Understanding Enterprise Risk Management: An Overview

Similar documents
GOV : Enterprise Risk Management Policy

Enterprise Risk Management Program

University Risk Management Policy

Risk Management Policy and Framework

Risk Management Policy

Kidsafe NSW Risk Management Plan. August 2014

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

College Procedure. 1. Introduction

RISK MANAGEMENT POLICY AND STRATEGY

Senior Director, Fire Life Safety & Risk Management

Fraud Risk Management

USF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment

An Introductory Presentation for ECU Staff

Procedures for Management of Risk

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

1st Capacity Building Seminar on Enterprise Risk Management

D7 Risk Management Policy

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

GUIDE TO RISK ASSESSMENT AND RESPONSE

An Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association. Lauren Woods Member Engagement & Operations

WHS Risk Assessment and Control Form

Policy Number: 040 Risk Management August 2018

Business Auditing - Enterprise Risk Management. October, 2018

Procedure: Risk management

Risk Management Policy Adopted by:

Introduction to Risk for Project Controls

TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD

Energize Your Enterprise Risk Management

Excellence in Risk Management via Enterprise Risk Management. Presentation to: Audit Committee Ashok K. Roy, Ph.D., CIA, CFSA, CBA September 18, 2015

Risk Management Framework

Housing Risk Management

Risk Management Policy and Procedures.

Practical aspects of determining and applying a risk appetite for SMEs

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Introduction. The Assessment consists of: A checklist of best, good and leading practices A rating system to rank your company s current practices.

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

RISK MANAGEMENT FRAMEWORK

CORPORATE RISK 2017 ANNUAL REPORT

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

HUBTOWN LIMITED REVISED RISK MANAGEMENT POLICY. (Effective from December 1, 2015)

RISK MANAGEMENT FRAMEWORK

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

What does the WEF Global Risks Report have to do with my Risk Management program? GRM016 Speakers:

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

Risk Management. Webinar - July 2017

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

Risk Management Policy

Policy Number Functional Field. Governance and Management. Related Policies. Policy of Making University Policies.

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Enterprise Risk Management Balancing Risks & Identifying Opportunities WEBINAR

RISK AND BUSINESS CONTINUITY MANAGEMENT

Applying COSO s Enterprise Risk Management Integrated Framework

SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY

Topic RISK MANAGEMENT Procedure Category Risk Management Updated 07/2011

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Version 2.0- Project. Q: What is the current status of your project? A: Completed

Risk Management Policy

West Coast District Municipality. Risk Management Policy

British Library Risk Management Policy Framework (2017)

Enterprise Risk Management Integrated Framework

RISK AND OPPORTUNITY ASSESSMENT GUIDE RISK CRITERIA

Risk Management Policy

The University of North Texas at Dallas Policy Manual Chapter

Approved by: Diocesan Council 17 December 2015

Section Defining Risk Management. 11. Principles of Risk Management

Bournemouth Primary MAT Risk Management Policy

Perpetual s Risk Management Framework

Risk Management Policy

7/25/2013. Presented by: Erike Young, MPPA, CSP, ARM. Chapter 2. Root Cause Analysis

Delivering Clarity to Credit Unions Through Expertise and Experience

RISK MANAGEMENT - CORPORATE COMPLIANCE & ETHICS

Version: th November 2010 RISK MANAGEMENT POLICY

RISK MANAGEMENT - CORPORATE COMPLIANCE & ETHICS

University of the Sunshine Coast (USC) Risk Appetite Statement

M_o_R (2011) Foundation EN exam prep questions

Risk Management Strategy

Enterprise Risk Management

OMB Update Enterprise Risk Management. April, 2018

Risk Associated with Meetings

Enterprise Risk Management Sources. Universe. Tolerance. Appetite

Security Risk Management

Key Themes. Organizational Dynamics and Effective Risk Management. Organizational Alignment. Risk Management Effectiveness

Organizational Risk Assessment GOAL. What is a Risk Assessment 9/21/2018

Certified Enterprise Risk Professional (CERP) Test Content Outline

Re: Comments on ORSA Guidance in the Financial Analysis and Financial Condition Examiners Handbooks

Risk Evaluation, Treatment and Reporting

Thirty-Second Board Meeting Risk Management Policy

Chapter 7: Risk. Incorporating risk management. What is risk and risk management?

