The AICPA s Enterprise Risk Management Initiative



Similar documents
Enterprise Risk Management in Colleges and Universities

WFP ENTERPRISE RISK MANAGEMENT POLICY

IFAD Policy on Enterprise Risk Management

How To Write A Workforce Strategy

American institute of certified public accountants

C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s o f t h e T r e a d w a y C o m m i s s i o n

Ethical Maturity Index: Questionnaire Authors: Elena Demidenko and Patrick McNutt

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Meeting Professionals International (MPI) June 2006,

ASAE s Job Task Analysis Strategic Level Competencies

Integrated Risk Management:

Beyond risk identification Evolving provider ERM programs

Enterprise Risk Management

Enterprise Risk Management

Internal Auditing: Assurance, Insight, and Objectivity

Enterprise Risk Management VCU Process

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

Enterprise Risk Management Handbook. June, 2010

Using Strategic Risk Management to Gain Assurance and Communicate More Effectively

Accounting Information for Decision Making. Accounting. Financial & Managerial. accounting. The Basis for Business Decisions. Learning Objective LO1

Developing an Effective Enterprise Risk Management Program

EMBEDDING SUSTAINABILITY SELF-ASSESSMENT

Vice President Public Relations CLUB OFFICER TRAINING

Gilead Clinical Operations Risk Management Program

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting

Accountable Care: Clinical Integration is the Foundation

fmswhitepaper Why community-based financial institutions should practice enterprise risk management.

The Shadow IT Phenomenon

Policy and Procedure Statement

Enterprise risk management: A pragmatic, four-phase implementation plan

Sarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

AICPA Discussion Paper - Enhancing Audit Quality, Plans and Perspectives for the U.S. CPA Profession

The Business Continuity Maturity Continuum

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

Grant Thornton New Zealand Business Risk survey 2012/2013. Delivering value to your company through risk management

Organizing a Financial Institution to Deliver Enterprise-Wide Risk Management By Kaan H. Aksel PricewaterhouseCoopers

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization?

Rethinking Key Account Management: adapting and refining your Sales organization s response to the new realities

ENTERPRISE RISK MANAGEMENT SURVEY RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:

Driving Project Success with Organizational Change Management

The Cornerstones of Accountable Care ACO

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

How To Transform It Risk Management

Final Report. Audit of the Project Management Framework. December 2014

Infrastructure Ontario Enterprise Risk Management Program. National Executive Forum Yellowknife, NWT May 2013

Building and Sustaining a Strong Organization Amid Challenge And Change KPMG LLP

2014 Health Care Changes Ahead Survey

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

Sarbanes-Oxley Section 404 Implementation Practices of Leading Companies

153rd SESSION OF THE EXECUTIVE COMMITTEE

Mental Health at Work - A Review

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting

Policy : Enterprise Risk Management Policy

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

CHANGE MANAGEMENT PRINCIPLES AND PRACTICES IN ORGANISATION

Operational Risk Management Excellence Get to Strong Survey

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Department Business Plan. Financial Services

Touch Points Touch Points Step 1 Spend Areas Step 2 Creating and Developing a Sourcing Team Executive Sponsorship

Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls

BEST PRACTICES FOR IMPLEMENTING EMR H E A L T H C A R E S O L U T I O N S

Introduction to Enterprise Risk Management at UVM DRAFT

Business Resiliency Business Continuity Management - January 14, 2014

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

Explore the Possibilities

The Role and Future of HR: The CEO s Perspective

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

ERM006 ERM and Business Continuity Management: Together at Last RIMS Annual Conference April 13, 2016

Enterprise Risk Management

A Practical Approach to Aligning and Managing Employee Goals

Consulting Performance, Rewards & Talent. Making Employee Engagement Happen: Best Practices from Best Employers

Enterprise Risk Management: From Theory to Practice

The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies

The Road to Enterprise Data Governance: Applying the Data Management Maturity Model in a Financial Services Firm

The CFO leads cultural transformation and acts as a guiding light for the whole organization.

A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Frontline Managers: Are They Given the Leadership Tools to Succeed?

Successfully identifying, assessing and managing risks for stakeholders

A comprehensive strategy for successful data center consolidation

SHARED SERVICES. An Enabler for Managing Risk. Steve Tracy, Principal Consultant, ISG.

