Best Practices in Issues Management

Similar documents
It s a WIN-WIN when your health plan satisfies you and your employees.

It s a WIN-WIN when your health plan satisfies you and your employees.

Section 987. May 16, 2017

Duis autem vel eum iriure dolor in hendrerit in vulputate

Sayer Energy Advisors Real Life Examples

Equity award services at your fingertips

Your Sainsbury s pension

UK Legal Investment Funds Market Map xxxxxxxx COMMERCIAL CONTACTS: PRESS CONTACT:

02 Introduction. 03 Defining your relationship with Lloyd s 04 Referring to the Lloyd s Agency network. 05 Using the Lloyd s Agency mark

02 Introduction. 03 Defining your relationship with Lloyd s 04 Referring to Lloyd s. 05 Using the Broker at Lloyd s logo

02 Introduction. 03 Defining your relationship with Lloyd s 04 Referring to Lloyd s. 05 Using the Coverholders at Lloyd s logo

Risk Management Policy and Processes

Lloyd s Underwriters and Service Companies

Commodities Commotion

Revenues, Net 4,000 5,000 4,000 4,000 4,000. Income (Loss) from Continuing Operations 500-4,000-4,000-4,000-4,000

HOW CAN WE CONTINUE TO MEET OUR FOREIGN INVESTMENT NEEDS?

Brand Handbook 2010 Version 2.0

What does it mean for me?

HARNESSING INDUSTRIAL CONTROL SYSTEMS SECURITY IN A GLOBAL ORGANIZATION

Dependable Innovative Transparent

CONTENTS CONSTRUCTION- CONSTRUCTION BEARING MAN RELATED PIC TO COME PIC TO COME PIC TO COME

New Website Preview RS Investments Responsive Layout Guidelines

/insight: Financial Statements 2000

PLUGS EAR EAR PLUGS. Header Card. Header Card. ear canals. to fit most. Tapered shape. extra comfort. Illustrative packaging design for ear plugs

Designing Highly- Available Architectures for OTM Chris Plough

New beginning. Lorem ipsum. Lorem ipsum. Lorem ipsum. Lorem ipsum dolor sit amet, consectetuer. Lorem ipsum dolor sit amet, consectetuer

THE TRADING ATRIUM A COMPLETE BUSINESS ECOSYSTEM. neopartnersglobal.com

BCA BUDGET SUBMISSION BALANCING ACT FISCAL AND POLICY PRIORITIES TO SUPPORT GROWTH BUSINESS COUNCIL OF AUSTRALIA

Compelling Wealth Management Conversations

BRAND GUIDELINES VERSION 1 MAY Adler Insurance Logo Guidelines

Andrea Hasler. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam tincidunt

Reg No: 2003 / / 07 FAIS FSP No: Clanfin Company Profile Page 1

moving 2013 ANNUAL REPORT

EU Visibility Guidelines

The Sustainable Future

Anyone can invest in Real Estate! Learn How you can make money in Real Estate for less than you think with affordable REIT Opportunities.

Sections of the ORSA Report

MENU. SEC Brings Settled Administrative Proceedings Against NYSE Relating to Informational Advantages, Electronic Trading and Other Matters

Not-for-Profit Accounting Standards Update. Ali Chalak, Senior Manager Moss Adams LLP

Risk Management Plan Project Name: Version 1.0 Date: dd/mm/yyyy

Valuation Report Mr & Mrs Corey Clarke. 04 December Argentum Wealth Limited is not authorised and regulated by the Financial Conduct Authority.

HEADING STYLE. Efficient BCI Prudential Medium. Core Solution HEADING STYLE

Click to edit Master title style. brought to you by

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

We make tax compliance simple

Employee Application and Medical Health Questionnaire

MENU. Morgan Keegan Settles SEC Fraud Charges Related to Mortgage-Backed Securities Valuations in its Registered Funds

BestExHub RTS 28 EXAMPLE SCHEMA

OWN RISK AND SOLVENCY ASSESSMENT. ERM Seminar Compliance All Dealing from the same deck now

A N N U A L R E P O R T. REPUBLIC BANCORP We were here for you yesterday, we are here for you today,and we'll be here for you tomorrow.

Certified Enterprise Risk Professional (CERP) Test Content Outline

2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group

FORGING AVNET S FUTURE OFFICERS AVNET 2000 ANNUAL REPORT. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh

Top Down, Bottom Up. Your Treasury Team. Robert Freiling Fund Financial Services, Fund Treasury Sr. Manager Vanguard

GST PRIMER

NORTH AMERICAN TITLE GROUP S BRAND STANDARDS

Approved Business Plan and Budget. Florida Reliability Coordinating Council, Inc.

GUIDELINE ON ENTERPRISE RISK MANAGEMENT

SPLODA DILIGENCE REPORT

Presentation of Financial Statements for Not-for-Profit Entities ASU

Agenda. Agenda (cont.) Risk Management Association. Loss Data in an Organization s DNA

2 012 A n n ua l R e p o Rt

MENU. FMLA Boot Camp: Regulatory and Case Law Developments Under the Family and Medical Leave Act

SERC Reliability Corporation Business Plan and Budget

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Approved Business Plan and Budget. Florida Reliability Coordinating Council, Inc.

ERM CB Seminar Hotel Sea Princes, Mumbai 10th Aug Application and Challenges

Launching ERM: Experiences from Progress Energy

Building an Effective Strategy for Managing Construction Risk

Summary of Risk Management Policy PT Bank CIMB Niaga Tbk

Public Private Venture Program PPV Accounting and Cash Flow Reporting

MENU. Marble Point Finalizes Acquisition of American Capital CLO Management. Ipsen Acquires Merrimack Pharmaceuticals Assets for up to US$1 Billion

MENU. Monica Gogna Joins Dechert as Financial Services Partner in London. Financial Times Shortlists Dechert in European Innovative Lawyers Report

SERC Reliability Corporation Business Plan and Budget

Delivering Clarity to Credit Unions Through Expertise and Experience

Mitigating Delay Claims and Scheduling Best Practices

ANNUAL REPORT

Article from: Risks & Rewards. August 2014 Issue 64

FPO. Ref: Notice of Premium Rate Increase Group Long-Term Care Policy No. [XXXXX]. Decision required by Month XX, YYYY.

Report on Inspection of McGladrey LLP (Headquartered in Chicago, Illinois) Public Company Accounting Oversight Board

Thirty-Second Board Meeting Risk Management Policy

Insert Your Logo or Name Here

M ARIETTA C OLLEGE V ISUAL I DENTITY G UIDELINES FIRST EDITION OCTOBER 9, 2006

INVESTOR PRESENTATION

Technical Certification Rating Concept for Photovoltaic Systems

Navigating the New Normal Enterprise Risk Management After e-risk Identification and Assessment

Advanced Operational Risk Modelling

AHEAD CONFIDENCE WITH ANNUAL REPORT TWO THOUSAND AND THIRTEEN

ISAE 3000 Staff Adaptation of Requirements from ISAs 210, 300, 315 and 330

DETERMINE THE VALUE OF YOUR GOLD

ATI TECHNOLOGIES INC ANNUAL REPORT YEARS OF INNOVATION

Dodd-Frank Act Stress Test Results. October 20, 2017

YOUR GUIDE TO IMPAC MORTGAGE

Risk Management at the Deutsche Bundesbank March 2011

GOV : Enterprise Risk Management Policy

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

Statement Guide NEW STATEMENT ACTIVITY SUMMARY. Card Type Number of Sales Amount of Sales Number of Credits Amount of Credits Net Sales Average Ticket

Rethinking World Class Treasury

Lorem ipsum dolor sit amet, consectetur Millennial Financial Literacy and Fin-tech Use adipiscing elit, aliquam tincidunt dui.

SEEING OUR WAY TO FINANCIAL SECURITY IN THE AGE OF INCREASED LONGEVITY SPECI AL R E P O RT

Transcription:

Best Practices in Issues Management Cara McWilliams Vanguard Operational Risk Management April 2016

2

Agenda Operational risk management lifecycle Issues vs. Events Origination Response Integration Reporting 3

Difference between Issues and Internal Events An Issue is defined as an identified deficiency in the design or effectiveness of the control environment, highlighting an undesired risk exposure. AN ISSUE CAN LEAD TO, OR BE IDENTIFIED FROM AN INTERNAL EVENT An Internal Event is defined as any event: Where the actual outcome differs from the expected outcome, and Where the root cause is from failures in people, process, and technology, or due to external factors 4

Operational risk management lifecycle Top down Risk voices Identify Risks, mitigation, and issues Integrated portfolio Bottom up Data sources Business (RCSAs) Contingency Information Security Legal Internal Audit Compliance Fraud 5

Origination Org Risk Process Impacts Internal Events Risk Control Self-Assessment Org Risk Process Impacts Org Risk Process Impacts Issues (untethered) Internal Audit Issues Compliance Issues Issues Log 1 XXXXXX X XX XXXXX X XXX 2 XXX X XX XXXXX X XXX 3 XXXXX X XX XXXXX X XXX 4 XXXX X XX XXXXX X XXX 5 XXXXXX X XX XXXXX X XXX 6

Self-identified issues Management Self-Identified Issues Issue 1: Logical Access Issue 2: Data Quality Issue 3: Management Oversight Issue 4: 7

Risk response An Issue can be addressed in one of two ways: Action Plans A sequence of steps or activities performed to appropriately mitigate the risk/issue. Clearly documented: 5 W s Clear assignment of ownership Realistic completion date(s) Risk Acceptance Management s decision to endure a risk exposure instead of pursuing an Action Plan. Clearly documented: WHY Properly vetted with management Re-evaluated annually (at minimum) 8

Integration Common platform and Taxonomy Issue Severity Business Process Legal Entity Division Risk Category 9

Reporting 10

Sample Issue Reporting 11

Divisional Operational Risk Profile As of XX/XX/2016 Rotating Topic Top Risk Scenarios Issue Identification Count of Past Due and Current Open Issues by source Issue Duration How long an issues has been open by priority Past due Current High Medium Low Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Risk Acceptance Risk Acceptances that have not been renewed Events by Net Impact Area of First Detection Client Business Events by Sub-Division Potential for Reoccurrence MPE High High/ Med Med Past due <180 <270 <365 Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore 12 magna aliquam erat volutpat.

Internal Control Environment Risk Management Practices Governance Operational risk management maturity Dashboard Components Ideal State Oversight Organizational Structure Management Engagement Forums exist for senior management to provide direct oversight of current and emerging exposures. Risk teams are established with qualified, high performing crew that are closely integrated in business operations and decision making processes. Business management exhibits dedicated involvement in the risk management program. Top-down Exposure Monitoring Bottom-up Control Identification Control Design Evaluation Control Effectiveness Monitoring End-to-End Transparency The division s top risks have been identified and documented. The division has effective processes for measuring whether key exposures are increasing, decreasing, or remaining stable in order to take action as needed. The division follows a structured methodology for establishing and prioritizing its process universe and performing risk assessments based on inherent risk level. The division uses the controls assessment framework methodology to identify and document key controls. The strength of key controls (control design adequacy) has been evaluated using controls assessment framework criteria. There is a structured process for validating that key controls are operating effectively to meet business objectives. There is cross-functional transparency in instances where the division has reliance on another division or internal / external service provider for performing key controls. 13

Outcomes Operational Risk Exposures Outcomes Operational Risk Exposures Drivers Proactive Risk Management Behaviors Drivers Proactive Risk Management Behaviors Operational risk management effectiveness Prior 3 Periods XX% Prior Prior 3 Period Periods s Q1 2016 2015 Metric XX% XX% Issue Self-Identification High and medium severity issues that are self-identified by the business as a percentage of the total number of high and medium severity issues identified by all sources <xx% xx-xx% >xx% Risk Accepted Findings Formally risk accepted high and medium severity issues as a percentage of the total number of high and medium severity issues. <xx% xx-xx% >xx% XX% Action Plan Accountability¹ High and medium severity issues with action plans deferred as a percentage of the total number of open high and medium severity issues <xx% xx-xx% >xx% XX% XX% XX% XX% Event Exposure Duration Internal events identified 31 calendar days after the date of occurrence as a percentage of the total number of internal events reported to ORM <xx% xx-xx% >xx% Green Audit Reports Audit reports that have a green rating as a percentage of the total number of audit reports <xx% xx-xx% >xx% Significant Events Internal events with a high severity as a percentage of the total number of internal events reported to ORM <xx% xx-xx% >xx% External Fraud Events External fraud events with losses $100K as a percentage of the total number of external fraud events with losses reported to ORM <xx% xx-xx% >xx% 14

Not for public distribution. 15

Appendix: Issue Data Collection Components Not for public distribution. 16

Appendix: Issue Data Collection Components Risk Acceptance Data Components Risk Acceptance ID Submit Date Optional Review Stages Accountable Division Submitted By Date Submitted for Review Accountable Subdivision Submission Status Owner Reviewer(s) Accountable Department/RC Risk Acceptance Description Additional Owner Reviewer(s) Accountable Business Unit Business Justification Owner Review Decision Expiration Date Business Impact Owner Review Due Date Days to Expiration Review Frequency Owner Review Approval Date Risk Acceptance Type Initial Expiration Date Finding ID Findings Number of Extensions Status Overall Status Review Stage Response Action Plan Data Components Action Plan Title Status Summary Action Item ID ERM Owner Comments Legacy ID Business Owner In Progress Date Accountable Division Due Date # of Days In Progress Accountable Subdivision % Completion Remediation Plan ID Accountable Department/RC Date Completed Finding ID Not for public distribution. 17

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback