Demystifying Enterprise Risk Management:
|
|
- Evan Griffith
- 8 years ago
- Views:
Transcription
1 Demystifying Enterprise Risk Management: How a practical and effective approach to ERM can lead to value creation for your company. Presented by: Alyssa Martin, CPA, MBA
2 Alyssa G. Martin, CPA Dallas Executive Partner at Weaver with 24 years of experience in public accounting. Practice emphasis in the areas of risk management, internal audit, IT audit, business management consulting, strategic planning, and technology consulting. Member of the Executive Advisory Committee of the Accounting and Information Management Area of the University of Texas at Dallas School of Management Chair of the Baker Tilley International Corporate Governance and Risk Management Committee Frequent author on Risk Management, Internal Audit, IT and Governance topics
3 Agenda ERM Basics: Defining, differentiating ERM from other risk management approaches Approach and Methodology: Understanding the purpose of identifying risk events Components of a Successful ERM Program: Key elements for effective ERM Practical Insights on ERM: How businesses get the most value out of strategic risk management
4 ERM Basics Defining and differentiating ERM from other risk management approaches
5 What is Risk? Risk: Events that have the potential to negatively impact achievement of objectives Anything that would prevent an organization from achieving its business objectives, including both internally and externally driven, or due to either action or inaction on our part Wal-Mart
6 Defining Risk Management Defining Risk Management COSO-ERM Framework: Enterprise Risk Management is a structured and coordinated entity wide governance approach to identify, quantify, respond to, and monitor the consequences of potential events. Implemented by management, ERM is evaluated by the internal auditors for effectiveness and efficiency. ISO 31000: The Risk Management Process is a systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing risk
7 Defining Risk Management Risk Management is not the same as Risk Assessment Risk Assessment: The process of identifying and evaluating individual risks for the purpose of determining risk responses Risk Management: A comprehensive set of risk management activities that includes Risk Assessment and incorporates all components of the COSO Framework Effective, Strategic Risk Management: Focuses on value creation and linking risks to business strategy Embeds risk management in business processes in order to systematically ensure that processes are designed to achieve strategic objectives Identifies positive events (opportunities) upon which to capitalize, in addition to identifying risks
8 Defining Risk Management Enterprise Risk Management incorporates a broad spectrum of considerations: Financial and nonfinancial indicators Intangible assets, like your brand Enhancing business strategy External influences Operational management Opportunities in addition to risks Risk Management is a Consistent, Continuous Process
9 Risk Management Effective Risk Management also involves: Implementing Good Governance Identifying Risks Effective Strategic Management Enhancing Business Strategy
10 Defining Enterprise Risk Management Enterprise Risk Management (ERM) is: A process Effected by people Applied in strategy setting Applied across the enterprise Designed to identify potential events (both positive and negative) Manages risk within risk appetite Provides reasonable assurance Supports the achievement of key objectives
11 Did you know? According to a recent study: 91% of companies surveyed plan to reorganize their approach to risk management over the next three years Why? Increased volatility across 11 risk areas surveyed which included: Strategic risk Reputational risk Operational risk Source: Deloitte, Aftershock: Adjusting to the New World of Risk Management
12 Differentiating ERM from Risk Compliance ERM can be distinguished from risk compliance in that it: Focuses on value creation and linking risks to business strategy Embeds risk management in business processes in order to systematically ensure that processes are designed to achieve strategic objectives Identifies positive events (opportunities) upon which to capitalize, in addition to identifying risks Compliance has a narrower scope, focusing strictly on adherence to legal and regulatory requirements. Compliance risk tends to focus on: Financial risk Regulatory risk ERM takes a broader approach, focusing on: Financial and nonfinancial indicators Enhancing business strategy Opportunities in addition to risks Operations within the Company
13 Key Takeaways ERM Basics: ERM is a process effected by people to align risks to strategic objectives across the enterprise ERM should not function in a silo Risk management is not merely risk assessment or compliance. Goals of risk management are broader and strategic in nature. Focus on financial and nonfinancial indicators. Focus on mitigating risks and harvesting opportunities.
14 Approach and Methodology Understanding the purpose of identifying risk events
15 Why ERM? ERM necessitates proactive identification of risk. Waiting until a risk becomes a hot button issue can create other risks (i.e., reputational risk ), and promotes a reactionary culture. Proactive identification of risk empowers management to make sound decisions in the strategy-setting phase, prior to implementation. Thus, risk consciousness is baked in to the strategic plan.
16 Why ERM? ERM Seeks to Identify: The Why (root cause risk): Establishment of an ERM risk universe through which all organizational root cause risks are identified at their source Allows users to develop the arsenal of actions to establish a plan to address a risk at its source and eliminates the fallacy that you can manage the consequence The What (risk identification description): Linking all risks to their root cause The Where we need to be (risk tolerance): Identifying the degree of future residual risk that is acceptable for every root cause risk, at all management levels
17 Why ERM? ERM Seeks to Identify, continued: The Who (risk owner and mitigation action owner): Attaching ownership to the correct root cause risks at every level of the organization Ensures organizational structure is focused on exactly what employees can and should own, so there is no conflict between accountability and ability The So What (inherent risk likelihood and impact) The What are we going to do about it (mitigation action plans) The The Who and by When (mitigation due date): Mitigation action ownership and timeline The Where are we (current residual risk): Likelihood after mitigation actions
18 Anatomy and Lifecycle of a Risk Event ERM seeks to identify and address risks here instead after they have impacted the company of reacting to risk events here Stage 1 - Root Cause Event Signal Stage 2 - High Risk Environment Stage 3 - Root Cause Event Stage 4 - Risk Realization and Consequence Stage 5 - Management / Mitigation Factors/signals are present that create a high risk environment. Can be identified through monitoring of Key Risk Indicators (discussed in Monitoring section). A high risk environment has resulted from the signals identified in Stage 1. High potential for root cause event. An event occurs that creates potential for significant risks to be realized. A significant risk event occurs, impacting the company. A snowball effect can occur, causing risks to multiply at this stage: Reputation risk Fraud risk Management evaluates outcome and establishes mitigation strategy to avoid future risk.
19 Anatomy and Lifecycle of a Risk Event If the risk had been identified here through monitoring of Key Risk Indicators the cause event may never have occurred and the risk may never have been realized. Stage 1 - Root Cause Event Signal Stage 2 - High Risk Environment Stage 3 - Root Cause Event Stage 4 - Risk Realization and Consequence Stage 5 - Management / Mitigation Tire pressure is low Flat tire Car Accident Increased insurance cost Relegated to high risk pool Inability to negotiate terms Switch insurance providers Wait for accident to clear from record Take defensive driving Check tire pressure regularly
20 Key Roles in Enterprise Risk Management: Who Owns ERM? ERM is typically owned by one of the following individuals: Chief Risk Officer General Counsel Internal Audit The ERM owner is responsible for: Reporting results of risk management activities to the Board Assisting the CEO and Management with ongoing monitoring of key risks Developing risk management policies and communicating them throughout the organization Determining risk ownership within the organization The Risk Management function should report to the Board to ensure: Independence from operations Sufficient authority to solicit and obtain buy-in from key executives
21 Key Roles in Enterprise Risk Management: The Board s Responsibilities: Governance ERM should be integrated with governance processes to ensure systematic linkage of strategy, risks, and risk appetite Oversight Ensure that the organization has an awareness of the risk appetite. Set the tone at the top in order to establish sound risk culture that mirrors risk tolerance and appetite Monitoring Stays up-to-date on the status of ERM implementation Understand the linkage between management s strategies, critical risks and opportunities to ensure that risk management activities are consistent with the organization s risk appetite Reviews feedback from internal audit, external audit, bank regulators and other professional service providers
22 Key Roles in Enterprise Risk Management: Management s Responsibilities: Lead the charge Executive management must lead the charge in implementing ERM. Every manager is responsible for ERM since it is embedded within the processes and overall decision-making throughout the organization Understand and incorporate vision Create strategies and tactical plans that are cohesive with the vision and risk appetite of the organization Demonstrate and communicate vision and expectations to staff Performance goals Policies and procedures Risk philosophy of the organization Successful ERM implementation involves everyone in the organization!
23 ERM Overview ERM Culture ERM Infrastructure ERM Integration Vision/Goals Governance Oversight Committee Structure/Charters Common Language Technology/Tools Tolerance/Appetite Risk Transfer Techniques Aggregate Results/Inte grate with Decision- Making Process Measure, Monitor, and Report Risk Management Performance Identify, Assess and Prioritize Business Risk Business Goals, Objectives, and Strategies Develop and Execute Action Plans/Establi sh Metrics Analyze Key Risks and Current Capabilities Determine Strategies and New Capabilities Audit Committee Reporting Business Planning Committee Membership Corporate Audit Dashboard Reporting Product Development Regulatory Compliance Scorecards Strategic Planning ERM Culture Awareness/Training Communication Continuous Improvement Information Sharing Organizational Change Management
24 Key Takeaways Approach and Methodology: ERM seeks to answer the Who, What, Where, When, Why about key organizational risks. ERM should be tailored to the organization s unique characteristics. There is no one-size-fits all solution. Risk realignment is critical to successful ERM implementation. An effective ERM strategy starts with obtaining buy-in from the top. Risk isn t delegated down the chain of command!
25 Components of a Successful ERM Program Key elements for effective ERM
26 There are 5 key steps to implementing ERM: Step 1: Laying the Groundwork for ERM Step 2: Objective-Setting Step 3: Event Identification Step 4: Risk Assessment Step 5: Risk Responses
27 Step 1: Laying the Groundwork for ERM The Scope of ERM Activities: ERM is Enterprise-wide Not limited to financial or accounting roles Begin by establishing what ERM should be in your organization Begin by determining what risk assessments are already being performed in the company What areas are not being covered? Identify gaps Give credit to areas that have identified their most significant risks and are taking measures to mitigate them
28 Laying the Groundwork Set the tone: Paramount to successful implementation is establishing a Risk-Aware Culture.
29 Step 2: Objective-Setting Objective-Setting should link people, process, capital and risk appetite People Process Capital Risk Appetite Risk Appetite: Level of Risk the Organization is willing to accept in pursuit of value creation Reflects risk management philosophy Influences risk culture A guidepost in strategy-setting Related primarily to business model
30 Risk Appetite and Tolerance Overview of Considerations Affecting Risk Profile Existing Risk Profile The current level of risks across the entity and across various risk categories Risk Capacity The amount of risk that the entity is able to support in pursuit of its objectives Risk Tolerance Acceptable level of variation an entity is willing to accept regarding the pursuit of its objectives Determination of Risk Profile Attitudes Towards Risk The attitudes towards growth, risk, and return
31 Step 3: Event Identification Natural Environment Natural disaster Environmental Issues Political Governmental changes and dynamics Legislation Public policy Regulation Social Demographics Consumer behavior Privacy Company Perception Economic Recessionary risk Financial Competition Employment Indicators Goal Achievement Technological Interruptions Electronic commerce Emerging technology External data Fraudulent activity
32 Step 3: Event Identification Personnel Employee competence Fraudulent activity Health and safety Tone at the Top Corporate reputation Corporate responsibility Code of ethics Corporate citizenship Process Capacity Design Execution Suppliers and dependencies Scalability/Growth Infrastructure Availability of assets Capability of assets Access to capital Complexity Goal Achievement Technology Data integrity Data and system availability System selection Development Deployment Maintenance
33 Step 4: Risk Assessment Rating Rating Risk Once key activities and organizational risks are identified, Management from across the organization judgmentally rates the risks The risk rating will be based on the profile of the company, considering factors such as organizational structure, customer concentration, economic climate, regulatory environment, etc. Example Risk Scale Rating Scale Rank Risk 1 Low Very Remote (<10% Chance) 2 Below Avg. Somewhat Likely (>10% - <50% Chance) 3 Moderate Likely (>50% - <70% Chance) 4 5 Above Avg. High Probable (>70% - <90% Chance) Highly Probable (>90% Chance) Risk responses are scored, finalized, and plotted on a Risk Map based on the following: Probability The likelihood of an error or omission occurring Impact The severity (monetary, operational, social, etc.) of that potential
34 Entity-level Risk Questionnaire Risk Assessment Questionnaire Risks are ranked from 0-5, in both probability and impact, so they can be quantified and prioritized. Probability Impact Catergories and subcategories based on the organization's specific characteristics. Risk Statement Not applicable or I do not know Very remote (< 10% chance) Unlikely (> 10% - < 50% chance) Likely (> 50% - < 70% chance) Probable (> 70% - < 90% chance) Highly probable (> 90% chance) Low ( 25% of Materiality Threshold ) Below Average ( > 25% - < 100% of Materiality Threshold ) Moderate ( = Materiality Threshold ) Above Average ( > 100% - < 150% of Materiality Threshold) Comments High ( 150% of Materiality Threshold) Comments will be used in analysis of outliers. ENTITY LEVEL RISKS Political and Social Risk 1 Public affairs outreach will be impacted by reguar instability 2 The organization is perceived to have a poor public image or receives negative publicity
35 Entity-Level Risk Assessment RISK CATEGORY RISK EVENT / INFLUENCERS Composite Risk Rating Entity Level DEMOGRAPHIC RISK Population projections, Aging workforce, Life expectancy rates 4.00 ECONOMIC RISK Consumer behavior, employment indicators, cost of living requirements 3.99 HUMAN CAPITAL RISK Employee competence, morale, and retention, team cohesion 3.65 GOVERNANCE RISK Board diversity, leadership effectiveness, organization identity, tone at the top 3.24 POLITICAL RISK Regulation, public policy, legislation/politics 2.96 GROWTH / COMPETITION RISK New providers, scalability/growth, transportation innovation, service expansion 2.90 REPUTATION RISK Consumer relations, communications (internal and external), privacy 2.89 EXTERNAL ENVIRONMENTAL RISK External technology, weather, relationships with outside agencies 2.88 SYSTEM / APPLICATION RISK Adoption of new technologies, application development, deployment, e-commerce 2.87 ORGANIZATION RISK Institutional value, management practices and continuity, organizational structure 2.81 COMPUTER OPERATIONS RISK Change management, interruptions, redundancy, maintenance, emerging technology 2.69 ORGANIZATIONAL RISKS Employee competency, contracts, poor morale, reliance on debt financing, turnover 2.62 OPERATION RISK Business continuity, project delivery, maintenance, health and safety, security 2.57 FINANCIAL STABILITY RISK Availability of capital, budgeting, liquidity, debt service, cash management 2.42 SECURITY RISK External penetration, information security, internal security, privacy, confidentiality 2.22 MISAPPROPRIATION OF ASSETS Availability of cash, diversion of assets, theft, negligence, collusion 2.08 CORRUPTION RISKS Kickbacks, related party transactions, self-dealing, vendor favoritism 2.02 FINANCIAL REPORTING RISK Financial statement manipulation, misuse of restricted funds, reporting capabilities 1.95 DATA MANAGEMENT RISK Data integrity, external data, third party data sharing 1.85
36 Entity-Level Risk Assessment Risk Map 1 DEMOGRAPHIC RISK 2 ECONOMIC RISK 3 HUMAN CAPITAL RISK 4 GOVERNANCE RISK 5 POLITICAL RISK 6 GROWTH / COMPETITION RISK 7 REPUTATION RISK 8 Top 10 Risk Categories EXTERNAL ENVIRONMENTAL RISK 9 ORGANIZATION RISK 10 OPERATION RISK
37 Process-Level Risk Assessment Entity level risks to be applied to each project Risk Factor SIGNIFICANT ACTIVITIES P I P I P I P I P I P I OPERATIONS Human Resources Administration Hiring and Termination Policies Pay Rate Authorization and Changes Job Classification & Compensation Benefits Administration Information Technology Change Management Network Security Application Access Data Management Software/Hardware Licensing Telephony Disaster Recovery Customer Service Account Opening/Closing Dispute resolution process Mail Processing Claims Management Economic Demographic Human Capital Governance Information Technology Probability and impact to be completed by risk assessment forum Fraud Significant activities to be risk rated
38 Benefits of Risk Assessment Through performing risk assessments, we can: Identify and understand the most significant risks in the organization Evaluate the likelihood of occurrence of identified risks and the potential impact they may have on the achievement of the organization s objectives Develop a plan for managing the organization s risk Decide which process areas to include in the annual internal audit plan in a risk-based approach to monitoring the design and effectiveness of control activities Risk Assessments can also improve overall risk awareness in the organization by: Getting Management involved in the discussions to identify key risks Encouraging Management s development of responses to risks Providing a baseline evaluation of risk to be integrated into ongoing monitoring and improvement
39 Step 5: Develop Risk Response When developing risk responses, Management: Considers alternative responses Reduce: Implement mitigating controls Accept: Take no positive action to mitigate the risk Avoid: Stop engaging in any activity that creates the risk Share: Share the risk with a third party; e.g., insurance policies Evaluates costs/benefits of available risk responses Analyzes whether risk responses appropriately reduce risk to tolerable level Selects most appropriate risk response based on risk appetite, risk tolerance, and evaluation of portfolio risk
40 Risk Response Plan Significant Activity Sub-Process Impact Probability Composite Risk Map Quadrant Disaster Recovery / Business Continuity Plan Environmental Reporting & Compliance Training and Competencies Emergency Response Plans Information Technology Health and Safety Health and Safety Health and Safety Risk Response DR / BCP testing is planned for March Compliance Audit over for Phase I and II Environmental is planned for November 2014 Monitoring of training compliance is performed quarterly by HR. Employee competencies are part of the Annual Employee Evaluation Physical Security Health and Safety Included in the 2014 Internal Audit Plan Incident Reporting and Investigation Health and Safety Network Security (Encryption, Logical Access, Virus, Internal or External) Critical Application Access and Controls Commodity Price Hedging Strategy and Operations Accounting for Hedging Activities and Ineffectiveness Calc. Debt Covenant Compliance Monitoring Collateral Provisions and Contingencies Information Technology Information Technology Revenue, Expense, and Production Volume Reporting Revenue, Expense, and Production Volume Reporting Debt and Equity Debt and Equity Network security will be added to the 2014 internal audit plan. Application access is addressed through internal control compliance procedures. An internal audit over commodity price hedging strategies was conducted in Hedge accounting is reviewed annually through the external audit. Debt compliance is reviewed annually through the external audit. An internal audit over Longterm Debt and Collateral validation was part of the 2013 Internal Audit Plan
41 What do you think? What is the biggest challenge companies face in attempting to manage risk? A. Weakness in risk culture B. Organization is too complex to manage risk C. Inadequate information needed to make risk-based decisions D. People are unaware of what they need to do concerning risk
42 What do you think? What is the biggest challenge companies face in attempting to manage risk? A. Weakness in risk culture 15% B. Organization is too complex to manage risk 21% C. Inadequate information needed to make risk-based decisions 23% D. People are unaware of what they need to do concerning risk 28%
43 Key Risk Indicators KPI s Many organizations currently monitor key performance indicators (KPI s) in order to stay up-to-date on potential events According to COSO, KPI s may not provide enough advance notice. Often, KPI s alert management to risk events that have already impacted the organization KRI s Key Risk Indicators (KRI s): Metrics developed by management to identify potential future shifts in risk conditions Using KRI s allows for more timely, strategic, and proactive development of risk mitigation strategies
44 The Benefits of a Broader, ERM-Based Focus Identify the strategic objectives and major initiatives of the organization. Determine critical success factors for each objective Understand which KPI s managers are monitoring to meet business results and strategic objectives Perform root analysis to identify risk influencers that affect KPI s and KRI s
45 The Capability Maturity Model Management needs to make the following decisions regarding ERM: Where are we, and where do we want to be? At what rate do we want to improve? Upon which risks do we focus our efforts for improvement? What resources are we willing to commit to risk management to ensure continuous attainment of objectives?
46 The Capability Maturity Model Optimizing Initial Ad hoc Undocumented Risk Management is not a defined process. Culture does not promote risk awareness or facilitate risk identification across the entity. Repeatable Repeatable and sometimes consistent Limited process discipline Individual departments may do own risk assessments May be some consistency in processes Little buy-in from top management and the process is not implemented across the entity. Defined Standard processes in place and documented Consistent Individual departments have mature, documented, consistent risk assessment processes, but there is little visibility of the results of these assessments at the Senior Management or Board Level. Risk assessments are performed, but in silos, thus there is not a true "portfolio view" of risk. Managed Management controls the As- Is process Can adapt process to projects Management has begun inventorying risk assessments and developing an entitywide risk universe. Risk management is no longer siloed within the organization. Limited monitoring and reporting functions exist to provide proactive identification of KPI's, KRI's. Continual process improvement Management regularly revisits maturity goals and benchmarks progress against goals. KRI's, KPI's are consistently measured to gain a proactive view of risks facing the company. Developed by Carnegie Mellon University
47 ERM as an Ongoing Process ERM is a continuous process that should be updated as changes in the operating environment occur: Economic events continually impact financial, liquidity, competition risk Strategic risk should be re-evaluated for: Launching new product or service offerings Expanding into new markets Risks and responses must be kept up-to-date to reflect latest regulatory changes ERM should be independently owned in the organization to ensure: Risks are embedded in the strategy-setting and decision-making processes of the organization Monitoring activities are being performed and follow-up actions occur to ensure risks are properly identified and mitigated on an ongoing basis
48 Key Takeaways Key Components of a successful ERM Monitor KPI s and KRI s proactively Establish goals for process maturity Monitor results of ERM activities. Two effective tools for monitoring are surveys and the internal audit function. Implement effective reporting mechanisms Communicate results of performance ERM is an ongoing process. It s a journey not a destination.
49 Practical Insights on ERM How businesses get the most value out of strategic risk management
50 Case Study: Fidelity Investments Fidelity s Risk Advisory Services Group structure their focus on risks surrounding the core drivers to its business strategy. Risks are spread across 7 risk categories: Reputational, Strategic, Financial, Operational, Organizational, Compliance/Legal, and Technology Recognizing and effectively managing IT related risks is vital to Fidelity s core business strategy: The tolerance for system outages is not acceptable Customers do not want to hear, the system is down. Fidelity uses tabletop exercises to determine severity of risk events 1. Members of management evaluate the significance of potential risk scenarios to Fidelity s ability to maintain core operations. Vendor ability to deliver core support services. 2. Tabletop exercises build upon past experiences and near misses to help predict the future impact of a particular risk event
51 Case Study: Xerium Technologies Senior Executives thought ERM was a compliance exercise like SOX Senior Leadership acted reactionary to risk, putting out fires! Nobody spent the time to look ahead and get above the curve The ERM process helped the company navigate bankruptcy What the company wanted to avoid What were some things they wanted out of bankruptcy What they not want to lose What did they want to maintain? CUSTOMERS, SHAREHOLDERS. In the initial phases of ERM The CEO, VP of Audit, and CFO sat down and ironed out their top 15 risks After a meeting with the board about 6 more were added Now the process has evolved through an online Questionnaire directed at various levels of management Success of the program relied on getting all risk owners involved Source: NCSU interview with Fred Caloggero, VP Audit Services of Xerium
52 Case Study: Target Implements ERM In the wake of the economic crisis, Target sought to refocus on the right risks through ERM. Target defined the following objectives for ERM: 1. Enhanced risk awareness and dialogue 2. Reduced operational surprises and losses 3. Alignment of risk appetite and strategy 4. Anticipation / management of cross-company risks To achieve these objectives, Target: 1. Sought input from management team to create list of top 10 risks that keep management up at night 2. Categorized and risk-ranked the top-10 risks and answered the following questions for each risk: How important do you think this risk is for the future of Target? What is your level of discomfort with the current controls, strategy, and management approach to risk?
53 Putting it all together A Risk Awareness culture is collectively promoting a shared sense of values, ideas, and goals that is unified to take actions to reduce and mitigate opportunities for unfavorable events to occur that impact an organization s ability to meet its objectives.
54 A Phased Approach to ERM What we ve found. ERM is a journey not a destination. Take time to embed it into the organization s decision-making in order to reap the rewards. ERM is about better communication and collaboration across the organization business units, senior management and the board. To effectively manage and monitor risk, ERM needs to be independent of other operational functions needs to have authority to foster change. Organizations that spend time upfront to identify, understand, manage, navigate risk benefit from insights into risk influences that are strategic to the organization s success.
55 Built in Incentives and Benefits of Implementing ERM While the recognition of value is felt at the executive level, the impact is pervasive to the entire organization 1. Increased opportunities for risk communication across divisions 2. Minimization of otherwise adverse financial impact on the organization 3. Revealing synergies by evaluating risk data on a consolidated basis 4. Cost-effective management and monitoring risk efforts The Long Term Benefits from an ERM program 1. Enhanced Stakeholder confidence and support 2. Streamline reporting and analysis of risks 3. The improvement of executive level decision making, confidence and achievement of operational and strategic objectives 4. Reviewing risk holistically can create competitive advantages in the marketplace 5. Efficient coordination with regulatory and compliance parties Bond Rating Agencies Regulatory Examiners External/ Internal Auditors
Get More Out of Your Risk Assessment. Austin Chapter of the IIA
Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationLinking Risk Management to Business Strategy, Processes, Operations and Reporting
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
More informationThe College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012
The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why
More informationRisk Assessment & Enterprise Risk Management
Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less
More informationand Risk Tolerance in an Effective ERM Program
The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes
More informationTHE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT
THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.
More informationEnterprise Risk Management & Information Technology
Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management
More informationGovernance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.
Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance
More informationOperational Risk Management - The Next Frontier The Risk Management Association (RMA)
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
More informationThe Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies
The Essentials of Enterprise Risk Management Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies Introduction How should an organization think about the management
More informationHow to Develop Successful Enterprise Risk and Vendor Management Programs
Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate
More informationAn Effective Approach to Transition from Risk Assessment to Enterprise Risk Management
Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationEnterprise Risk Management
Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationCSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.
Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.com June 2015 Companies which adopt CSR or sustainability 1
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationMeasuring Continuity Planning Program. Performance
Measuring Continuity Planning Program Performance Carl B Jackson Director Crisis Management & Continuity Planning Resource Center (CMCPRC) Measuring Continuity Planning Program Performance Session Agenda
More informationRisky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
More informationUnderstanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher
Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role
More informationConsumer Goods and Services
Accenture Risk Management Industry Report Consumer Goods and Services 2011 Global Risk Management Point of View Consumer Goods and Services 2011 Global Risk Management Point of View Consumer Goods and
More informationWFP ENTERPRISE RISK MANAGEMENT POLICY
WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement
More informationModule 6 Documenting Processes and Controls
A logical place to begin any comprehensive evaluation of internal controls is at the top entity-level controls that might have a pervasive effect on the organization. This includes a consideration of factors
More informationEnterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012
Enterprise Risk Management in a Highly Uncertain World A Presentation to the Government-University- Industry Research Roundtable June 20, 2012 CRO Council Introduction Mission The North American CRO Council
More informationTying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation
Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus
More informationFINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund
FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012 Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund There are different risk assessments prepared: Annual risk assessment
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationRISK MANAGEMENt AND INtERNAL CONtROL
RISK MANAGEMENt AND INtERNAL CONtROL Overview 02-09 Internal control the Board meets regularly throughout the year and has adopted a schedule of matters which are required to be brought to it for decision.
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationImproving Financial Performance, Governance and Compliance
Enterprise Risk Management Improving Financial Performance, Governance and Compliance Through A Structured Approach Experis Finance By: Fred E. Lutzeier National ERM Director Fred.Lutzeier@Experis.Com
More informationPlacing a Value on Enterprise Risk Management ADVISORY
Placing a Value on Enterprise Risk Management ADVISORY Placing a Value on Enterprise Risk Management 1 In turbulent economic times, the case for investing in an enterprise risk management (ERM) program
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...
More informationBest Practices for Planning and Budgeting. A white paper prepared by PROPHIX Software October 2006
A white paper prepared by PROPHIX Software October 2006 Executive Summary The continual changes in the business climate constantly challenge companies to find more effective business practices. However,
More informationCRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data
CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical
More informationERM Program. Enterprise Risk Management Guideline
ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible
More informationEnterprise Risk Management Handbook. June, 2010
Enterprise Risk Management Handbook June, 2010 Table of Contents Overview... 4 What is Enterprise Risk Management?... 5 Why Undertake Enterprise Risk Management?... 6 Draft UW System ERM Vision, Mission,
More informationEnterprise risk management: A pragmatic, four-phase implementation plan
Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com
More informationInternal Auditing Guidelines
Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may
More informationRisks and uncertainties
Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that
More informationRISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY
RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a
More informationBest practices for planning and budgeting. A white paper prepared by Prophix
A white paper prepared by Prophix Executive summary The continual changes in the business climate constantly challenge companies to find more effective business practices. However, common budgeting limitations
More informationPrinciples for An. Effective Risk Appetite Framework
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationFraud Prevention and Deterrence
Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining
More informationClient Onboarding Process Reengineering: Performance Management of Client Onboarding Programs
KNOWLEDGENT INSIGHTS volume 1 no. 4 September 13, 2011 Client Onboarding Process Reengineering: Performance Management of Client Onboarding Programs In the midst of the worst economic environment since
More informationOperational Risk Management Program Version 1.0 October 2013
Introduction This module applies to Fannie Mae and Freddie Mac (collectively, the Enterprises), the Federal Home Loan Banks (FHLBanks), and the Office of Finance, (which for purposes of this module are
More informationAPPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES
APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company
More informationAPPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014
WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles
More informationUnderstanding and articulating risk appetite
Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,
More informationSaldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology
Inclusive of, framework, procedures and methodology Contents 1 Introduction 1 1.1 Legislative Framework and best practice 1 1.2 Purpose of Enterprise Risk Management 2 1.3 Scope and Applicability 3 1.4
More informationA Risk-Based Audit Strategy November 2006 Internal Audit Department
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
More informationTailoring enterprise risk management strategies to the Main-Street insurer
Tailoring enterprise risk management strategies to the Main-Street insurer Prepared by: Jay Golonka, Partner, McGladrey LLP 816.751.1830, jay.golonka@mcgladrey.com Discussions of Enterprise Risk Management
More informationASAE s Job Task Analysis Strategic Level Competencies
ASAE s Job Task Analysis Strategic Level Competencies During 2013, ASAE funded an extensive, psychometrically valid study to document the competencies essential to the practice of association management
More informationCopyright 2015 The Ins4tutes
ERM 57 Review ERM001 Speakers: Michael W. Elliott, CPCU, AIAF, Senior Director of Knowledge Resources, The Institutes Ann Myhr, CPCU, ARM, AU, Senior Director of Knowledge Resources, The Institutes Learning
More informationDesigning an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting
Consulting and Professional Services Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Designing an Operational Risk Program for
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationPOL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:
POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:
More informationPrincipal risks and uncertainties
Principal risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationAudit of the Test of Design of Entity-Level Controls
Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents
More informationManaging Risk at Bank of America Corporation. Overview
Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,
More informationOperational Risk Management in a Debt Management Office
Operational Risk Management in a Debt Management Office Based on Client Presentation January 2008 Outline The importance of operational risk management (ORM) International best practice A high-level perspective,
More informationGAINING CONTROL: Building Your Existing Framework into an ERM Model
GAINING CONTROL: Building Your Existing Framework into an ERM Model RIMS Northeast Ohio Chapter Education Day Carol Fox, ARM RIMS Director of Strategic and Enterprise Risk Practice November 19, 2013 Copyright
More informationBridgend County Borough Council. Corporate Risk Management Policy
Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk
More informationThe Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More informationFraming the future of corporate governance Deloitte Governance Framework
Framing the future of corporate governance Deloitte Governance Framework For those interested in the topic of corporate governance, these are dynamic times. The events of the past decade have led to the
More informationIntegrated Risk Management:
Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)
More informationUniversity of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007
University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas
More informationMatthew E. Breecher Breecher & Company PC November 12, 2008
Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:
More informationSample Financial institution Risk Management Policy 2011
Sample Financial institution Risk Management Policy 2011 1 Contents Risk Management Program...2 Internal Control and Risk Management Diagram... 2 General Control Environment... 2 Specific Internal Control
More informationSAI GLOBAL LIMITED Risk Management Policy
SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...
More informationIntroduction to Enterprise Risk Management at UVM DRAFT
Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for
More informationDeveloping an Effective Enterprise Risk Management Program
Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationAccenture Risk Management. Industry Report. Life Sciences
Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive
More informationBusiness Continuity Position Description
Position Description February 9, 2015 Position Description February 9, 2015 Page i Table of Contents General Characteristics... 2 Career Path... 3 Explanation of Proficiency Level Definitions... 8 Summary
More informationOrganizational Change Management: A Best Practice to Effective ERM Implementation
Organizational Change Management: A Best Practice to Effective ERM Implementation Christine Ackerman, CPA Associate Vice President & Director of Internal Audit University of Cincinnati Anita Ingram, ARM
More informationHand IN Hand: Balanced Scorecards
ANNUAL CONFERENCE T O P I C Risk Management WORKING Hand IN Hand: Balanced Scorecards AND Enterprise Risk Management B Y M ARK B EASLEY, CPA; A L C HEN; K AREN N UNEZ, CMA; AND L ORRAINE W RIGHT Recent
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationOperational Risk Management Policy
Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well
More informationFinancial Services FINANCIAL SERVICES UTILITIES 57 FINANCIAL SERVICES AND UTILITIES 2016-2018 BUSINESS PLAN. CR_2215 Attachment 1
CR_2215 Attachment 1 Financial Services FINANCIAL SERVICES & UTILITIES 57 FINANCIAL SERVICES AND UTILITIES 2016-2018 BUSINESS PLAN Acting Branch Manager: Stacey Padbury Table of Contents INTRODUCTION Our
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationHow to measure your business resiliency
How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com
More informationPerforming a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations
Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations Author: Glen C. Mueller, Chief Audit & Compliance Officer, Scripps Health, San Diego, CA Introduction
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationYour asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.
Asset management Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified. Data is about more than numbers. It tells
More informationPrinciples of IT Governance
Principles of IT Governance Governance of enterprise IT focuses on delivering services to support top line growth while moving operational savings to the bottom line. The management of IT services has
More informationCYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY
CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes
More informationGuide to Internal Control Over Financial Reporting
Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).
More informationHow To Manage Risk
Fund Board Oversight of Risk Management September 2011 Nothing contained in this report is intended to serve as legal advice. Each investment company board should seek the advice of counsel for issues
More informationEnterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM
Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied
More informationUNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL
UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL Evaluation and Inspection Services Memorandum May 5, 2009 TO: FROM: SUBJECT: James Manning Acting Chief Operating Officer Federal Student
More informationGlobal Technology Audit Guide. Auditing IT Governance
Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationPerformance Management. Date: November 2012
Performance Management Date: November 2012 SSBA Background Document Background 3 4 Governance in Saskatchewan Education System 5 Role of School Boards 6 Performance Management Performance Management Overview
More informationEnterprise Risk Management: From Theory to Practice
INSURANCE Enterprise Risk Management: From Theory to Practice KPMG LLP Executive Summary Enterprise Risk Management (ERM) is a structured and disciplined business tool aligning strategy, processes, people,
More informationInformation Security Managing The Risk
Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the
More information