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

Enterprise Risk Management Panel Discussion

Opportunity. for Greater Relevance LEVERAGING ENTERPRISE RISK MANAGEMENT: By Janice M. Abraham, Robert Baird, and Frank Neugebauer

Exhibit 1: Structure of a heat map

Performance Measurement, Rewards and Recognition: Aligning Incentives with Strategic and Operational Goals

Part 2: Establish and Sustain Your Veterans Business Resource Group

Transcription:

The AICPA s Enterprise Risk Management Initiative For more information and resources on ERM, visit aicpa.org/erm

Table of Contents Introduction... 1 A New Endeavor... 2 Cross-Functional Collaboration... 3 Top Strategic Priority... 3 First Focus Vendor Relationships... 4 ERM Strategy in Action... 4 Rise of an Organization-Wide Implementation Process... 7 Pilot Program s Business-Unit Focus... 8 Current Status and Next Steps... 8 Results To Date... 8

Introduction Enterprise Risk Management (ERM) plays a vital role in helping enterprises of all types and sizes achieve their goals and objectives more productively, more efficiently and more successfully. This is especially true when ERM is made an integral part of an organization s core functions and embedded into its culture. However, since the economic recession first took hold of the business community more than three years ago, many organizations have been presented with not only changes in existing risk areas but also with never-before-seen risks that have introduced a new set of management challenges and barriers to success. Many organizations are just beginning to figure out how to incorporate ERM, said Carol Scott, Vice President Business, Industry and Government at the American Institute of CPAs (AICPA). Increasingly though, our members indicate they understand the importance of ERM and want to implement it within their organizations. AICPA research indicates that organizations are re-examining their risk-management strategy to gauge its effectiveness and, when necessary, improving existing practices and launching new initiatives. In the process, they are creating an improved and more formalized ERM program. 1

A New Endeavor The AICPA recognizes the importance of ERM as well as the short- and long-term impact risk has on the organization and the CPA profession as a whole during both challenging and prosperous economic times. It also understands that a strong ERM strategy is necessary for identifying and addressing potential risks, keeping pace with change and embracing the newfound opportunities that change can present. In fact, this understanding underlies the Institute s mission to provide members with the resources, information and leadership that enable them to provide valuable services in the highest professional manner to benefit the public, employers and clients. The AICPA has therefore launched an exciting strategic initiative focused exclusively on its ERM program. From vendor relationships to technology infrastructure, the Institute is redefining how it identifies, assesses, mitigates and manages risk. In the process, it is achieving increased efficiencies and heightened innovation, while expanding products and services for members. The AICPA s Office of Strategy Management is implementing the new ERM initiative and its goals are to: Further improve the AICPA s risk-management practices Embed risk management into, and raise its awareness within, its organizational culture Better achieve the AICPA s mission Communicate the full-range of benefits and opportunities ERM can deliver to the Institute, from contributions to the bottom-line to competitive advantage The ERM initiative is NOT: Bureaucratic Independent from the Institute s strategic plan Solely a function of individual business units An ad-hoc strategy 2

Cross-Functional Collaboration ERM has long played a key role in the AICPA s core activities and culture. However, it was a function that had not yet been integrated and managed uniformly across the entire organization. Rather, it was performed by individual groups on an ad-hoc basis, with each group identifying actual and potential risks and creating and managing a strategy for addressing them. Although this approach had been successful, the AICPA determined that an organization-wide risk-management program across all functional areas could generate additional improvements in operational efficiencies and member services. It would also allow AICPA colleagues to share ERM strategies and best practices, and promote teamwork, communication and collaboration among different groups. The initial outcomes of our pilot program have been very rewarding, said Victor Velazquez, Senior Vice President People, Strategy & Enterprise Management. By integrating ERM into organizational strategy and culture with the full support of President and CEO Barry Melancon, CPA, we ve been able to create a successful system for assessing and mitigating risks going forward. Top Strategic Priority Among the ways that the AICPA is demonstrating its renewed commitment to ERM is through its decision to identify it as a Strategic Priority in its 2009-2011 Strategic Plan as follows: Competition and Risk Assess and act on competitive risks for the profession and the AICPA. Build robust risk-assessment and decision-making capabilities in all levels of the organization. ERM s position as a leading strategic priority further supports its value and long-term importance to both the AICPA and its vast and diverse membership. In addition, the new initiative has been presented to Barry Melancon and other senior leaders. It is also being included as an agenda subject at AICPA committee meetings. 3

First Focus Vendor Relationships The AICPA took the first step toward its new cross-organization ERM initiative at the height of the economic crisis in 2008. Members of the senior leadership team, recognizing the prominent role vendors play in the services and functions of AICPA business units and the heightened importance of a secure financial foundation for its business partners during uncertain times proactively initiated a vendor analysis across all functional areas. The purpose of the analysis was to: Identify vendors whose financial condition was unstable Make alternate arrangements with vendors that were more financially secure Avoid the risk and accompanying fallout to the Institute and its members that would occur should a vendor be unable to meet its responsibilities because of fiscal difficulties As a result of the analysis, a few vendors were identified and replaced with those that were on a firmer financial footing, and risks that could have significantly interrupted AICPA operations and services were successfully and efficiently addressed. This strategic approach to vendor relationships dramatically demonstrates the tangible benefits that ERM can deliver, including proactive risk-management practices, cross-functional collaboration, and vendor relationships that are more secure, productive and long-term. It also resulted in a number of additional steps that are further driving risk management into the Institute s organizational culture and management structure. ERM Strategy in Action Following the success of the vendor analysis, and recognizing the measurable benefits it delivered, the AICPA launched its new ERM strategy. The core features of the strategy include a sound, carefully planned approach and tactical action steps that will continue to be refined as the strategy is rolled out across all business units. The following describes five key steps to the strategy: Steering Committee Formed First, with the evaluation of the Institute s ERM function and vendor analysis complete, and ERM firmly ingrained into the AICPA s strategic plan, an eight-member, cross-functional steering committee was created to identify risks at the organizational level. Levels range from senior manager and director to vice president and CFO. In addition to identifying risks, the steering committee is responsible for guiding the direction of the new ERM initiative. Steering committee members participated in a series of brain-storming sessions when identifying risks at the organizational level and those risks were subsequently discussed with other AICPA leaders for additional input and refinement. 4

