RISK MANAGEMENT - CORPORATE COMPLIANCE & ETHICS

Similar documents
RISK MANAGEMENT - CORPORATE COMPLIANCE & ETHICS

Kidsafe NSW Risk Management Plan. August 2014

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

GOV : Enterprise Risk Management Policy

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

Policy Number: 040 Risk Management August 2018

Applying COSO s Enterprise Risk Management Integrated Framework

Risk Management Framework. Group Risk Management Version 2

USF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment

An Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association. Lauren Woods Member Engagement & Operations

Enterprise Risk Management Program

Risk Assessment Workshop Pam Walaski, CSP, CHMM Director, Health and Safety GAI Consultants, Inc. Pittsburgh, PA

Risk Management Framework

ISO/DIS 9001:2015 Risk-Based Thinking

RISK MANAGEMENT FRAMEWORK

Practical aspects of determining and applying a risk appetite for SMEs

Enterprise Risk Management Integrated Framework

Understanding Enterprise Risk Management: An Overview

Business Auditing - Enterprise Risk Management. October, 2018

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

WHS Risk Assessment and Control Form

28 July May October 2016

Scouting Ireland Risk Management Framework

Risk Management Policy and Framework

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

Managing risk appetite for operational and non-financial risks

Energize Your Enterprise Risk Management

RISK MANAGEMENT POLICY AND STRATEGY

Fraud Risk Management

Bournemouth Primary MAT Risk Management Policy

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

Procedures for Management of Risk

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

SCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Approved by: Diocesan Council 17 December 2015

RISK AND OPPORTUNITY ASSESSMENT GUIDE RISK CRITERIA

Risk Management Policy and Procedures.

Delivering Clarity to Credit Unions Through Expertise and Experience

Risk Management Framework. Metallica Minerals Ltd

Risk Management Policy

Risk Management Policy

Risk Management. Webinar - July 2017

West Coast District Municipality. Risk Management Policy

BERGRIVIER MUNICIPALITY

GENERAL RISK CONTROL AND MANAGEMENT POLICY

HSC Business Services Organisation Board

Risk Management at Central Bank of Nepal

RISK MANAGEMENT FRAMEWORK

RISK REGISTER POLICY AND PROCEDURE

ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK

Risk Management Policy Adopted by:

Enterprise Risk Management by Many Other Names is Still Enterprise Risk Management David K. Whatley UTH Advisors April 15,2008

Policy Number Functional Field. Governance and Management. Related Policies. Policy of Making University Policies.

RISK MANAGEMENT FRAMEWORK

South Lanarkshire College Risk Management Policy and Procedures

Enterprise Risk Management Sources. Universe. Tolerance. Appetite

Perpetual s Risk Management Framework

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Risk Management. Policy and Procedures

General Risk Control and 20/10/15

University of the Sunshine Coast (USC) Risk Appetite Statement

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

Risk Associated with Meetings

CORPORATE RISK MANAGEMENT POLICY

University Risk Management Policy

Risk Management Policy

Risk management policy

RISK MANAGEMENT GUIDELINES

How Internal Audit Can Help Promote Effective ERM

Hazard Identification, Risk Assessment and Control Procedure

Version: th November 2010 RISK MANAGEMENT POLICY

Risk Management at the Deutsche Bundesbank March 2011

An Introductory Presentation for ECU Staff

Risk Management Framework

Summary Enterprise Risk Management Framework

Risky Business. Jaidev Iyer Operational Risk Expert, CEO J-Risk Advisors

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Risk management procedures

Introduction. The Assessment consists of: Evaluation questions that assess best practices. A rating system to rank your board s current practices.

SETSOTO LOCAL MUNICIPALITY

RISK MANAGEMENT POLICY

Enterprise Risk Management

Senior Director, Fire Life Safety & Risk Management

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

RISK MANAGEMENT POLICY

Risk Management Strategy

Managing And Mitigating Risk In PT Pertamina (Persero) to balance Aggressive Growth Strategies with Prudent Risk Management Frameworks

TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD

What Makes Risk Management Work?

ERM: Lessons Learned and Tools Used from One University's Nearly 10-Year Implementation Journey. University Risk and Compliance

Enterprise Risk Management Balancing Risks & Identifying Opportunities WEBINAR

RISK MANAGEMENT FRAMEWORK

Risk Management Policies and Procedures

Enterprise Risk Management (ERM) & Compliance

Integrated Risk Management Framework Sept Page 1 of 17

Sections of the ORSA Report

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

Transcription:

