Enterprise Risk Management Focusing on the Right Risks
|
|
- Jacob Sims
- 6 years ago
- Views:
Transcription
1 2014 CliftonLarsonAllen LLP Enterprise Risk Management Focusing on the Right Risks VGFOA 2015 Fall Conference October 22, 2015 CLAconnect.com
2 Session Objectives 1.Identify factors driving the need for enterprise risk management 2.Discuss a process for identifying, assessing, and prioritizing risks 3.Recognize key items to consider for enhancing risk management in your organization 2
3 Factors Driving Organizations to Implement Enterprise Risk Management Why Do You Do It? 3
4 What is ERM? Enterprise risk management is a process, effected by the entity s board of directors, management, and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within the risk appetite, to provide reasonable assurance regarding the achievement of objectives. - COSO Enterprise Risk Management Integrated Framework 2004 Organizational definitions of enterprise risk management (ERM) can vary widely. At its basic core, it involves having a better understanding of the risks your organization faces, and having a sustainable and repeatable process to successfully mitigate them. 4
5 Benefits of ERM Create a more risk-aware culture Align risk appetite and strategy Enhance risk response decisions Minimize operational surprises and losses Identify and manage cross-enterprise risks Provide integrated responses to multiple risks Seize opportunities Support cost management efforts Improve operational performance Provide better basis for allocating resources And thereby: Restore and/or retain stakeholder trust and confidence Protect and increase value for the organization and your customers 5
6 What Types of Risks Are Local Governments Focusing On? Many local governments are realizing that they need to focus on the full spectrum of risk categories to ensure that they have identified their true top risks, and focusing on the right things. Risks are specific to the particular local government but in addition to traditional risk categories such as finance, organizations may identify risks in areas such as: Legislative and Regulatory change Economic Environment Vendor Management Human Capital Management Affiliated Organizations Business Continuity Fraud Cyber Infrastructure Social Media Federal Regulatory Compliance State Regulatory Compliance Safety and Security Reputation management 6
7 Determining the right level of ERM Obtain feedback from governance/board Risk appetite Strategy Is there a sustainable process to make risk management more than a one-time event? Specifically scope projects to ensure a ERM is a component 7
8 Questions Many Organizations Are Asking What is our appetite for risk and what is our tolerance for deviating from expected results? What risks should we be focusing on? Do we know what our true top risks are? Once we know what the risks are, how prepared are we to address them? How well are we doing with the risks we are focusing on? Do we have a sustainable process to make risk management more than a one-time event? How do we capture future risks and integrate them into the process? How aligned are we as an organization to make this happen? 8
9 Identifying, Assessing, and Prioritizing Risk on an Enterprise- Wide Basis How Do You Do It? 9
10 How to go about the ERM Process Scope an approach to ERM Determine who within your organization is discussing and assessing risks Understand and define the risk approach Establish goals for the assessment Collect data on risks: interviews, surveys, heat map Communicate with board members 1 0
11 Evaluating Risk Management Capability Two Key Questions on Risk Management Capabilities 1. Where is your organization in terms of risk management capabilities? 2. Where do you need to be? Many organizations are assessing their current risk management state and setting goals for their next ERM milestone. 11
12 Most Organizations Rely on Multiple Sources for Answers However, risk oversight and an integrated approach is usually lacking Finance Internal Control, Disclosure, Credit, Liquidity, Commodity, Risk Analytics and Modeling Information Management IT Security, Data Integrity, Information Adequacy, Business Process/Continuity Risks Operations Compliance and Ethics Ethics and Business Conduct, and Regulatory Compliance Risks Business Development Market and Strategy Risks General Counsel Legal and Intellectual Property Internal Audit Risk informed audits, risks to internal control, key exposures and vulnerabilities, and assurance Security Risks to property and people Quality of care, Customer Relations, Market and Pricing, Competitive, People/Process/Asset Performance, Environmental and Safety Risks Insurance Property, Casualty, Liability, and Hazards ERM provides a means to better understand, communicate, and respond to the risk knowledge that exists in the organization. 12
13 Two Sides of the Risk Coin RISK TYPES Unrewarded Risk: Risks that must be taken Regulatory compliance is a good example Rewarded Risk: Risks where you have an option to take Strategy and business decisions, where value can be created Fail to manage the unrewarded risks and bad things happen Fail to take the right amount of rewarded risks and you don t fully reap the reward 13
14 Communicate & Consult Monitor & Review 2014 CliftonLarsonAllen LLP Two Popular Risk Frameworks COSO integrated framework AS/NZ - ISO 31000:2009 Establish the Context Identify Risks Analyze Risks Evaluate Risks Assess Risk Treat Risks 14
