Corporate Compliance vs. Enterprise-Wide Risk Management



Similar documents
Enterprise Risk Management Software Buyer s Guide

JaERM Software-as-a-Solution Package

Psychological health and safety in the workplace Prevention, CAN/CSA-Z /BNQ /2013

ClearPeaks Customer Care Guide. Business as Usual (BaU) Services Peace of mind for your BI Investment

2. Transaction Cost Economics

Test Management using Telelogic DOORS. Francisco López Telelogic DOORS Specialist

Data quality issues for accounting information systems implementation: Systems, stakeholders, and organizational factors

Governance, Risk, Compliance

Balanced Scorecard. Linking Strategy to Actions. KPMG Swiss Practice Benchmarking Congress, Bürgenstock May 28 th, 1997, Roger Jaquet

Protection of Critical Information Infrastructure in Korea

How To Be A Successful Mobile Ppliction And Regression Tester

Introducing Kashef for Application Monitoring

Source Code verification Using Logiscope and CodeReducer. Christophe Peron Principal Consultant Kalimetrix

Portfolio approach to information technology security resource allocation decisions

Facilitating Rapid Analysis and Decision Making in the Analytical Lab.

An Undergraduate Curriculum Evaluation with the Analytic Hierarchy Process

Long Term Financial Planning

San Mateo County ACCEL Adult-Education College and Career Educational Leadership AB 86 Adult Education Consortium Project Management Plan 24,

Hillsborough Township Public Schools Mathematics Department Computer Programming 1

Curriculum for the Master Program in Strategic Management at the University of Innsbruck School of Management

Innovative and applied research on big data platforms of smart heritage

STATE OF MONTANA Developomental Disabilities Program Comprehensive Evaluation Hi-Line Home Programs, Inc Adult Services

Blackbaud The Raiser s Edge

Unleashing the Power of Cloud

Information and Software Technology

Application Bundles & Data Plans

Techniques for Requirements Gathering and Definition. Kristian Persson Principal Product Specialist


QUESTIONNAIRE. 1. Your Name: 2. Age-group: Below 25 years years. 3. Gender : Male Female. 4. Education : H.S.C or Below H.S.C.

CORPORATE RESPONSIBILITY REPORT

How To Set Up A Network For Your Business

Maximizer CRM 2015 Overview. A comprehensive look at Maximizer Software s latest CRM solutions

In addition, the following elements form an integral part of the Agency strike prevention plan:

l,l:l.lf.gltf lqf 9!lf+f [egyllg.ncel Builiiing.Resilience to Cliirate Retated nazaros jenchi:66;- -

Assessing authentically in the Graduate Diploma of Education

How To Network A Smll Business

Health insurance exchanges What to expect in 2014

Vendor Rating for Service Desk Selection

Health insurance marketplace What to expect in 2014

Curriculum for the Master Program in Accounting, Auditing and Taxation at the University of Innsbruck School of Management

collection, dissemination and security of data. inform the access and utilisation of data within the organisation.

APPROVALS Gorporate Procurement Plan

Numeracy across the Curriculum in Key Stages 3 and 4. Helpful advice and suggested resources from the Leicestershire Secondary Mathematics Team

Small Business Cloud Services


Industrial information system security Part 3 Standards for securing industrial automation systems Martin Naedele, Dick Oyen

DlNBVRGH + Sickness Absence Monitoring Report. Executive of the Council. Purpose of report

Small Business Networking

According to Webster s, the

Curriculum for the Master Program in Business Education at the University of Innsbruck School of Management

Aarti Deveshwar and Dhawal Modi

Shopper Marketing: Capturing a Shopper s Mind, Heart and Wallet

VoIP for the Small Business

PEDAGOGICAL DESIGN FOR A CROSS-FUNCTIONAL COURSE IN THE ACCELERATED MBA PROGRAM

Small Business Networking

Recognition Scheme Forensic Science Content Within Educational Programmes

VoIP for the Small Business

VoIP for the Small Business

Combined Liability Insurance. Information and Communication Technology Proposal form

DEVELOPMENT. Introduction to Virtualization E-book. anow is the time to realize all of the benefits of virtualizing your test and development lab.

