Integrating Risk Management with Performance Management * Margaret Woods Aston Business School
|
|
- Marylou Bates
- 8 years ago
- Views:
Transcription
1 Integrating Risk Management with Performance Management * Margaret Woods Aston Business School Why Risk Management Matters Sometimes it is the things you don t see that really matter. Source: Enron Corporation advertisement (2000). Certainly the investors in Enron found this to be true. What they could not see was the existence of fraud, questionable accounting practices and weak internal controls which ultimately resulted in the corporation s bankruptcy, and triggered major governance reforms in the USA and around the globe. Enron is an extreme example which illustrates the core truth that risk management matters. Post Enron, governance reforms around the world have served to raise the profile of risk management, and emphasise the need for a corporate wide approach to internal control that is overseen by the Board of Directors. In the US, this is most clearly demonstrated by the emergence of Enterprise Risk Management (ERM), which is defined as: a process, effected by an entity s board of directors, management and other personnel, applied in strategy setting across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (COSO, 2004, p.2) CIMA s Official Terminology defines risk management as the process of understanding and managing the risks that the organisation is inevitably subject to in attempting to achieve its corporate objectives. Both of these definitions establish common basic principles- that risk management is designed to ensure the achievement of corporate objectives. In practical terms, however, the introduction of an enterprise wide holistic risk management system poses a big challenge to all but the smallest of organisations. The financial crisis has clearly shown that enterprise wide risk management remains a dream rather than a reality for even the world s largest and once highly respected companies. Risk management has traditionally been practiced in a fragmented way, and focused on operational rather than strategic issues. Consequently, strategic risks have been managed * This article was originally published by the Chartered Institute of Management Accountants in 2007 in Excellence in Leadership Vol.2 pp Copyright rests with the author. 1
2 reactively rather than proactively. In contrast, a shift towards an ERM style of approach requires a willingness to move away from this silo based style of management in favour of a portfolio based system of risk management. This means that directors and senior management need to recognise that inter-linked operational activities within a company create exposure to a portfolio of inter-linked risks. Managers need to be encouraged to identify, measure and monitor the upside and downside risks that their decisions may create for the WHOLE of the organisation: the inter-relationship between what goes on in one division or business unit and the organisation s aggregate risk exposure must be clearly understood. The need is for joined up thinking. Senior managers also need to recognise that embedding a culture of risk management which takes an organisation wide perspective on issues can be made difficult by the apparent distance between company strategy and day to day operations. The challenges for risk management are very similar to those of performance management: how can the issue be made relevant to individual employees? How can individual involvement be demonstrated to be relevant to overall company performance? Parallels in risk management and performance management There are strong parallels to be drawn between performance management and risk management because they are both: Designed to ensure the achievement of corporate objectives. Organisation wide in their scope Designed to recognise organisational inter-dependencies The operational responsibility of line management Formalising the links between performance and risk management can begin by reference to the strategic planning process which links strategy and performance across all levels of the organisation. In developing its strategic plan, an organisation begins by defining its strategic focus, and then elaborating on how it will deliver its commitments under the plan and how it will measure success. The detail of the plan breaks this down into significant corporate annual targets and associated action plans which outline how all the various business activities contribute to the achievement of the strategies. If the organization uses a performance management system such as the Balanced Scorecard, individual scorecards can be developed for every level of the organization. The scorecards cascade down from corporate level, through divisional and business units down to the individual line managers. At each level the scorecards will be underpinned by plans showing the linkage between strategic objectives and targeted outcomes for that level. The scorecards may be complemented by strategy diagrams or maps which set out the plans 2
3 and actions that will deliver the performance measured by the scorecards as well as the relevant performance targets. The use of scorecards which cascade down through the corporate hierarchy ensures ownership of targets and also directly links them to the strategic plan. This can be taken down to the level of the individual manager by specifying and agreeing the targets in their personal performance and development appraisal meetings. Recording the allocation of targets to individual managers in the performance database also provides an audit pathway for each performance indicator. Figure 1 illustrates this type of control system, which encompasses performance planning, delivery, and monitoring. Figure 1: Cascading Down of Performance Measures and Monitoring Planning Delivery Monitoring Corporate Plan and Scorecard Divisional Plans and Scorecards Business Unit plans and scorecards Portfolio Strategy Maps & Performance Indicators Comparison of performance against targets Team and individual targets 3
4 The principle of cascading down responsibility for performance as shown in Figure 1 can also be applied to risk management. The underlying aim is to ensure that at all levels of an organisation, staff are: aware of the risks that may affect performance in the areas over which they have responsibility take responsibility for management of those risks performance and risk monitoring work in parallel to ensure achievement of corporate objectives The strategic maps that define how performance targets will be achieved can be complemented by risk maps that identify the key threats to successful delivery at each level of the organization. At the same time, responsibility for management of those risks can be specified by identifying owners of risks, and including details of such ownership in the performance management system. In other words, risk management and performance management can become fully integrated systems. Integrating Risk and Performance Management A key step towards integrating risk and performance management is the creation of a formal procedure for risk identification, assessment and allocation of responsibility. The identification and assessment of risks is vital and it is now common practice for most organizations to maintain a key risk register. The key risks are those which pose a major threat to survival and these must be managed at a very senior level. In their annual reports many large companies now state that responsibility for their management and monitoring rests with the Board of Directors. For example, the 2005 Annual Report of Hammerson plc, a FTSE 100 listed real estate company states: The risk management procedures involve the analysis, evaluation and management of the key risks to the group, including those relating to joint venture arrangements and plans for the continuance of the Company s business in the event of unforeseen interruption. The Board has allocated responsibility for the management of each key risk to Executive Directors and senior executives within the group who report on these risks to the Board. Any recommendations arising from such reports and reviews are implemented under the supervision of the Board. The statement reveals that each key risk is owned by an Executive Director. An identifiable person is thus answerable if the risk becomes effective. If responsibility for management of key risks is in the hands of the board, this leaves open the question of the systems used to manage all other risks i.e. the business level risks that may encompass compliance, financial or operational dimensions. The precise terminology 4
5 varies from company to company, but these are risks which do not pose a major threat to survival but may nonetheless impact upon corporate performance, and may be caused by factors either internal or external to the business. Examples might include property maintenance, regular untimely deliveries of essential components, a shift in consumer taste away from specific products, or a need to recall faulty goods. All of these issues may damage company performance in both financial and non financial terms, but can be overseen by operational managers rather than at Board level. In the view of the Head of International Audit as Tesco plc, accountability for managing risk lies clearly with line managers. If this is the case, then identifiable lines of responsibility and reporting must be established, and risk and performance management inter-linked. Every individual manager should be asked to take each performance target for which they are responsible, and produce a list of the risks that may cause performance to fall below target. In this way the risks become embedded in the performance scorecard and in so doing the practice of risk management matches up to its definition as the process of understanding and managing the risks that the organisation is inevitably subject to in attempting to achieve its corporate objectives. The risks can be ranked by using a matrix system to assess both their likelihood and consequences. This ranking helps to focus attention on potential problems and also facilitate the identification if risks that may need to be managed at a more senior level within the organization. The risk matrices for each manager can also be directly linked to individual appraisal and remuneration plans. The net result is a performance scorecard and risk scorecard that run in parallel and perform strategically important and complementary roles. Management control systems are used to monitor actual against expected results in terms of both performance and risk, and the outcome of these reviews helps to inform future business planning and internal audit planning by highlighting areas where controls may be failing. Figure 2 illustrates how this type of integrated system might work in practice. 5
6 Figure 2: Integrating Performance and Risk Management Performance Corporate plan and scorecard Risk Corporate key risk matrix Monitoring Divisional Plans and scorecards Divisional Risk Matrices Performance Indicators an + Business Unit plans and scorecards Business Unit risk matrices Risk ownership + Team and individual targets Team and Individual risk matrices Comparison of risk and performance against targets 6
7 Conclusion The system outlined above ensures that risk management is cascaded down through an organization so that individual business units and line managers take responsibility for identifying their own risks and are also held accountable for their management. In so doing it provides a governance structure that integrates performance and risk management to facilitate achievement of the priorities laid down in the strategic plan. Reference Committee of Sponsoring Organisations of the Treadway Commission (COSO) (2004), Enterprise Risk Management, AICPA,New York, NY. 7
Enterprise Risk Management
Enterprise Risk Management Topic Gateway Series No. 49 1 Prepared by Jasmin Harvey and Technical Information Service July 2008 About Topic Gateways Topic Gateways are intended as a refresher or introduction
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationEnterprise Risk Management
Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),
More informationTHE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT
THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.
More informationA Risk Management Standard
A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management
More informationCritical Change: Enterprise Risk Management Meets Healthcare. 18 TH Annual Compliance Institute San Diego, CA March 31, 2014.
Critical Change: Enterprise Risk Management Meets Healthcare 18 TH Annual Compliance Institute San Diego, CA March 31, 2014 Marie Moseley, JD, MPH, BSN, NNP-C, CHC, CHC-P 1 Objectives 1 Understand ERM
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationP3M3 Portfolio Management Self-Assessment
Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction
More informationThe Role of the Board in Enterprise Risk Management
Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationClarius Group Risk Management Policy and Framework
1. Introduction Clarius Group Risk Management Policy and Framework 1.1 Definition Risk is the chance of something happening that will have an impact on objectives. Risk provides the opportunity (upside)
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationUniversity of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007
University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas
More informationRisk Management How to manage your brand & build business resilience to improve your bottom line
2010 RMIA Members Forum Primary focus for RMIA in 2011 Risk Management How to manage your brand & build business resilience to improve your bottom line Grant Whitehorn RMIA Chief Executive Officer CPA
More informationA structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000
A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 Contents Executive summary Introduction Acknowledgements Part 1: Risk, risk management and ISO 31000 1 Nature
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationThe Upside of Risk: Enterprise Risk Management and Public Real Estate Companies
The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies James Barkley, Simon Property Group, Inc. and David E. Weiss, DDR Corp. Introduction: As lawyers, particularly real estate
More informationProcurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment
Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationRisk Management Policy. Corporate Governance Risk Management Policy
Corporate Governance Risk Management Policy Approved by the Council of Ministers, May 2006 1. Background The Isle of Man Government is working to promote better risk management, with emphasis on the importance
More informationHand IN Hand: Balanced Scorecards
ANNUAL CONFERENCE T O P I C Risk Management WORKING Hand IN Hand: Balanced Scorecards AND Enterprise Risk Management B Y M ARK B EASLEY, CPA; A L C HEN; K AREN N UNEZ, CMA; AND L ORRAINE W RIGHT Recent
More informationEnterprise risk management: A pragmatic, four-phase implementation plan
Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com
More informationIRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS
IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and
More informationIntroduction to Enterprise Risk Management at UVM DRAFT
Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for
More informationBest Value toolkit: Performance management
Best Value toolkit: Performance management Prepared by Audit Scotland July 2010 Contents Introduction The Audit of Best Value The Best Value toolkits Using the toolkits Auditors evaluations Best Value
More informationGuidance on Supervisory Interaction with Financial Institutions on Risk Culture. A Framework for Assessing Risk Culture
Guidance on Supervisory Interaction with Financial Institutions on Risk Culture A Framework for Assessing Risk Culture 7 April 2014 Table of Contents Page Background... i Introduction... 1 1. Foundational
More informationGuidance on Risk Management, Internal Control and Related Financial and Business Reporting
Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting
More informationOWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT
OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More informationGuiding Principles for Implementing Enterprise Risk Management (ERM)
1 Guiding Principles for Implementing Enterprise Risk Management (ERM) SEAC Conference New Orleans November 15-17, 2006 Hubert Mueller (860) 843-7079 Towers Towers Perrin Perrin 0 ERM raises many implementation
More informationRisk Assessment & Enterprise Risk Management
Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationHow To Write A Risk Management Policy For The University Of Kerry
Risk Management Policy Originator name: Department: Implementation date: Ruth Anderson Finance 1 August 2013 Date of next review: 1 August 2016 Related policies: Health & Safety Policy, Equality & Diversity
More informationA Risk-Based Audit Strategy November 2006 Internal Audit Department
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
More informationEnterprise-Wide Risk Assessment
Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,
More informationCOMPARATIVE STUDY BETWEEN TRADITIONAL AND ENTERPRISE RISK MANAGEMENT A THEORETICAL APPROACH
COMPARATIVE STUDY BETWEEN TRADITIONAL AND ENTERPRISE RISK MANAGEMENT A THEORETICAL APPROACH Cican Simona-Iulia Management, Faculty of Economics and Business Administration, West University of Timisoara,
More informationUNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework
UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationEnterprise Risk Management (ERM) & Compliance
Enterprise Risk Management (ERM) & Compliance Mid Atlantic Regional Meeting, May 1, 2015 Society of Corporate Compliance and Ethics Jason Lunday, consultant Compliance Opportunities in ERM Increase compliance
More informationCorporate Governance is Stretched to Breaking Point
Corporate Governance is Stretched to Breaking Point In a recent report to the OECD, I argued that corporate governance in the banking sector has been severely challenged in an extreme Financial Crisis
More informationInternational Diploma in Risk Management Syllabus
International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.
More informationUniversity Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment
Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need
More informationSponsored by the international insurance firm AON Global, Hong Kong
The Governance of Critical Risk - the new frontier in corporate governance Sponsored by the international insurance firm AON Global, Hong Kong Most boards now recognize the significance of enterprise risk
More informationTopic Gateway Series. Operational risk. Operational Risk. Topic Gateway series No. 51
Operational Risk Topic Gateway series No. 51 1 Prepared by Helen Matthews and Technical Information Service September 2008 About Topic Gateways Topic Gateways are intended as a refresher or introduction
More informationThe audit committee and risk management
Audit Committee Institute Sponsored by KPMG The audit committee and risk management Is the board of directors adequately overseeing management's process for identifying and monitoring key business risks?
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationRisk Management Framework
Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:
More informationWHITE PAPER. Inside Information: What Business Leaders are Saying About the Complexities of Enterprise Risk Management (ERM)
Inside Information: What Business Leaders are Saying About the Complexities of Enterprise Risk Management (ERM) As the third quarter of 2012 marches to a close and the end of the year approaches, economic
More informationCYBERSECURITY RISK RESEARCH CENTRE. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322
CYBERSECURITY RISK RESEARCH CENTRE http://www.riskgroupllc.com http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 Cyber-Security Risk Research Centre In this era of interconnected and interdependent
More informationReporting and managing risk A look at current practice at Tesco, RBS, local and central government
Margaret Woods Aston University, UK Reporting and managing risk A look at current practice at Tesco, RBS, local and central government Research executive summary series Volume 6 Issue 8 Key findings: Risk
More informationBUSINESS FOCUSED PROJECT MANAGEMENT
BUSINESS FOCUSED PROJECT MANAGEMENT By Dennis Comninos & Enzo Frigenti Synopsis This article addresses the concepts and issues of business project management. It aims to assist organizations in making
More informationEight principles of risk convergence
Eight principles of risk convergence Managing risk, achieving efficiencies and supporting business decision-making with Governance, Risk and Compliance (GRC) Contents: 1 Executive overview 2 What needs
More informationAudit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee
Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationtreasury risk management
Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners
More informationBenchmarking resilience Organisational Resilience to Extreme Climatic Events
Benchmarking resilience Organisational Resilience to Extreme Climatic Events This project compares Sydney Water s organisational resilience and practices with other water utilities to identify strengths
More informationGood practice for annual reports
Guidance note Good practice for Contents: 1 Introduction 2 How the best reports set themselves apart 3 Examples of the best May 2015 1 Introduction An annual report can generate more value if viewed as
More informationDRIVING ENTERPRISE RISK MANAGEMENT BEST PRACTICES FOR ENERGY FIRMS
DRIVING ENTERPRISE RISK MANAGEMENT BEST PRACTICES FOR ENERGY FIRMS The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position
More informationDealing with Predictable Irrationality. Actuarial Ideas to Strengthen Global Financial Risk Management. At a macro or systemic level:
Actuarial Ideas to Strengthen Global Financial Risk Management The recent developments in global financial markets have raised serious questions about the management and oversight of the financial services
More informationBusiness continuity management
Business continuity management The world is a riskier place. Emerging threats such as product recalls with the increasing vulnerability of sophisticated global supply chains and unpredictable natural
More informationINTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS
Standard No. 13 INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS STANDARD ON ASSET-LIABILITY MANAGEMENT OCTOBER 2006 This document was prepared by the Solvency and Actuarial Issues Subcommittee in consultation
More informationEnterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management
Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits
More informationIntegration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand
Integration of Risk Management and Internal Audit Chartered Institute of Management Accountants, New Zealand Contents Understanding the three lines of defense governance model What is Risk? Risk Management
More informationThe Future Use of Electronic Health Records for reshaped health statistics: opportunities and challenges in the Australian context
The Future Use of Electronic Health Records for reshaped health statistics: opportunities and challenges in the Australian context The health benefits of e-health E-health, broadly defined by the World
More informationEffective risk management
Effective risk management Our holistic and disciplined risk management program is designed to mitigate risks at all levels of our business in order to protect our clients interests. 2 Vanguard > Effective
More informationHow To Manage Risk With Sas
SOLUTION OVERVIEW SAS Solutions for Enterprise Risk Management A holistic view of risk of risk and exposures for better risk management Overview The principal goal of any financial institution is to generate
More informationRISK MANAGEMENT POLICY (Revised October 2015)
UNIVERSITY OF LEICESTER RISK MANAGEMENT POLICY (Revised October 2015) 1. This risk management policy ( the policy ) forms part of the University s internal control and corporate governance arrangements.
More informationIIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT
IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT Revised: Page 1 of 8 Introduction The importance to strong corporate governance of managing risk has been increasingly
More informationSaldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology
Inclusive of, framework, procedures and methodology Contents 1 Introduction 1 1.1 Legislative Framework and best practice 1 1.2 Purpose of Enterprise Risk Management 2 1.3 Scope and Applicability 3 1.4
More informationWFP ENTERPRISE RISK MANAGEMENT POLICY
WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement
More informationTying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation
Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus
More informationHow To Understand The Role Of An Internal Audit
Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1
More informationWHAT IS GRC AND WHERE IS IT HEADING? A BRIEFING PAPER. www.claytonutz.com
WHAT IS GRC AND WHERE IS IT HEADING? A BRIEFING PAPER www.claytonutz.com BACKGROUND Well established governance, risk and compliance functions have for many years formed a key part of management practice
More informationMatthew E. Breecher Breecher & Company PC November 12, 2008
Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:
More informationCAPABILITY MATURITY MODEL & ASSESSMENT
ENTERPRISE DATA GOVERNANCE CAPABILITY MATURITY MODEL & ASSESSMENT www.datalynx.com.au Data Governance Data governance is a key mechanism for establishing control of corporate data assets and enhancing
More informationRisk Management Policy and Framework
Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871
More informationOperational Risk Management in a Debt Management Office
Operational Risk Management in a Debt Management Office Based on Client Presentation January 2008 Outline The importance of operational risk management (ORM) International best practice A high-level perspective,
More informationWhite Paper Governance, Risk Management and Compliance: Sustainability and Integration supported by Technology
White Paper Governance, Risk Management and Compliance: White Paper Governance, Risk Management and Compliance: Published by PricewaterhouseCoopers AG by: Christof Menzies Alan Martin Michael Koch Carsten
More informationRISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer
RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.
More informationBeyond risk identification Evolving provider ERM programs
Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many
More informationApplying Integrated Risk Management Scenarios for Improving Enterprise Governance
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used
More informationcompany mission organisational objectives business objectives/business strategy marketing objectives marketing strategy operational objectives
Key Issues marketing planning process marketing audit SWOT analysis strategic management strategic planning business objectives Ashridge mission model Ansoff matrix BCG matrix strategic thrust strategic
More informationCONSULTATION PAPER P002-2013 January 2013. Enterprise Risk Management for Insurers
CONSULTATION PAPER P002-2013 January 2013 Enterprise Risk Management for Insurers PREFACE 1 In line with the increasing importance of Enterprise Risk Management ( ERM ) in a more complex risk environment,
More informationOperational Risk Management - The Next Frontier The Risk Management Association (RMA)
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
More informationOn the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal
(Provisional translation) On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on
More informationBusiness Continuity Management
Business Continuity Management The Concept and Context of BCM Planning and Study Notes THE CONCEPT AND CONTEXT OF BUSINESS CONTINUITY Introduction Whilst it is important to recognise that there is a holistic
More informationThe Logical Framework Approach An Introduction 1
The Logical Framework Approach An Introduction 1 1. What is the Logical Framework Approach? 1.1. The background The Logical Framework Approach (LFA) was developed in the late 1960 s to assist the US Agency
More informationSolvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)
Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Governance, Risk Management, and Internal Controls INTERIM REQUIREMENTS CONTENTS 1. INTRODUCTION
More informationEnterprise Risk Management Process Improvement. Secure Banking Solutions, LLC
Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com
More informationCompliance Policy AGL Energy Limited
Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5
More informationSOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY
SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY Prepared by: SOL PLAATJE MUNICIPALITY RISK MANAGEMENT UNIT AND Consolidated Advisory Services This document should be read in conjunction
More informationImproving information to support decision making: standards for better quality data
Public sector November 2007 Improving information to support decision making: standards for better quality data A framework to support improvement in data quality in the public sector Improving information
More informationUniversity of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.
University of Windsor Board of Governors BG130430-4.2.3 4.2.3 Enterprise Risk Management Framework Item for: Approval Forwarded by: Audit Committee MOTION: That the Board of Governors approve of the Enterprise
More informationWhat Every Director. How to get the most from your internal audit. Endorsed by
What Every Director Should Know How to get the most from your internal audit Endorsed by Foreword This is the second edition of our flagship governance guide What every director should know. Since we published
More informationAccreditation Application Forms
The Institute of Risk Management The Institute of Risk Management Accreditation Application Forms Universities and Professional Associations The Institute of Risk Management Accreditation Application Forms
More informationRisk Management Policy Adopted by:
Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationTHE GOVERNANCE OF RISK MANAGEMENT. Session 5
THE GOVERNANCE OF RISK MANAGEMENT Session 5 Polling Question: Who is primarily responsible for risk governance in any organization? 0% A. The board or board risk committee (if applicable) B. The CRO 0%
More informationRISK MANAGEMENT STRATEGY 2014-17
RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team
More informationRelationship Manager (Banking) Assessment Plan
1. Introduction and Overview Relationship Manager (Banking) Assessment Plan The Relationship Manager (Banking) is an apprenticeship that takes 3-4 years to complete and is at a Level 6. It forms a key
More information