15 Risk Tier Definitions Tier 1 Risks Highest Risks to the Enterprise Tier 2 Risks Medium Vulnerability Tier 3 Risks Lowest Vulnerability Risk is identified as highest overall risks to the organization Risks at this level are small in number and will require immediate and significant attention Risk is clearly a key enterprise risk but may not require same level of attention as a Tier 1 risk Requires on-going monitoring and oversight however frequency of updates is less than Tier 1 Risk is still considered a key enterprise level risk but may not require additional mitigation responses beyond the current efforts Requires on-going monitoring to ensure status is stable Attorney Client Privilege Attorney Work Product FOIA Exempt 15
16 Goals of an Enterprise-Wide Risk Assessment An enterprise risk assessment gives organizations insight into risks in multiple categories. Benefits of ERM: Understand both financial and non-financial risks Develop a sustainable risk assessment process that can be used in future years Utilize a common risk rating criteria for multiple risk types Generate a prioritized risk register Develop risk mitigation strategies for the key risks vs. attempting to cover all Implement leading practices Manage risk more effectively and efficiently Develop data for reporting to governance/board 16
17 Goals of an Specific Risk Assessment Specific risk assessment gives organizations insight into risks for a sole purpose. Benefits of Specific Risk Assessment: Understand both financial and non-financial risks Connect risks to the governance/board report An opportunity to utilize a common risk rating criteria for multiple risk types 17
18 Illustrative Basic Risk Dashboard Using a Risk Heat Map The risk assessment process facilitates the identification of risks by rating the Impact, Vulnerability and Speed of Onset. The overall types of impact of the risk can be based on multiple impact including: Financial Reputation Legal/Regulatory Customers Employees Operations The overall vulnerability of the risk can be based on factors such as: Existing controls and mitigation efforts Risk management capability Prior risk experience Speed of Onset is based on how quickly the risk could occur 18
19 Risk Impact on Value 2014 CliftonLarsonAllen LLP Framework for Assessing Risk and Organizing Risk Response Focus on vulnerabilities to value loss or creation not just likelihood Set Risk Appetite (Thresholds) Assess Impact Key Performance Indicators Qualitative Quantitative High MARCI Chart Risk Mapping First Effectiveness Then Efficiency Assurance of Preparedness A Enhance Risk Mitigation M Illustrative Outcomes Financial Reputation Legal Regulatory Stakeholder Expectations Assess Vulnerability Control effectiveness Cost of risk experience Prevailing failure modes / contributing factors Complexity and change Risk management capability (detect, prevent, correct, escalate) Low R Redeploy Resources Cumulative Impact? CI Measure for Cumulative Impact Vulnerability High Likelihood Degree of difficulty Cost / ROI Time to implement Set Priorities Select Risk Response Acceptance Avoidance Prevention Detection Correction Escalation 19
20 Impact Low Moderate High 2014 CliftonLarsonAllen LLP Tiering Risks Consider the Impact and Vulnerability of the risk and tiering the risks. The risks have been organized in a tiered fashion to demonstrate which risks should be considered the highest priority, which are secondary, and which may require less attention today. When plotted on the chart below, the risk priorities typically fall in the following manner: Tier 1 risks primarily fall in the higher Red area Top priority risks to the organization Risks require further analysis of response options Risks should have a risk owner Risks will receive the primary attention in short term Tier 2 risks typically fall in the Yellow or lower Red area Key risks but timeline is not as critical Risks could have a risk owner Tier 3 risks can fall in Yellow or Green areas Risks are tracked but existing mitigation is sufficient FCPS Risk Heat Map Low Moderate High Vulnerability Attorney Client Privilege Attorney Work Product FOIA Exempt 20
21 Problems With the Likelihood Model Little or no predictive value in context of typical planning horizons 80 percent of all major value losses are high impact / low likelihood Biases management to direct resources to high impact / high likelihood events at the expense of high impact / low likelihood events Typically focuses on single events rather than a series of events or domino effect Audit activities are often misdirected to the red zone Better Approach Focus on preparedness and vulnerability Inverse relationship High preparedness = Low vulnerability Low preparedness = High vulnerability 21
22 Shortcomings of the COSO Approach Estimating Likelihood and Impact Uncertainty of potential events is evaluated from two perspectives likelihood and impact. Likelihood represents the possibility that a given event will occur, while impact represents its effect... It is important that the analysis be rational and careful The time horizon used to assess risks should be consistent with the time horizon of the related strategy and objectives For example, a company operating in California may consider the risk of an earthquake disrupting its business operations. Without a specified risk assessment time horizon, the likelihood of an earthquake exceeding 6.0 on the Richter scale is high, perhaps virtually certain. On the other hand, the likelihood of such an earthquake occurring within two years is substantially lower. By establishing a time horizon, the entity gains greater insight into the relative importance of the risk and an enhanced ability to compare multiple risks. COSO ERM September 2004 p
23 Illustrative Local Gov t Impact Profile OVERALL RISK IMPACT PROFILE Strategic Risk Material Operational & Process Risk Material Board Governance Significant Sovereign/ Political Significant Human Resources Significant Health and Safety Material Human Resource Significant Legal Significant Knowledge Capital Significant Policies and Procedures Material Competition Significant External/ Industry Factors Significant Efficiency Material Communication Significant Organization Structure Significant Succession Planning Material Capacity Significant Physical Assets Material Strategic Planning / Budgeting Material Reputational - Stakeholder Relations/ Customers Material Scalability Material Information Technology - Access Material Resource Availability Material Catastrophic Loss Material Functional Effectiveness Significant Information Technology - Availability Significant Partnering Significant Information Technology - Infrastructure Significant Environmental Significant 23
24 Illustrative Basic Risk Dashboard Example of a Basic Risk Report Risk Description Risk Direction Risk Response Status Risk Owner Status of Additional Risk Management Activities Initiated Failure to comply with federal regulatory standards Mr. Avoid Performing review of last 12 months of adverse compliance Developing action plans for key trend areas identified from the review Inaccurate billing for services Ms. Accept Assess customer concerns Measure customer satisfaction Insufficient business continuity planning Mr. Reduce A project has been initiated to develop appropriate business continuity plans for all major operations and facilities. Inadequate IT backup and disaster recovery processes Ms. Transfer Key steps have been completed to improve IT BCM: consolidated and improved the data center, documented processes, and retrained personnel. 24
25 Tier 1 Human Capital - Instructional Risk Description Lack of ability to hire and retain skilled works and central staff due to excessive workload and decreased funding. Average Ratings Impact: 4.16 Vulnerability: 3.90 Examples - Workload demands cause some employees in specific departments to work hours per week. - Employee morale decreases in overworked situations - Personnel are assigned to the wrong task and do not receive proper training. Comments Provided by Survey Respondents: Entity too often finds itself reacting to stakeholder concerns rather than proactively pursuing continuous improvement. In addition, the entity tends to rely to deeply on internal solution rather than identifying best practices from other entities nationwide. Cuts to central staff have significantly decreased morale and increased dissatisfied employees. I believe we are at a high risk factor for losing skilled and valuable employees to other systems and careers. I feel that we have taken some steps to mitigate our vulnerability here, but that more needs to be done. I believe that employees, for the most part, will put their all into their jobs. Because they want to be responsive, they spend extra hours getting things done. The hours spent are not conductive to a good balance in life. At times, people in some offices are bypassed because they are not viewed as the go to person. As a results, the go to person is tremendously stressed. I would like to see the hiring process go beyond a thirty minute panel interview and one follow up. 25
26 Risk Prioritization and Response Sessions Evaluating the cost-benefit of various risk response options can be standardized using an evaluation template to standardize the analysis of different response options Example Risk Response Evaluation Matrix: Financial Systems and Internal Reporting Risk Description: the possibility of revenue loss or non-compliance due to poor alignment of financial systems functionality and internal reporting requirements. Options Available Costs Benefits Accept Reduce Vulnerability Reduce Impact Transfer Avoid Retain current risk by working with current architecture >Minimal incremental cash expenses >Continued risk of loss >Continued or perhaps accelerated obsolescence of systems Lower cash outlays to address problem Minimal organizational disruption Implement new system that better fits business requirements $X Licensing fee $X implementation $X maintenance fee Organizational disruption during transition $X estimated avoided loss Enhanced reporting and better business decision-making Enhance business processes and manual reconciliations $X implementation Organizational disruption during transition Ongoing inefficiency costs $X estimated avoided loss Outsource financial systems operation to third party vendor $X implementation $X annual fee $X per transaction fee Loss of organizational capability Loss of organizational control $X MM annual cost savings Enhanced reporting flexibility and support Where practicable Not practicable Not practicable Residual Risks? No Yes Yes Yes Not practicable 26
27 Information About Key Items to Consider for Enhancing Risk Management in Organizations What Could The Risks Be? 27
28 Major Types of Risk and Risk Areas (Examples) Financial operations The risks associated with the organization s financial viability and the way the organization maintains its financial records. Accounting /Revenue Cycle Financial Reporting and Disclosure Governance, Independence Treasury and Investments Tax UBI, Payroll Withholding, Intermediate Sanctions, Returns -990s, and 501C3 Status Financing Bonds Internal Controls Internal Audit Contracting / Purchasing (Materials Management) Group Purchasing Organization Relationships Construction Service delivery The risks associated with the delivery of services Quality - Safeguarding of Practice Regulatory Compliance Institution Licensing and Accreditation Marketing/ Community Outreach Compliance and legal matters Federal and State Regulations Stark IRS Tax Anti-Kickback HIPAA Anti Trust 28
29 Major Types of Risk and Risk Areas (cont.) Employment and staffing The risks associated with the organization s delivery and management of its human resources including employed, contracted, and credentialed providers. Labor Relations Wage and Hourly - Compensation Employment Practices Hiring and Firing, EEO, ADA Education, Training, Development Staffing Retention, Recruitment, Performance Evaluations, Levels Pension and Benefits - Insurance Worker s Compensation Contract Labor Agency, Nurses Organization and strategic Environment The risks associated with external factors, strategic direction, and issues related to organizational structure and culture. Strategy M&A Advocacy Tax Exempt Limitations Public Relations Reputational Organization and Governance Mission Market Forces (Competition) Disaster Planning Physical Security Emerging Technologies (Innovations) Systems Integration 29
30 Major Types of IT Risk and IT Risk Areas (Examples) IT computing environment Risks associated with the organization s IT systems Hardware Software System interfaces Databases System and data criticality (system s importance to the organization) System and data sensitivity Data backup and recovery process Logical access Password Administration Direct access to data Physical access to data centers/facilities/equipment Lack of segregation of duties Network security and availability System security policies System security architecture Operational environment of IT systems Functional requirements of IT system Users of the IT system Management of data changes 30
31 External ERM Resources Committee of Sponsoring Organizations The Risk Management Society The Risk Management Association 31
32 CLA Resources Articles and Whitepapers ACA Pensions: GASB 68 Uniform grant guidance Events Calendar Webinar Recordings Government-Agencies.aspx?ind=State and local 32
33 2014 CliftonLarsonAllen LLP Questions? Greg Bussink- Principal Phone number Taylor Powell- Senior Consultant CLAconnect.com twitter.com/ CLAconnect facebook.com/ cliftonlarsonallen linkedin.com/company/ cliftonlarsonallen 33
Applying COSO s Enterprise Risk Management Integrated Framework
Applying COSO s Enterprise Risk Management Integrated Framework COSO COSO stands for the Committee Of Sponsoring Organizations of the Treadway Commission. The sponsoring organizations are: Institute of
More informationApplying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004
Applying COSO s Enterprise Risk Management Integrated Framework September 29, 2004 Today s organizations are concerned about: Risk Management Governance Control Assurance (and Consulting) ERM Defined:
More informationENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017
ENTERPRISE RISK MANAGEMENT IN HEALTH CARE April 27, 2017 Presenters Adam Marshall Director, Risk Advisory Services Jessika Garis Manager, Risk Advisory Services RSM US LLP Adam.Marshall@rsmus.com +1 410
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Assessment Part 2 2017 Association of Certified Fraud Examiners, Inc. Fraud Risk Assessment Frameworks Frameworks are helpful for performing, evaluating, and reporting
More informationEnergize Your Enterprise Risk Management
Energize Your Enterprise Risk Management Presented By Mark Caiazzo, CISA, CISM, CRISC Tammy Michaud, CPA May 15, 2017 Reviewed: Agenda Enterprise Risk Management Defined Benefits of ERM Key Components
More informationGOV : Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management GOV-080-005: Enterprise Risk Management Policy Draft Date: November 2006; January 2012 Revised
More informationRisk Management Policy. Apollo Hospitals. Risk Management Policy
Apollo Hospitals Risk Management Policy Table of Contents 1. Introduction...1 2. Risk Management Policy...2 2.1 Applicability... 2 2.2 Risk Management Objectives... 2 2.3 Definitions... 2 2.3.1 Risk...
More informationPractical aspects of determining and applying a risk appetite for SMEs
Practical aspects of determining and applying a risk appetite for SMEs By Tim Timchur acis, Director, ActivePro Consulting Pty Ltd Important to determine appetite for risk before determining what risk
More informationBusiness Auditing - Enterprise Risk Management. October, 2018
Business Auditing - Enterprise Risk Management October, 2018 Contents The present document is aimed to: 1 Give an overview of the Risk Management framework 2 Illustrate an ERM model Page 2 What is a risk?
More informationProcedures for Management of Risk
Procedures for Management of Policy Sponsor: Name of Parent Policy: Policy Contact: Procedure Contact: Vice President Finance and Administration Enterprise Management Policy Vice President Finance and
More informationENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework
ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework ENTERPRISE RISK MANAGEMENT (ERM) ERM Definition The Conceptual Frameworks: CAS and COSO Risk Categories Implementing ERM Why ERM? ERM Maturity
More informationAFERM Best Practices: Guideposts, Risk Registers and a Maturity Model
AFERM Best Practices: Guideposts, Risk Registers and a Maturity Model G.Edward DeSeve, Senior Advisor September, 2014 Oliver Wyman Introduction Guide Posts- As governments design ERM programs, they must
More informationRisk Management Framework
Risk Management Framework Anglican Church, Diocese of Perth November 2015 Final ( Table of Contents Introduction... 1 Risk Management Policy... 2 Purpose... 2 Policy... 2 Definitions (from AS/NZS ISO 31000:2009)...
More informationENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.
1. Purpose: 1.1. Pedernales Electric Cooperative ( PEC ) is committed to delivering low-cost, reliable and safe energy solutions for the benefit of our members. In order to improve the likelihood of achieving
More informationก ก Tools and Techniques for Enterprise Risk Management (ERM)
ก ก Tools and Techniques for Enterprise Risk Management (ERM) COSO ERM ISO ERM 31 2554 10:45 12:15.. 301, 302, 307 ก ก COSO Internal Control ERM Integrated Framework Application Technique ISO 31000 Guide
More informationBest Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]
Best Practices in ENTERPRISE RISK MANAGEMENT [ Managing Risks Holistically ] INTRODUCTIONS MODERATOR: Bob Lipps, JD, CPA PANELISTS: Ron Wilcox Abel Pomar Karen Gordon, Esq. THE EVOLUTION OF RISK Traditional
More informationRisk Management. Webinar - July 2017
Risk Management Webinar - July 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Adapted and Facilitated by: Professor Enslin J. van Rooyen Risk Management - June 2017 2 Defining Risk
More information2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group
2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group During October 2014 through June 2015, a third ORSA Feedback Pilot Project
More informationCORPORATE RISK MANAGEMENT POLICY
11/8/2017 INFORMAÇÃO INTERNA ÍNDICE 1 PURPOSE... 3 2 SCOPE... 3 3 REFERENCES... 3 4 CONCEPTS... 4 5 GUIDELINES... 6 6 RESPONSABILITIES... 8 7 CONTROL INFORMATION... 14 2 INFORMAÇÃO INTERNA 1 PURPOSE The
More informationRisk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small
Risk Management Seminar June 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Defining Risk Risk reflects the chance that the actual event may be different than the planned / expected
More informationRisk Management Policy and Framework
Risk Management Policy and Framework Risk Management Policy Statement ALS recognises that the effective management of risks is a fundamental component of good corporate governance and is vital for the
More informationDelivering Clarity to Credit Unions Through Expertise and Experience
Jeff Owen, The Rochdale Group September 2012 Delivering Clarity to Credit Unions Through Expertise and Experience Enterprise Risk Management Lending Execution and Risk Management Merger Strategy and Realization
More informationEFFECTIVE TECHNIQUES IN RISK MANAGEMENT. Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011
EFFECTIVE TECHNIQUES IN RISK MANAGEMENT Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011 Effective Techniques in Risk Management Risk Management Overview Exercise #1 Break Risk IT Exercise #2 Break Risk
More informationUSF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment
USF System Compliance & Ethics Program Risk Assessment Process Enterprise-Wide Risk Assessment Risk Assessment Process Risk Assessment: A disciplined, documented, and ongoing process of identifying and
More informationUnderstanding Enterprise Risk Management: An Overview
Understanding Enterprise Risk Management: An Overview 05/2016 What is Risk? An uncertain event It exists in the future Has a cause and effect Impacts objectives Its effect may be positive and/or negative
More informationSCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda
SCCE 2012 COMPLIANCE & ETHICS INSTITUTE October 14, 2012 l Las Vegas, NV Ethics & Compliance Risk Management 101: Program Essentials and Effective Practice Key Steps to Implementing and Championing an
More informationA Practical Framework for Assessing Emerging Risks
A Practical Framework for Assessing Emerging Risks John Bowman, MBCI Enterprise Business Continuity Management Share one approach to assess the current level of business continuity risk in your organization.
More informationNavigating the New Normal Enterprise Risk Management After e-risk Identification and Assessment
Navigating the New Normal Enterprise Risk Management After e-risk Identification and Assessment Agenda ERM After e-ria ERM Level Setting ERM Fundamentals So Now What? Next-Step Considerations Overview
More informationRisk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI
Risk Management: Principles, Methodologies and Techniques Peter Getugi Internal Audit Manager ILRI NAIROBI 22 JUNE, 2010 Session Objectives What is Risk Management? Why is Risk Management importance rising?
More informationApproved by: Diocesan Council 17 December 2015
DIOCESAN COUNCIL POLICY 39 Risk Management Approved by: Diocesan Council 17 December 2015 1 PREAMBLE The Perth Diocesan Trustees under the authority of the Diocesan Trustees Statute 1952 have the responsibility
More informationEnterprise Risk Management Integrated Framework
ISACA S IT Audit, Information Security & Risk Insights Africa 2014, Alisa Hotel Enterprise Risk Management Integrated Framework Tony Bediako May 20, 2014 Today s organizations are concerned about: Risk
More informationThe Components of a Sound Emerging Risk Management Framework
North American CRO Council The Components of a Sound Emerging Risk Management Framework December 6, 2012 2012 North American CRO Council Incorporated chairperson@crocouncil.org North American CRO Council
More informationENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals
Purpose This Enterprise Risk Management Policy (the ERM policy) provides the framework for managing risks across ( RGHC or the Company ). It contains the policies to guide employees, management and the
More informationA Global Trend In Local Government
Enterprise Risk Management A Global Trend In Local Government By James J. Kline and Greg Hutchins Risks prevent an organization from achieving its goals. Organizations benefit when management successfully
More informationIT Risk in Credit Unions - Thematic Review Findings
IT Risk in Credit Unions - Thematic Review Findings January 2018 Central Bank of Ireland Findings from IT Thematic Review in Credit Unions Page 2 Table of Contents 1. Executive Summary... 3 1.1 Purpose...
More informationRisk Management in Italy: State of the art and perspectives. PMI Rome Italy Chapter
Risk Management in Italy: State of the art and perspectives Marco Giorgino, Full Professor of Global Risk Management, Politecnico di Milano PMI Rome Italy Chapter November, 5 th 2009 Agenda 2» What is
More informationUNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy
UNITED NATIONS JOINT STAFF PENSION FUND Enterprise-wide Risk Management Policy 15 April 2016 Page 1 Table of Contents Page Preface I. Introduction 3 II. Definition 4 III. UNSJFP Enterprise-wide Risk Management
More informationMEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework
MEMORANDUM To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 Re: ERM Policy and Framework Executive Summary Attached are the draft Enterprise Risk Management
More informationExcellence in Risk Management via Enterprise Risk Management. Presentation to: Audit Committee Ashok K. Roy, Ph.D., CIA, CFSA, CBA September 18, 2015
Excellence in Risk Management via Enterprise Risk Management Presentation to: Audit Committee Ashok K. Roy, Ph.D., CIA, CFSA, CBA September 18, 2015 We need to migrate to ERM for holistic view of Risks.
More informationCORPORATE RISK 2017 ANNUAL REPORT
CORPORATE RISK 07 ANNUAL REPORT The City of Saskatoon, like all municipal governments, faces many types of risk, including strategic, operational, financial and compliance risks. If not effectively managed,
More informationFIRMA Nashville Tennessee April 21, 2015
FIRMA Nashville Tennessee April 21, 2015 Brian J. Pinkerton T. Kevin Whalen Enterprise risk management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization
More informationMajor Projects Advisory Project Leadership Series
KPMG GLOBAL ENERGY INSTITUTE Major Projects Advisory Project Leadership Series February 7, 2013 Disclaimer The information contained herein is of a general nature and is not intended to address the circumstances
More informationLONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY
LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY JANUARY 2013 1 Version Control Reference Comments Approval date 05 09 12 19 11 12 10 01 13 2 FOREWORD Welcome to the Council s Risk Management Strategy.
More informationOMB Update Enterprise Risk Management. April, 2018
OMB Update Enterprise Risk Management April, 2018 1 Current Risk Environment Facing Federal Government The Federal government is facing greater change than at any other point in time Current budget realities
More informationSummary Enterprise Risk Management Framework
Summary Enterprise Risk Management Framework Last Updated: September 26, 2016 CONTENTS I. Overview II. III. Risk Management Philosophy General Risk Management Activities Board of Directors Risk Management
More informationRisk Management Plan PURPOSE: SCOPE:
Management Plan Authority Source: Vice-Chancellor Approval Date: 16/05/2018 Publication Date: 17/05/2018 Review Date: 17/05/2021 Effective Date: 16/05/2018 Custodian: General Counsel and University Secretary
More informationRisk Appetite. What is risk appetite?
Risk Appetite Presented by Mike Claffey 30 March 2011 What is risk appetite? Risk appetite is the degree of risk that an organisation is willing to accept in order to achieve its objectives, both in terms
More informationRisk Management Strategy
Resources Risk Management Strategy Successful organisations are not afraid to take risks; Unsuccessful organisations take risks without understanding them. Issue: Version 3 - November 2011 Group: Resources
More informationRisk Management Relevance to PAS 55 (ISO 55000) Deciding on processes to implement risk management
Risk Management Relevance to PAS 55 (ISO 55000) Deciding on processes to implement risk management Jeff Hollingdale DQS South Africa jeffh@dqs.co.za PAS 55 Risk Management The guideline states: (4.4.7);
More informationTONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD
TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD RISK MANAGEMENT FRAMEWORK 2017 Overview Tonga National Qualifications and Accreditation Board (TNQAB) was established in 2004, after the Tonga National
More informationORSA reports: gaps and opportunities
ORSA reports: gaps and opportunities Market benchmarking of ORSA reports for Singapore general insurers Industry-wide Own Risk and Solvency Assessment (ORSA) 1 2 Contents 1 Executive summary 2 Our assessment
More informationApproved Models to Align Incentives between Hospitals and their Physicians
Approved Models to Align Incentives between Hospitals and their Physicians Agenda I. Alignment Model Overview II. Co-Management III. Clinically Integrated Networks CIN Definition & Overview Network Development
More informationManaging business risks in SMSEs
www..com/pg Managing business risks in SMSEs CPA PNG Kokopo conference June 2018 Presented by Stephen Beach Partner, PwC Managing business risks in MSMEs What we will cover. Perspectives on risk and opportunity
More informationThe ORSA opportunity:
The ORSA opportunity: Compliance and business value 12 March 2014 Today s agenda Background and regulatory update ORSA overview Industry perspectives Achieving long-term business value Page 2 Today s agenda
More informationMERCER SENTINEL SERVICES
HEALTH WEALTH CAREER MERCER SENTINEL GROUP MERCER SENTINEL SERVICES MERCER SENTINEL SERVICES 2 FIDUCIARY CHALLENGES In managing institutional investment programs, the primary focus is typically investment
More informationEnterprise Risk Management Program
Enterprise Risk Management Program David W Sundvall, Risk Manager 3/2/2016 Page 0 of 12 Table of Contents Introduction... 2 Approach... 2 Risk Appetite... 3 Roles and Responsibilities... 3 Process... 4
More informationRisk Diverse Environments: Prioritizing the Priorities
Risk Diverse Environments: Prioritizing the Priorities Presented by: Sheryl Vacca, CCEP, CHC-F, CHRC SVP/Chief Compliance and Audit Officer University of California Sheryl.vacca@ucop.edu Risk Diverse Environments:
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY 1. INTRODUCTION Seven West Media Limited (SWM) is the leading, listed national multi-platform media business based in Australia, which exposes the company to a wide range of risks.
More informationRisk Evaluation, Treatment and Reporting
Chapter 8 Risk Evaluation, Treatment and Reporting In the previous chapter we looked at how risks are identified, described and estimated using a likelihood and consequences matrix. This is an essential
More informationAligning Risk Management with CU Business Strategy
Aligning Risk Management with CU Business Strategy Managing your most pressing risks CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited 2016 CUNA Mutual Group, All Rights
More informationRISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA
RISK MANAGEMENT 11.1 Plan Risk Management: The process of DEFINING HOW to conduct risk management activities for a project. In Plan Risk Management, the remaining FIVE risk management processes are PLANNED
More informationWHITE PAPER FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE
WHITE PAPER FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE 90 CAPTURE AND MONITOR RISK APPETITE 2 FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE Many organisations are grappling with
More informationPrudential Standard GOI 3 Risk Management and Internal Controls for Insurers
Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers Objectives and Key Requirements of this Prudential Standard Effective risk management is fundamental to the prudent management
More informationCertified Enterprise Risk Professional (CERP) Test Content Outline
Certified Enterprise Risk Professional (CERP) Test Content Outline SECTION 1: RISK GOVERNANCE Domain 1: Board and Senior Management Oversight (8%) Task 1: Provide relevant, timely, and accurate information
More informationM_o_R (2011) Foundation EN exam prep questions
M_o_R (2011) Foundation EN exam prep questions 1. It is a responsibility of Senior Team: a) Ensures that appropriate governance and internal controls are in place b) Monitors and acts on escalated risks
More informationRISK MANAGEMENT POLICY AND STRATEGY
1 RISK MANAGEMENT POLICY AND STRATEGY Version No: Reason for Update Date of Update Updated By 1 Review Timeframe September 2014 2 Review June 2017 Governance Manager Governance Manager 3 4 5 6 7 8 Introduction
More informationAn Introductory Presentation for ECU Staff
Risk Management at ECU An Introductory Presentation for ECU Staff Phillip Draber Manager, Risk and Assurance Outcomes By the end of this session you should: Be able to complete and document risk management
More informationThe Proactive Quality Guide to. Embracing Risk
The Proactive Quality Guide to Embracing Risk Today s Business Uncertainties Are Driving Risk Beyond the Control of Every Business. Best Practice in Risk Management Can Mitigate these Threats The Proactive
More informationRISK COMMITTEE TERMS OF REFERENCE. The Board has resolved to establish a Committee of the Board to be known as the Risk Committee.
RISK COMMITTEE TERMS OF REFERENCE Constitution The Board has resolved to establish a Committee of the Board to be known as the Risk Committee. Objective To identify and monitor risks to the Society s strategy,
More informationENTERPRISE RISK MANAGEMENT Framework
STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework January 2018 Ce document est également disponible en français. Notice This document is intended as a reference tool
More informationChapter 7: Risk. Incorporating risk management. What is risk and risk management?
Chapter 7: Risk Incorporating risk management A key element that agencies must consider and seamlessly integrate into the TAM framework is risk management. Risk is defined as the positive or negative effects
More informationSOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY
SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY SECTION 1. PURPOSE This Policy establishes the standards, processes and accountability structure to identify, assess, prioritize and manage key risk exposures
More informationRISK MANAGEMENT FRAMEWORK
RISK MANAGEMENT FRAMEWORK 1. INTRODUCTION (Company) acknowledges that risk is inherent in its business. The Company s risk management framework is an important tool to guide the organisation towards achieving
More informationBusiness Continuity Management and ERM
Business Continuity Management and ERM Partnership for Emergency Planning Kansas City Marshall Toburen GRC Strategist ERM, ORM, 3PM RSA A division of EMC 2 June 18, 2014 1 Agenda Intro State of ERM Today
More informationEC/67/SC/CRP.22. Risk management in UNHCR. Executive Committee of the High Commissioner s Programme. Standing Committee 67 th meeting.
Executive Committee of the High Commissioner s Programme Distr.: Restricted 31 August 2016 English Original: English and French Standing Committee 67 th meeting Risk management in UNHCR Summary This paper
More informationScouting Ireland Risk Management Framework
No. SID 124A/15 Gasóga na héireann/scouting Ireland Issued Amended 20 th June 2015 Deleted Source: National Management Committee Scouting Ireland Risk Management Framework Revision Date Description # 20/06/2015
More informationThere are many definitions of risk and risk management.
Definition of risk There are many definitions of risk and risk management. The definition set out in ISO Guide 73 is that risk is the effect of uncertainty on objectives. In order to assist with the application
More informationINTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY
INTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY June 2012 Sami Ahmed Assistant Vice President - MRC Paolo De Rosa Senior Vice President - MRC Introduction Purpose Raise your knowledge and awareness
More information1. Define risk. Which are the various types of risk?
1. Define risk. Which are the various types of risk? Risk, is an integral part of the economic scenario, and can be termed as a potential event that can have opportunities that benefit or a hazard to an
More informationNYISO Capital Budgeting Process. Draft 01/13/03
NYISO Capital Budgeting Process Draft 01/13/03 1 1.0 INTRODUCTION An effective, capital budgeting process is essential to ensure sound capital investment decisions. This report details a recommended approach
More informationOperational Risk Management
Operational Risk Management An Iceberg but Icebergs can melt DMF Stakeholders Forum Berlin, May 2013 Mike Williams mike.williams@mj-w.net Operational risk is: The risk of loss (financial or nonfinancial)
More informationWorking through Risk Appetite
28 th National Risk Management Training Conference Working through Risk Appetite Marilyn Smith Head U.S. Policy & Governance BMO Financial Corp./BMO Harris Bank Fiduciary Governance April 30 2013 Working
More informationExecutive Summary. Introduction and Purpose. Scope
Executive Summary Introduction and Purpose This is the first edition of the Los Angeles Unified School District All-Hazard Mitigation Plan, and through completion of this plan the District continues many
More informationAudit Report Internal Financial Controls. GF-OIG March 2015 Geneva, Switzerland
Audit Report Internal Financial Controls GF-OIG-15-005 Table of Contents I. Background... 2 II. Scope and Rating... 3 III. Executive Summary... 4 IV. Findings and agreed actions... 6 V. Table of Agreed
More informationInformation Security and Third-Party Service Provider Agreements
The Iowa State Bar Association s ecommerce & Intellectual Property Law Sections presents 2016 Intellectual Property Law & ecommerce Seminar Information Security and Third-Party Service Provider Agreements
More informationEnterprise Risk Management
Enterprise Risk Management Dave Heller Vice President and Chief Compliance Officer Qwest Risk Management September 21, 2004 Acknowledgement The information contained within the first half of this presentation
More informationGUIDELINE ON ENTERPRISE RISK MANAGEMENT
GUIDELINE ON ENTERPRISE RISK MANAGEMENT Insurance Authority Table of Contents Page 1. Introduction 1 2. Application 2 3. Overview of Enterprise Risk Management (ERM) Framework and 4 General Requirements
More informationChapter-8 Risk Management
Chapter-8 Risk Management 8.1 Concept of Risk Management Risk management is a proactive process that focuses on identifying risk events and developing strategies to respond and control risks. It is not
More informationAgenda. Agenda (cont.) Risk Management Association. Loss Data in an Organization s DNA
Risk Management Association Internal Loss Events: Embedding Internal Loss Data in an Organization s DNA Agenda Overview and Context Background on Loss Data Defining the Objectives Objectives of Collecting
More informationCounty Executive Office
BUDGET & FULL-TIME EQUIVALENTS SUMMARY & BUDGET PROGRAMS CHART Operating $ 42,707,712 Capital $221,862 FTEs 58.5 Mona Miyasato County Executive Officer County Management Emergency Management Human Resources
More informationPRESENTATION TO CLASS 2 CREDIT UNIONS, BY DIRECTORS GLOBAL & BY BPS RESOLVER
1 YOU CAN T MANAGE WHAT YOU CAN T MEASURE Increasingly, boards and senior executives are looking to develop metrics or indicators to help to better monitor potential future shifts in risk conditions or
More informationBreak the Risk Paradigms - Overhauling Your Risk Program
SESSION ID: GRC-T11 Break the Risk Paradigms - Overhauling Your Risk Program Evan Wheeler MUFG Union Bank Director, Information Risk Management Your boss asks you to identify the top risks for your organization
More informationBasics of Liquidity Risk Management For Community Financial Institutions under $3 Billion in Assets
Basics of Liquidity Risk Management For Community Financial Institutions under $3 Billion in Assets 9/5/2013 By: Lawrence P. Poppert III, CPA Lawrence P. Poppert, III CPA Managing Principal Tel: 215 880-8261
More informationAn Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association. Lauren Woods Member Engagement & Operations
An Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association Lauren Woods Member Engagement & Operations Association Health Checks Issues arising from the health check: 3/27
More informationRight Sizing Your Reserves: A Better Way
Right Sizing Your Reserves: A Better Way ROB OLCOT T, R EGIONAL DIREC TOR, DIMEO SCHNEIDER & A S SOC CHRISTIAN SPENCER, PA RTNER, TAT E & TRYON ROB DICKINSON, CONTROLLER, N CARB A Brief History of Association
More information1st Capacity Building Seminar on Enterprise Risk Management
1st Capacity Building Seminar on Enterprise Risk Management Hotel Sea Princess, Mumbai 10 th August 2018 ERM as a Business Enabler N K V Roop Kumar, EVP, Chief of Risk, Info & Cyber Security Management,
More informationEspirito Santo Investment Holdings Limited and its subsidiaries. Group Pillar 3 Disclosures
Espirito Santo Investment Holdings Limited and its subsidiaries Group Pillar 3 Disclosures December 2012 1. Overview 1.1 Background With the introduction of the Capital Requirements Directive ( CRD ),
More informationRisk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic
Document uncontrolled when printed Policy No. 14 Risk Management DOCUMENT CONTROL Version: Date approved by Board: On behalf of Board: Jack Wegman 17 March 2015 26 March 2015 Denis Moroney President Next
More informationBournemouth Primary MAT Risk Management Policy
Bournemouth Primary MAT Risk Management Policy 1. Introduction The Bournemouth Primary Multi-Academy Trust (the Trust) operates a risk management system in order to identify and manage key exposures and
More informationRisk Assessment Mitigation Phase Risk Mitigation Plan Lessons Learned (RAMP B) November 30, 2016
Risk Assessment Mitigation Phase Risk Mitigation Plan Lessons Learned (RAMP B) November 30, 2016 #310403 Risk Management Framework Consistent with the historic commitment of Southern California Gas Company
More information