Enterprise Risk Management
|
|
- Primrose Dennis
- 8 years ago
- Views:
Transcription
1 Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA
2 What is Risk Management? Risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. Source: The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2
3 Risk Management: The Big Picture Strategic Goals Must align with the mission, overall objectives, vision, and values Must be clear & concise Foundation for risk planning and solid internal controls Internal Control Describing Approach to Risk Management Benefits Characteristics Approaches & processes Communication Strategy Foundation Risk Jl 3
4 Key Organizational Concepts Mission Vision Values Strategy Metrics Performance Evaluation
5 The Big Picture Key Relationships!! Governance Enterprise Risk Management Internal Control 5
6 Enterprise Risk Management (ERM) Framework
7 What does risk management encompass? Aligning risk appetite and strategy Enhancing risk response decisions Reducing operational surprises and losses Identifying and managing multiple and crossorganizational risks Seizing opportunities Improving deployment of capital
8 Benefits of Risk Management Achieve the entity s performance targets Achieve the entity s profitability targets Prevent loss of resources Ensure compliance with laws and regulations Avoid damage to entity s reputation It helps the management and board of an organization achieve its goals avoid pitfalls and surprises along the way!
9 Risk management is a process, ongoing and flowing through an entity
10 Key Risk Concepts: Risk Management An Intentional Process Effected by people Applied in strategic context Applied across the enterprise Designed to identify events potentially affecting the entity Intended to manage risk within an entity s risk appetite Provides reasonable assurance Geared to achievement of objectives 10
11 Risk Management: Linking with the Achievement of Objectives Types of objectives: Strategic high level goals, aligned with and supporting its mission Operations effective and efficient use of resources Reporting reliability of reporting Compliance applicable laws and regulations These four categories are distinct, but overlapping One objective can fall into more than one category Top of the cube!
12 Key Concepts: The COSO Enterprise Risk Management Framework Cube Representation
13 Components of Enterprise Risk Management Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring Front of the cube!
14 Key Concepts: The COSO Enterprise Risk Management Framework Cube Representation
15 Effectiveness of Risk Management Effectiveness is a judgment Are the 8 risk management components present and functioning effectively? Are there material weaknesses? Have the risk needs been considered within the entity s risk appetite?
16 Limitations of Risk Management Human judgment can be faulty Risk management decisions need to consider the cost vs. the benefits Human failures errors, mistakes Controls can be overridden by collusion between two or more people Management has the ability to override ERM decisions Culture is critical If these limitations exist, the board and management cannot have absolute assurance that the entity s objectives are being considered
17 Risk Management Encompasses Internal Control Internal control is an integral part of enterprise risk management Internal controls make risk management more robust Internal controls can help with conceptualization of risk management
18 Relationships Between ERM and Internal Control Governance Enterprise Risk Management Internal Control 18
19 Key Concepts: Frameworks for Internal Controls and Risk Management Linking the COSO Internal Control Integrated Framework with the COSO Enterprise Risk Management Framework Internal Control Framework ERM Framework Expanded into 3 components 19
20 Roles and Responsibilities for Risk Management Everyone in the organization has some responsibility Board is ultimately responsible Without board oversight, risk management will fail or be suboptimal Senior management team All levels of management For global organizations, consider ways to communicate responsibilities in a way that supports cultural or educational differences
21 Relationships Between Governance and ERM Governance Enterprise Risk Management Internal Control 21
22 Roles and Responsibilities for Risk Management External entities play an important role in how an entity implements overall risk management: Regulators Customers Vendors Overall supply chain Professional organizations
23 Key Risk Concepts: Risk Management Fundamental Characteristics A portfolio view of risks at the entity level Identification of potential events that may impact objectives Risk identification, prioritization, and response Managing risk within the entity s risk appetite Consideration of risk in formulation of strategy 23
24 Key Risk Concepts: Types of ERM Risks Strategic High-level goals aligned to mission Operations Effective and efficient use of resources Reporting Reliability of entity s reports Compliance Effective and efficient use of resources 24
25 Key Risk Concepts: Effective Risk Management Strategies Identify (internal / external) Risks Develop Risk-based Culture Objectives Value Objectives Link & Values Controls Risk Tolerance/appetite? 25
26 Key Risk Concepts: A Process Overview Risk Assessment and Response Manage Risk Within the Entity s Risk Appetite Identification of Potential events that may impact objectives and values Consideration of Risk in Formation of Strategy Application Across the Entity Take a Portfolio View of Risks at the Entity-level Monitor Performance of ERM 26
27 Discussion Question What areas do you believe have primary responsibility for risk management? 1. Accounting / finance 2. Risk management group 3. Legal 4. Compliance 5. Internal audit 6. Unsure How can this vary by culture or business model? 27
28 Key Risk Concepts: ERM Enhances Management Capabilities Align risk appetite Link growth, risk and return Enhance risk responses decisions Minimize operational surprises and losses Identify and manage cross-enterprise risk Provide integrated responses to multiple risks Seize opportunities Rationalize capital 28
29 Key Risk Concepts: ERM Benefits to Management Promotes awareness of existing risk Establishes common risk language Illustrates risk interrelationships and impacts Enables development of more precise risk information Enhances ability to Identify risk in a timely manner Increases confidence to seize opportunities inherent in potential future events Remember. Manage risk within and across business units A common risk language facilitates communication 29 This helps to minimizes operational surprises and losses
30 Key Risk Concepts: Characteristics of Effective ERM Must be owned and led by the board and senior management Encompasses entire business with connection between functional areas Strategies address a full spectrum of risks Processes augment conventional emphasis on probability by also weighing vulnerability Does not solely consider single events, but considers scenarios and interaction between risks
31 Key Risk Concepts: Characteristics of Effective ERM Effective risk management Is a key element of the organizational culture Focuses not solely on risk avoidance, but also value creation Enables entity to take a portfolio view of risk 31 31
32 Key Risk Concepts: Basic ERM Process Responses Events Objectives 32
33 Key Risk Concepts: The Highs and the Lows High Impact / Low Likelihood High Impact / High Likelihood Risk Low Impact / Low Likelihood Low Impact / High Likelihood 33
34 Examples from our conversation (from audience during session) High impact high likelihood data security breach, foreign regulation, health and safety, foreign competition, competition, substitute products, climate change High impact low likelihood airport tower loses communication, security at airport, terrorism, staff turnover, public register of ownership, technology downtown, internet down Low impact high likelihood petty cash, tropical storm, staff turnover Low impact low likelihood??? Audience did not offer many examples in this category! (discussion centered on other three areas above)
35 Key Risk Concepts: What are the BIG Risks? Failure to identify and pursue opportunities IT System Failures Lack of intelligence about marketplace and competitor actions Attracting Capital Sustainability 35
36 Key Risk Concepts: Board Oversight and ERM 4 Critical Roles! 1. Understand the entity s risk philosophy and concur with the entity s risk appetite 2. Know the extent to which management has established effective enterprise risk management of the organization 3. Review the entities portfolio of risk and consider it against the entity s risk appetite 4. Be apprised of the most significant risks and whether management is responding appropriately Source: Effective Enterprise Risk Oversight Role of the Board of Directors, COSO 36
37 Risk Process Considerations
38 Moving thru the framework.
39 Internal Environment Implementation Strategies Risk management philosophy statement Risk appetite describe and communicate Board of directors regularly include on agenda Integrity and ethical values code of conduct, make sure personnel are aware and that the code is alive in the organization Commitment to competence - be clear on how the leaders in the organization support this Organizational structure must be clear and understood throughout the organization Assignment of authority and responsibility air for clarity and understanding in terms of roles Human resource (HR) standards HR goals are transparent and available to all personnel
40 Internal Environment Follow-up - from our conversation indicators of a healthy culture (responses from participants during session) A healthy culture is key to the Internal Environment component of the ERM Framework Staff retention Environmental responsible Personnel climate survey Adherence to policy at acceptable levels Increased incident reporting Employees are proud Communication style Leadership style Reward and recognition Staff development Team building Staff orientation
41 Can you test for a healthy culture? Risk-Related Culture Survey Sample Items Use Scale of 1-5 The leaders of my area set a positive example for ethical conduct I understand the entity s overall mission and strategy Disciplinary action is taken against those who engage in professional misconduct Turnover of personnel has not significantly affected our ability to achieve objectives The leaders in my department are open to communication about risk The leaders in my department are open to bad news
42 Code of Conduct Sample of Key items for Inclusion Letter from chief executive Goals and philosophy Conflicts of interest Sign-offs Discussion Gifts and gratuities Transparency A best practice in reviewing your code of conduct benchmark with similar entities and/or aspirational entities!
43 Moving thru the framework.
44 Objective Setting Strategic objectives Related objectives Operations Reporting Compliance Overlap of objectives Achievement of objectives Risk appetite Risk tolerances
45 Moving thru the framework.
46 Event Identification Events Influencing factors Event identification techniques event inventories, output from planning process, triggers, workshops, interviews, diagrams, lead indicators, analysis of past losses Interdependencies always consider how one event can trigger another Event categories economic, natural environment, political, infrastructure, personnel, process, technology, social, technological Distinguishing risks and opportunities look at both negative and positive outcomes
47 Moving thru the framework.
48 Risk Assessment Context for risk assessment Inherent risk risk if there are no controls Residual risk risk after controls are implemented Estimate likelihood and impact Assessment techniques benchmarking, using probability models Consider relationships between events
49 Key Concepts: Frameworks for Internal Controls and Risk Management Linking the COSO Internal Control Integrated Framework with the COSO Enterprise Risk Management Framework Internal Control Framework ERM Framework Expanded into 3 components 49
50 Four Key Principles of the COSO Internal Control Framework Related to Risk Assessment 1. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 2. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 3. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 4. The organization identifies and assesses changes that could significantly impact the system of internal control
51 Four Key Principles of the COSO Internal Control Framework Related to Risk Assessment Operations Objectives Reflects management s choices Considers tolerances for risk Includes operations and financial performance goals Forms a basis for committing of resources 51 51
52 Four Key Principles of the COSO Internal Control Framework Related to Risk Assessment Reporting Objectives External financial reporting objectives Complies with applicable accounting standards Considers materiality Reflects entity activities External non-financial reporting objectives Complies with externally established standards and frameworks Considers the required level of precision Reflects entity activities 52 52
53 Four Key Principles of the COSO Internal Control Framework Related to Risk Assessment Reporting Objectives Internal financial reporting objectives Reflects management s choices Considers the required level of precision Reflects entity activities Compliance Objectives Reflects external laws and regulations Considers tolerances for risk 53 53
54 Four Key Principles of the COSO Internal Control Framework Related Characteristics to Risk Assessment (Points of Focus) Associated With Each of the Four Key Principles of Risk Assessment Identifies and Analyzes Risk Includes entity, subsidiary, division, operating unit and functional levels Analyzes internal and external factors Involves appropriate levels of management Estimates significance of risks identified Determines how to respond to risks 54 54
55 Four Key Principles of the COSO Internal Control Framework Related Characteristics to Risk Assessment (Points of Focus) Associated With Each of the Four Key Principles of Risk Assessment Assesses Fraud Risk Considers various types of fraud Assesses incentives and pressures Assesses opportunities Assesses attitudes and rationalizations 55 55
56 Four Key Principles of the COSO Internal Control Framework Related Characteristics to Risk Assessment (Points of Focus) Associated With Each of the Four Key Principles of Risk Assessment Identifies and Analyzes Significant Change Assesses changes in the external environment Assesses changes in the business model Assesses changes in leadership 56 56
57 Process Considerations: Determine Risk Appetite Quantitative or Qualitative Earnings at risk Reputation at risk Risk Tolerance Range of acceptable variation Risk appetite is the amount of risk (on a broad level) an entity is willing to accept in pursuit of value 57
58 Process Considerations: Establish a Portfolio View of Key Risks Impact Likelihood 58
59 Process Considerations: What is the level of your risk appetite? Impact Likelihood 59
60 Process Considerations: Identify Risk Responses Options Available to Quantify Risk Exposure Impact Likelihood 60
61 Process Considerations: Impact Versus Probability High I M P A C T Low Share Accept Medium Risk Low Risk PROBABILITY Mitigate & Control Control High Risk Medium Risk High 61
62 Risk Response Evaluating possible responses Risk likelihood and impact Assessing costs vs. benefits Opportunities in response options Selected responses Portfolio view
63 Moving thru the framework.
64 Control Activities Integration with risk response Types of control activities top level reviews, activity management, information processing, physical controls, performance indicators, segregation of duties Policies and procedures in writing, wellcommunicated, integrated in culture Controls over information systems general controls, application controls Entity specific controls
65 Moving thru the framework.
66 Information and Communication Using relevant quality information to support the functioning of risk management processes Internally communicating information necessary for the functioning of internal control Externally communicating information regarding matters affecting the functioning of internal control
67 Moving thru the framework.
68 Monitoring The entity selects, develops and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action
69 Moving thru the framework.
70 Process Considerations: Common Risk Management Failures Less than robust risk management implementation Not a management or board priority: ineffective board oversight Failure to anticipate and respond to changed internal and external environment Reckless risk taking: Compensation not aligned with risk management Overconfidence: Failure to recognize and prioritize remote risks 70
71 Process Considerations: Key Implementation Factors Organizational design of the business Establishing an ERM organization Performing risk assessments Determining overall risk appetite Identifying risk responses Communication of risk results 7 Monitoring 8 Oversight and periodic review by management 71
72 Questions? Contact me at or
A Risk-Based Audit Strategy November 2006 Internal Audit Department
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationRisk Assessment & Enterprise Risk Management
Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less
More informationThe College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012
The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why
More informationMatthew E. Breecher Breecher & Company PC November 12, 2008
Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:
More informationDeveloping an Effective Enterprise Risk Management Program
Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationOperational Risk Management - The Next Frontier The Risk Management Association (RMA)
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationUniversity Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment
Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need
More informationAnalyzing Risks in Healthcare. February 12, 2014
Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise
More informationGovernance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.
Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance
More informationEnterprise Risk Management: COSO, New COSO, ISO 31000. Review of ERM
Enterprise Risk Management: COSO, New COSO, Dr. Hugh Van Seaton, Ed. D., CSSGB, CGMA, CPA Review of ERM COSO a process, effected by an entity's board of directors, management and other personnel, applied
More informationEnterprise Risk Management Integrated Framework. Executive Summary
Enterprise Risk Management Integrated Framework Executive Summary September 2004 Copyright 2004 by the Committee of Sponsoring Organizations of the Treadway Commission. All rights reserved. You are hereby
More informationIntegrated Risk Management:
Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)
More informationCOSO Internal Control Integrated Framework (2013)
COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationTHE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT
THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.
More informationBoard oversight of risk: Defining risk appetite in plain English
www.pwc.com/us/centerforboardgovernance Board oversight of risk: Defining risk appetite in plain English May 2014 Defining risk appetite in plain English Risk oversight continues to be top-of-mind for
More informationEnterprise Risk Management Framework. Executive Summary. Exposure Draft for Public Comment
ffad Enterprise Risk Management Framework Executive Summary Committee of Sponsoring Organizations of the Treadway Commission Exposure Draft for Public Comment To submit comments on this document, please
More informationFraud Risk Management
Fraud Risk Management Overview Discussion Questions 1) Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization
More informationGet More Out of Your Risk Assessment. Austin Chapter of the IIA
Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis
More informationASAE s Job Task Analysis Strategic Level Competencies
ASAE s Job Task Analysis Strategic Level Competencies During 2013, ASAE funded an extensive, psychometrically valid study to document the competencies essential to the practice of association management
More informationFraud Prevention and Deterrence
Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining
More informationEnterprise Risk Management
Enterprise Management ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities),
More informationTying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation
Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus
More informationand Risk Tolerance in an Effective ERM Program
The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes
More informationUnderstanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher
Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationTailoring enterprise risk management strategies to the Main-Street insurer
Tailoring enterprise risk management strategies to the Main-Street insurer Prepared by: Jay Golonka, Partner, McGladrey LLP 816.751.1830, jay.golonka@mcgladrey.com Discussions of Enterprise Risk Management
More informationModule 6 Documenting Processes and Controls
A logical place to begin any comprehensive evaluation of internal controls is at the top entity-level controls that might have a pervasive effect on the organization. This includes a consideration of factors
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationEnterprise Risk Management in Colleges and Universities
Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,
More informationLinking Risk Management to Business Strategy, Processes, Operations and Reporting
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
More informationExport Development Canada
Export Development Canada Special Examination Report 2009 Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Office of the Auditor
More informationThe New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework
The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,
More informationOperational Risk Management in a Debt Management Office
Operational Risk Management in a Debt Management Office Based on Client Presentation January 2008 Outline The importance of operational risk management (ORM) International best practice A high-level perspective,
More informationPOL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:
POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:
More informationEffective Enterprise Risk Management with ErmsCo ERM Foundation
Executive Brief Effective Enterprise Risk Management with ErmsCo ERM Foundation Introduction to ErmsCo About ErmsCo ErmsCo is a consulting and training firm that focuses on assisting financial institutions
More informationWFP ENTERPRISE RISK MANAGEMENT POLICY
WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement
More informationThe Role of the Board in Enterprise Risk Management
Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance
More informationStrategic Risk Management for School Board Trustees
Strategic Management for School Board Trustees A Management Process Framework May, 2012 Table of Contents Introduction Page I. Purpose....................................... 3 II. Applicability and Scope............................
More informationThe Updated COSO Internal Control Framework. Frequently Asked Questions
The Updated COSO Internal Control Framework Frequently Asked Questions Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing thought leadership
More informationRISK MANAGEMENT IN A FOR-
RISK MANAGEMENT IN A FOR- PROFIT ORGANISATION 1 OBJECTIVES Explain the risk management framework The underlying process and cycle, and resources and people involved The framework can be applied in for
More informationPerforming a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations
Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations Author: Glen C. Mueller, Chief Audit & Compliance Officer, Scripps Health, San Diego, CA Introduction
More informationEnterprise Risk Management Process Improvement. Secure Banking Solutions, LLC
Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com
More informationInternal Auditing Guidelines
Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationEnterprise risk management: A pragmatic, four-phase implementation plan
Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com
More informationBoard of Directors Meeting 12/04/2010. Operational Risk Management Charter
Board of Directors Meeting 12/04/2010 Document approved Operational Risk Management Charter Table of contents A. INTRODUCTION...3 I. Background...3 II. Purpose and Scope...3 III. Definitions...3 B. GOVERNANCE...4
More informationComparison Between Joint Commission Standards, Malcolm Baldrige National Quality Award Criteria, and Magnet Recognition Program Components
Comparison Between Joint Commission Standards, Malcolm Baldrige National Quality Award Criteria, and Magnet Recognition Program Components The Joint Commission accreditation standards, the National Institute
More informationCompetency Requirements for Executive Director Candidates
Competency Requirements for Executive Director Candidates There are nine (9) domains of competency for association executives, based on research conducted by the American Society for Association Executives
More informationUNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL
UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL Evaluation and Inspection Services Memorandum May 5, 2009 TO: FROM: SUBJECT: James Manning Acting Chief Operating Officer Federal Student
More informationAudit of the Policy on Internal Control Implementation
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
More informationGAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.
GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationHow to Develop Successful Enterprise Risk and Vendor Management Programs
Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate
More informationHand IN Hand: Balanced Scorecards
ANNUAL CONFERENCE T O P I C Risk Management WORKING Hand IN Hand: Balanced Scorecards AND Enterprise Risk Management B Y M ARK B EASLEY, CPA; A L C HEN; K AREN N UNEZ, CMA; AND L ORRAINE W RIGHT Recent
More informationUniversity of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007
University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas
More informationGuide to Internal Control Over Financial Reporting
Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).
More informationEnterprise Risk Management
2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion
More informationAudit of the Test of Design of Entity-Level Controls
Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents
More informationCapital Requirements Directive Pillar 3 Disclosure. December 2015
Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay
More informationImplementing an Integrated City-wide Risk Management Framework
AUDITOR GENERAL S REPORT ACTION REQUIRED Implementing an Integrated City-wide Risk Management Framework Date: June 11, 2015 To: From: Wards: Audit Committee Auditor General All Reference Number: SUMMARY
More informationSTANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework
STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework September 2011 Notice This document is intended as a reference tool to assist Ontario credit unions to develop an
More informationUnderstanding and articulating risk appetite
Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,
More informationOn the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal
(Provisional translation) On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on
More informationSOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY
SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY Prepared by: SOL PLAATJE MUNICIPALITY RISK MANAGEMENT UNIT AND Consolidated Advisory Services This document should be read in conjunction
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More informationSTANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices
A S I S I N T E R N A T I O N A L Supply Chain Risk Management: Risk Assessment A Compilation of Best Practices ANSI/ASIS/RIMS SCRM.1-2014 RA.1-2015 STANDARD The worldwide leader in security standards
More informationEnterprise Risk Management
Enterprise Risk Management Topic Gateway Series No. 49 1 Prepared by Jasmin Harvey and Technical Information Service July 2008 About Topic Gateways Topic Gateways are intended as a refresher or introduction
More informationHow To Save Money At The University Of California
THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING BY JOHN BUGALLA AND KRISTINA NARVAEZ In December 2005, the University of California s Department of Risk Management was
More informationThe Updated COSO Internal Control Framework
The Updated COSO Internal Control Framework Frequently Asked Questions Second Edition Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing
More informationEnterprise-Wide Risk Assessment
Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,
More informationFINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012. Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund
FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012 Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund There are different risk assessments prepared: Annual risk assessment
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationLEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE
Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson
More informationINTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00
APPROVED by Resolution of the Board of Directors of Rosneft Minutes No. 16 dated May 07, 2013 In effect from July 22, 2013 by Order dated July 22, 2013 No. 311 COMPANY POLICY INTERNAL CONTROL AND ENTERPRISE
More informationDepartment of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM)
Department of Veterans Affairs VA Directive 0054 Washington, DC 20420 Transmittal Sheet April 8, 2014 VA Enterprise Risk Management (ERM) 1. REASON FOR ISSUE: This directive provides guidelines to help
More information2015-16 Internal Control Questionnaire and Assessment
Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 9, 2015 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org TABLE
More informationCyber-Security Risk Management Framework (CSRM)
ABSTRACT The Security-Centric, Cyber-Security Risk Management (CSRM) framework expands on both the Internal Control Framework as well as Enterprise Risk Management Framework and proposes an effective Integrated
More informationIntroduction to Enterprise Risk Management at UVM DRAFT
Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for
More informationApplying Integrated Risk Management Scenarios for Improving Enterprise Governance
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used
More informationGovernance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
More informationEnterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012
Enterprise Risk Management in a Highly Uncertain World A Presentation to the Government-University- Industry Research Roundtable June 20, 2012 CRO Council Introduction Mission The North American CRO Council
More information[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]
SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting
More informationRisk Management Policy
Risk Management Policy June 2015 1 2 Contents 1. Policy Objectives and Background... 4 1.1. Policy Background... 4 1.2. Policy Objective... 4 1.3. Policy Sponsor and Maintenance... 4 2. Risk Types and
More informationEnterprise Risk Management (ERM) & Compliance
Enterprise Risk Management (ERM) & Compliance Mid Atlantic Regional Meeting, May 1, 2015 Society of Corporate Compliance and Ethics Jason Lunday, consultant Compliance Opportunities in ERM Increase compliance
More informationClarius Group Risk Management Policy and Framework
1. Introduction Clarius Group Risk Management Policy and Framework 1.1 Definition Risk is the chance of something happening that will have an impact on objectives. Risk provides the opportunity (upside)
More informationCFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material
P a g e 1 CFE 2 Enterprise Risk Management Study Guide - Supplemental Background Material The passing score for this test is 74% Reference Guides: Enterprise Risk Management Best Practices: From Assessment
More informationERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1
ERM and GRC Fundamentals Risk Management Definitions & Guiding Principles Module 1 Agenda Introduction: Purpose and Goal of the Training (5 min.) Section 1: ERM / GRC Terms & Concepts (15 min.) Section
More informationInternal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)
Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) 1 Introduction 1.1 Section 316 (4) of the International Business
More informationA Risk Management Standard
A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management
More information10-005 Enterprise Risk Management
10-005 Enterprise Risk Management Current update: 09/16/10 Original Issuance: 03/31/08 Purpose This policy provides guidance and direction to State Board of Administration business unit heads for identifying,
More informationRISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY
RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY Page 1 CONTENTS 1. Foreword by the Mayor... 3 2. Background... 4 2.1 Introduction... 4 2.2 Overall purpose of the Enterprise Risk Management
More informationSECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT
SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing
More informationFRAUD RISK ASSESSMENT
FRAUD RISK ASSESSMENT All agencies are subject to fraud risks and need to complete a fraud risk assessment for their agency at least every biennium. A detailed fraud assessment needs to be performed by
More informationEnterprise Risk Management. California Association of State Auditors October 8, 2015
Enterprise Risk Management California Association of State Auditors October 8, 2015 Agenda GovOps Agency Overview Civil Service Improvement Initiatives Enterprise Risk Management As a strategy As a framework
More informationNational Occupational Standards. Compliance
National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements
More informationUnderstanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.
More information