Small Business Networking

VoIP for the Small Business

elearning platforms and consultation service at CU Presented by Judy Lo 31 August 2007

PROPERTY AND CASUALTY INSURANCE. Effects of the Nonadmitted and Reinsurance Reform Act of 2010

VoIP for the Small Business

Small Business Networking

ENHANCING CUSTOMER EXPERIENCE THROUGH BUSINESS PROCESS IMPROVEMENT: AN APPLICATION OF THE ENHANCED CUSTOMER EXPERIENCE FRAMEWORK (ECEF)

E-Commerce Comparison

Health insurance exchanges What to expect in 2014

The 8 Essential Layers of Small-Business IT Security

VoIP for the Small Business

Quality Evaluation of Entrepreneur Education on Graduate Students Based on AHP-fuzzy Comprehensive Evaluation Approach ZhongXiaojun 1, WangYunfeng 2

VoIP for the Small Business

How To Get A Free Phone Line From A Cell Phone To A Landline For A Business

VoIP for the Small Business

A guide to the common curriculum

How To Reduce Telecommunictions Costs

Transcription:

Corporte Complince vs. Enterprise-Wide Risk Mngement Brent Sunders, Prtner (973) 236-4682 November 2002

Agend Corporte Complince Progrms? Wht is Enterprise-Wide Risk Mngement? Key Differences Why Will Your Orgniztion Benefit From Enterprise-Wide Risk Mngement? A Suggested Process for Imlementing EWRM 2

COMPLIANCE DEFINED A complince progrm is mngement process comprised of forml reporting structures nd mitigtion systems designed motivte, mesure, nd monir n orgniztion s legl nd ethicl performnce round complex business prctices. -- For mnufcturers it s More Thn GXP 3

Elements of Model Complince Progrm Inititives 1. Written Stndrds of Conduct 2. Written Policies nd Procedures 3. Designte Chief Complince Officer 4. Eduction nd Trining for All Employees - At Lest Annully 5. Audit Monir Complince 6. Discipline Employees Who Hve Engged in Wrongdoing

Elements of Model Complince Progrm Inititives 7. Investigte nd Remedite Identified Problems 8. Promote Complince s n Element in Evluting Mngers nd Supervisors 9. Policy Include Termintion s n Option for Snctioned Individuls 10. Mintin Hotline Receive Complints nd Ensure Anonymity of Complinnts 11. Crete nd Mintin Required Documenttion

U.S. Sentencing Commission Vice Chir, John R. Steer I think guidelines my need sy something more bout need hve ongoing uditing nd testing of complince progrm on pper ensure tht it is effective in prctice.

Wht is Enterprise-Wide Risk Mngement? Best-in-clss orgniztions re looking beyond bsic objective of implementing effective internl controls stisfy finncil nd or reporting obligtions, when designing ir control structures They recognize tht compny must hve dynmic mngement process tht covers significnt exposures, which ugments finncil reporting process nd enbles compny identify nd respond quickly chnging conditions To be highly effective, mngement is being built in compny s infrstructure s n integrl prt of doing business nd is tilored ddress compny s criticl exposures The resulting process is efficient, effective, nd non-bureucrtic in nture, s it ligns existing mngement processes, reby eliminting dupliction of efforts This integrted pproch is commonly referred s enterprise-wide mngement 7

Wht is Enterprise-Wide Risk Mngement? Approched this wy, complince moves wy from being viewed s rective, ctivity intensive process nd wrds being viewed s n ctive progrm help n orgniztion mnge brod rnge of chnges help it chieve vriety of business objectives in n efficient nd effective mnner Enterprise-wide mngement is nticipry, flexible, nd proctive. Enterprise-wide mngement is not rective An enterprise-wide mngement frmework emphsizes need for processes Identify, Assess, nd Monir nd mnge chnges of ll types (finncil, opertionl, legl, etc.) It is implementble t ny level of orgniztion in whole or in prt (i.e. business unit, functionl process, geogrphy) Enterprise-wide mngement helps mitigte surprises nd ensures ll orgniztions re ligned with key objectives 8

