Presentation Objectives Why is Internal Audit here? Concepts (Enterprise Risk Management, Strategic Risk, Strategic Risk Management, etc.

Similar documents
University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

Internal Auditing: Assurance, Insight, and Objectivity

Developing an Effective Enterprise Risk Management Program

PRACTICE ADVISORIES FOR INTERNAL AUDIT

IFAD Policy on Enterprise Risk Management

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

ENTERPRISE RISK MANAGEMENT POLICY

Strategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.

Integrated Risk Management:

Exhibit 1: Structure of a heat map

Managing Risk at Bank of America Corporation. Overview

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

OCC 98-3 OCC BULLETIN

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

How To Understand The Role Of An Internal Audit

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Comprehensive Risk Assessment and Developing the Audit Plan

A Risk-Based Audit Strategy November 2006 Internal Audit Department

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

Enterprise Risk Management & Information Technology

Aligning Compliance Program Priorities with Business Objectives

Enterprise Risk Management in Colleges and Universities

Risk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology

Beyond risk identification Evolving provider ERM programs

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Global Technology Audit Guide. Auditing IT Governance

Enterprise-Wide Risk Assessment

Enterprise Risk Management: Taking the First Steps

The PNC Financial Services Group, Inc. Business Continuity Program

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Enterprise Risk Management VCU Process

Introduction to Enterprise Risk Management at UVM DRAFT

Risk Based Internal Auditing & Enterprise Risk

IIA Global Strategic Plan

Risk Considerations for Internal Audit

Business Continuity Management

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Hand IN Hand: Balanced Scorecards

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC

Designing a Competitive Business Model and Building a Solid Strategic Plan

Enterprise Risk Management

Sample Enterprise Risk Management Work Plan Fiscal Years 20XX and 20YY Revised June Internal Environment / Objectives Setting

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Developing a Corporate Governance Framework

Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program.

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

MISSION VALUES. The guide has been printed by:

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.

Strategic Risk Management for School Board Trustees

Enterprise Risk Management: Concepts & Issues

KPMG s Financial Management Practice. kpmg.com

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

How ERM programs evolve

ENTERPRISE RISK MANAGEMENT. J. Joseph Hoey, Ed.D. Bridgepoint Education CAIR 2015

Placing a Value on Enterprise Risk Management ADVISORY

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the

How to achieve excellent enterprise risk management Why risk assessments fail

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

Capital Management Standard Banco Standard de Investimentos S/A

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Analyzing Risks in Healthcare. February 12, 2014

Putting Business Capabilities to Work

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Internal Auditing Guidelines

Xavier Catholic College Risk Management - Policy & Procedure

HSMS. Group Health AND Safety Management System

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

Risk Assessment & Enterprise Risk Management

ENTERPRISE RISK MANAGEMENT FRAMEWORK

IT Governance. What is it and how to audit it. 21 April 2009

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

How To Understand The Importance Of Internal Control

How To Use Risk It

Integrating Balanced Scorecard and Enterprise Risk Management

Risk Management Within an Organisation

Module 6 Essentials of Enterprise Architecture Tools

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

Intel Business Continuity Practices

How to Develop Successful Enterprise Risk and Vendor Management Programs

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

May Wilfrid Laurier University Enterprise Risk Management Draft Final Report

Matthew E. Breecher Breecher & Company PC November 12, 2008

Risk Management Solution for NPO

Enterprise Risk Management. Krista Turner, Manager, Underwriting & Risk Services Melissa Ness, Director, Finance & Tax

Enterprise Risk Management

Transcription:

Internal Audit 1 January 13, 2012

Presentation Objectives Why is Internal Audit here? Concepts (Enterprise Risk Management, Strategic Risk, Strategic Risk Management, etc.) Summary Internal Audit 2 January 13, 2012

Why is Internal Audit here? Rather than assuming management s role in strategic planning, Internal Audit wanted to introduce the concepts of strategic risk and strategic risk management, offering to consult with management in its strategic risk management process. The Institute of Internal Auditors(IIA) defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit 3 January 13, 2012