Top 11 Risks Identified Second, as a result of the steering committee s brainstorming sessions and discussions with other AICPA team members, 11 organizational risks were identified and subsequently shared with AICPA President and CEO Barry Melancon and people directly reporting to him for their review. Their insights and opinions were used in refining, and where necessary revising, the list of 11 risks. Risk Assessment Guideline Created Third, once the Institute s top 11 risks were identified and reviewed, the next step was for the steering committee to create a tool for assessing each risk a Risk Assessment Guideline. The guideline (Figure 1 below), or Heat Map, features a four-point, color-coded grid that is used to assess each risk. Figure 1: Risk Assessment Scale Severe Potential Impact High Medium Low Remote Unlikely Likely Probable Likelihood The grid follows a two-dimensional approach that: Assesses the likelihood of each individual risk Remote, Unlikely, Likely and Probable Measures each risk s potential impact on the organization s ability to achieve its objectives Low, Medium, High and Severe and the range of financial consequences expected to arise if the risk should become a reality 5

The guideline also determines the organization s risk-tolerance thresholds and equally important, the amount of risk it is willing to assume for growth, innovation and progress. Projects that involve risks that fall beyond the thresholds are removed and/or closely monitored. Individual Interviews Performed Fourth, the Senior Manager, Strategic Initiatives, obtained additional information on the 11 identified risks by interviewing the eight steering committee members who performed risk assessments. The Senior Manager also interviewed 20 AICPA directors and other leaders one-on-one for additional insights into and assessment of the 11 risks, and to ensure that all actual and potential risks had been fully considered by the steering committee. They revealed that both the eight-member steering committee and the 20-person AICPA team rated the same risks as high for the organization. Top 11 Risks Further Reviewed by AICPA Leadership Fifth, the 11 risks, now agreed upon by steering committee members and the 20-person team, were again shared with President and CEO Barry Melancon and people directly reporting to him. These 11 risks were then discussed with the AICPA s audit committee at its quarterly meeting. 6

Rise of an Organization-Wide Implementation Process The AICPA s new ERM initiative requires an implementation process (Figure 2, below) that reflects its planned, step-by-step, cross-functional approach and features the Risk Assessment Guideline as a key component. When creating the process, the Institute adhered to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework for ERM. Figure 2: ERM Process Self-assessment Internal audit Monitor Performance Plan Risk Owner Implement Mitigation Strategy Risk Oversight Committee Identify Risk Accept Share Mitigate Avoid Plan Response Strategy Assess Risk Potential Impact Likelihood 7

Pilot Program s Business-Unit Focus With organizational risks identified and assessed, a risk assessment tool developed and a new implementation process in place, the Institute was prepared for the next stage the launch of a pilot within a business unit. The pilot s purpose is to: Test the effectiveness of the ERM process. Drill down into process-level risks. Refine and revise the implementation process as needed before the pilot is rolled out across the organization. Current Status and Next Steps The pilot is now complete and the AICPA is drilling down into the next high priority, organization-level risk, which spans several business units and has a high likelihood and high potential impact. In addition, steering committee members continue to meet periodically to chart the future direction of the new ERM initiative, and are working with cross-functional teams to further study the organizational risks that they identified. Results To Date Although the AICPA s new ERM initiative remains in its early stages, it is nonetheless generating significant momentum and a number of positive changes within individual business units and the AICPA as a whole. The initiative is improving the AICPA s ability to more proactively detect and respond to risk, minimizing the consequences of unchecked risk. Risk considerations are being integrated into AICPA strategy, strategic projects and innovations as well as day-to-day operations. As a result of the organization-wide focus on ERM and a new perception of risk among staff, AICPA team members now realize that risk also offers a unique set of opportunities that can best be grasped through a successful risk-management program. Successfully integrating the awareness of risk into AICPA strategy, operations and culture, elevates it as a method for staff and management to make wise decisions based on risk considerations and meet the organization s objectives. 8

Copyright 2011 American Institute of CPAs

T: 888.777.7077 E: info@aicpa.org W: aicpa.org 11273-347

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information