Risky Business. Jaidev Iyer Operational Risk Expert, CEO J-Risk Advisors

GUIDELINE ACTIVITY RISK MANAGEMENT GUIDELINE

INTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

RISK MANAGEMENT FRAMEWORK

Sections of the ORSA Report

Enterprise Risk Management Focusing on the Right Risks

2.2 For Board Members to approve the five high risks the Trust is facing:

EFFECTIVE TECHNIQUES IN RISK MANAGEMENT. Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011

HAZARD MANAGEMENT POLICY Page 1 of 7 Reviewed: October 2018

Risk Management Framework. Group Risk Management Version 2

Transcription:

Understanding Enterprise Risk Management: An Overview 05/2016

What is Risk? An uncertain event It exists in the future Has a cause and effect Impacts objectives Its effect may be positive and/or negative The effect of uncertainty on objectives (ISO 31000:2009) 2

What is Enterprise Risk Management? Enterprise risk management is a process designed to identify potential events that may affect an institution, and manage risk to be within an acceptable level, to provide reasonable assurance regarding the achievement of institutional objectives. A tool to enhance management decision making, corporate governance, and accountability Facilitates effective management of the uncertainty and associated risks and opportunities facing an organization Helps an organization get to where it wants to go, and avoid pitfalls and surprises along the way A systematic approach to a historically intuitive exercise 3

Benefits of ERM Supports the achievement of strategic objectives Enhances institutional decision making Creates a risk aware culture across the organization Reduces operational surprises and losses Bridges departmental silos; develops a center of excellence for managing risk; and draws on the expertise of highly skilled managers 4

Office of Insurance and ERM Key ERM responsibilities include: Foster and promote a risk culture Provide training and awareness on ERM concepts and key risks Work closely with risk owners and risk champions across the University to continually identify and assess risks and to select and implement strategies in response to risks Maintain a comprehensive Risk Register (incl. Mitigation Plans) Centrally monitor and coordinate the risk management process and progress of mitigation plans Provide advice and assurance on effectiveness with which risk is managed Report on state of risk from department and institutional level 5

Risk = The Effect of Uncertainty on Objectives THE UNIVERSE S PLANS FOR YOU 6

How ERM Differs from Traditional Risk Management ERM takes an enterprise-wide approach considers the potential impact of all types of risks on all processes, activities, stakeholders, products and services ERM looks at both upside risk (opportunities) and downside risk (potential losses or damage) ERM assesses risk and opportunity in the context of strategic objectives ERM enhances existing strategic planning and budgeting processes it s not a standalone process ERM engages risk owners or subject matter experts to address and manage risks, with consulting and support 7

Relationship between Strategy and Risk 1) Where do you want to go? 2) How do we get there? 3) What uncertainties could help or hinder us? 8

Coordination Among Risk Groups at NYU Enterprise Risk Management The objective of ERM is to add value to NYU by performing the following: Develops a risk aware culture Facilitates the systematic identification and mitigation of University strategic/operational risks Internal Audit Provides independent and objective assurance and consulting services Evaluates NYU s governance, risk management and compliance practices Identifies and evaluates risk and assesses mitigation Assesses the effectiveness of internal controls Compliance Advises the University s academic and administrative units on compliance matters Promotes communication and coordination of compliance activities throughout the University Identifies compliance risks and mitigation with stakeholders Conducts compliance investigations and monitoring 9

Environment Institutional Enterprise Risk Management The Risk Universe Environment Categories å Levels Communicate and Consult RISK ASSESSMENT CYCLE Unit Public Perception Monitor and Review Health & Safety Human Resources 10

The Risk Management Process Objective Setting Set objectives that align with mission, goals, and values. Risk Identification Internal and external events affecting achievement of objectives must be identified, distinguishing between risks and opportunities. Risk Assessment Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis. Risk Response Management selects risk responses avoiding, accepting, reducing, or sharing risk developing a set of actions to align risks with desired outcomes. Mitigation Activities Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. Monitoring Monitoring is accomplished through ongoing management activities, separate evaluations, or both. 11

Risk Identification 12

Risk Identification Risk Categories Financial Foreign exchange risk Currency inflation Repatriation of funds Cash management Economic decline Financial statements Market Rise of online degrees Student loans Operations Strategic Campuses Abroad New degree programs Attraction of top talent Leadership succession plans Environmental Asbestos Pollution/Waste handling Hazardous material storage Climate conditions Natural disaster Health & Safety Infectious illnesses/disease Missing students Employee injury Emergency evacuation plans Student suicide No use of NYU Traveler Global research exposure Cyber risk Business continuity Lack of student housing Security on campus Lack of resources Theft of university property Compliance Data breaches Changes in governmental regulations Research compliance OFAC laws Export/Import laws Political Partnerships at NYU international sites 13

