Many components can make up the risk management capability; some of the key elements are discussed below:
|
|
- Tracy Willis
- 8 years ago
- Views:
Transcription
1 Successful Security, Risk and Control Programs from DelCreo, Inc., an Enterprise Risk Management Company DelCreo Enterprise Risk Management Framework Part II Strategic planning is an area that I believe to be critical for the success of all security, risk and control managers. Details on our new Strategic Planning workshop are available at In November, I wrote about the DelCreo Framework for Enterprise Risk Management, and detailed half of this approach. This month (where did the December Newsletter go? - too much Christmas shopping!) I have detailed the second half of this framework. You can download a copy of this framework from the DelCreo website at ENTERPRISE RISK MANAGEMENT CAPABILITIES Many risk assessments focus completely on identifying risks and potential exposures, and neglect a review of the capability of the organization to manage the risks. I believe that the most effective risk assessments identify, classify and articulate the likelihood/impact of risks, and then address the current ability of the organization to manage those risks. Many components can make up the risk management capability; some of the key elements are discussed below: Risk Functions Various risk management functions must participate, exchange information and processes, and cooperate on risk mitigation activities to fully implement an ERM capability. Some of these risk management functions might include: - Business Continuity Planning - Internal Audit - Insurance - Crisis Management - Privacy - Physical Security - Legal - Information Security - Credit Risk Management Any enterprise risk management assessment should include a review of the interactions, sharing of information, collaborative approach to managing risk, etc. that exists among the various risk management functions. Optimize magazine has recently had several excellent articles about enterprise risk management. One item recently grabbed my attention: In a recent survey conducted by Optimize, 40% of the companies that participated in the survey identified the CIO as the
2 executive most likely to own Enterprise Risk Management in their organization! (Optimize, January, 2004, p. 67). For more details and analysis on this article, see my blog at In the last article, we briefly addressed risk appetite. DelCreo has researched and developed a method over the past seven years that many clients have used to successfully develop and define risk appetite. Using this method, the risk appetite is then used across various risk management functions, allows for the cascading of your risk appetite into the organization (and across) and becomes a critical link in operationalizing a concept that heretofore has been very nebulous. For more details, please contact me at mark@delcreo.com. Risk Management Processes Effective Risk management processes can be used across a wide range of risk management activities, and include the following: - Risk Strategy and Appetite - Define risk strategy and program. - Define risk appetite. - Determine treatment approach. - Establish risk policies, procedures, and standards. - Assess Risk - Identify and understand value and risk drivers. - Categorize risk within the business risk framework. - Identify methods to measure risk. - Measure risk. - Assemble risk profile and compare to risk appetite and capability. - Treat Risk - Identify appropriate risk treatment methods. - Implement risk treatment methods. - Measure and assess residual risk. - Monitor and Report - Continuously monitor risks. - Continuously monitor risk management program and capabilities. - Report on risks and effectiveness of risk management program and capabilities. Although the risk management process is relatively easy to understand, very few organizations have formally documented and implemented a risk management process that is used across the organization. Organization The Chief Risk Officer (CRO), Enterprise Risk Manager or even the Enterprise Risk Committee, may manage the enterprise risk management activities. Their duties would typically include: - Provide risk management program leadership, strategy and implementation direction. - Develop risk classification and measurement systems. - Develop and implement escalation metrics and triggers (Events, incidents, crisis, operations, etc.). - Develop and monitor early warning systems, based on escalation
3 metrics and triggers. - Develop and deliver organization-wide risk management training. - Coordinate risk management activities - some functions may report to CRO, while others will be coordinated. Culture - Creating and maintaining an effective risk management culture is very difficult. Special consideration should be given to the following areas: Knowledge Management - Institutional knowledge about risks, how they are managed, and experiences by other business units should be effectively captured and shared with relevant peers and risk managers. My experience in helping clients develop and implement online knowledge management systems has shown the potential benefit of knowledge management efforts: - Reduce the risk profile through the enhanced risk identification and management capability - Decrease the total cost of risk - Develop and deploy risk assessment tools globally - Enable the company to capture risk assessment information continuously - Allow users to access complex risk modeling and forecasting tools through simple web-based interfaces and applications - Become the universal starting point for all users as they look for risk related tools, people resources and knowledge (For more details, see ) Metrics - The accurate and timely collection of metrics is critical to the success of the risk management program. Effort should be made to connect the risk management programs to the Balanced Scorecard, EVA, or other business management/metrics systems. The balanced scorecard is a management system (not only a measurement system) that enables organizations to clarify their vision and strategy and translate them into action. It provides feedback around both the internal business processes and external outcomes in order to continuously improve strategic performance and results. When fully deployed, the balanced scorecard transforms strategic planning from an academic exercise into the reality of organizational measurement processes. (Robert S. Kaplan and David P. Norton's new book, Strategy Maps: Converting Intangible Assets into Tangible Outcomes is an excellent reference guide for this topic). EVA (Economic Value Added) is net operating profit minus an appropriate charge for the opportunity cost of all capital invested in an enterprise. As such, EVA is an estimate of true "economic" profit, or the amount by which earnings exceed or fall short of the required minimum rate of return that shareholders and lenders could get by investing in other securities of comparable risk. Stern Stewart developed EVA to help managers incorporate two basic principles of finance into their decision making. The first is that the primary financial objective of any company should be to maximize the wealth of its shareholders. The second is that the value of a company depends on
4 the extent to which investors expect future profits to exceed or fall short of the cost of capital. (Source: ) Training - Effective training programs are necessary to ensure that risk management programs are effectively integrated into regular business processes. For example, strategic planners, responsible for the strategic planning process, will need constant reinforcement regarding the risk assessment processes. (For more information on training, see ) Communication - Frequent and consistent communications around the purpose, success, and cost of the risk management program are a necessity to maintain management support and to continually garner necessary participation of managers and line personnel in the ongoing risk management program. Tools - Appropriate tools should be evaluated, purchased or developed to enhance the effectiveness of the risk management capability. Many commercial tools are available and their utility across a range of risk management activities should be considered. Quality information about risks is generally difficult to obtain and care should be exercised to ensure that information gathered by one risk function can be effectively shared with other programs. For example, tools used to conduct the business impact assessment should facilitate the sharing of risk data with the insurance program. (For more information our tools, see ) Enterprisewide Integration ERM and other related security, risk and control programs should effectively collaborate across the enterprise and should have a direct connection to the strategic planning process, as well as the critical projects, initiatives, business units, functions, etc. Broad, comprehensive integration of risk management programs across the organization generally lead to more effective and efficient programs. Risk Attributes - Risk attributes relate to the ability or sophistication of the organization to understand the characteristics of specific risks including their lifecycle, how they act individually or in a portfolio, and other qualitative or quantitative characteristics. Lifecycle - Has the risk been understood throughout its lifecycle and have appropriate risk strategies been developed and implemented before the risk occurs, during the risk occurrence, and after the risk occurs? Achieving the optimal balance between risk and cost of managing risk is only possible if the lifecycle of the risk is well understand and risk strategies and treatments are appropriately applied. Individual and Portfolio - the most sophisticated organizations will look at each risk individually, as well as in aggregate or in portfolio. Viewing risks in a portfolio can help identify risks that are natural hedges against themselves, and risks that amplify each other. Knowledge of how risks interact as a portfolio can increase the
5 ability of the organization to effectively manage the risks at the most reasonable cost. Qualitative and Quantitative - Most organizations will progress from being able to qualitatively assess risks to being able to quantify risks. In general, the more quantifiable the information about the risk, the more treatment options available to the organization. Risk Functions, Risk Management Process, Organization, Culture, Tools, Enterprise-wide Integration and Risk Attributes are some of the most common elements of understanding your risk management capability. Other elements exist and may be more or less relevant depending on industry, geography, etc. Many people have struggled with the challenge of clearly defining what enterprise risk management is. I believe that clearly defining the capability elements of enterprise risk management is the key to understanding it. As this discipline evolves, DelCreo will continue to define and explore the most important capability components of enterprise risk management. Please see more on ERM Framework in the Risk Strategies That Work Section below. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ DelCreo is an (ISC)_ Authorized Training Partner Register now for high quality, cost-effective training that really packs a punch! Upcoming DelCreo Professional Education courses: Date: Topic: Location: Feb , 2004 CRISIS AND INCIDENT MANAGEMENT Dallas, TX s.cfm Feb , 2004 RoI FOR INFORMATION SECURITY Houston, TX n.cfm Feb , 2004 BUILDING COMPLIANCE-BASED AWARENESS Las Vegas, NV cfm Feb. 25, 2004 BCP METRICS-MANAGING A BCP PROGRAM San Jose, CA e.cfm Feb. 26, 2004 STRATEGIC PLANNING San Jose, CA
6 Mar. 9-10, 2004 RAPID RISK ASSESSMENT WORKSHOP Dallas, TX fm Mar. 11, 2004 BCP METRICS-MANAGING A BCP PROGRAM Dallas, TX Mar. 16, 2004 STRATEGIC PLANNING Chicago, IL Mar , 2004 BUILDING COMPLIANCE-BASED AWARENESS Atlanta, GA a.cfm Mar. 31-Apr. 1, 2004 CRISIS AND INCIDENT MANAGEMENT Cleveland, OH H.cfm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Risk Strategies That Work on ERM Framework o Risk assessments should identify and understand risks as well as the organizations ability to manage risk o Develop and articulate your organization's risk appetite, this is a key element of an effective ERM approach o Create an ERM Council/Committee, even it is ad hoc, and in the beginning you are the only one driving the show. o Attempt to document/develop the roles and responsibilities of the various risk management related organizations, how you will collaborate, share information, etc. How will the most common risks be handled? Get agreement among the key players o Any enterprise risk management assessment should include a review of the interactions, sharing of information, collaborative approach to managing risk, etc. that exists among the various risk management functions o Understand the lifecycle aspects of key risks. Develop risk strategies that address the most critical risks before, during and after they occur *********************************************************************** ******* DelCreo, Inc. An Enterprise Risk Management Company Helping Risk Professionals Develop and Rollout Successful Risk Programs
7 U.S./Toll-free: 866.DELCREO International: 001/ DelCreo, Inc. All rights reserved. You are free to use material from the Successful Risk Programs ezine in whole or in part, as long as you include the following complete attribution, including live website link. By DelCreo, Inc. - An Enterprise Risk Management Company. Please visit DelCreo's website at for additional risk articles, resources, tools, and services for Risk Professionals on how to develop and rollout successful risk programs. *********************************************************************** ****** To unsubscribe or change subscriber options visit:
Measuring Continuity Planning Program. Performance
Measuring Continuity Planning Program Performance Carl B Jackson Director Crisis Management & Continuity Planning Resource Center (CMCPRC) Measuring Continuity Planning Program Performance Session Agenda
More informationThe College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012
The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why
More informationEnterprise Risk Management: Concepts & Issues
Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1 The Basic Concept of Risk Management The active process of identifying risks,
More informationCRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data
CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical
More informationOperational Risk Management - The Next Frontier The Risk Management Association (RMA)
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
More informationUniversity of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007
University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas
More informationOperational Risk Management Program Version 1.0 October 2013
Introduction This module applies to Fannie Mae and Freddie Mac (collectively, the Enterprises), the Federal Home Loan Banks (FHLBanks), and the Office of Finance, (which for purposes of this module are
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationIRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS
IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationStrategically Linking Talent Management to the Business. Vice President of Talent Management, Learn.com
Strategically Linking Talent Management to the Business Michael Sabbag Michael Sabbag Vice President of Talent Management, Learn.com Agenda Defining talent management and the employee lifecyclel Cascading
More informationDesigning a Metrics Dashboard for the Sales Organization By Mike Rose, Management Consultant.
Designing a Metrics Dashboard for the Sales Organization By Mike Rose, Management Consultant. Metrics can serve as critical measures of success for any organization and, in particular, the sales force
More informationThe Balanced Scorecard
The Balanced Scorecard Traditional financial performance metrics provide information about a firm's past results, but are not well-suited for predicting future performance or for implementing and controlling
More informationGOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts
GOVERNANCE DEFINED Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts Governance over the use of technology assets can be seen
More informationGAINING CONTROL: Building Your Existing Framework into an ERM Model
GAINING CONTROL: Building Your Existing Framework into an ERM Model RIMS Northeast Ohio Chapter Education Day Carol Fox, ARM RIMS Director of Strategic and Enterprise Risk Practice November 19, 2013 Copyright
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationHow to Develop Successful Enterprise Risk and Vendor Management Programs
Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate
More informationEVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS
EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS Carlos Moreno Martínez Information Systems Department, Universidad Europea de Madrid Spain Email: 20839394@live.uem.es
More informationITIL Foundation. Learn about process improvements, benefits, and challenges of ITIL, and get your ITIL Foundation certification.
ITIL Foundation Learn about process improvements, benefits, and challenges of ITIL, and get your ITIL Foundation certification. In this exciting and dynamic course, you will get an introduction to the
More informationInternational Diploma in Risk Management Syllabus
International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.
More informationPerforming a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations
Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations Author: Glen C. Mueller, Chief Audit & Compliance Officer, Scripps Health, San Diego, CA Introduction
More informationBeyond risk identification Evolving provider ERM programs
Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many
More informationEnterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012
Enterprise Risk Management in a Highly Uncertain World A Presentation to the Government-University- Industry Research Roundtable June 20, 2012 CRO Council Introduction Mission The North American CRO Council
More informationSuccessfully identifying, assessing and managing risks for stakeholders
Introduction Names like Enron, Worldcom, Barings Bank and Menu Foods are household names but unfortunately as examples of what can go wrong. With these recent high profile business failures, people have
More informationHow To Change A Business Model
SOA governance and organizational change strategy White paper November 2007 Enabling SOA through organizational change Sandy Poi, Global SOA Offerings Governance lead, associate partner, Financial Services
More informationA Risk Management Standard
A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management
More informationPRIORITIZING CYBERSECURITY
April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies
More informationRemarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the
Remarks by Carolyn G. DuChene Deputy Comptroller Operational Risk at the Bank Safety and Soundness Advisor Community Bank Enterprise Risk Management Seminar Washington, D.C. October 22, 2012 Good afternoon,
More informationRisk appetite in the financial services industry A requisite for risk management today
Risk appetite in the financial services industry A requisite for risk management today While the concept of risk appetite existed before the global financial downturn, the benign economic conditions that
More informationUsing Predictive Analytics to Increase Profitability Part II
Using Predictive Analytics to Increase Profitability Part II Jay Roy Chief Strategy Officer Practical Intelligence for Ensuring Profitability Fall 2011 Dallas, TX Table of Contents A Brief Review of Part
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February
More informationProfessional. Compliance & Ethics. 19 The cost of unethical behavior. 33 Graduate degrees in Compliance: Training the next generation
Compliance & Ethics May 2014 Professional a publication of the society of corporate compliance and ethics www.corporatecompliance.org Growing the SCCE: A 10-year perspective from SCCE Co-Chairs See page
More informationIT Governance (Worthwhile Exercise?) January 10, 2013 Presented by Chad Murphy, CISA
IT Governance (Worthwhile Exercise?) January 10, 2013 Presented by Chad Murphy, CISA Things we hear! You are making it much too complex. It is an IT problem! We do not know where to start! We do this already!
More informationBlending Corporate Governance with. Information Security
Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power
More informationAccenture Sustainability Performance Management. Delivering Business Value from Sustainability Strategy
Accenture Sustainability Performance Management Delivering Business Value from Sustainability Strategy Global executives are as committed as ever to sustainable business. Yet, executing a sustainability
More informationManaging Risk at Bank of America Corporation. Overview
Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,
More informationManagement White Paper What is a modern Balanced Scorecard?
Management White Paper What is a modern Balanced Scorecard? For more information please visit: www.ap-institute.com What is a modern Balanced Scorecard? By Bernard Marr Abstract: The Balanced Scorecard
More informationIT Governance: framework and case study. 22 September 2010
IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT
More informationHow ERM programs evolve
How to achieve excellent Enterprise Risk Management series www.pwc.com/us/ermexcellenceseries Article 3: June 2015 How ERM programs evolve Overview An organization s enterprise risk management (ERM) program
More informationCalculating ITIL ROI
UNIVERSITY OF MIAMI Calculating ITIL ROI Issues and Case Study Results Doug Tyre 1/20/2012 dtyre@miami.edu @dougtyre Calculating ROI for ITIL implementations is notoriously difficult. However, some companies
More informationTransforming risk management into a competitive advantage kpmg.com
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
More informationOrganizing a Financial Institution to Deliver Enterprise-Wide Risk Management By Kaan H. Aksel PricewaterhouseCoopers
Organizing a Financial Institution to Deliver Enterprise-Wide Risk Management By Kaan H. Aksel PricewaterhouseCoopers Everyone seems to be talking about enterprise-wide risk management (ERM): boards of
More informationSTANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework
STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework September 2011 Notice This document is intended as a reference tool to assist Ontario credit unions to develop an
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationAccreditation Application Forms
The Institute of Risk Management The Institute of Risk Management Accreditation Application Forms Universities and Professional Associations The Institute of Risk Management Accreditation Application Forms
More informationProactive Risk Management with SAP BusinessObjects
Proactive Risk Management with SAP BusinessObjects Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions INTRODUCTION What is the totality of our enterprise
More informationUsing Corporate Performance Management to Deliver the CEO s Strategic Vision
Using Corporate Performance Management to Deliver the CEO s Strategic Vision Gartner RAS Core Research Note G00157458, Nigel Rayner, 30 April 2008 Corporate performance management (CPM) applications offer
More informationUNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework
UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.
More informationThe Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More information10 Best-Selling Modules For Home Information Technology Professionals
Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich
More informationInfrastructure Asset Management Report
Infrastructure Asset Management Report From Inspiration to Practical Application Achieving Holistic Asset Management 16th- 18th March 2015, London Supported by Table of contents Introduction Executive
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationEnterprise-Wide Risk Assessment
Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,
More informationBusiness Continuity / Disaster Recovery Context
Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal
More informationEnterprise Risk Management: From Theory to Practice
INSURANCE Enterprise Risk Management: From Theory to Practice KPMG LLP Executive Summary Enterprise Risk Management (ERM) is a structured and disciplined business tool aligning strategy, processes, people,
More informationCOMMERCIAL BANK. Moody s Analytics Solutions for the Commercial Bank
COMMERCIAL BANK Moody s Analytics Solutions for the Commercial Bank Moody s Analytics Solutions for the Commercial Bank CATERING TO ALL DIVISIONS OF YOUR ORGANIZATION The Moody s name is synonymous with
More informationECM as a Shared Service: The New Frontier
Doculabs White Paper: ECM as a Shared Service: The New Frontier Organizations are struggling with the increasing growth of unstructured content: all the word processing files, e-mail, spreadsheets, web
More informationManaging Organizational Performance: Linking the Balanced Scorecard to a Process Improvement Technique Abstract: Introduction:
Managing Organizational Performance: Linking the Balanced Scorecard to a Process Improvement Technique William K. Hoehn, Ph.D. Raytheon Systems Company Tucson, Arizona Abstract: Numerous researchers have
More informationConnecting data initiatives with business drivers
Connecting data initiatives with business drivers TABLE OF CONTENTS: Introduction...1 Understanding business drivers...2 Information requirements and data dependencies...3 Costs, benefits, and low-hanging
More informationStrategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.
Strategic Risk Assessment ILLUSTRATION: TIM LEE/WWW.LEEILLO.COM A first step for improving risk management and governance. By Mark L. Frigo and Richard J. Anderson December 2009 I STRATEGIC FINANCE 25
More informationTHE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT
THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.
More informationPlacing a Value on Enterprise Risk Management ADVISORY
Placing a Value on Enterprise Risk Management ADVISORY Placing a Value on Enterprise Risk Management 1 In turbulent economic times, the case for investing in an enterprise risk management (ERM) program
More information1. Verzeichnis der ITIL V3 Service Strategy Prozesse
1. Verzeichnis der ITIL V3 Service Strategy Prozesse Service Strategy Service Portfolio Financial Conception of IT Strategy IT Financial Organization Maintenance of the Service Portfolio IT Budgeting Demand
More informationRisk Management Strategy & Implementation Plan 2014 2016
St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received
More informationBalanced Scorecard and Compensation
2011 International Conference on Business and Economics Research IPEDR Vol.16 (2011) (2011) IACSIT Press, Singapore Balanced Scorecard and Compensation Petr Snapka and Andrea Copikova + VŠB Technical University
More informationInternet Reputation Management Guide. Building a Roadmap for Continued Success
Internet Reputation Management Guide Building a Roadmap for Continued Success About BrandProtect BrandProtect is the leader in multi-channel Internet threat monitoring and risk mitigation. The company
More informationTransportation Security Administration Enterprise Risk Management. ERM Policy Manual. August 2014
Transportation Security Administration Enterprise Risk Management ERM Policy Manual August 2014 1 Contents Abbreviations...4 Introduction...5 Purpose of this document...6 ERM Objective...7 Enterprise Risk
More informationEnterprise Project Management Initiative
Executive Summary Enterprise Project Management Initiative At a time when budgetary challenges became more and more aggressive, the Commonwealth of Kentucky determined in late 2000 it must develop a more
More informationWINNING THE BYOD GAME
How to Create a Realistic Governance Strategy WINNING THE BYOD GAME Presented by Cask, LLC and Cherwell Software Webinar March 2012 Agenda 2» Introductions» How did we get here?» Where do we start?» Governance
More informationITIL v3 Service Manager Bridge
ITIL v3 Service Manager Bridge Course Length: 5 Days Course Overview This 5 day hands on, certification training program enables ITIL Version 2 certified Service Managers to upgrade their Service Manager
More informationFeature. Developing an Information Security and Risk Management Strategy
Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide
More informationUnderstanding and articulating risk appetite
Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,
More information10-005 Enterprise Risk Management
10-005 Enterprise Risk Management Current update: 09/16/10 Original Issuance: 03/31/08 Purpose This policy provides guidance and direction to State Board of Administration business unit heads for identifying,
More informationFlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk
Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business
More informationA monthly online survey and commentary presented by The Managing Partner Forum
A monthly online survey and commentary presented by The Managing Partner Forum May 2014 Goals, Measures, and Scorecards: by John Sterling and John Remsen, Jr. What gets measured gets done. What's measured
More informationEnterprise Risk Management & Information Technology
Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management
More informationMeasuring Diversity Results Series Article 1 By Dr. Edward E. Hubbard President & CEO, Hubbard & Hubbard, Inc.
Measuring Diversity Results Series Article 1 By Dr. Edward E. Hubbard President & CEO, Hubbard & Hubbard, Inc. Introduction Diversity professionals are increasingly challenged to take a more strategic
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationFINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund
FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012 Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund There are different risk assessments prepared: Annual risk assessment
More informationThe Balanced Scorecard (BSC)
The Balanced Scorecard (BSC) Framework, Implementation Methodology and Recommended Application - Executive Brief (April 2012) - Introduction Balanced Scorecard is an integrated, organization-wide management
More informationThe Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies
The Essentials of Enterprise Risk Management Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies Introduction How should an organization think about the management
More informationIT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT
More informationHow To Manage Risk
Fund Board Oversight of Risk Management September 2011 Nothing contained in this report is intended to serve as legal advice. Each investment company board should seek the advice of counsel for issues
More informationP3M3 Portfolio Management Self-Assessment
Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction
More informationScenario Analysis Principles and Practices in the Insurance Industry
North American CRO Council Scenario Analysis Principles and Practices in the Insurance Industry 2013 North American CRO Council Incorporated chairperson@crocouncil.org December 2013 Acknowledgement The
More informationAgile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners
Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,
More informationThe Performance Management Overview PERFORMANCE MANAGEMENT 1.1 SUPPORT PORTFOLIO
The Performance Management Overview PERFORMANCE MANAGEMENT 1.1 SUPPORT PORTFOLIO This document is part of the of the Performance Management Support Portfolio a series of guides to the key elements of Performance
More informationPERFORMANCE MANAGEMENT
PERFORMANCE MANAGEMENT REDUCING THE GAP BETWEEN YOUR STRATEGY AND ITS EXECUTION PERFORMANCE MANAGEMENT PROJECT MANAGEMENT HUMAN RESOURCES MANAGEMENT PERFORMANCE MANAGEMENT PROJECT MANAGEMENT HUMAN RESOURCES
More informationPerformance Management. Date: November 2012
Performance Management Date: November 2012 SSBA Background Document Background 3 4 Governance in Saskatchewan Education System 5 Role of School Boards 6 Performance Management Performance Management Overview
More informationCreating An Excel-Based Balanced Scorecard To Measure the Performance of Colleges of Agriculture
Creating An Excel-Based Balanced Scorecard To Measure the Performance of Colleges of Agriculture Paper Presented For American Agricultural Economics Association (AAEA) Annual Meeting July 23-26, 2006 Long
More informationDigital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager
Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with
More informationENTERPRISE RISK MANAGEMENT BENCHMARK REVIEW: 2013 UPDATE
March 2014 ENTERPRISE RISK MANAGEMENT BENCHMARK REVIEW: 2013 UPDATE In April and October 2009, Guy Carpenter published two briefings titled Risk Profile, Appetite and Tolerance: Fundamental Concepts in
More informationSTANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices
A S I S I N T E R N A T I O N A L Supply Chain Risk Management: Risk Assessment A Compilation of Best Practices ANSI/ASIS/RIMS SCRM.1-2014 RA.1-2015 STANDARD The worldwide leader in security standards
More informationU.S. Department of the Treasury. Treasury IT Performance Measures Guide
U.S. Department of the Treasury Treasury IT Performance Measures Guide Office of the Chief Information Officer (OCIO) Enterprise Architecture Program June 2007 Revision History June 13, 2007 (Version 1.1)
More informationBased on 2008 Survey of 255 Non-IT CEOs/Executives
Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is
More informationfmswhitepaper Why community-based financial institutions should practice enterprise risk management.
fmswhitepaper Why community-based financial institutions should practice enterprise risk management. By Michael D. Cohn, CPA, CISA, CGEIT Director, WolfPAC Solutions Group Unique Insights Implementation
More informationPrinciples for An. Effective Risk Appetite Framework
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
More informationProcurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment
Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire
More informationInformation Governance 2.0. Abstract. What is Information Governance?
Abstract This paper proposes that every organization needs an Information Governance program and that a collaborative approach to Information Governance can be the most effective method for its implementation.
More informationManagement and Use of Information & Information Technology (I&IT) Directive. Management Board of Cabinet
Management and Use of Information & Information Technology (I&IT) Directive Management Board of Cabinet February 28, 2014 TABLE OF CONTENTS PURPOSE... 1 APPLICATION AND SCOPE... 1 PRINCIPLES... 1 ENABLE
More information