The Human Side of GRC: The Essence of Governance, Risk and Compliance

Size: px
Start display at page:

Download "The Human Side of GRC: The Essence of Governance, Risk and Compliance"

Transcription

1 The Human Side of GRC: The Essence of Governance, Risk and Compliance August 2011 Bruce T. Blythe Rick J. Machold

2 The Human Side of GRC: The Essence of Governance, Risk and Compliance Introduction Since the Sarbanes-Oxley Act and other more recent regulatory actions have been implemented, organizations are increasingly seeking a sound risk control culture. Many are looking to Governance, Risk Management and Compliance (GRC) frameworks and processes to effect improvement. Though an official, standard definition does not exist, GRC is established to ensure that an organization acts ethically and effectively in accordance with its risk appetite, internal policies and external regulations through the alignment of strategy, processes, technology and people. Governance ensures that information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision-making, and that controls are in place to confirm executive strategies and directions are carried out ethically and effectively. Risk management identifies, analyses, and addresses risks that can adversely affect the organization s strategic plan and ability to operate. Identified risks can be managed by mitigation, avoidance, acceptance or risk sharing methods. Compliance addresses the consistency in which the organization adheres to applicable regulations, laws, policies, contracts, values and strategies. Many well-intentioned GRC programs tend to be centered on strategy, process and technology. In many cases, however, these efforts tend to either neglect or underemphasize the human dimension, i.e., the personal characteristics, competencies and actions that make GRC successful. The all-too-frequent result is that the rubber never meets the road, and the real work of risk dialogue and critical risk/reward decision-making never actually take place. The best GRC strategy, process and technology will most often fail if the organization s people are not fully committed at a personal level. Perhaps the most fundamental and frequently asked question in GRC practice is how to influence people throughout the organization (from the boardroom to the mail room) toward becoming fully invested in establishing and maintaining a true culture of ethical governance, risk management, and compliance. In addressing this question, we will look to two generally accepted and proven models of leadership development and behavior management. The U.S. Army s Be, Know, We ve attempted to put strong controls in place to manage our risks, but our people don t seem to be invested at a personal level. I m concerned that we have risks that we haven t even identified, much less control. Fortune CFO Crisis Management International, Inc. August 2011 page 1

3 Do model will serve as an overall organizing construct for evaluating the GRC process, and the Pinpoint, Record and Reward formula is presented as a device to influence the right GRC management behaviors. The Be, Know, Do model of leadership development is particularly useful when applied to and tailored for today s GRC environment, which often struggles to attain full engagement from the organization s people. The model is simple and practical and can help a board, executive management team, managers and supervisors influence a healthy and thriving GRC culture. Be: What are the character attributes and personal values that lead to an effective GRC culture? Know: What do all people throughout the organization need to know in order to develop and maintain an effective GRC culture? Do: What are the highest impact actions that will overtly demonstrate a strong and significant governance, risk and compliance culture? Behavior management specialists have a simple formula to influence behavior in desired directions, i.e., Pinpoint, Record and Reward : Pinpoint: The organization must concretely define (or pinpoint) the exact set of behaviors desired. If people are not clear about what is expected, the desired behavior is unlikely. Record: If desired behaviors cannot be counted or timed, they can t be adequately monitored and controlled. Behaviors that are monitored tend to improve. So, people throughout the organization must know that management is monitoring desired GRC behaviors or else adherence to those behaviors will erode. Reward: There must be a consequence that makes compliance matter. Preferably, the consequence will be in the form of meaningful rewards, e.g., anything meaningful from recognition to financial incentives. But, a negative reinforcement will also put teeth into the GRC program, as needed. We will now explore each pillar of the Be, Know, Do model in a GRC context in more detail. Where applicable, we also incorporate ideas to influence desired behaviors using the Pinpoint, Record and Reward technique. Crisis Management International, Inc. August 2011 page 2

4 The Be, Know, Do Model Be. In many GRC contexts, particularly those involving publicized crisis, it is more important who you are than what you know. Enron had excellent policies and procedures, including ethical guidelines. Arthur Andersen s legal department knew clearly that they should not shred the documents that pertained to Enron. Martha Stewart knew that lying under oath about insider trading was illegal. Put simply, certain personal characteristics enable GRC effectiveness, and others impede and/or destroy it. Most GRC practitioners can describe situations in which the health or sickness of the risk and control culture could be traced at its source to the personal characteristics of its leader(s). Though they might seem obvious, these personal characteristics can be so pervasive as to determine the success or failure of a GRC program. If the right character traits are not clearly defined and woven into the fabric of the entire culture, even the most well-intentioned and well-planned GRC program can be a non-starter and doomed to fail from its inception. Generally, character traits that contribute to a positive GRC leadership environment include humility, teachability, reflective listening, empathy, empowerment and a strong sense of belief and conviction to core values. Ironically, what in the corporate realm might seem to be the softer character traits typically produce the strongest, most resilient risk and compliance cultures. Attributes that tend to be anathema to good GRC include arrogance/hubris, overcontrol, greed, complacency, personal aggrandizement, self-promotion and a need for credit and personal affirmation. Examples abound of business failures that are rooted in these negative leadership attributes. Most recently, BP was criticized for its see no evil approach to several critical decisions leading up to the Deepwater Horizon disaster. Upon reflection, Tony Hayward surely knows that the damage to the Gulf communities and the environment was much more important than his personal interests. Many have said his actions, however, pointed to character traits of self-serving arrogance and a lack of care and compassion. In defining the right personal and leadership characteristics for effective GRC, a commonly used strengths inventory is helpful. The strength themes outlined in StrengthsFinder 2.0 by Tom Rath provide a useful framework for identifying the short list of leadership and character attributes for an effective GRC culture in any organization. 1 The following list contains seven (7) of Tom Rath s characteristics that could be particularly applicable to influencing desired GRC-related character traits within your culture. Consider pinpointing the exact behaviors your organization might want in an effective GRC program from their leaders and all people who have a stake in the success of the organization. Then record and reward desired behaviors. A few examples follow: 1. Be Analytical. Analysis throughout the organization aids in the ability to challenge the organization s risk thinking, ensuring an accurate and complete GRC culture. Pinpoint, Record, Reward Idea: In the course of the organization s risk identification and assessment efforts, call out and reward those whose input demonstrates depth of insight, particularly with regard to identifying emerging risks. Crisis Management International, Inc. August 2011 page 3

5 Know. 2. Be a Communicator. A passion for clear and complete dialogue, even when the stakes and emotions are high, is essential to effectively communicating risk information to those making risk-taking decisions. 3. Be a Connector/Arranger. Connect the dots, seek understanding of risk and control interrelationships. Arranging and realigning complex issues is critical to establishing a truly enterprise-wide perspective. Pinpoint, Record, Reward Idea: Provide recognition for employees who meaningfully bust silos and identify how risks in one area of the organization can impact another area. 4. Be a Developer. Develop the people, competencies, processes and tools that make up a good risk and compliance organization. 5. Be an Includer. Inclusion up, down and across the business fosters a richer, more complete and unified risk and compliance culture. 6. Be a Learner. A culture of continued learning will help the entire organization maintain an increasingly more complete understanding of the whole enterprise risk profile. 7. Be Strategic. Strategic thinking enables a view of the whole and an understanding of the essential parts without being distracted by the clutter of extraneous detail and noise. Pinpoint, Record, Reward Idea: Assign and empower a task force of non-executives to assess unidentified risks in the organization s strategic plan. Reward meaningful input where possible by giving the insightful employee(s) a visible opportunity to address the risks identified. There are several fundamental competencies/capabilities ( know how ) and knowledge ( know what and know why ) that are essential to effective GRC. Though not intended as an over arching GRC competency framework, the skills below are essential. Not surprisingly, the competencies are closely related to the personal characteristics in the Be dimension discussed above. A few of the highest impact GRC competencies and skills include: Know how to apply systems thinking and synthesize the big picture risk/regulatory environment. Peter Senge has said, The unhealthiness of our world is in direct proportion to our inability to see it as a whole. 2 This truth applies to understanding an organization s risk and control environment as well. Therefore, the ability to see wholes and develop an integrated view up, down and across the business is essential to cultivating an enterprise perspective that also contemplates the broader external risk and compliance environment. This is particularly true given that increasing growth, scale and complexity are compelling a greater focus on emerging risks. As one senior financial services executive put it recently, We re living in a three-standard deviation world right now. Instead of looking over the next year, we should be talking about what might happen tomorrow or next week! This also implies the need to look beyond a simplistic top ten list of risks and consider the interrelationships and correlations between/among them. Pinpoint, Record, Reward Idea: Develop online learning assets in key GRC competency areas, e.g., risk identification, assessment and response. Make these available to all employees with competency Crisis Management International, Inc. August 2011 page 4

6 testing as a part of completion. Recognize departments where everyone has successfully completed the training and more importantly, applied the learning in productive ways. Know how to communicate with a ruthless eye toward clarity and completeness, choosing the right medium for the right purpose. One of the most common reasons that risk dialogue breaks down is simple lack of clarity on what s the risk? When we talk about the risk of increasing regulation, are we concerned about an increased risk of sanctions or that we might actually need to jettison certain revenue streams that would become unprofitable, or both? Even the chosen syntax for articulating a risk statement is important. An If; then convention can be helpful in aiding clarity. For example, If the administrative burdens of Dodd-Frank distract management attention from revenue-generating activities; then we might not achieve our stated topline growth target of 4% is a clearly pinpointed and more actionable risk statement than Increasing regulatory burden. The former forces the risk communicator to articulate both the cause and the effect/consequence of the risk, thereby contributing more complete risk information to the dialogue. Another discipline that deserves attention in the GRC domain is the choice of the communication medium. Does the risk report always have to be an Excel matrix or a force-ranked hierarchical list? Or, might a picture or diagram be a more effective way of rendering the relationship between two risk factors? Sometimes the clearest way to render a risk profile is a relational diagram that communicates the cause and effect dynamics among risk factors. A picture s worth a thousand words is sometimes a fitting mantra in risk communication. The fundamental skill required is the ability to discern the right medium for the right risk communication purpose. Know how to manage change in the purposeful direction of risk and control competency development. If the ultimate goal of GRC is to build risk control thinking into the business, then it could be said that top-level GRC leaders are not directly managing governance, risk and compliance at all. Rather, they are stewarding the establishment of a risk management framework and competency into the DNA of an organization. Often, busy people with day jobs see risk and compliance management as something to be attended to by the functions, e.g., internal audit, compliance, risk management. There is a tendency for busy process owners to shift the burden of identifying, assessing and managing risk to these functions, erroneously viewing them as the ultimate owners of risk, control and compliance. Of course we re well controlled we have an internal audit done every 18 months and a compliance department that s always breathing down our necks! reflects this subtle shifting of responsibility to the functions. If this happens, it requires correction. The essence of this skill is to be an agent of change in the direction of placing the responsibility for risk control where it rightly belongs in the fabric of the business and equipping the business to manage accordingly. Know how to exercise diplomacy, when the state of risk dialogue requires it. In addition to being an excellent communicator, a GRC leader must sometimes also play the role of communication broker or facilitator. If meaningful discussions about the risk/reward trade-off in the business either are not happening or are being conducted poorly, then it is incumbent upon the GRC leader to course-correct the situation to an acceptable resolution. Fundamental disagreements about risk appetite and tolerances are common, particularly in the context of positions taken with respect to regulatory requirements or potential sanctions. One manager might view a course of action as a violation; another might not. Part of the role of the GRC leader is to help navigate these stalemate situations to a reasonable conclusion. The framework and methods for maintaining Crisis Management International, Inc. August 2011 page 5

7 a productive dialogue when stakes and emotions are high is described in Crucial Conversations 3 by Patterson, et.al. They provide a three (3) point method for discussing sensitive, but important issues: 1. First, clarify what you want (making sure your motives are beyond reproach); 2. Secondly, identify what you don t want, e.g., to make others defensive, angry, etc. 3. Finally, combine these into an and question, e.g., How can I discuss our attorney s refusal to consider a way around her regulatory concerns and avoid the defensiveness she demonstrated in our meeting? Typically, this is accomplished by expressing both what you do want to happen, and what you don t want to happen, all the while demonstrating respect and creating a safe environment for the other person and his/her input and opinions. Know why GRC is critical to the business, the fundamental driving GRC forces, and the guiding principles that reinforce it. Every organization will want to define the finer points of its mandate, driving factors and guiding principles for GRC. In one instance, GRC might be directed at reducing the number and impact of operational surprises. In another, the principal driving factor might be to protect brand image and reputation. In any case, GRC leaders should be equipped and prepared to articulate the substantive whys behind their efforts in business terms that point to results, not simply activities. For example, the GRC mantra of a major global financial services firm is The value s in the dialogue. This mantra communicates clearly that firm s desire to ensure that robust risk conversations are being conducted regularly and rigorously, and that there is inherent value in those discussions taking place. Know and be able to articulate what the short list of essential core risks are to the business. All businesses have certain core risks that are fundamental to their essence and are always present in their risk-taking activities. This shortlist risk profile should emerge and/or take on more clarity of understanding as a deliverable of the GRC effort over time. For a credit card processing firm, IT security is paramount and will surely garner much of the risk and control mindshare. For financial and healthcare institutions, increasing compliance risk as a result of greater regulation is becoming a fixture on the top risks list. Reputation risk is a most common concern among CEOs, according to a survey completed at the Kellogg School of Management at Northwestern University. Regardless of the business, GRC leaders and key employees should be able to articulate succinctly and completely the fundamental risk profile of that business at any point in time. This includes the ability to articulate the handful of showstopper or value-killer risks in a particular business or industry. Employees and leaders alike can only address risks that they know exist and that become a part of the organization s social fabric. Once risks are concretely articulated, i.e., defined in terms that can be counted or timed, then the pinpoint, record, reward behavioral management process can be applied. Do. Unfortunately, experience has shown that the discipline of GRC has an overwhelming tendency to exacerbate process. 4 Despite much invested energy and emotion, processes, systems and tools are not inherently valuable. They are only a means, not ends in themselves. The heat map should be the beginning, not the end of the risk dialogue. Board members, executives and employees tend to tire quickly in limited discussions of process that do not lead to real practical insight about What s getting better? or What are we doing about it? The real value and benefit, therefore, is not in the process itself, but in the risk dialogue that leads to the best possible risk/reward decisions that result in better and Crisis Management International, Inc. August 2011 page 6

8 consistent business performance. Good risk dialogue is the foundation of the human side of GRC and the essence of an effective program. Do understand the risk profile of the business both at a detailed level and an integrated enterprise level. All of the GRC framework elements the policies, tools, rating criteria, reports and dashboards should be directed toward understanding and managing the organization s risk profile. If any of these processes, tools or methods take on a life of their own and are not being directed toward this over arching objective, then chances are that the GRC effort is off course and needs to be directed back to purpose. We humans can become very enamored with our processes, systems and data. Striking the right balance in risk process is critical. Too little process leaves dialogue unfocused and ad hoc; too much, or an overemphasis or preoccupation with process can prevent dialogue from ever happening at all. Unfortunately, unless the process is not generating good risk dialogue and better risk decisions, then its value is open to question. If risk information/knowledge is not being applied or used in making the tough day-to-day risk/reward or resource allocation decisions, then it s only information. Therefore, a periodic value-check is in order to ensure that the GRC effort is moving the needle in terms of cultivating a better risk and control culture. Do facilitate intentional, transparent and action-oriented risk dialogue that supports risk/ reward and resource allocation decisions at all levels of the business. Good risk dialogue requires that (1) the right forums exist for risk communication to occur regularly, and (2) the GRC framework has been internalized and is enabling healthy, productive conversations about risk in the business. Some of the actions in this area involve actually designing and building the risk and control communities necessary to ensure that the right risk discussion is taking place at the right times generating the right outcomes. Often this involves a top-down, bottom-up structure of risk committees, appropriately balanced across business units, functions and geographies. The GRC leader should facilitate and monitor the quality of the risk dialogue occurring in the various forums. Pinpoint, Record, Reward Idea: Empower supervisors to reward employees who identify, assess and communicate risks within the workplace and offer suggestions to address. A healthy GRC program is about safe, candid and purposeful dialogue. Some things to look for as indicators of good risk discussion include: A vigorous challenge to risk appetite and tolerance assumptions. The substance of a debate over whether a risk should be a red or an orange can be inherently valuable e.g., I think it needs to be raised from orange to red. Operational errors have been trending upward in both frequency and amount over the last 6-9 months, and we haven t done anything during that time to improve controls. Careful consideration of emerging risk issues, including discussion of trending of the inherent risk level and effectiveness of risk response actions, e.g., The risk in our contract management processes is much more than a legal issue; it s becoming a much broader business problem because of the negative impact it is having on our client relationships. Refining the collective understanding of both risk causes and effects. Instead of Legal and Regulatory change, there might be several more specific underlying risk events and effects on the business that should be illuminated, e.g., It s not just general regulatory change we should be concerned about. More specifically, with the sheer number of new rules, we will face an increased inherent risk of a sanction going forward. Crisis Management International, Inc. August 2011 page 7