Risk Assessment Following risk identification, stakeholders have to assess NYU Risk Management Metrics: the risk using predetermined metrics. The 1Enterprise Low Risk 0-10% chance Management of occurring function created criteria and a 2 Low to Medium 10-30% chance of occurring scoring system to prioritize the risks. The criteria established are: 3 Medium 30-70% chance of occurring 4 Medium to High 70-90% chance of occurring 5 High 90-100% chance of occurring Likelihood How likely is the risk to occur? Impact If the risk were Expected to Residual occur, or how Current much IMPACTimpact would it have If this risk were to occur, what would be the impact to your operations (health & safety, financial, operations, legal, reputation). on the organization? 1 Low Velocity 2 Low to Medium If the risk were to occur, how long would it be before the 3 Medium organization was impacted? 4 Medium to High Management 5 High Preparedness How prepared or aware is management of the risk? The organization can accept 100% chance of the risk occurring. 1 Accept The organization will sustain minor impact or disruption. Risk Score = Likelihood Rating Impact Rating 2 3 The organization can accept 80-99% chance of the risk occurring. The organization will sustain minor impact or disruption. The organization can accept 50-79% chance of the risk occurring. The organization will sustain moderate impact or disruption. Please note: It is very The organization important can accept that 20-49% you are chance honest of the risk and occurring. open when scoring the 4 risks. History has shown The organization that will organizations sustain major impact tend or disruption. to falter when risks were not The organization can accept 0-19% chance of the risk occurring 5 Not Accept identified or addressed The organization properly. will sustain extreme impact or disruption. 1 Very Slow The effect of this risk on operations occurs only after 12 months. 2 Slow The effect of this risk on operations occurs within 6-12 months. 3 Moderate The effect of this risk on operations occurs within 3-6 months. 4 Fast The effect of this risk on operations occurs within 1-3 months. 5 Immediate The effect of this risk on operations occurs within 30 days. 1 None 2 Weak 3 Moderate 4 Strong 5 Very Strong Expected Residual or Current LIKELIHOOD The likelihood of a risk occurring under current condition within the next 18 months. RISK APPETITE The amount of risk the organization is willing to accept and/or avoid. VELOCITY (Speed to Onset) If this risk were to occur, how long before it would have an impact. MANAGEMENT PREPAREDNESS If this risk were to occur, how prepared would we be (upper management awareness/ assessment/oversight, controls in place to detect the risk and minimize the adverse impact). Likelihood Rating Descriptor 5 Almost Certain 4 Likely 3 Possible 2 Unlikely 1 Rare Impact Rating Descriptor 5 Catastrophic 4 Major 3 Moderate 2 Minor 1 Insignificant Definition Very High Likelihood: 90-100% chance of occurring High Likelihood: 70-90% chance of occurring Moderate Likelihood: 30-70% chance of occurring Low Likelihood: 10-30% chance of occurring Very Low Likelihood: 0-10% chance of occurring Definition Financial / non-financial loss level is considered very high; it will negatively alter the strategic plan of the University. Financial / non-financial loss level is considered high; it may impede on our ability to achieve strategic objective. Financial / non-financial loss level is considered moderate or typical; these losses have little to no effect on the strategic objective. Financial / non-financial loss level is considered low; these losses have very little to no effect on the strategic objective. Financial / non-financial loss level is considered very low; these losses have no effect on the strategic objective. 14

Risk Response Choose Risk Response Execute Mitigation Strategy Mitigate Develop a mitigation plan Treatment Plan Transfer Accept Move risk consequence to 3 rd party Treat if / when it happens Avoid Remove threat by stopping the activity Effective mitigation strategies can reduce negative risks or increase opportunities. 15

Monitoring and Review This process involves ongoing review to ensure that all aspects of the risk management program remain relevant and effective. Ensure ongoing risk management Monitor the progress and effectiveness of mitigation plans Monitor & Review Revise mitigation plans as needed Continuously improve risk management activities 16

Communicate and Consult This process involves improving our understanding of risk management and the risks NYU faces. Ensure all participants are aware of their roles and responsibilities Ensure varied viewpoints are considered Communicate and Consult Emphasize and enhance organizational transparency within the risk management context 17

Risk Register Risks identified and assessed should be documented in a risk register for the organization. Executive Owner Risk Owner Departments Risk Name Risk Description Likelihood Impact Risk Velocity Management Preparedness Comments We use Microsoft Excel to build out the University s risks registers (e.g., risk maps). We provide a risk register template to all risk owners who have participated in ERM training. Executive Owner Leader of function or school (e.g., V.P., E.V.P, Dean, or Director ) Risk Owner Person who is responsible for managing mitigation of the risk. The risk owner s responsibilities are directly related to or impacted by the risk. That being said, risks may have multiple risk owners. Risk Owner Department Department that risk and risk owner are assigned to. Risk Name Two to four word description of risk. Risk Description A sentence or two describing the risk event. Likelihood Impact Risk Velocity Management Preparedness Please see Risk Assessment slide for definitions Comments Further details or background information regarding the risk. How did the risk come to be? Are there any previous instances of the risk occurring? 18

Contact Information Michael Liebowitz Senior Director Insurance and Enterprise Risk Management 212-998-2757 Michael.Liebowitz@nyu.edu Paul Williams Associate Director, Insurance and Enterprise Risk Management 212-992-8279 Paul.Williams@nyu.edu

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback