Getting Started with Enterprise Risk Management

Similar documents

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )

Enterprise Risk Management: Concepts & Issues

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Improving Financial Performance, Governance and Compliance

The Big Assurance Picture

Maryland Association of Boards of Education Insurance Programs

Analyzing Risks in Healthcare. February 12, 2014

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

ENTERPRISE RISK MANAGEMENT SURVEY RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:

RISK BASED INTERNAL AUDIT

Infrastructure Ontario Enterprise Risk Management Program. National Executive Forum Yellowknife, NWT May 2013

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

Policy : Enterprise Risk Management Policy

Infrastructure Asset Management Report

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

Enterprise Risk Management (ERM): In Action. January Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport

GAINING CONTROL: Building Your Existing Framework into an ERM Model

Enterprise risk management: A pragmatic, four-phase implementation plan

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

XBRL & GRC Future opportunities?

Risk Assessment & Enterprise Risk Management

ERM Program. Enterprise Risk Management Guideline

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015

Effective Enterprise Risk Management with ErmsCo ERM Foundation

Why Competency-based Talent Management?

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Enterprise Risk Management & Information Technology

Paisley Enterprise GRC Audit Profile. Linda Bergs

Polices and Procedures

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the

IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE. Copyright 2012, SAS Institute Inc. All rights reserved.

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve

NONPROFIT PERFORMANCE MANAGEMENT WORKBOOK

Copyright 2015 The Ins4tutes

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

Placing a Value on Enterprise Risk Management ADVISORY

Beyond risk identification Evolving provider ERM programs

RISK APPETITE IN THE WORLD FOOD PROGRAMME

Cyber and Data Risk What Keeps You Up at Night?

PROVINCE OF BRITISH COLUMBIA. Summary Review. Anti-Money Laundering Measures at BC Gaming Facilities

ENTERPRISE RISK MANAGEMENT FOR BANKS

APPENDIX 50. Enterprise risk management - Risk management overview

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Corporate Wellness Programs

How ERM programs evolve

Financial transactions sometimes lacked proper signing authorities;

A New Decade, a New Internal Audit Model

Organizational Culture Why Does It Matter?

Corporate Wellness Programs A Guide to Strategic Design

GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011

Risk management and the transition of projects to business as usual

Assessing Organizational Readiness

Making the business case for C4RISK databasebased Operational Risk Management software

Implementing an Integrated City-wide Risk Management Framework

IAIS Insurance Core Principle 16

The Role of the Board in Enterprise Risk Management

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

A Successful Implementation of an ERM Dashboard

Regulatory Excellence Framework

MANAGING LEGAL RISK IN AN INTEGRATED GRC FRAMEWORK A BRIEFING PAPER.

Contents. Evolving Trends in Core Banking Transformation (CBT) Challenges Faced in Core Banking Transformation (CBT)

Enterprise Risk Management

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

If Your HR Process is Broken, No Technology Solution will Fix It

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Six federal agencies1 have jointly issued final rules imposing identity

White Paper March Government performance management Set goals, drive accountability and improve outcomes

Business Architecture A Balance of Approaches to Implementation. Business Architecture Innovation Summit June 2013 Presenter: Andrew Sommers

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

RISK MANAGEMENT POLICY

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting

Data Governance Demystified - Lessons From The Trenches

Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference

Enterprise Risk Management

Fraud Risk Management

MARKET ACCESS SERVICES. Managed Markets Services

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The Effectiveness of Occupational Health and Safety Management Systems: A Systematic Review. Summary

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

A Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap

Operations Practice. Excellence in Supply Chain Management

GRC Program Best Practices & Lessons Learned

Internal Audit. Final Report: Enterprise Risk Management Report Number: Audit Period: 01 May - 31 July 2013

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

Enterprise Risk Management in Colleges and Universities

The Journey to ORSA Begins. Assessing the Results of the 2015 ORSA Survey from St. John s University and Protiviti

Growing Vendor Management

ENTERPRISE RISK MANAGEMENT POLICY

The Project Management Office In Sync with Strategy

Class 2: Buying Stock & Intro to Charting. Buying Stock

J u n e N a t i o n a l R e s e a r c h C o u n c i l C a n a d a. I n t e r n a l A u d i t, N R C. Audit of Risk Management.

Framing the future of corporate governance Deloitte Governance Framework

04 Executive Summary. 08 What is a BI Strategy. 10 BI Strategy Overview. 24 Getting Started. 28 How SAP Can Help. 33 More Information

EXECUTIVE SAFETY LEADERSHIP

The ROI of Data Governance: Seven Ways Your Data Governance Program Can Help You Save Money

Enterprise Risk Management

Enterprise Risk Management. Presented by: Lori Koethe, Director of Compliance & Risk Management University Hospitals Elyria Medical Center

Transcription:

Getting Started with Enterprise Risk Management Session 2: GPGFOA Fall Conference Friday 05 October 2012 Andrew Bent Integrated Risk Management Branch Edmonton Police Service

Overview What is ERM and why do you need it? Getting started Challenges and Opportunities Resources Questions

What is ERM? Enterprise Risk Management describes a way of coordinating all the risk management activities undertaken by an organization / entity. ERM allows an organization to manage risk in a way that is: Comprehensive, Coordinated, Consistent, and Cost-effective!

Why does the EPS use ERM? Police have always managed operational risk Focused on traditional hazard risks only Hierarchal approach with multiple business lines operating in silos Not a lot of coordination, lots of overlap

Why does the EPS use ERM? Increased scrutiny and budget pressures Needed to demonstrate value of all programs There was a recognized need to do a better job at managing risk across the organization

Why do you need ERM? ERM is a force-multiplier that maximizes the ROI for risk management activities Regulatory compliance Occupational Health & Safety, Workers Compensation, SOX, Environmental Protection, etc Supports the achievement of organizational goals by driving cross-functional action

Getting Started The good news is that you probably do most of the risk management you need already! First step: Understand your Context Identify what is important to your organization is it financial performance, business / service objectives, or something else? Identify what risk management you already do, where you do it and how much you have to do (not always the same as how much you actually do now)

Getting Started First step: Understand your Context Don t worry too much about how well your separate risk functions are performing at this stage Identify your tolerance and appetite for risk

Getting Started Step 2: Identify your risks What information sources can you draw on? What is already reported? Go ask the experts (and the not-so-experts) Start wide, narrow after you have finished collecting your data Can you group your risks by category?

Getting Started Step 3: Analyse your risks What is really going on here? (Warning: root cause analysis required!) How likely are your risks? What are their actual impacts? What is the difference between your inherent and residual risk? Do you even need to care?

Getting Started Step 4: Evaluate your risks Are you seeing regular themes or issues? Are your risk controls consistent with your risk tolerance? Are you over or under managing specific risks? Do you have gaps in your risk management program? What are the most important risks to manage?

Getting Started Step 5: Treating your risks Come up with a plan based on your organization s priorities Start small and don t try to do everything Communicate the plan, and then do it again (and again) ERM program managers DO NOT own (many) risks Get the risk owners to develop the specific treatments Risk ownership is a right, not a privilege Ownership doesn t mean having to do it all yourself

Getting Started Step 6: Monitor your risks Once your plan is underway, make sure you have a way of knowing if it is working or not Use metrics, but choose them carefully and apply sparingly Sometimes the absence of information is all you will have to know if it is working ERM is a continuous process, not a batch operation Communicate constantly upwards, sideways and downwards on the risk priorities, the plan and how it is going

Challenges Organizational buy-in why do we need to do this? Executive support crucial Operational groups tend to get it Overcoming reporting resistance Building a culture of corporate risk awareness and accountability Assigning responsibility at the right level

Opportunities Risk management is already done by a number of groups Operations Legal OH&S Lots of corporate information available Use any data mining tools available KISS/JIT approach to training

Opportunities Effective and efficient risk management is often an easy sell to oversight bodies (and the funders paying for it) Lots of free or low-cost resources available to agencies implementing ERM programs It can be as big or small as it needs to be at the beginning, and often small works best

Resources Risk and Insurance Management Society (RIMS) ERM Centre of Excellence www.rims.org/erm RIMS Risk Maturity Model Treasury Board of Canada Secretariat www.tbs-sct.gc.ca (search Framework for the Management of Risk )

Questions?