Enterprise-Wide Risk Assessment

Similar documents
IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Introduction to Enterprise Risk Management at UVM DRAFT

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

International Diploma in Risk Management Syllabus

Integrated Risk Management:

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

How to Develop Successful Enterprise Risk and Vendor Management Programs

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

How To Understand The Role Of An Internal Audit

ENTERPRISE RISK MANAGEMENT POLICY

Enterprise Risk Management: Taking the First Steps

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

ENTERPRISE RISK MANAGEMENT. J. Joseph Hoey, Ed.D. Bridgepoint Education CAIR 2015

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Enterprise Risk Management

Policy : Enterprise Risk Management Policy

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Enterprise Risk Management at Pennsylvania State University (A) Strategy Implementation in a Decentralized Organization

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Risk Assessment & Enterprise Risk Management

Beyond risk identification Evolving provider ERM programs

Cyber-Security Risk Management Framework (CSRM)

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

Accreditation Application Forms

The PNC Financial Services Group, Inc. Business Continuity Program

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

Risk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology

Confident in our Future, Risk Management Policy Statement and Strategy

Attorney Perspectives: Enterprise Risk Management in a Time of Innovation

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Matthew E. Breecher Breecher & Company PC November 12, 2008

IT Governance. What is it and how to audit it. 21 April 2009

May Wilfrid Laurier University Enterprise Risk Management Draft Final Report

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

How To Transform It Risk Management

The PNC Financial Services Group, Inc. Business Continuity Program

Business Continuity / Disaster Recovery Context

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

A Risk Management Standard

Risk Based Internal Auditing & Enterprise Risk

Tailoring enterprise risk management strategies to the Main-Street insurer

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Successfully identifying, assessing and managing risks for stakeholders

Strategic Risk Management for School Board Trustees

Operational Risk Management in a Debt Management Office

Moving Forward with IT Governance and COBIT

Subject ST9 Enterprise Risk Management Syllabus

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Enterprise Risk Management: Concepts & Issues

Introduction to TTC s Enterprise Risk Management (ERM) Program. TTC Audit and Risk Management Committee

Enterprise Risk Management

Risk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015

Enterprise Risk Management

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

Framework for Enterprise Risk Management

Organizational Change Management: A Best Practice to Effective ERM Implementation

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

IFAD Policy on Enterprise Risk Management

Internal Auditing Guidelines

Risk Management Policy Adopted by:

Enterprise Risk Management & Information Technology

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization?

Placing a Value on Enterprise Risk Management ADVISORY

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1

Enterprise Risk Management (ERM): In Action. January Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport

Analyzing Risks in Healthcare. February 12, 2014

INFORMATION SECURITY STRATEGIC PLAN

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Ethical Maturity Index: Questionnaire Authors: Elena Demidenko and Patrick McNutt

ENTERPRISE RISK MANAGEMENT POLICY

Enterprise Risk Management

GAINING CONTROL: Building Your Existing Framework into an ERM Model

APPENDIX 50. Enterprise risk management - Risk management overview

Operational Risk Management Program Version 1.0 October 2013

Reputation, Brand & Communications

1. promoting an efficient and effective financial system that adequately finances economic growth, and

Risk Management Strategy and Guidelines

Adapting Risk Management Principles to the Public Sector Reforms

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

Five steps to Enterprise Risk Management

The Business Continuity Maturity Continuum

Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program.

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Transcription:

Enterprise-Wide Risk Assessment

Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage, and monitor risk. 4. How to proactively engage the campus community in a more informed dialogue regarding ERM.

Definition of Risk Before risks can be effectively managed, we must agree on a common definition of risk that is clearly understood by the board, management, faculty, and staff. Replace old definitions of risk and risk management.

Definition of Risk Old Language Negative outcomes Risk Management - Making sure that the organization was adequately protected in the event of a catastrophe. New Language Any issue that affects the organization s ability to meet its objectives Enterprise-wide Risk Management - Encompasses all of the operational, financial, compliance, strategic, and reputation issues encountered in attempt to achieve objectives.

What is ERM? Enterprise Risk Management (ERM): Is a process through which management identifies significant threats that would prevent their organization from meeting stated goals and objectives. Assigns specific responsibility and accountability for developing controls to mitigate risks. Implements those controls. Monitors the controls to verify they are working as intended.

What is ERM? ERM is about establishing the oversight, control, and discipline to drive continuous improvement of an entity s risk management capabilities in a changing operating environment. ERM is a means to an end, not an end it itself.

Benefits Benefits of establishing a risk management program: Improved reputation. More efficient operations. Resource allocation money directed to the right place, the areas of highest risk. Campus sense of pride in a well-managed and disciplined institution. Lower insurance costs.

Benefits ERM enhances the organization s ability to: Align appetite for risk with strategy. Link growth, risk, and return. Enhance risk response decisions. Minimize operational surprises and losses. Identify and manage cross-enterprise risks.

Benefits Provide integrated responses to multiple risks. Seize opportunities. Deal effectively with potential future events that create uncertainty. Respond in a manner that reduces the likelihood of downside outcomes and increases the upside.

Limitations ERM is designed to provide reasonable assurance to an entity s management and board regarding the achievement of objectives. Reasonable assurance is not absolute assurance. Uncertainty and risk relate to the future, which no one can predict with precision. ERM can be an early warning system for potential high-risk events.

Types of Risk Five types of risk: 1. Strategic goals of the organization. 2. Financial safeguarding assets. 3. Operational processes that achieve goals. 4. Compliance laws and regulations. 5. Reputation public image.

Risk continuum: Risk Continuum Upside and downside potential - offense vs. defense.

Market continuum: Market Continuum From managing hazards to uncertainty to seeing risk as an opportunity.

Risk View Risk View Function Responsible Hazard Uncertainty Opportunity Crisis management & compliance Business continuity protection Stakeholder value enhancement Controller, auditors, insurance risk manager CFO & line managers (operations) Sr. management & planning staff

Self-Assessment 1 Self Assessment Question #1: Where is USF on the Risk Continuum? - Ideally, an institution should be doing all of these - managing hazards, complying with laws and regulations, controlling uncertainties, and viewing risk as an opportunity to enhance value.

Strategic Risk Drivers Risk Drivers Emerging delivery systems Inability of governance processes to support strategic objectives Excess physical capacity Quality of academic programs Increasing customer expectations (e.g., financial aid, student life, access, capacity) Stakeholders Students, faculty Trustees, faculty Trustees, donors Students, faculty Students, parents

Operational Risk Drivers Risk Drivers New technologies Reimbursement & financial issues facing medical centers Research and intellectual property Unionization Decentralized responsibility Stakeholders Trustees, exec. Mgt., staff Dean of Medicine, regulators Research HR, staff, faculty Staff, faculty, auditors

Operational Risk Drivers Risk Drivers Increased regulatory scrutiny & accountability Human resource management Security, internet access, electronic records Stakeholders Trustees, internal audit, public Unions, staff Students, faculty, staff Student behavior and community Contracting and related processes Endowment management Alumni, parents, students, faculty Attorneys Trustees, alumni, donors

Self-Assessment 2 Self-Assessment Question #2: Are any of these risks affecting USF? Has USF considered its strategic and reputational risks?

Approach to ERM Today s organizations approach risk management in ways that can be categorized into five levels: I. See little value in proactive ERM. II. General awareness about ERM and some conceptual appreciation for its value. III. Aware of ERM and have set up mechanisms to monitor risks. IV. Have created a risk management position to review hot spots, assist in risk assessment within business units, and keep score. V. ERM has fully evolved from a back office function to a CEO-level concern and is embedded in every part of the organization. Each business unit designs its own risk mitigation plan, tracks progress, and establishes training programs.

Self-Assessment 3 Self-Assessment Question #3: How would you categorize USF? As a Level: I, II, III, IV, V?

Success Factors Eight Key Elements for Effective ERM: 1. Acceptance of a risk management framework and common language about risk. 2. Senior management commitment. 3. Risk management owner/champion. 4. Communication. 5. Training. 6. Reinforcement through HR mechanisms. 7. Process. 8. Monitoring by Internal Audit.

Challenges: Engagement Marketing risk has a negative connotation. Measuring risk difficult to quantify. Identifying champions need authority and credibility. Culture decentralized, slow to change, reactive. Defining accountability too often viewed as someone else s problem.

Solutions: Engagement Find new ways to talk about risk. Develop a model with appropriate qualitative and quantitative outcomes and indicators. Appeal to trustees experience and find a champion on the board. Find sponsors at the faculty/department level. Tie risk to strategic objectives in the planning process.

Engagement Most colleges and universities focus primarily on financial and compliance risk and on building effective compliance programs. Risk Management impacts not just the numbers, but also brand, competitiveness, and strategy. University of Pennsylvania example (University City)

Final Thoughts An organization is only as good as its weakest link or most ineffective process. USF must move from building controls on a process to building risk management into a process. It s our choice Risk can be managed with foresight or Damage can be managed with hindsight.

Reference NACUBO s Developing a Strategy to Manage Enterprise-wide Risk in Higher Education. (www.nacubo.org/pwc_enterprisewide_risk_in_higher_educ_2003.pdf)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information