9 Indications that risk communication needs improvement include the following: Focus is on external risk factors and negative consequences outside the organization s control with little focus on the causes of the risks and actions to reduce them. Energy in GRC meetings is directed toward updating the list of risks and their ratings with little discussion of the substantive risk issues themselves. In other words, the risk matrix has taken on a life of it s own and become an end, not a means. In this unproductive environment, the facilitator might be heard to say something like Are there any changes to the risk ratings that we need to consider? If not, we can end the meeting 30 minutes early, and you can all go back to what you were doing. Using the term risk to take shots at other groups within the organization that are not living up to one s personal expectations, e.g., The biggest risk we face is the service levels of our compliance department in the Continental Europe region. Risk owners inappropriately shift the burden of risk responsibility to an individual or group outside the room, e.g., This is clearly a problem that needs to be addressed by the Midwestern region Compliance Department. Crisis Management International, Inc. August 2011 page 8

10 Summary The Be, Know, Do model of leadership development can serve as a simple and practical lens through which to begin or enhance a GRC program or evaluate an existing one. Be is about conveying the desired character traits, ethics and personal judgment and encouraging people throughout the organization to speak up if they become aware of deviations from the organizational moral fiber. Know assures that people throughout the organization are competently and intentionally aware of the ongoing and emerging risks within the organization and knowledge of what to do and how to communicate about them. Do is about understanding the risk profile of the business and communicating it effectively and each person within the organization taking responsibility for what they can influence and control. Finally, in order to bring about and maintain full engagement, a creative behavioral management system can be integrated within the fabric of an effective GRC program. Components include: Pinpointing the desired behaviors and character traits in concrete terms that can be counted and/or timed; Recording compliant behaviors in a manner that people know they are being monitored; and Rewarding behaviors in a manner that maintains desired GRC compliance over a long period of time. If the sheer volume and complexity of GRC processes and systems clouds the ability to assess a GRC program s effectiveness, the simplicity of these models provides an alternative set of building blocks and criteria for improving the process and evaluating its effectiveness: are the right people involved; do they have the right competencies and knowledge; and are they enthusiastically spending their time on the highest impact actions that yield the greatest productive value. Crisis Management International, Inc. August 2011 page 9

11 About the Authors Bruce T. Blythe is an internationally acclaimed crisis management expert. He is the owner and chairman of three companies that provide employers with a continuum of crisis preparedness, crisis response, and employee return-to-work services. Crisis Management International (Atlanta) is the preparedness arm of the three companies. CMI has assisted hundreds of companies worldwide with crisis and business continuity planning, training and exercising. CMI also provides workplace violence preparedness programs and threat of violence consultations through a specialty network of threat management specialists, including former FBI and Secret Service agents. Crisis Care Network (Grand Rapids, MI) responds to corporate crisis situations 1000 times per month through a North American network of crisis mental health professionals. Behavioral Medical Interventions (Minneapolis) accelerates employee return-to-work for workers comp and non-occupational injury cases. Bruce has been personally involved in crises such as the 1993 World Trade Center bombing, mass murders at the U.S. Postal Service, the Oklahoma City bombing, 9/11, commercial air crashes, rescue of kidnap and ransom hostages, Hurricanes Andrew and Katrina, earthquakes, fires, floods, and reputational crises. He serves as a consultant and certified coach to numerous Fortune executives and managers in Strategic Crisis Leadership preparedness and response. Widely regarded as a thought leader in the crisis management and business continuity industries, he is the author of Blindsided: A Manager s Guide to Catastrophic Incidents in the Workplace. He has served in the Military Police for the U.S. Marine Corps. He s a certified clinical psychologist and has been a consultant to the FBI on workplace violence and terrorism. Bruce has appeared on NBC s Today Show, CNN, ABC s 20/20, CBS 48 Hours, CNBC, NPR and others. Fast Company Magazine published a cover-story article about Bruce s leadership in responding to 204 companies onsite, all within three weeks following 9/11. He provides commentary in The Wall Street Journal, Newsweek, Business Week, Smart Money, New Yorker, Fortune Magazine and USA Today. He serves as a keynote presenter to fifty national and international conferences per year. Rick J. Machold has over 26 years experience across multiple disciplines, including business risk management, process design and improvement, change facilitation, forensic accounting and strategic planning. He was most recently Head of Enterprise Risk at Invesco Ltd. ( and had global responsibility for the company s enterprise risk management (ERM) efforts. As administrative coordinator and member of Invesco s Corporate Risk Management Committee, he oversaw the continuing development of the company s global ERM process, which recently merited a Strong rating from Standard & Poor s. Rick s background is primarily in management consulting and public accounting, having served as a Partner in PwC s Global Risk Management Solutions practice in both St. Louis and Atlanta. His clients have included the Centers for Disease Control (CDC), the New York Yankees Partnership, Wyeth-Ayerst, Ryder System Inc., Dell, Inc. and many others. For several years prior to joining Invesco in January 2007, Rick was a senior advisor in enterprise risk management to First Data Corporation, based in Denver. He subsequently served as Senior Vice President and Chief Risk Officer for Certegy, Inc, a $1 billion revenue payments processing provider based in Atlanta. Rick serves on the board of City of Refuge, Inc. and Landmark Christian School and is an active member of the Institute of Internal Auditors and the Risk Management Research Council. He is a frequent speaker on risk management and has authored several articles on ERM and governance, risk and compliance. Rick is a regular guest lecturer on ERM for the University of Georgia s EMBA program and most recently for Kennesaw State University. Crisis Management International, Inc. August 2011 page 10

12 References 1 Rath, Tom, StrengthsFinder 2.0, Peter Senge, The Fifth Discipline (Chapters 5-6) on systems thinking and systems archetypes, repeating patterns in organizational functioning 3 Patterson, Grenny, McMillan and Switzer, Crucial Conversations-Tools for Talking When Stakes are High, Power, Michael, The Risk Management of Everything, 2004 Demos, www. demos.co.uk (there also are many excellent references in the footnotes to this rather lengthy but very rich article) Crisis Management International, Inc. August 2011 page 11

13 The Human Side of GRC: The Essence of Governance, Risk and Compliance August Crisis Management International, Inc.

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Framing the future of corporate governance Deloitte Governance Framework

Framing the future of corporate governance Deloitte Governance Framework Framing the future of corporate governance Deloitte Governance Framework For those interested in the topic of corporate governance, these are dynamic times. The events of the past decade have led to the

More information

Chapter Five. Enabling the Force

Chapter Five. Enabling the Force Chapter Five Enabling the Force Enabling the force is one of the most important functions and responsibilities of noncommissioned officers/petty officers. All noncommissioned officers/petty officers are

More information

EXECUTIVE SAFETY LEADERSHIP

EXECUTIVE SAFETY LEADERSHIP EXECUTIVE SAFETY LEADERSHIP EXECUTIVE SUMMARY This guide offers clear explanations of health and safety concepts that are important to executives and board members, and provides practical solutions that

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Successfully identifying, assessing and managing risks for stakeholders

Successfully identifying, assessing and managing risks for stakeholders Introduction Names like Enron, Worldcom, Barings Bank and Menu Foods are household names but unfortunately as examples of what can go wrong. With these recent high profile business failures, people have

More information

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1 ERM and GRC Fundamentals Risk Management Definitions & Guiding Principles Module 1 Agenda Introduction: Purpose and Goal of the Training (5 min.) Section 1: ERM / GRC Terms & Concepts (15 min.) Section

More information

Talent Management Leadership in Professional Services Firms

Talent Management Leadership in Professional Services Firms Talent Management Leadership in Professional Services Firms Published by KENNEDY KENNEDY Consulting Research Consulting Research & Advisory & Advisory Sponsored by Table of Contents Introduction.... 3

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

UNIVERSITY OF MIAMI SCHOOL OF BUSINESS ADMINISTRATION MISSION, VISION & STRATEGIC PRIORITIES. Approved by SBA General Faculty (April 2012)

UNIVERSITY OF MIAMI SCHOOL OF BUSINESS ADMINISTRATION MISSION, VISION & STRATEGIC PRIORITIES. Approved by SBA General Faculty (April 2012) UNIVERSITY OF MIAMI SCHOOL OF BUSINESS ADMINISTRATION MISSION, VISION & STRATEGIC PRIORITIES Approved by SBA General Faculty (April 2012) Introduction In 1926, we embarked on a noble experiment the creation

More information

Chapter XX Performance Management: What Are The Best Practices?

Chapter XX Performance Management: What Are The Best Practices? Chapter XX Performance Management: What Are The Best Practices? Thomas B. Wilson Susan Malanowski Wilson Group, Inc. Concord, MA www.wilsongroup.com In order to remain competitive, achieve strategic objectives

More information

Leading Positive Performance: A Conversation about Appreciative Leadership. Diana Whitney, Phd, Amanda Trosten-Bloom and Kae Rader

Leading Positive Performance: A Conversation about Appreciative Leadership. Diana Whitney, Phd, Amanda Trosten-Bloom and Kae Rader Leading Positive Performance: A Conversation about Appreciative Leadership Diana Whitney, Phd, Amanda Trosten-Bloom and Kae Rader This is a preprint of an article published in Performance Improvement journal,

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

Begin Your BI Journey

Begin Your BI Journey Begin Your BI Journey As part of long-term strategy, healthcare entities seek opportunities for continuous improvement in order to meet the changing needs of their patients while also maintaining compliance

More information

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without

More information

Retirement Plan Consulting Proposal

Retirement Plan Consulting Proposal The City of Haines City, FL 620 E. Main St Haines City, FL 33844 Retirement Plan Consulting Proposal Presented: August 2014 Gregg Fine, PRP, AIF Area Vice President Gallagher Benefit Services, Inc. 8333

More information

Thank you for taking a leadership role at Gustavus! Best of luck this year!

Thank you for taking a leadership role at Gustavus! Best of luck this year! G.O.L.D. Gusties In Ongoing Leadership Development Thank you for taking a leadership role at Gustavus! Best of luck this year! 800 West College Avenue Saint Peter, MN 56082 gustavus.edu gustavus adolphus

More information

Compared to other industries, banks do quite

Compared to other industries, banks do quite A Framework for Governance, Risk Management and Compliance By Tom Grubb and Tom Burke Compliance and operational improvements are complementary and should happen in tandem. Compared to other industries,

More information

BUSINESS ETHICS: Training Beyond Compliance and HR. Business Ethics White Paper January 2013

BUSINESS ETHICS: Training Beyond Compliance and HR. Business Ethics White Paper January 2013 Business Ethics White Paper January 2013 BUSINESS ETHICS: Training Beyond Compliance and HR Chuck Gallagher, founder of the Ethics Resource Group, is an international business ethics consultant and trainer

More information

Operations Excellence in Professional Services Firms

Operations Excellence in Professional Services Firms Operations Excellence in Professional Services Firms Published by KENNEDY KENNEDY Consulting Research Consulting Research & Advisory & Advisory Sponsored by Table of Contents Introduction... 3 Market Challenges

More information

Comprehensive Skills Training For Supervisors

Comprehensive Skills Training For Supervisors ESI Management Academy Comprehensive Skills Training For Supervisors Reduce Your Organization s Risk and Improve Your Overall Management Performance Comprehensive training geared to maximum productivity

More information

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard Abstract: This white paper outlines the ITIL industry best practices methodology and discusses the methods in

More information

OSFI Updates Guidance on Regulatory Compliance Management. By Carol Lyons and Jared Grossman

OSFI Updates Guidance on Regulatory Compliance Management. By Carol Lyons and Jared Grossman Introduction OSFI Updates Guidance on Regulatory Compliance Management By Carol Lyons and Jared Grossman More than 10 years have passed since OSFI 1 first issued Guideline E-13 entitled Legislative Compliance

More information

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

Ten Key Steps to Effective Succession Planning. By William J. Rothwell, Ph.D., SPHR

Ten Key Steps to Effective Succession Planning. By William J. Rothwell, Ph.D., SPHR Ten Key Steps to Effective Succession Planning By William J. Rothwell, Ph.D., SPHR Rothwell & Associates, Inc. There are two forces at work today that are driving organizations to consider some form of

More information

Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program.

Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program. Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program. Or: How I Learned to Stop Worrying and Love the ERM! Is this You?

More information

FY 2015 Year in Review Internal Audit Division

FY 2015 Year in Review Internal Audit Division P a g e 1 FY 2015 Year in Review Internal Audit Division Over the past year, Emory s Internal Audit Division (Internal Audit) advanced our mission to add value and improve the institution s operations

More information

HOW THE LIBERAL ARTS AND PROFESSIONAL PROGRAMS WORK TOGETHER. A Presidential White Paper from Jonathan Brand

HOW THE LIBERAL ARTS AND PROFESSIONAL PROGRAMS WORK TOGETHER. A Presidential White Paper from Jonathan Brand HOW THE LIBERAL ARTS AND PROFESSIONAL PROGRAMS WORK TOGETHER A Presidential White Paper from Jonathan Brand June 2015 HOW THE LIBERAL ARTS AND PROFESSIONAL PROGRAMS WORK TOGETHER June 2015 This white paper

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

Roche Group Employment Policy

Roche Group Employment Policy Roche Group Employment Policy 2 Roche s Corporate Principles express our conviction that our company s success depends on the talent and performance of dedicated employees. In adopting the present policy,

More information

Strategic Planning & Goal Setting

Strategic Planning & Goal Setting White Paper Strategic Planning & Goal Setting ASSESSMENTS: STRATEGIC PLANNING GOAL SETTING 2. Strategic Planning & Goal Setting STRATEGIC PLANNING Strategic planning is a disciplined effort. In the end,

More information

Metrics by design A practical approach to measuring internal audit performance

Metrics by design A practical approach to measuring internal audit performance Metrics by design A practical approach to measuring internal audit performance September 2014 At a glance Expectations of Internal Audit are rising. Regulatory pressure is increasing. Budgets are tightening.

More information

How To Manage Risk

How To Manage Risk Fund Board Oversight of Risk Management September 2011 Nothing contained in this report is intended to serve as legal advice. Each investment company board should seek the advice of counsel for issues

More information

9 THINGS YOU NEED TO DO TO BUILD YOUR DREAM TEAM

9 THINGS YOU NEED TO DO TO BUILD YOUR DREAM TEAM 9 THINGS YOU NEED TO DO TO BUILD YOUR DREAM TEAM So you want to build your dream team Whether it is on a sporting field, in your office or at a pub trivia night, we all know a dream team when we see one.

More information

Five Key Outcomes of Social CRM

Five Key Outcomes of Social CRM Five Key Outcomes of Social CRM A look at the business case Social CRM: more than monitoring Take a step back. When contemplating social media initiatives, it s easy to get tunnel vision. The evaluation

More information

SCHOOL LEADERSHIP COMPETENCIES

SCHOOL LEADERSHIP COMPETENCIES SCHOOL LEADERSHIP COMPETENCIES Core Competency Personal Leadership Fosters a culture of excellence through personal leadership Data Uses data to set high learning goals and increase student achievement

More information

Guidance on Supervisory Interaction with Financial Institutions on Risk Culture. A Framework for Assessing Risk Culture

Guidance on Supervisory Interaction with Financial Institutions on Risk Culture. A Framework for Assessing Risk Culture Guidance on Supervisory Interaction with Financial Institutions on Risk Culture A Framework for Assessing Risk Culture 7 April 2014 Table of Contents Page Background... i Introduction... 1 1. Foundational

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

GUIDE TO EFFECTIVE STAFF PERFORMANCE EVALUATIONS

GUIDE TO EFFECTIVE STAFF PERFORMANCE EVALUATIONS GUIDE TO EFFECTIVE STAFF PERFORMANCE EVALUATIONS The research is clear. The outcome is consistent. We know with certainty that the most powerful leadership tool for improving productivity and increasing

More information

Seven Principles of Change:

Seven Principles of Change: Managing Change, LLC Identifying Intangible Assets to Produce Tangible Results Toll Free: 877-880-0217 Seven Principles of Change: Excerpt from the new book, Change Management: the people side of change

More information

DoD CIVILIAN LEADER DEVELOPMENT FRAMEWORK COMPETENCY DEFINITIONS. Leading Change

DoD CIVILIAN LEADER DEVELOPMENT FRAMEWORK COMPETENCY DEFINITIONS. Leading Change DoD CIVILIAN LEADER DEVELOPMENT FRAMEWORK COMPETENCY DEFINITIONS Leading Change Definition: This core competency involves the ability to bring about strategic change, both within and outside the organization,

More information

Comprehensive Emergency Management Education 604.528.5800 1.877.528.5591

Comprehensive Emergency Management Education 604.528.5800 1.877.528.5591 Bachelor of Emergency & Security Management Studies prepare yourself and your team with the most accessible, customizable emergency management training from Canada s Leading Public Safety Educator Comprehensive

More information

Transforming risk management into a competitive advantage kpmg.com

Transforming risk management into a competitive advantage kpmg.com INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.

More information

Winning Leadership in Turbulent Times Developing Emotionally Intelligent Leaders

Winning Leadership in Turbulent Times Developing Emotionally Intelligent Leaders Working Resources is a Leadership Consulting, Training and Executive Coaching Firm Helping Companies Assess, Select, Coach and Retain Emotionally Intelligent Leaders; Emotional Intelligence-Based Interviewing

More information

Section Three: Ohio Standards for Principals

Section Three: Ohio Standards for Principals Section Three: Ohio Standards for Principals 1 Principals help create a shared vision and clear goals for their schools and ensure continuous progress toward achieving the goals. Principals lead the process

More information

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship

More information

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM

Enterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT Revised: Page 1 of 8 Introduction The importance to strong corporate governance of managing risk has been increasingly

More information

Internal Auditing: Assurance, Insight, and Objectivity

Internal Auditing: Assurance, Insight, and Objectivity Internal Auditing: Assurance, Insight, and Objectivity WHAT IS INTERNAL AUDITING? INTERNAL AUDITING business people all around the world are familiar with the term. But do they understand the value it

More information

North Dakota Human Resource Management Services Performance Evaluation

North Dakota Human Resource Management Services Performance Evaluation North Dakota Human Resource Management Services Performance Evaluation Performance Evaluation is a multi-purpose tool used to: Measure actual performance against expected performance Provide an opportunity

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

~Empowering and Motivating for Today and Tomorrow~

~Empowering and Motivating for Today and Tomorrow~ Lindsay Unified School District Mission Statement ~Empowering and Motivating for Today and Tomorrow~ - Adopted by Lindsay Unified School Board: May 21, 2007 Mission: Empowering and Motivating for Today

More information

FRAMEWORK. 7 Building Blocks to Success

FRAMEWORK. 7 Building Blocks to Success The CMI Content MarketING FRAMEWORK 7 Building Blocks to Success Your company is probably already exploring the role that compelling content can play in your own marketing programs just as many other companies

More information

Supervisor s Performance Management Guide

Supervisor s Performance Management Guide Supervisor s Performance Management Guide 1. Introduction... 2 2. Duties and Job Descriptions... 2 3. Supervisor s Role... 2 4. Goals & Employee Development... 3 5. Annual Performance Evaluation Process...

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

Tapping the benefits of business analytics and optimization

Tapping the benefits of business analytics and optimization IBM Sales and Distribution Chemicals and Petroleum White Paper Tapping the benefits of business analytics and optimization A rich source of intelligence for the chemicals and petroleum industries 2 Tapping

More information

Views from the Field: Decision Making at Nonprofits By Steve Scheier, Empowering Work Practices Produced in partnership with Commongood Careers

Views from the Field: Decision Making at Nonprofits By Steve Scheier, Empowering Work Practices Produced in partnership with Commongood Careers Views from the Field: Decision Making at Nonprofits By Steve Scheier, Empowering Work Practices Produced in partnership with Commongood Careers Nonprofit organizations benefit from a cadre of hard working,

More information

Board Governance Principles Amended September 29, 2012 Tyco International Ltd.

Board Governance Principles Amended September 29, 2012 Tyco International Ltd. BOD Approved 9/13/12 Board Governance Principles Amended September 29, 2012 Tyco International Ltd. 2012 Tyco International, Ltd. - Board Governance Principles 1 TABLE OF CONTENTS TYCO VISION AND VALUES...

More information

Principles for An. Effective Risk Appetite Framework

Principles for An. Effective Risk Appetite Framework Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective

More information

HSMS. Group Health AND Safety Management System

HSMS. Group Health AND Safety Management System 3 2 CONSULTATION AND EMPOWERMENT 4 RISK MANAGEMENT 1 AMBITION, POLICY AND RULES LEADERSHIP, ACCOUNTABILITY AND ORGANISATION PLAN AND COMMIT 5 EMERGENCY PREPAREDNESS 10 AUDIT AND MATURITY PATH 9 LEARN AND

More information

Lead Star s Distance Learning Programs

Lead Star s Distance Learning Programs Lead Star s Distance Learning Programs Customized Webinar Overview www.leadstar.us Lead Star s Webinars Lead Star s webinar events are dynamic, 45-minute training presentations designed to accommodate

More information

Risk Profile, Appetite, and Tolerance: Fundamental Concepts in Risk Management and Reinsurance Effectiveness

Risk Profile, Appetite, and Tolerance: Fundamental Concepts in Risk Management and Reinsurance Effectiveness An update from Business Intelligence April 2009 Risk Profile, Appetite, and Tolerance: Fundamental Concepts in Risk Management and Reinsurance Effectiveness Prior to the recent turbulence in the financial

More information

Being smart about the risks you take

Being smart about the risks you take Governance, risk & compliance Being smart about the risks you take Get up to speed* Being smart about the risks you take Most risk management systems aim to avoid risk. But, if a business doesn t take

More information

MANAGING THREATS OF VIOLENCE IN THE WORKPLACE. Take-and-Use Guidelines for Chubb Workplace Violence Expense Insurance Customers

MANAGING THREATS OF VIOLENCE IN THE WORKPLACE. Take-and-Use Guidelines for Chubb Workplace Violence Expense Insurance Customers MANAGING THREATS OF VIOLENCE IN THE WORKPLACE Take-and-Use Guidelines for Chubb Workplace Violence Expense Insurance Customers MANAGING THREATS OF VIOLENCE IN THE WORKPLACE Take-and-Use Guidelines For

More information

Pillars for Successful Analytics Implementation. marketing insights spring 2013

Pillars for Successful Analytics Implementation. marketing insights spring 2013 3 7 Pillars for Successful Analytics Implementation 3 3 3 34 + A leader s guide to incorporating Big Data across the organization Jesse Harriott jesse.harriott@gmail.com You may remember the days before

More information

Guide to Effective Staff Performance Evaluations

Guide to Effective Staff Performance Evaluations Guide to Effective Staff Performance Evaluations Compiled by Human Resources Siemens Hall, Room 211 The research is clear. The outcome is consistent. We know with certainty that the most powerful leadership

More information

ENTERPRISE RISK MANAGEMENT SURVEY. 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:

ENTERPRISE RISK MANAGEMENT SURVEY. 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY: t RIMS2013 ENTERPRISE RISK MANAGEMENT SURVEY 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY: Administered by: Advisen Ltd. Zurich Authored by: RIMS and Advisen Ltd. Publishers: Mary Roth,

More information

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization?

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization? Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization? Background Everyone within an organization has some responsibility for managing risk. In the

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

The Role of the Board in Enterprise Risk Management

The Role of the Board in Enterprise Risk Management Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance

More information

Performance Management. Office of Human Resources

Performance Management. Office of Human Resources Performance Management Office of Human Resources Jean Prather, PHR DEVELOPING EMPLOYEES The conventional definition of management is getting work done through h people, but real management is developing

More information

Executive Brand Leadership

Executive Brand Leadership Executive Brand Leadership By Karl D. Speak 2000 Brand Tool Box, Ltd. All Rights Reserved. No part of this publication may be reproduced in any form without written permission. Executive Brand Leadership

More information

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.

More information

ORGANISING COMMITTEE POLICY AND GOVERNANCE FOR RISKS TO REPUTATION

ORGANISING COMMITTEE POLICY AND GOVERNANCE FOR RISKS TO REPUTATION ORGANISING COMMITTEE POLICY AND GOVERNANCE FOR RISKS TO REPUTATION Report from a High Level Workshop INTRODUCTION It is increasingly recognised that reputation is an important valuable asset, though it

More information

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. OPTIMUS SBR CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. Optimizing Results with Business Intelligence Governance This paper investigates the importance of establishing a robust Business Intelligence (BI)

More information

Delphi Automotive PLC. Corporate Governance Guidelines

Delphi Automotive PLC. Corporate Governance Guidelines Delphi Automotive PLC Corporate Governance Guidelines TABLE OF CONTENTS DELPHI VISION AND VALUES... 3 Delphi Vision: Why We Exist and the Essence of Our Business... 3 Delphi Values: How We Conduct Ourselves...

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

THE NEXT GENERATION OF DATA INSURANCE

THE NEXT GENERATION OF DATA INSURANCE THE NEXT GENERATION OF DATA INSURANCE High Indemnity and Broad Coverage Against Permanent Loss A Data Insurance Licensing Ltd. White Paper Version 2013.4.4 Data Insurance Licensing Ltd. THE NEXT GENERATION

More information

Assessing the strength of your security operating model

Assessing the strength of your security operating model www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems

More information

Oak Park School District. School Psychologist Evaluation

Oak Park School District. School Psychologist Evaluation Oak Park School District School Psychologist Evaluation School Psychologist Evaluation Instrument Domain I: Databased Decision Making and Accountability School psychologists have knowledge of varied models

More information

Shell s Health, Safety and Environment (HSE) management system (see Figure 11-1) provides the framework for managing all aspects of the development.

Shell s Health, Safety and Environment (HSE) management system (see Figure 11-1) provides the framework for managing all aspects of the development. Section 11.1 APPLICATION FOR APPROVAL OF THE DEVELOPMENT PLAN FOR NIGLINTGAK FIELD PROJECT DESCRIPTION INTRODUCTION 11.1.1 HSE MANAGEMENT SYSTEM Shell s Health, Safety and Environment (HSE) management

More information

Industry Insight: Performance Management

Industry Insight: Performance Management Industry Insight: Performance Management Optimize Employee Performance to Maximize Business Performance You ve built an impressive talent hiring and screening approach, one that better predicts and ensures

More information

Beyond risk identification Evolving provider ERM programs

Beyond risk identification Evolving provider ERM programs Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many

More information

Getting Your Business Back

Getting Your Business Back Getting Your Business Back Pulling Together Business Continuity, Crisis Management and Disaster Recovery Many organizations have a program (or programs) in place to keep operations going (or to resume

More information

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013 State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council

More information

Project Management Summary of Best Practices

Project Management Summary of Best Practices Project Management Summary of Best A TenStep White Paper Contact us at info@tenstep.com TenStep, Inc. 2363 St. Davids Square Kennesaw, GA. 30152 877.536.8434 770.795.9097 Contac t us at info@t enstep.com

More information

Supervisor s Guide for. Coaching & Corrective Action

Supervisor s Guide for. Coaching & Corrective Action Supervisor s Guide for Coaching & Corrective Action Purpose: The Supervisor s Guide to Coaching & Corrective Action serves as a supplement to Operating Policy 70.31: Employee Conduct, Discipline and Terminations.

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a

More information

Self Assessment Tool for Principals and Vice-Principals

Self Assessment Tool for Principals and Vice-Principals The Institute for Education Leadership (IEL) brings together representatives from the principals' associations, the supervisory officers' associations, councils of directors of education and the Ministry

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

OCCUPATIONAL HEALTH IN EUROPEAN MEMBER STATES: A ROAD TO ORGANIZATIONAL HEALTH

OCCUPATIONAL HEALTH IN EUROPEAN MEMBER STATES: A ROAD TO ORGANIZATIONAL HEALTH International Journal of Occupational Medicine and Environmental Health, Vol. 14, No, 1, 13 17, 2001 OCCUPATIONAL HEALTH IN EUROPEAN MEMBER STATES: A ROAD TO ORGANIZATIONAL HEALTH JACQUES A. VAN DER VLIET

More information

Additional Qualification Course Guideline Special Education, Specialist

Additional Qualification Course Guideline Special Education, Specialist Additional Qualification Course Guideline Special Education, Specialist Schedule D Teachers Qualifications Regulation April 2014 Ce document est disponible en français sous le titre Ligne directrice du

More information

MOTIVATING EMPLOYEES FOR SAFETY SUCCESS

MOTIVATING EMPLOYEES FOR SAFETY SUCCESS MOTIVATING EMPLOYEES FOR SAFETY SUCCESS Thomas R. Krause * and Gordon Sellers # * Behavioral Science Technology, Ojai CA, USA # Behavioural Science Technology International, Bracknell RG12 1JB, Gordon.Sellers@bstsolutions.com

More information