Complying with known lws nd regultions Seeking meet industry complince requirements Mnging crisis Wht is Enterprise-Wide Risk Mngement? Building in n Enterprise Wide Risk Mngement progrm: Current best prctice Enterprise Wide Risk Mngement Progrm Enterprise Risk Assessment Control Self Assessment Strtegy Building Risk & Complince externl reporting Pulling ger disciplines tht ddress both sides of minimizing uncertinty nd mximizing opportunities concept pushes n orgniztion ddress s nd ir mngement explicitly s prt of everydy business Most Orgniztion s Tody? 9 Rective Proctive Strtegic

Enterprise-wide Risk Mngement is Supported by COSO Frmework Internl Control is defined (in COSO nd US uditing stndrds AU 319) s process, effected by n entity s bord of direcrs, mngement nd or personnel, designed provide resonble ssurnce regrding chievement of objectives in following ctegories: Effectiveness nd efficiency of opertions Relibility of finncil reporting Complince with pplicble lws nd regultions COSO identifies five components of internl control tht need be in plce nd integrted ensure chievement of ech of objectives. 10

A Suggested Process Assess your orgniztion s current techniques, ols nd pproches for evluting cross orgniztion nd consider pproprite level of opportunity High level view t n enterprise level, or Detiled level view t Business Unit level (Sles, R&D, etc.) Conduct gp nlysis of current mngement prctices ginst leding prctice models, identifying existing internl best prctices nd potentil opportunities for improvement Develop recommendtions for developing n enterprise-wide mngement frmework specific your orgniztion including n execution pln not only identify s but mitigte m with controls 11

Smple Approch for EWRM Once ssessment is complete, design nd implement n Enterprise-wide mngement progrm for your orgniztion Appoint Appoint Risk Risk Mngement Mngement Fcilitr Fcilitr This This is is leding leding prctice prctice Develop Develop nd nd rticulte rticulte strtegy strtegy Develop Develop ols ols identify identify (leverge (leverge existing existing inititives) inititives) Develop Develop methodology methodology identify identify nd nd prioritize prioritize Crete Crete Templte Templte Cpture Cpture Risk Risk Profile Profile including: including: Nture Nture of of Business Business impct impct Probbility Probbility of of occurrence occurrence Exposure Exposure compny compny Controls Controls tht tht exist exist mitigte mitigte s s Gps, Gps, if if ny ny Evlute Evlute nd nd Report Report Consolidted Consolidted s s senior senior mngement mngement Including Including supporting supporting mngement s mngement s ssertion ssertion under under Section Section 404 404 Ensure Ensure ccountbility ccountbility for for identified identified gps gps within within functionl functionl mngement mngement Fcilitte decision mking nd monir progrm effectiveness Functionl mngement will tke led, with counsel from mngement fcilitr identify, ssess nd decide how y will mitigte s More structure will be built in existing processes which will fcilitte your orgniztion s bility be more proctive in identifiction, ssessment nd curtilment of s 12

In Summry, Enterprise-Wide Risk Mngement Provides: An integrted, dynmic disply of business objectives, key s, nd controls tht re ligned with supporting policies, procedures, nd operting principles A robust, flexible structure tht cn del systemticlly with both externl nd internl chnges ffecting compny An ligned nd supportive infrstructure tht fcilittes erly identifiction of new s, communiction, trining, incident identifiction, issues mngement, nd internl nd externl reporting 13

Key Difference between Complince Progrms nd EWRM 1. Scope - EWRM progrm will be designed proctively identify, ssess nd mnge ll s (strtegic, opertionl, regulry, nd ethicl s) fced by your orgniztion, rr thn just frud & buse in sles nd mrketing. 2. Approch Risk Identifiction - EWRM progrm will formlize identifiction process. The EWRM progrm will incorporte identifiction process in forml strtegic plnning process nd everydy business ctivities. 3. Proctive Risk Mngement - An EWRM progrm embeds responsbility for mngement t divisionl nd functionl levels enbling your orgniztion quntify nd nlyze in more proctive fshion. 4. Results Orienttion - EWRM holds mngers ccountble for identifying nd mitigting. A forml process for moniring nd reporting progress is estblished under EWRM. 5. Reduces Cost - EWRM ligns ll existing mngement processes (including existing comlince progrms) reby eliminting dupliction of efforts 14