Enterprise Risk Management (ERM) Before we can understand Strategic Risk Management (SRM), we must first understand Enterprise Risk Management (ERM). Definition of ERM: A process performed by an entity s Board, management and other personnel Process is applied in a strategy setting and across the entire enterprise Designed to identify potential events or risks that may affect the entity Risk is defined by the IIA as the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood. Allows the entity to manage risk to be within its risk appetite (the level of risk an organization is willing to accept) Provides reasonable assurance (not absolute assurance) regarding the achievement of entity objectives Internal Audit 4 January 13, 2012

Enterprise Risk Management (ERM) ERM focuses on the achievement of an entity s objectives Most entity objectives can be broken down into four broad categories for ERM: 1. Strategic 2. Operations 3. Reporting 4. Compliance A particular objective may overlap certain categories Allows an organization to focus on these separate objectives for the purpose of ERM Strategic objectives are one of the components of ERM Internal Audit 5 January 13, 2012

Strategic Objectives Strategic objectives are defined as: High-level goals Aligned with and support the goals of the organization Core and backbone of the organization s strategy Provide guidance on how the organization can fulfill or move toward the highlevel goals More specific and cover a more well-defined time frame Internal Audit 6 January 13, 2012

Strategic Objectives A strategic objective should be: Measurable. There must be at least one indicator (or yardstick) that measures progress against fulfilling the objective Specific. This provides a clear message as to what needs to be accomplished Appropriate. It must be consistent with the vision and mission of the organization Realistic. It must be an achievable target given the organization s capabilities and opportunities in the environment in which it operates. In essence, it must be challenging but doable Timely. There needs to be a time frame for accomplishing the objective Internal Audit 7 January 13, 2012

Strategic Risk As an organization attempts to achieve their strategic objectives, both internal and external events and scenarios can inhibit or prevent an organization from achieving their strategic objectives. This is known as strategic risk. Strategic risk can be further defined as: Exposure to loss resulting from a strategy that turns out to be defective or inappropriate Risk associated with future plans and strategies, including plans for entering new services, expanding existing services through enhancements and mergers, enhancing infrastructure, etc Current and prospective impact of strategic decisions made by management arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes Internal Audit 8 January 13, 2012

Strategic Risk Strategic risk is a function of the compatibility of an organization s strategic goals, the business strategies developed by management to achieve those goals, the resources deployed against these goals, and the quality of implementation. The resources needed to carry out business strategies are both tangible and intangible. They include communication channels, operating systems, delivery networks, and managerial capacities and capabilities. The organization s internal characteristics must be evaluated against the impact of economic, technological, competitive, regulatory, and other environmental changes and challenges. Internal Audit 9 January 13, 2012

Strategic Risk Common Strategic Risks External Risks Competition Market changes Financial Risks Cash flow Capital Price or cost pressures Physical Resource Risks Disasters Bottlenecks Human Resource Risks Knowledge Staffing Employee theft Structural Resource Risks IT systems Proprietary information Regulatory actions Relationship Risks Reputation Vendor performance Internal Audit 10 January 13, 2012

Strategic Risk Management Components of SRM: A process performed by management for identifying, assessing and managing risks and uncertainties, affected by internal and external events, scenarios and risks that could impede the organization s ability to achieve its strategy and strategic objectives The ultimate goal is successful implementation of the strategic plan while creating, enhancing and protecting the organization and stakeholder value Primary component and necessary foundation of the organization s overall Enterprise Risk Management (ERM) process As a component of ERM, it is effected by the decisions made by the Board, management, and others It requires a realistic strategic view of risk and consideration of how external and internal events, scenarios and risks will affect the organization to achieve its objectives It is a continual process that should be embedded in and part of strategy setting, strategy execution, and strategy management Internal Audit 11 January 13, 2012

