ENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017
|
|
- Deirdre Ryan
- 6 years ago
- Views:
Transcription
1 ENTERPRISE RISK MANAGEMENT IN HEALTH CARE April 27, 2017
2 Presenters Adam Marshall Director, Risk Advisory Services Jessika Garis Manager, Risk Advisory Services RSM US LLP RSM US LLP
3 Agenda Overview of Enterprise Risk Management Risk Assessments and Key Areas of Risk Management Strategies for Specific Health Care Risks Risk Management Best Practices for Healthcare
4 OVERVIEW Enterprise Risk Management
5 What is Business Risk?? The threat that an event or action/inaction will adversely affect an organization s ability to achieve its business and strategic objectives OR Something bad will happen Something good won t happen
6 What types of companies assume risk? The question isn t whether your organization has assumed business risk assuming risk in the pursuit of your objective is the essence of a business The question is whether you fully understand the risk your organization has assumed and whether it s monitored, managed and aligned with your risk tolerance
7 Risk management everybody does it how they do it varies greatly Informal We ve got it covered VS Structured Let me explain the underlying risk, what our exposure is and how we re managing it
8 When resources are tight, why dedicate more effort to risk management? Historically, investments in structured risk management programs were driven by two primary factors: Regulatory requirements Management priority Increasingly, risk management programs are more necessary due to additional pressures: Protection of market value Expectations of counterparties and the associated risks Management s need to demonstrate reasonable awareness and management of risks
9 Value-destroying events can come from anywhere Dispersing the management and visibility of risks throughout the organization doesn t minimize the threat. It makes it harder for senior management to monitor and address emerging risks before they become significant events. Value-destroying events can come from anywhere: Strategic Technology Regulatory Reporting Operational Challenges Security Finance
10 Background: Why ERM Organization s take a more strategic perspective of risk from the top-down Benefits: Strategies and solutions that support mission, vision and values Better anticipate the unexpected Efficiency/ effectiveness in treatment of risks Improve decision making Allocation of resources Risk interdependencies Identify strategic competitive advantages Patient safety and the delivery of care that is effective, efficient and safe
11 Traditional Risk Management vs. ERM Traditional Risk Management Tactical, compliance focused Silo-based processes Program or risk type view Looks at risks individually Business decisions not closely linked to risks Driven by risk management and internal audit Supported by rules ERM Strategic, performance focused Consistent risk management approach across the enterprise Holistic view of key risks Considers risk interactions Business decisions based on a clear understanding of risks Driven by the board and owned by the business Supported by a risk culture
12 A Holistic View of Risk What is a holistic view of risk? Aggregated risk exposures across the enterprise Consideration of all types of risk, including interactions between risks Consideration of alternative, forward-looking scenarios Risk types vary by industry and may include: Operational Clinical/ Patient Safety Strategic Market Compliance Reputational Legal Environmental Security
13 Range of ERM Practices Small organization ERM practices Policies for each risk type Decisions based primarily on management judgment CFO or other executive responsible for risk oversight Less board involvement / reliance on Audit Committee Manual aggregation processes Tactical risk management training Large organization ERM practices Formally documented ERM framework Decisions based on complex, datadriven analysis ERM function and CRO Active board and risk committee involvement Highly automated aggregation and reporting processes ERM training based on a common risk language
14 A Practical Approach to Implementing ERM Start with the basics: Understand what you already have Using a framework, determine where you want to go Why are we doing this? What do we want to get out of it upside vs. downside risk How will your organization s culture react to ERM adoption? Who in your organization (or outside)will be involved at each phase what are the skill sets necessary Determine your time horizon while there are near term benefits that can be achieved, most ERM frameworks take 18 months or longer before they take root
15 COSO ERM Framework (In Exposure Draft)
16 Our ERM Framework An ERM Framework should include: Risk governance Risk appetite setting Enterprise-wide risk management processes Identification of risks Assessment / measurement of risks Monitoring of risks and actions to address risks Management of risk through controls/risk responses Reporting of risks and the status of action plans Integration with business decisionmaking Establishment of a strong risk culture
17 Integrating ERM into decision-making To be effective, risk management must be integrated into day-to-day business line activities and corporate decisions Risk Managers must be involved at the onset of strategy setting processes Risks associated with new products/services should be considered and communicated to the board Analysis of emerging risks and stress tests should influence business decisions Risk information should be shared across the organization to avoid the same event recurring
18 Risk Governance Reviews and approves risk strategies, frameworks, and policies Reviews risk reports and recommends/monitors risk limits and action plans Board oversight ERM committee Risk committees Oversees the implementation of the ERM framework/controls ERM function Risk policies Risk appetite Incentives ERM training Capital adequacy Product/strategy review
19 Risk Culture Development of a risk culture is critical to effective ERM Ways to establish a risk culture that is supportive of risk management: Tone at the top Reference the importance of risk management in organization s objectives Incorporate risk management into ongoing executive management communications Exhibit the desired risk management behaviors Code of Conduct or Ethics Risk management factors included in incentive and performance evaluation plans Clearly defined roles and responsibilities that are consistent with three lines of defense
20 Risk Appetite An effective ERM program relies on the establishment and communication of the organization s risk appetite Helps employees to understand the specific risks that the organization is willing and not willing to take Provides a means for ensuring that actual risk-taking is consistent with the organization s risk-taking capacity
21 Risk Appetite There are many ways to define risk appetite: Statements, such as a zero tolerance for compliance risk Specific program's, markets and/or groups that are outside of the organization s risk tolerance Metrics that define risk thresholds, such as financial measures (e.g., ROI target) or limits (e.g., % of total risk exposure) Are you able to articulate your organization s appetite or tolerance for risk?
22 RISK ASSESSMENTS AND KEY AREAS OF RISK Health Care
23 Risk Management Processes Risk management processes are grouped in different ways but generally include the following: Report Identify Ideally, each of these processes should be ongoing rather than, for example, annual. Monitor Manage/ Assess/ measure respond
24 Risk Identification Risk identification processes should begin with appropriate planning: Mapping of the organization s programs and processes Determination of the risk types to be included in the process (e.g., operational, legal, reputational) Identification of resources responsible for each area in the process Risks can be identified through various methods, such as interviews, surveys and/or facilitated workshops Different levels of the organization may have different perspectives on risks Include emerging risks Be wary of risks that are really the absence of controls Report Identify Assess/ Monitor measure Manage/ respond
25 Risk Identification Sample identification methods: Documentation such as: strategic plan, adverse event reporting, consultant reports and inspections, committee reports, peer review/quality metrics Risk questionnaires/surveys Facilitated working sessions, brainstorming, focus groups, interviews The Joint Commission Sentinel Event Alerts Patient satisfaction surveys Report Identify Monitor Assess/ measure Manage/ respond
26 Identification of Strategic Risks Strategic risks are risks that are material to a organization s ability to execute its strategy and achieve its business objectives. Sources of strategic risk to consider: External Competitors Brand Partnering Customers Regulators Suppliers Internal Planning Execution Employee engagement Access to funding Infrastructure Readiness
27 Health Care Risk Model Strategic / External Operational Human Capital Financial Legal & Compliance Technology Hazard - Competition - Affiliation, Mergers & Acquisitions - Variability in Patient-Related Volume - Research Grant / Funding Availability - New Models for Care Delivery - Diminished Market - Regulatory Change / Healthcare Reform - Conflict of Interest - Decreased Capital Spending - Hospital / Physician Relationship - Availability of Public Data - Business Management Discipline / Cost Management - Equipment Maintenance - Failure to Identify & Follow EBM - Facility Maintenance - Timely Access to Care - Failure to Refer - Failure to Diagnosis - Clinical Continuity - Insufficient Discharge Planning - Inconsistent Clinical Competency - Hiring & Retention - Organizational Structure, Alignment & Direction - Succession Planning - Unionization - Turnover - Recruitment - Aging Workforce - Disruptive Behavior - Flex Staffing - Workers Compensation - Physician Shortage - Credit / Collections - Financial Performance - Billing Accuracy / Compliance - Payer Mix / Reimbursements - Pension / Retirement Obligations - Philanthropy / Fundraising / Capital Campaign - Failure to Meet Margin - Uncompensated Care - Access to Capital - Contract Management - Revenue Enhancement - Conflicts of Interest - Fraud, Theft and Embezzlement - Governance, Compliance and Oversight - ACO - HIPAA Privacy & Security - Health Reform - Employment Practices - Multiple Vendors - Social Networking - Information Breach - Bar Coding - Hybrid EMR - IT Infrastructure & Security - Paucity of IT Professionals - Failure to Act in a Timely Manner - Incompatible Programs - Natural Disaster - Failure to Plan - Failure to Act Timely - Inability to Manage a Crisis - No Backup Systems or Appropriate Duplicate
28 Risk Assessment Risk assessment should begin with clarification of the objectives Program and internal audit risk assessments have different purposes (e.g., prioritization of risks vs. basis for audit plans) Common definitions, including inherent vs. residual risk, risk levels, and the adequacy of controls, should be clearly communicated. For example: A risk with a high likelihood may result in losses on a daily basis; A risk with a high impact may result in a loss equal to X, or significant harm to the organization s reputation. Report Identify Assess/ Monitor measure Manage/ respond
29 Risk Assessment Best practices in risk assessment include: Identification of risks against key business objectives Coordination of risk assessments through interviews, surveys or facilitated workshops to ensure consistency Use of available information, such as Key Risk Indicators (KRIs), to ensure objectivity Assessments of the adequacy of internal controls must also be objective Oversight and use of information, such as the results of quality control reviews, are critical
30 Using Risk Assessments Internal Audit assessments are generally used to: Determine the scope and frequency of audits Compare to business line assessments Program assessments are used to: Prioritize risks across the organization Identify the top risks to the organization Identify appropriate responses to risks, as well as areas where the adequacy of controls is too low for the level of risk Drive risk-based monitoring processes Avoid the black hole of risk assessment data!
31 Impact Risk Heat Map High Extraordinary events often overlooked Strategic imperatives Lower priority focus on efficiency Secondary risks - focus on controls Low Likelihood High
32 Risk Management / Responses Risk responses should be based on assessment of loss frequency and impact Management actions should be specific to reducing likelihood or impact, depending on which one was assessed as high The most common risk responses include: Avoid (get out) Accept/retain (monitor) Reduce (institute controls) Transfer or share (partner with someone) Report Identify Action plans with assigned owners should be developed and monitored by a risk committee Monitor Manage/ Assess/ measure respond
33 Risk Monitoring Risk monitoring should follow from risk assessments Higher risks should be monitored more frequently and in more depth Key risk indicators (KRIs) are critical to early identification of risks and, as a result, fewer surprises KRIs should be forward-looking Key Performance Indicators (KPIs), are primarily backward-looking Report Identify Monitor Assess/ measure Manage/ respond
34 Risk Reporting Reporting should also follow from risk assessments, with higher risks reported in more depth Emphasis of risk reporting should be on highlighting key risks and recommendations for and status of management action Volumes of detail should be avoided, particularly for board reporting Reports should include early indicators and emerging risks Best practices include the development of ERM dashboards that provide a holistic view of risk and thoughtful analysis Report Identify Assess/ Monitor measure Manage/ respond
35 MANAGEMENT STRATEGIES FOR SPECIFIC HEALTH CARE RISKS Health Care
36 Cybersecurity Risk Today s Organizations face innumerable threats: Advanced persistent threats (APTs) Social media Social engineering Spear-phishing Ransomware Resulting Risk Patient care Breach and related cost Reputation
37 Risk Management Cyber threat risks, mitigation plan, and progress documented; residual risk determined Report Identify Technology organization catalogues cyber risk threats Management process for measuring the effectiveness of the procedures; KPI s for the reduction of vulnerabilities Monitor Manage/ respond Assess/ measure To reduce hacking risk: Continuous network scanning performed; periodic 3 rd party network testing Threats ranked and residual risk determined; part of organization risk analysis; Hacking as a specific risk identified as high
38 Revenue Cycle Charge Capture Risk Charge capture risks include: Missed net revenue opportunities Delayed or denied payments Increase rework and reconciliation on the backend Extended accounts receivable cycles Dissatisfied customers from incorrect billing Potential Medicare inquiries or expensive penalties due to inaccurate billing Inaccurate data for contract negotiation
39 Risk Management Hold quarterly meetings with department managers to conduct a review and update chargemaster and review third party contracts. Report Identify Qualitative and quantitative assessment of current processes compared to industry best practices to identify opportunities for improvement Performance measurement of the charge capture and clinical documentation functions can be achieved by utilizing various KPIs and benchmarking against industry standards. Monitor Manage/ respond Assess/ measure Analyze all departmental procedure charges to determine if each is inclusive of all supplies and procedures used/performed Establish a formal process that involves the business office and department managers to review existing charge codes and to establish new charge codes
40 RISK MANAGEMENT BEST PRACTICES Health Care
41 Obstacles Inadequate support from senior management and/or broad participation Length of time to implement Competition among various units: quality assurance, risk management, compliance, internal audit, operations Cultural challenges Communication Limited use of technology No common risk taxonomy Limited expertise Challenging to demonstrate ROI Inadequate follow-through and refinement
42 Lessons Learned Tone at the Top Crawl-Walk-Run Build on Tools / Processes in Place Simplicity at the Outset Culture Culture Culture
43
44 RSM US LLP One South Wacker Drive Chicago, Illinois +00 (1) This document contains general information, may be based on authorities that are subject to change, and is not a substitute for professional advice or services. This document does not constitute audit, tax, consulting, business, financial, investment, legal or other professional advice, and you should consult a qualified professional advisor before taking any action based on the information herein. RSM US LLP, its affiliates and related entities are not responsible for any loss resulting from or relating to reliance on this document by any person. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. RSM and the RSM logo are registered trademarks of RSM International Association. The power of being understood is a registered trademark of RSM US LLP RSM US LLP. All Rights Reserved.
Energize Your Enterprise Risk Management
Energize Your Enterprise Risk Management Presented By Mark Caiazzo, CISA, CISM, CRISC Tammy Michaud, CPA May 15, 2017 Reviewed: Agenda Enterprise Risk Management Defined Benefits of ERM Key Components
More informationINTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R
INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R Operational Risk Management Today Companies are struggling to obtain a holistic view of risk and
More informationApplying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004
Applying COSO s Enterprise Risk Management Integrated Framework September 29, 2004 Today s organizations are concerned about: Risk Management Governance Control Assurance (and Consulting) ERM Defined:
More informationApplying COSO s Enterprise Risk Management Integrated Framework
Applying COSO s Enterprise Risk Management Integrated Framework COSO COSO stands for the Committee Of Sponsoring Organizations of the Treadway Commission. The sponsoring organizations are: Institute of
More informationEnterprise Risk Management Focusing on the Right Risks
2014 CliftonLarsonAllen LLP Enterprise Risk Management Focusing on the Right Risks VGFOA 2015 Fall Conference October 22, 2015 CLAconnect.com Session Objectives 1.Identify factors driving the need for
More informationENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework
ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework ENTERPRISE RISK MANAGEMENT (ERM) ERM Definition The Conceptual Frameworks: CAS and COSO Risk Categories Implementing ERM Why ERM? ERM Maturity
More informationMEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework
MEMORANDUM To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 Re: ERM Policy and Framework Executive Summary Attached are the draft Enterprise Risk Management
More informationRisk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI
Risk Management: Principles, Methodologies and Techniques Peter Getugi Internal Audit Manager ILRI NAIROBI 22 JUNE, 2010 Session Objectives What is Risk Management? Why is Risk Management importance rising?
More informationBusiness Continuity Management and ERM
Business Continuity Management and ERM Partnership for Emergency Planning Kansas City Marshall Toburen GRC Strategist ERM, ORM, 3PM RSA A division of EMC 2 June 18, 2014 1 Agenda Intro State of ERM Today
More informationENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals
Purpose This Enterprise Risk Management Policy (the ERM policy) provides the framework for managing risks across ( RGHC or the Company ). It contains the policies to guide employees, management and the
More informationSections of the ORSA Report
Lessons Learned From Orsa Reviews Impact on Risk Focused Examination NAIC Insurance Summit INS Companies Joe Fritsch, Director INS Companies Don Carbone, Exam Manager INS Companies Sections of the ORSA
More informationCORPORATE RISK MANAGEMENT POLICY
11/8/2017 INFORMAÇÃO INTERNA ÍNDICE 1 PURPOSE... 3 2 SCOPE... 3 3 REFERENCES... 3 4 CONCEPTS... 4 5 GUIDELINES... 6 6 RESPONSABILITIES... 8 7 CONTROL INFORMATION... 14 2 INFORMAÇÃO INTERNA 1 PURPOSE The
More informationFIRMA Nashville Tennessee April 21, 2015
FIRMA Nashville Tennessee April 21, 2015 Brian J. Pinkerton T. Kevin Whalen Enterprise risk management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization
More informationPresentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,IIK 6 th JULY 2017
ENTERPRISE RISK MANAGEMENT SEMINAR Enterprise Risk Management in case of Financial Institutions Presentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,IIK 6 th JULY 2017 Uphold public
More informationDRAFT 3/18/14 Financial Analysis Handbook 2014 Annual/2015 Quarterly
ORSA Summary Report The NAIC Risk Management and Own Risk and Solvency Assessment Model Act (Model #505) requires all insurers with direct written premium and unaffiliated assumed premium of $500 million
More informationBest Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]
Best Practices in ENTERPRISE RISK MANAGEMENT [ Managing Risks Holistically ] INTRODUCTIONS MODERATOR: Bob Lipps, JD, CPA PANELISTS: Ron Wilcox Abel Pomar Karen Gordon, Esq. THE EVOLUTION OF RISK Traditional
More informationJourney of a Compliance Officer in ERM Implementation. SCCE Regional Conference September 8, Introduction
Journey of a Compliance Officer in ERM Implementation SCCE Regional Conference September 8, 2017 1 Introduction Is there a formal ERM program within your institution? Is their alignment/coordination between
More informationGACC MIDWEST LUNCHEON SERIES
GACC MIDWEST LUNCHEON SERIES State of the Information Security July 12, 2017 With you today Jay Schulman Principal, Great Lakes Security & Privacy Leader Focused on helping companies build and improve
More informationCertified Enterprise Risk Professional (CERP) Test Content Outline
Certified Enterprise Risk Professional (CERP) Test Content Outline SECTION 1: RISK GOVERNANCE Domain 1: Board and Senior Management Oversight (8%) Task 1: Provide relevant, timely, and accurate information
More informationBERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework
BERGRIVIER MUNICIPALITY Risk Management Risk Appetite Framework APRIL 2018 1 Document review and approval Revision history Version Author Date reviewed 1 2 3 4 5 This document has been reviewed by Version
More informationSupervisor of Banks: Proper Conduct of Banking Business (12/12) Operational Risk Management Page Operational Risk Management
Operational Risk Management Page 350-1 Operational Risk Management Introduction 1. Operational risk is inherent in all banking products, activities, processes and systems. The effective management of operational
More informationExcellence in Risk Management via Enterprise Risk Management. Presentation to: Audit Committee Ashok K. Roy, Ph.D., CIA, CFSA, CBA September 18, 2015
Excellence in Risk Management via Enterprise Risk Management Presentation to: Audit Committee Ashok K. Roy, Ph.D., CIA, CFSA, CBA September 18, 2015 We need to migrate to ERM for holistic view of Risks.
More informationDelivering Clarity to Credit Unions Through Expertise and Experience
Jeff Owen, The Rochdale Group September 2012 Delivering Clarity to Credit Unions Through Expertise and Experience Enterprise Risk Management Lending Execution and Risk Management Merger Strategy and Realization
More informationIntroduction. The Assessment consists of: A checklist of best, good and leading practices A rating system to rank your company s current practices.
ESG / CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting www.corostrandberg.com September 2017 Introduction This ESG / CSR / Sustainability Governance
More informationRisk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic
Document uncontrolled when printed Policy No. 14 Risk Management DOCUMENT CONTROL Version: Date approved by Board: On behalf of Board: Jack Wegman 17 March 2015 26 March 2015 Denis Moroney President Next
More informationENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.
1. Purpose: 1.1. Pedernales Electric Cooperative ( PEC ) is committed to delivering low-cost, reliable and safe energy solutions for the benefit of our members. In order to improve the likelihood of achieving
More informationRisk Management. Webinar - July 2017
Risk Management Webinar - July 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Adapted and Facilitated by: Professor Enslin J. van Rooyen Risk Management - June 2017 2 Defining Risk
More informationRisk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small
Risk Management Seminar June 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Defining Risk Risk reflects the chance that the actual event may be different than the planned / expected
More information2018 THE STATE OF RISK OVERSIGHT
2018 THE STATE OF RISK OVERSIGHT AN OVERVIEW OF ENTERPRISE RISK MANAGEMENT PRACTICES 9 TH EDITION MARCH 2018 Mark Beasley Bruce Branson Bonnie Hancock Deloitte Professor of ERM Director, ERM Initiative
More informationUNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy
UNITED NATIONS JOINT STAFF PENSION FUND Enterprise-wide Risk Management Policy 15 April 2016 Page 1 Table of Contents Page Preface I. Introduction 3 II. Definition 4 III. UNSJFP Enterprise-wide Risk Management
More informationUnderstanding Enterprise Risk Management: An Overview
Understanding Enterprise Risk Management: An Overview 05/2016 What is Risk? An uncertain event It exists in the future Has a cause and effect Impacts objectives Its effect may be positive and/or negative
More informationGOV : Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management GOV-080-005: Enterprise Risk Management Policy Draft Date: November 2006; January 2012 Revised
More informationNavigating the New Normal Enterprise Risk Management After e-risk Identification and Assessment
Navigating the New Normal Enterprise Risk Management After e-risk Identification and Assessment Agenda ERM After e-ria ERM Level Setting ERM Fundamentals So Now What? Next-Step Considerations Overview
More informationEnterprise Risk Management
Enterprise Risk Management Navigating the Enterprise Risk Management Landscape Alp E. Can Director of Enterprise Risk Management, FHLBank Atlanta North Carolina Bankers Association August 31, 2016 Building
More informationPerpetual s Risk Management Framework
Perpetual s Risk Management Framework Perpetual s Risk Management Framework Context Perpetual Limited (Perpetual) is a diversified financial services firm, listed on the Australian Securities Exchange.
More informationEnhanced Cyber Risk Management Standards. Advance Notice of Proposed Rulemaking
Draft 11/29/16 Enhanced Cyber Risk Management Standards Advance Notice of Proposed Rulemaking The left column in the table below sets forth the general concepts that the federal banking agencies are considering
More information1st Capacity Building Seminar on Enterprise Risk Management
1st Capacity Building Seminar on Enterprise Risk Management Hotel Sea Princess, Mumbai 10 th August 2018 ERM as a Business Enabler N K V Roop Kumar, EVP, Chief of Risk, Info & Cyber Security Management,
More informationIntroduction. The Assessment consists of: Evaluation questions that assess best practices. A rating system to rank your board s current practices.
ESG / Sustainability Governance Assessment: A Roadmap to Build a Sustainable Board By Coro Strandberg President, Strandberg Consulting www.corostrandberg.com November 2017 Introduction This is a tool for
More informationPractical aspects of determining and applying a risk appetite for SMEs
Practical aspects of determining and applying a risk appetite for SMEs By Tim Timchur acis, Director, ActivePro Consulting Pty Ltd Important to determine appetite for risk before determining what risk
More informationThree Lines of Defense: Working Together to Enhance Business Performance
Three Lines of Defense: Working Together to Enhance Business Performance Rebecca Towne President, Quadrant Risk Advisory Enterprise risk management. It s all we do. 2 Topics for Today 1. The Case for Three
More informationENTERPRISE RISK MANAGEMENT Framework
STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework January 2018 Ce document est également disponible en français. Notice This document is intended as a reference tool
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Assessment Part 2 2017 Association of Certified Fraud Examiners, Inc. Fraud Risk Assessment Frameworks Frameworks are helpful for performing, evaluating, and reporting
More informationThe OCEG Open Risk Classification using XBRL
The OCEG Open Risk Classification using XBRL Yuji Furusho Fujitsu Research Institute Agenda Overview Governance Risk and Compliance Brief Introduction Standards Initiatives Business Standards, XBRL and
More informationThe Components of a Sound Emerging Risk Management Framework
North American CRO Council The Components of a Sound Emerging Risk Management Framework December 6, 2012 2012 North American CRO Council Incorporated chairperson@crocouncil.org North American CRO Council
More informationM_o_R (2011) Foundation EN exam prep questions
M_o_R (2011) Foundation EN exam prep questions 1. It is a responsibility of Senior Team: a) Ensures that appropriate governance and internal controls are in place b) Monitors and acts on escalated risks
More informationBusiness Auditing - Enterprise Risk Management. October, 2018
Business Auditing - Enterprise Risk Management October, 2018 Contents The present document is aimed to: 1 Give an overview of the Risk Management framework 2 Illustrate an ERM model Page 2 What is a risk?
More informationAgenda. Agenda (cont.) Risk Management Association. Loss Data in an Organization s DNA
Risk Management Association Internal Loss Events: Embedding Internal Loss Data in an Organization s DNA Agenda Overview and Context Background on Loss Data Defining the Objectives Objectives of Collecting
More information360 Degrees of Enterprise Risk Management
360 Degrees of Enterprise Risk Management Monday, June 17, 2013 2:00 PM 3:15 PM Presented by: Jennifer F. Burke Partner Crowe Horwath LLP 144 N. Broadway Lexington, KY 40507 859.280.5160 (o) 859.221.2613
More informationConstruction projects: manage risk to achieve success
Construction projects: manage risk to achieve success By: Gareth Byatt, Principal Consultant Risk Insight Consulting Date: 12 th August 2017 Summary: This Paper discusses risk management on construction
More informationDraft Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: November 2017
Draft Guideline Subject: Category: Sound Business and Financial Practices Date: November 2017 I. Purpose and Scope of the Guideline This guideline communicates OSFI s expectations with respect to corporate
More informationAmerican Academy of Actuaries Webinar: The Practice of ERM in the Insurance Industry. Enterprise Risk Management Committee November 19, 2013
American Academy of Actuaries Webinar: The Practice of ERM in the Insurance Industry Enterprise Risk Management Committee November 19, 2013 All Rights Reserved. 1 Presenters Bruce Jones, MAAA, FCAS, CERA
More informationCritical Reflection of Two State-of-the-Art Risk Management Frameworks (SRM004)
Critical Reflection of Two State-of-the-Art Risk Management Frameworks (SRM004) Speakers: Dr. Kathrin Anne Meier, Chief Risk Officer, Allianz Global Corporate & Specialty John Adams, VP Global ERM, PepsiCo
More informationLeveraging an organization s current risk management to create a sustainable ERM program. Thursday, January 15, 2015
Leveraging an organization s current risk management to create a sustainable ERM program Thursday, January 15, 2015 Augustine Doe Ron Marx AGENDA Pg 1 Pg 2 Pg 3 Pg 4 Pg 5 Pg 6 Pg 7 Pg 8 Pg 9 Pg 10 Pg 11
More informationERM Sample Flashcards
ERM Sample Flashcards You have downloaded a sample of our ERM flashcards. The flashcards are designed to help you memorize key material for the SOA s ERM exam. The flashcards are in a Q&A format that is
More informationThe Country Risk Manager as Chief Risk Officer for the Government. Swiss Re, 3 June 2014
The Country Risk Manager as Chief Risk Officer for the Government Swiss Re, 3 June 2014 Agenda Risk management fundamentals across private and public sectors Swiss Re's risk management process as an example
More informationThe ORSA opportunity:
The ORSA opportunity: Compliance and business value 12 March 2014 Today s agenda Background and regulatory update ORSA overview Industry perspectives Achieving long-term business value Page 2 Today s agenda
More informationEnterprise Risk Management Integrated Framework
ISACA S IT Audit, Information Security & Risk Insights Africa 2014, Alisa Hotel Enterprise Risk Management Integrated Framework Tony Bediako May 20, 2014 Today s organizations are concerned about: Risk
More informationINTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY
INTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY June 2012 Sami Ahmed Assistant Vice President - MRC Paolo De Rosa Senior Vice President - MRC Introduction Purpose Raise your knowledge and awareness
More informationRISK COMMITTEE CHARTER THE CHARLES SCHWAB CORPORATION
RISK COMMITTEE CHARTER THE CHARLES SCHWAB CORPORATION PURPOSE The Risk Committee ( Committee ) of the Board of Directors ( Board ) assists the Board and other Committees of the Board in fulfilling its
More informationก ก Tools and Techniques for Enterprise Risk Management (ERM)
ก ก Tools and Techniques for Enterprise Risk Management (ERM) COSO ERM ISO ERM 31 2554 10:45 12:15.. 301, 302, 307 ก ก COSO Internal Control ERM Integrated Framework Application Technique ISO 31000 Guide
More informationCITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY
CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY Effective Date 1 July 2015 TABLE OF CONTENTS 1. POLICY STATEMENT... 3 2. POLICY CONTEXT... 4 3. PURPOSE... 5 4. POLICY SCOPE AND APPLICATION... 6 5. RISK
More informationCyber Risk Enlightenment through information risk management
Cyber Risk Enlightenment through information risk management www.pwc.com.au Cyber Risk Enlightenment through information risk management Managing cyber risk in a way that makes sense to everyone in the
More information7/25/2013. Presented by: Erike Young, MPPA, CSP, ARM. Chapter 2. Root Cause Analysis
Presented by: Erike Young, MPPA, CSP, ARM 1 Chapter 2 Root Cause Analysis 1 Introduction to Root Cause Analysis Root Cause The event or circumstance that directly leads to an occurrence Root Cause Analysis
More informationEnterprise Risk Management Policy Adopted by the AMP Limited Board on 2 February 2017
Enterprise Management Policy Adopted by the AMP Limited Board on 2 February 2017 AMP s promise is to help people own tomorrow. To achieve this promise, risks must be managed effectively within the Board
More informationSCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda
SCCE 2012 COMPLIANCE & ETHICS INSTITUTE October 14, 2012 l Las Vegas, NV Ethics & Compliance Risk Management 101: Program Essentials and Effective Practice Key Steps to Implementing and Championing an
More informationRisk Management Policy and Framework
Risk Management Policy and Framework Risk Management Policy Statement ALS recognises that the effective management of risks is a fundamental component of good corporate governance and is vital for the
More informationGlobal Enterprise Risk Management in Insurance
Global Enterprise Risk Management in Insurance Caroline Bennet National Leader, Deloitte Actuaries & Consultants Australia Meeting the Challenges of Change 14 th Global Conference of Actuaries 19 th 21
More informationManaging risk appetite for operational and non-financial risks
Managing risk appetite for operational and non-financial risks John Thirlwell IIA, Bodø, 27 May 2013 Agenda What do we mean by operational and nonfinancial risks? What do we mean by risk appetite? A framework
More informationTHE BERMUDA MONETARY AUTHORITY BANKS AND DEPOSIT COMPANIES ACT 1999: The Management of Operational Risk
THE BERMUDA MONETARY AUTHORITY BANKS AND DEPOSIT COMPANIES ACT 1999: The Management of Operational Risk May 2007 Introduction 1 This paper sets out the policy of the Bermuda Monetary Authority ( the Authority
More informationWorking through Risk Appetite
28 th National Risk Management Training Conference Working through Risk Appetite Marilyn Smith Head U.S. Policy & Governance BMO Financial Corp./BMO Harris Bank Fiduciary Governance April 30 2013 Working
More informationRight Sizing Your Reserves: A Better Way
Right Sizing Your Reserves: A Better Way ROB OLCOT T, R EGIONAL DIREC TOR, DIMEO SCHNEIDER & A S SOC CHRISTIAN SPENCER, PA RTNER, TAT E & TRYON ROB DICKINSON, CONTROLLER, N CARB A Brief History of Association
More informationERM and ORSA Assuring a Necessary Level of Risk Control
ERM and ORSA Assuring a Necessary Level of Risk Control Dave Ingram, MAAA, FSA, CERA, FRM, PRM Chair of IAA Enterprise & Financial Risk Committee Executive Vice President, Willis Re September, 2012 1 DISCLAIMER
More informationThe Proactive Quality Guide to. Embracing Risk
The Proactive Quality Guide to Embracing Risk Today s Business Uncertainties Are Driving Risk Beyond the Control of Every Business. Best Practice in Risk Management Can Mitigate these Threats The Proactive
More informationApproved Models to Align Incentives between Hospitals and their Physicians
Approved Models to Align Incentives between Hospitals and their Physicians Agenda I. Alignment Model Overview II. Co-Management III. Clinically Integrated Networks CIN Definition & Overview Network Development
More informationFiduciary Risk Range of Practice - April 2012
Fiduciary Risk Range of Practice - April 2012 This RMA survey was intended to capture the current range of practice in fiduciary risk across a selection of member institutions. The survey was conducted
More informationOWN RISK AND SOLVENCY ASSESSMENT. ERM Seminar Compliance All Dealing from the same deck now
OWN RISK AND SOLVENCY ASSESSMENT ERM Seminar - 2014 Compliance All Dealing from the same deck now Own and Solvency Assessment! Originated in the UK about 10 years ago Now a global insurance regulatory
More informationStatement of Guidance for Licensees seeking approval to use an Internal Capital Model ( ICM ) to calculate the Prescribed Capital Requirement ( PCR )
MAY 2016 Statement of Guidance for Licensees seeking approval to use an Internal Capital Model ( ICM ) to calculate the Prescribed Capital Requirement ( PCR ) 1 Table of Contents 1 STATEMENT OF OBJECTIVES...
More information2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group
2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group During October 2014 through June 2015, a third ORSA Feedback Pilot Project
More informationAIA Group Limited. Terms of Reference for the Board Risk Committee
AIA Group Limited AIA Restricted and Proprietary Information Issued by : Board of AIA Group Limited Date : 26 February 2018 Version : 7.0 Definitions 1. For the purposes of these terms of reference (these
More informationAuditor s Letter. Timothy M. O Brien, CPA Denver Auditor Annual Audit Plan
2017 Audit Plan Office of the Auditor Audit Services Division City and County of Denver Timothy M. O Brien, CPA Inside: Planned Audits Plan Description Audit Selection Process Auditor s Authority credit:
More informationWhat does the WEF Global Risks Report have to do with my Risk Management program? GRM016 Speakers:
What does the WEF Global Risks Report have to do with my Risk Management program? GRM016 Speakers: Linda Conrad, Head of Strategic Business Risk, Zurich Insurance Tim Bunt, Chief Risk Officer, CBRE Stefanie
More informationWhy your board should take a fresh look at risk oversight: a practical guide for getting started
January 2017 Why your board should take a fresh look at risk oversight: a practical guide for getting started Boards play a critical role in overseeing company risk. Ongoing and evolving challenges call
More informationIsraeli off-shore exploration and development. How to manage the risks?
Israeli off-shore exploration and development How to manage the risks? Eitan Glazer, Partner Energy Practice Leader Israel April 28, 2013 Helping energy companies succeed With over 5,300 industry-dedicated
More informationUSF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment
USF System Compliance & Ethics Program Risk Assessment Process Enterprise-Wide Risk Assessment Risk Assessment Process Risk Assessment: A disciplined, documented, and ongoing process of identifying and
More informationRISK MANAGEMENT FRAMEWORK OVERVIEW
Perpetual Limited RISK MANAGEMENT FRAMEWORK OVERVIEW September 2017 Classification: Public Page 1 of 6 COMMITMENT TO RISK MANAGEMENT As a publicly listed company and provider of financial products and
More informationSummary Enterprise Risk Management Framework
Summary Enterprise Risk Management Framework Last Updated: September 26, 2016 CONTENTS I. Overview II. III. Risk Management Philosophy General Risk Management Activities Board of Directors Risk Management
More informationOMB Update Enterprise Risk Management. April, 2018
OMB Update Enterprise Risk Management April, 2018 1 Current Risk Environment Facing Federal Government The Federal government is facing greater change than at any other point in time Current budget realities
More informationThirty-Second Board Meeting Risk Management Policy
Thirty-Second Board Meeting Risk Management Policy 00 Month 2014 Location, Country Page 1 Board Decision THE RISK MANAGEMENT POLICY Purpose: 1. This document, Risk Management Policy (), presents: i) a
More informationRisk Management Strategy
Risk Management Strategy 2016 2019 Version: 6 Policy Lead/Author & Deputy Director of Quality position: Ward / Department: Nursing Directorate Replacing Document: Version 5 Approving Committee Quality
More informationEnterprise Risk Management Sources. Universe. Tolerance. Appetite
Sources. Universe. Tolerance. Appetite Presentation Made at the ICPAK ERM Conference Wednesday, 20 th March 2013 Hilton Hotel, Nairobi Kenya Jona Owitti, CISA (jona.owitti@yahoo.com) Membership Director
More informationEnterprise Risk Management
Enterprise Risk Management Southeastern Actuaries Conference Rebecca Scotchie June 2011 ERM is 2 1 Agenda What is ERM? Why is risk management important? ERM maturity model/evolution of ERM ERM Framework
More informationGeneral questions 1. Are there areas not addressed in the Guidance that should be considered in assessing risk culture?
To: Financial Stability Board (fsb@bis.org) From: Danny Saenz, Co-Chair, NAIC Group Solvency Issues (E) Working Group Date: January 30, 2014 Re: Comments Regarding December 23, 2013 Questions Regarding
More informationRisk Evaluation, Treatment and Reporting
Chapter 8 Risk Evaluation, Treatment and Reporting In the previous chapter we looked at how risks are identified, described and estimated using a likelihood and consequences matrix. This is an essential
More informationRisk management policy
Risk management policy November 2017 Risk management policy Page 0 of 8 Contents 1. Policy objectives and background 2 1.1 Policy background 2 1.2 Policy objective 2 1.3 Policy sponsor and maintenance
More informationProduct Recall Risk Assessment By Tony Munns. Product recall is a key area of risk for today s company. With greater focus
Product Recall Risk Assessment By Tony Munns Product recall is a key area of risk for today s company. With greater focus on, and understanding of the impact of products and their raw materials on individuals,
More informationExecutive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B
Executive Board Annual Session Rome, 25 28 May 2015 POLICY ISSUES Agenda item 5 For approval ENTERPRISE RISK MANAGEMENT POLICY E Distribution: GENERAL WFP/EB.A/2015/5-B 10 April 2015 ORIGINAL: ENGLISH
More informationAmex Bank of Canada. Basel III Pillar III Disclosures December 31, AXP Internal Page 1 of 15
December 31, 2013 AXP Internal Page 1 of 15 Table of Contents 1 Scope of application 3 2 Capital structure and adequacy 4 3 Credit risk management 6 4 Asset liability management 11 Structural interest
More informationBasics of Liquidity Risk Management For Community Financial Institutions under $3 Billion in Assets
Basics of Liquidity Risk Management For Community Financial Institutions under $3 Billion in Assets 9/5/2013 By: Lawrence P. Poppert III, CPA Lawrence P. Poppert, III CPA Managing Principal Tel: 215 880-8261
More informationExploring the New Era of ORSA Enterprise Risk Management (ERM)/ Own Risk and Solvency Assessment (ORSA) Committee
Exploring the New Era of ORSA Enterprise Risk Management (ERM)/ Own Risk and Solvency Assessment (ORSA) Committee Copyright 2015 by the American Academy of Actuaries. All Rights Reserved. Presenters Tricia
More informationRisk Management Policy. Apollo Hospitals. Risk Management Policy
Apollo Hospitals Risk Management Policy Table of Contents 1. Introduction...1 2. Risk Management Policy...2 2.1 Applicability... 2 2.2 Risk Management Objectives... 2 2.3 Definitions... 2 2.3.1 Risk...
More information