ERM Standards of Practice and Shared Risk Principles



Similar documents
ISO and Risk Management

RIMS Executive Report The Risk Perspective

GAINING CONTROL: Building Your Existing Framework into an ERM Model

Principled Performance & GRC

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Fraud Risk Management

Conceptual Basis of Internal Audit

Preparing for the Convergence of Risk Management & Business Continuity

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

ENTERPRISE RISK MANAGEMENT SURVEY RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:

Deciding what opportunities to fund, which risks to protect

Enterprise Risk Management: COSO, New COSO, ISO Review of ERM

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Maryland Association of Boards of Education Insurance Programs

Five steps to Enterprise Risk Management

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

building a business case for governance, risk and compliance

Policy : Enterprise Risk Management Policy

A Framework for Business Sustainability

ISO 31000: ISO/IEC & ISO Guide 73: New Standards for the Management of Risk

Getting the Focus on Enterprise Risk Management Right. by Al Decker & Donna Galer

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

COSO Enterprise Risk Management. Establishing Effective Governance, Risk, and Compliance (GRC) Processes. 2nd Edition. Wiley Corporate F&A

Quick Guide: Meeting ISO Requirements for Asset Management

Strategic Risk Management for School Board Trustees

ENTERPRISE RISK MANAGEMENT ASSESSMENT GUIDE

IT Governance Charter

Executive's Guide to

Vendor Risk Management

Regulatory Compliance Framework An Electric Utility Model. Abstract. Grier Consulting Group LLC

ASAE s Job Task Analysis Strategic Level Competencies

Developing a Corporate Governance Framework

A Flexible and Comprehensive Approach to a Cloud Compliance Program

The Asset Management Landscape

The Role of the Board in Enterprise Risk Management

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

POLICY. Number: Title: Enterprise Risk Management. Authorization

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

SAI GLOBAL LIMITED Risk Management Policy

Reporting. Internal Reporting. Advisory Services. Assurance Services. Budgeting. Controlling. Fast close. Risk management

An ISO Compliant and Integrated Model for IT GRC (Governance, Risk Management and Compliance)

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

The State of Enterprise Risk Management for Power Companies. January 17, 2013

Risk Management The International Standard

Fraud Prevention and Deterrence

IT Governance: framework and case study. 22 September 2010

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1

The PNC Financial Services Group, Inc. Business Continuity Program

Confident in our Future, Risk Management Policy Statement and Strategy

Evolve. Adapt. Lead. Succeed.

Risk Management Policy Adopted by:

CFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

Fundamentals of Information Governance:

Analyzing Risks in Healthcare. February 12, 2014

DTZ Corporate Finance Limited Pillar 3 Disclosures as at 30 April 2009

Risk Management Policy

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

Enterprise Risk Management Framework Strengthening our commitment to risk management

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Benefit from integrating your management systems. Start now with PAS 99, BSI s world-class framework

Application of King III Corporate Governance Principles

ENTERPRISE RISK MANAGEMENT FOR BANKS

ENTERPRISE RISK MANAGEMENT FRAMEWORK

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Understanding Today s Enterprise Risk Management Programs

RISK MANAGEMENT IN A FOR-

International Diploma in Risk Management Syllabus

Achieving Business Imperatives through IT Governance and Risk

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

RSA ARCHER OPERATIONAL RISK MANAGEMENT

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Eight principles of risk convergence

COMMUNIQUE. Information Technology (IT) Governance Guidance

Internal Auditing Guidelines

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

Leveraging Effective Risk Management and Internal Control

Enterprise Risk Management

Introduction to Business Continuity Planning

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Commonwealth Risk Management Policy

Information Technology Governance. Steve Crutchley CEO - Consult2Comply

The Top 5 Things to Know about Careers in Sustainability

ISO20000: What it is and how it relates to ITIL v3

Audit of the Policy on Internal Control Implementation

Basel Committee on Banking Supervision. Review of the Principles for the Sound Management of Operational Risk

Information Security Management. Dipl.-Ing. (FH) Frank Wagner

Risk Management Practice Guideline

Audit of the Test of Design of Entity-Level Controls

Aligning organisational culture with Enterprise Risk Management. Krishna Nagar & Mark Hayes

Transcription:

ERM Standards of Practice and Shared Risk Principles ERM 2011 Symposium Chicago IL March 15, 2011 Carol Fox Director, Strategic and Enterprise Risk Practices

Agenda Global risk governance drivers Evolving standards and frameworks Most widely used standards and frameworks Purposes Common elements 2

Global Risk Governance Drivers France Holland South Africa Vienot Committee Marini Report Levy-Lang Committee Commission on Corporate Governance Code of Best Practice King Report I, II and III Stakeholder Communication Report on Effective Systems of Internal Control Germany UK USA Gesetz zur Kontrolle und Transparenz im Unternehmensbereich Bill on The Control and Transparency of Companies KonTraG Bill Cadbury Turnbull Greenbury Business Round Table Securities Exchange Commission - Disclosures NACD Blue Ribbon Commission Sarbanes-Oxley Act Dodd-Frank Act Draghi Commission Corporate Governance Forum of Japan Italy Japan Canada Toronto Stock Exchange Committee Canadian Securities Committee Allen Committee Report Canadian Institute of Chartered Accountants Australia Blue Book Company Law Review Best Practice Statement of Management Discussion and Analysis Stock Exchange Listing New Accounting Standards 3

The World of Standards What Standards Are A collection of best practices and guidelines Developed collaboratively Evolutionary Can be for management systems, products, services or procedures What Standards Are Not Regulations Just controls Necessarily how to implement documents Certifications (nor require that an organization be certified to use a standard) 4

What is a Standard? A primary standard (or recognized standard) is an established norm or requirement, usually a formal document that establishes criteria, methods, processes and practices under the jurisdiction of an international, regional or national standards body. In contrast, a custom, convention, guidance document, company product, corporate standard, etc. that may be developed outside of a recognized standards setting body but which becomes generally accepted and dominant is often called a de facto standard. What is a Framework? frame work (frām wûrk ) n. 1. A structure for supporting or enclosing something, esp. a skeletal support used as the basis in something being constructed 2. an external work platform; a rig. 3. A basic arrangement, form, or system: social structure is a stronger framework for behavior than national feeling. (Stanley Kaufman) Source: The American Heritage Dictionary, Second Edition, 1982 5

Standards Hierarchy FRAMEWORK ISO 31000 PRINCIPLES AS/NZS 4360 SAQ ONR 49001 AFNOR CN FD_X50-252 TERMINOLOGY ISO GUIDE 73 ISO GUIDE 14050 REQUIREMENTS GUIDELINES HB 436 CSA Q850 NFPA 101 ISO 9001 ISO 14001 ANSI/ASHRAE 62 NFPA 75 OHSAS 18001 ISO/IEC 27001 ISO 10005 ISO/IEC 27002 TOOLS ISO 31010 ISO/IEC 15408 RISK SAFETY QUALITY TECHNOLOGY ENVIRONMENTAL 6

Why Use Standards? Set of benchmarked tools and processes Systematically identify risks and problems Problem-solving and decision-making tools Inclusive process Specialized training Establishes operational controls/procedures Measurable/verifiable goals and methods for accomplishing identified objectives Protect reputation and brand Model for continual improvement Proactively improve organizational resilience and sustainability 7

Most Widely Used Non-Regulatory Risk Management Standards and Frameworks ISO 31000:2009 Risk Management Principles and Guidelines COSO:2004 Enterprise Risk Management Integrated Framework OCEG Red Book 2.0:2009 GRC Capability Model 8

ISO 31000 - Risk Management Principles Framework Process Reproduced from ISO Standard 31000:2009 with permission from ISO at www.iso.org. Copyright remains with ISO. 9

COSO ERM Framework Internal Environment What is the internal philosophy and culture? Objective Setting What are we trying to accomplish? Event Identification What could stop us from accomplishing it? Risk Assessment How bad are these events? Will they really happen? Risk Response What are our options to stop those things from happening? Control Activities How do we make sure they don t happen? Information and Communication How [and from/with whom] will we obtain information and communicate? Monitoring How will we know that we ve achieved what we wanted to accomplish? Source: Committee of Sponsoring Organizations of the Treadway Commission www.coso.org. Used with permission. 10

OCEG GRC Capability Model Components Culture and Context Organize & Oversee External and internal business context Culture, values and objectives Outcomes, commitment, role and responsibilities, accountability Assess & Align Risk identification, analysis and optimization Prevent & Promote Detect & Discern Inform & Integrate Respond & Resolve Monitor & Measure Codes of conduct, policies, controls, awareness & education, incentives, stakeholder relations, risk financing and insurance Hotline notification, inquiry & survey, detective controls Information management & documentation, internal & external communication, technology & infrastructure Internal review and investigation, 3 rd party inquiries & investigation, corrective controls, crisis response and recovery, remediation & discipline Context monitoring, performance monitoring & evaluation, systemic improvement, assurance Source: Open Compliance and Ethics Group, 2003-2009 OPEN COMPLIANCE AND ETHICS GROUP Used with permission. www.oceg.org 11

Risk Management Purposes Objectivesbased Designed to improve an organization s ability to meet or exceed its objectives through enhanced decision-making and activities that address key uncertainties. Compliance and Control Seeks primarily to transfer or mitigate risks through compliance and control activities; often based on historic losses, near-misses, etc. Regulatory Used when an organization must apply a designated practice and/or standard in order to meet regulatory requirements (e.g., Basel II for financial institutions). 12

RIMS Review 13

ERM Success Attributes RIMS Risk Maturity Model 1. Adoption of ERM-based approach 2. ERM Process Management 3. Risk Appetite Management 4. Root cause discipline 5. Uncovering risks 6. Performance Management 7. Business resiliency and sustainability 14

Common Elements from RIMS Review RIMS RMM ISO 31000 OCEG BS 31100 COSO FERMA SOLVENCY II ERM-based Approach Process Management Risk Appetite Management Root Cause Discipline Uncovering Risks Performance Management Business Resiliency and Sustainability X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X 15

Questions Carol Fox Director of Strategic and Enterprise Risk Practice cfox@rims.org www.rims.org 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information