Strategic Risk Management Methods of managing strategic risk: Avoid. However, you probably will not achieve your strategic objective by not taking some risk. Transfer. This is the purpose of insurance. There is probably no insurance company willing to issue a policy that would indemnify an organization for not managing strategic risk. Accept at existing level. The I ll take my chances mindset could be detrimental to the organization and cause the strategic plan to fail. Reduce to an acceptable level. Which method are you going to choose? Internal Audit 12 January 13, 2012

Strategic Risk Management (SRM) Basic Steps in the Strategic Risk Management Process Performed by Management: Communicate and share information across business and risk functions Intranet, University website, monthly/quarterly newsletter, global email announcements, etc. Break down risk management silos Risk in one area could affect other areas Identify and assess possible risks Consider severity, probability, timing, impact, likelihood Prioritize the organization s strategic risks Consider the organization s risk appetite Identify potential positive consequences of risks A risk can be turned into an opportunity Risk is inherent to an organization embracing areas of opportunity and change Monitor and manage the risk As new strategic objectives are developed, new strategic risks will emerge Develop risk mitigation strategy It is a continual process that never ends Not a one-time event Management must do regular analysis and updates Performed in conjunction with regular strategy reviews Internal Audit 13 January 13, 2012

Strategic Risk Management (SRM) Benefits of SRM: Preparation for a major risk enables mitigation of that risk and promotes stability of the organization If you prepare better for risks than your competitors, you will have a competitive advantage Tool for thinking systematically outside the box about the future and identifying risks and opportunities Turn strategic threats into growth opportunities allowing the organization to move from the defense into the offense Better utilize resources and reduce costs Internal Audit 14 January 13, 2012

Strategic Risk Management (SRM) Limitations of SRM: Certain risks may occur and cause irreparable damage despite anticipation and preparation ( Acts of God ) No organization can anticipate all risk events This is not a box-checking exercise. There are substantial costs and efforts involved with SRM Internal Audit 15 January 13, 2012

Summary A strategic risk is the possibility of an event or scenario that could be both internal and external that inhibits or prevents an organization from achieving their strategic objectives Strategic risk is measured in terms of impact and likelihood Strategic Risk Management (SRM) is a process performed by management for identifying, assessing and managing risks and uncertainties, affected by internal and external events, scenarios and risks that could impede the organization s ability to achieve its strategy and strategic objectives SRM has benefits and limitations SRM is a continuous process performed by management that requires regular analysis and updates Internal Audit 16 January 13, 2012

Some notable quotes involving the concept of risk: Progress always involves risks. You can't steal second base and keep your foot on first. ~Frederick B. Wilcox You'll always miss 100% of the shots you don't take. ~Wayne Gretzky Go out on a limb. That is where the fruit is. ~President Jimmy Carter He who is not courageous enough to take risks will accomplish nothing in life. ~Muhammad Ali Internal Audit 17 January 13, 2012

References The Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF). What Is Strategic Risk Management? by Mark Frigo and Richard Anderson, Strategic Management, April 2011, p.21-22, 61. Strategy Risk Management: The New Core Competency by Mark Frigo, Harvard Business Review Balanced Scorecard Report, January February 2009, p.3-6. Understanding Strategic Risks by Bob Stephen, Director of Financial Advisory Services for Wipfli LLP, Insight Article, June 2007, p.1-2. Value Added Business Propositions presented by Dennis Svitek at IIA Mid-Atlantic District Conference, October 20, 2011. Internal Audit 18 January 13, 2012

References Understanding Strategic Risks by Richard Anderson, The Institute of Internal Auditors Audit Executive Center, December 2011, p.1-18. Strategic Risk Assessment by Mark Frigo and Richard Anderson, Strategic Finance, December 2009, p. 25-33. Risk Management: A Look Back and a Look Forward by Protiviti Consulting, The Bulletin, vol. 4, issue 6, April 11, 2011. Strategic Objectives by Greg Dess, G.T. Lumpkin, Marilyn Taylor, Strategic Management, 2 ed. New York: McGraw-Hill Irwin, 2005. Internal Audit 19 January 13, 2012

Do Have Any Questions??? Internal Audit 20 January 13, 2012

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information