA designations 20+

More information

Public Sector Pension Investment Board

Public Sector Pension Investment Board Public Sector Pension Investment Board Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Her Majesty the Queen in Right of Canada,

More information

Tailoring enterprise risk management strategies to the Main-Street insurer

Tailoring enterprise risk management strategies to the Main-Street insurer Tailoring enterprise risk management strategies to the Main-Street insurer Prepared by: Jay Golonka, Partner, McGladrey LLP 816.751.1830, jay.golonka@mcgladrey.com Discussions of Enterprise Risk Management

More information

THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING

THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING BY JOHN BUGALLA AND KRISTINA NARVAEZ In December 2005, the University of California s Department of Risk Management was

More information

WFP ENTERPRISE RISK MANAGEMENT POLICY

WFP ENTERPRISE RISK MANAGEMENT POLICY WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Operational Risk Management in a Debt Management Office

Operational Risk Management in a Debt Management Office Operational Risk Management in a Debt Management Office Based on Client Presentation January 2008 Outline The importance of operational risk management (ORM) International best practice A high-level perspective,

More information

Don t Get Left in the Dust: How to Evolve from CISO to CIRO

Don t Get Left in the Dust: How to Evolve from CISO to CIRO SESSION ID: CXO-W04 Don t Get Left in the Dust: How to Evolve from CISO to CIRO JC-JC James Christiansen VP Information Risk Management Accuvant jchristiansen@accuvant.com Bradley J. Schaufenbuel, CISSP

More information

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without

More information

The Business Continuity Maturity Continuum

The Business Continuity Maturity Continuum The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity

More information

Enterprise Risk Management: Concepts & Issues

Enterprise Risk Management: Concepts & Issues Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1 The Basic Concept of Risk Management The active process of identifying risks,

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

A Risk-Based Audit Strategy November 2006 Internal Audit Department

A Risk-Based Audit Strategy November 2006 Internal Audit Department Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal

More information

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Get More Out of Your Risk Assessment. Austin Chapter of the IIA Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

Feature. Developing an Information Security and Risk Management Strategy

Feature. Developing an Information Security and Risk Management Strategy Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide

More information

A Practical Approach to Implementing the COSO Internal Control Integrated Framework

A Practical Approach to Implementing the COSO Internal Control Integrated Framework A Practical Approach to Implementing the COSO Internal Control Integrated Framework Dr. Sandra B. Richtermeyer, CPA, CMA IMA s COSO Board Member Professor of Accountancy & Associate Dean Xavier University

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management EACUBO Workshop March 20, 2014 Janice M. Abraham, President & CEO ERM: A process forward 2 ERM A business process, led by senior leadership, that expands the core concepts of

More information

Critical Change: Enterprise Risk Management Meets Healthcare. 18 TH Annual Compliance Institute San Diego, CA March 31, 2014.

Critical Change: Enterprise Risk Management Meets Healthcare. 18 TH Annual Compliance Institute San Diego, CA March 31, 2014. Critical Change: Enterprise Risk Management Meets Healthcare 18 TH Annual Compliance Institute San Diego, CA March 31, 2014 Marie Moseley, JD, MPH, BSN, NNP-C, CHC, CHC-P 1 Objectives 1 Understand ERM

More information

NONPROFIT BOARD BASICS CHECK-UP

NONPROFIT BOARD BASICS CHECK-UP NONPROFIT BOARD BASICS CHECK-UP For each of the statements below, please check the appropriate box. If there is an item or section that does not apply to your organization, cross out that line or section.

More information

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the Remarks by Carolyn G. DuChene Deputy Comptroller Operational Risk at the Bank Safety and Soundness Advisor Community Bank Enterprise Risk Management Seminar Washington, D.C. October 22, 2012 Good afternoon,

More information

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY Audit Committee - 1. Call to Order - Nicholas Majett, Chairperson DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY Board of Directors Audit Committee Thursday, October 2, 2014 10:30 a.m. 1. Call to Order..Nicholas

More information

Board oversight of risk: Defining risk appetite in plain English

Board oversight of risk: Defining risk appetite in plain English www.pwc.com/us/centerforboardgovernance Board oversight of risk: Defining risk appetite in plain English May 2014 Defining risk appetite in plain English Risk oversight continues to be top-of-mind for

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Competency Requirements for Executive Director Candidates

Competency Requirements for Executive Director Candidates Competency Requirements for Executive Director Candidates There are nine (9) domains of competency for association executives, based on research conducted by the American Society for Association Executives

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information