RISK MANAGEMENT - CORPORATE COMPLIANCE & ETHICS Presenter CLAIRE GOMEZ MILLER CIA CRMA FCCA CA BOARD DIRECTOR/AUDITCOMMITTEE MEMBER UNITEDINDEPENDENT PETROLEUM MARKETING COMPANY LIMITED TRINIDAD AND TOBAGO CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 1 VISION To be the Trusted Brand for the Public s Fuel, Automotive and Convenience Needs MISSION To offer U the Ultimate Customer Experience UNIPET CUSTOMERS include Petroleum and Compressed Natural Gas (CNG) Users. Private and public sector individuals and organizations - UNIPET has thousands of customers who visit its network of 24 stations every day to purchase fuel for their vehicles. Petroleum Dealers; Utilities and Energy Sector including international oil companies; Land based Oil Rigs; Marine Vessels that operate within the waters of Trinidad. UNIPET s use of Technology extends to the UNIPET PRE PAID FLEET CARD Allows companies to control and manage the fuel consumed by their drivers. Enables individuals to be financially ready and to track Vehicle Maintenance and Service Schedules. 22FEB2015 SCCE Utilities & Energy Conference CGM 2015, Houston TX 2 RISK MANAGEMENT CORPORATE COMPLIANCE & ETHICS OBJECTIVE & ACKNOWLEDGEMENTS Risk Management is critical to the sustainability, profitability and stakeholders/public trust; to this end all organizations must demonstrate strong risk management practices. In the Utilities and Energy sector, risks are always very high and most likely to materialize, with heavy financial losses, lost lives and loss of operating licenses. Given the high expectations of all stakeholders for strong compliance and ethics, this presentation will provide participants with the latest risk management controls and emerging risks to ensure they are best prepared for when these risks materialize. ACKNOWLEDGEMENTS: The Institute of Internal Auditors Global {The IIA} International Standards for the Professional Practice of Internal Auditing The IIA is the governing body and standard setter for internal auditors global. CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 3 HOUSTON TX 1

RISK MANAGEMENT CORPORATE COMPLIANCE & ETHICS AGENDA 1) Defining Risk Management & Controls 2) Meeting Stakeholders Expectations for Corporate Compliance, Ethics and Emerging Risks 3) Sustainability & Public Trust Retaining your License To Operate through Effective Risks Management 4) Effective Risk Management & Controls from Cradle to Grave to Resurrection 5) Internal Auditing 100% Focus on Risk Management, Controls & Governance CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 4 1.1) DEFINING RISK MANAGEMENT & CONTROLS {THE IIA} Risk is the POSSIBILITY OF AN EVENT OCCURRING that will have an IMPACT ON THE ACHIEVEMENT OF OBJECTIVES {Institute of Internal Auditors Global}. Risk is ANY EVENT or ACTION that PREVENTS A COMPANY FROM ACHIEVING ITS OBJECTIVES. Includes Uncertain Future Events & Missed Opportunities Influences achievement of Strategic, Operational, & Financial Objectives Impacts Reputation and Legitimacy {License to Operate} Risk is measured in terms of IMPACT and LIKELIHOOD. RESIDUAL RISK is the risk remaining after management takes action to reduce the impact and likelihood of an adverse event, including control activities in responding to a risk. RISK APPETITE is the level of risk that an organization is willing to accept. RISK MANAGEMENT IS A PROCESS TO IDENTIFY, ASSESS, MANAGE, AND CONTROLpotential events or situations to provide reasonable assurance regarding the achievement of the organization s objectives. CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 5 1.2) DEFINING RISK MANAGEMENT & CONTROLS ADEQUATE CONTROL Present if management has planned and organized (designed) in a manner that provides reasonable assurance that the organization s risks have been managed effectively and that the organization s goals and objectives will be achieved efficiently and economically. CONTROL Any action taken by Mgmt, Board, &other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. CONTROL ENVIRONMENT The attitude and actions of the board and management regarding the importance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements: Integrity &ethical values. Mgmt.'s philosophy and operating style. Organizational structure. Assignment of authority & responsibility. Competence of personnel Human resource policies & practices. CONTROL PROCESSES The policies, procedures (both manual and automated), and activities that are part of a control framework, designed and operated to ensure that risks are contained within the level that an organization is willing to accept. CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 6 HOUSTON TX 2

2.1) MEETING STAKEHOLDERS EXPECTATIONS A BALANCED SCORECARD PERSPECTIVE # PERSPECTIVE GENERAL BUSINESS OBJECTIVES 1 Stakeholder To safeguard COMPANY ASSETS, REPUTATION & SHAREHOLDER INVESTMENT/VALUE 2 Stakeholder To comply with applicable LAWS, REGULATIONS AND CONTRACTS 3 Financial To ensure SUSTAINABILITY, PROFITABILITY & REVENUE GROWTH 4 Customer To provide QUALITY GOODS, WORKS & SERVICES 5 Customer To maintain CUSTOMER SATISFACTION 6 Internal To have SAFE, EFFECTIVE AND EFFICIENT Operations, Leadership & Governance 7 Internal To produce reliable financial & operational INFORMATION, REPORTS & DISCLOSURES 8 Learning & Growth To have ETHICAL, COMPETENT & KNOWLEDGEABLE Directors & Personnel. CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 7 2.2 MEETING STAKEHOLDERS EXPECTATIONS FOR CORPORATE COMPLIANCE, ETHICS & EMERGING RISKS They may look FAMILIAR, but they are CONTINUOUSLY EVOLVING: Legal and Regulatory Requirements Integrity in Public Life & Procurement Regulations {transparent operating procedures especially in Procurement matters} Anti Corruption & Bribery Anti Money Laundering, Anti Terrorism & Proceeds of Crime {Financial Integrity Unit} Business Rules Reformation Financial Reporting & Disclosures Transparency & Accountability Extractive Industry Transparency Initiative (EITI) Stock Exchange Regulations CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 8 2.3 MEETING STAKEHOLDERS EXPECTATIONS FOR CORPORATE COMPLIANCE, ETHICS & EMERGING RISKS Government Policies & Operation Style {external} Government Philosophy Governance, Management and Operations {internal} Political Climate Licensing Process Onerous Regulatory Environment Information & Communication Technology General Infrastructure & Logistics Climate Change Culture & Language Temperature of the People Human Resource CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 9 HOUSTON TX 3

2.4 MEETING STAKEHOLDERS EXPECTATIONS FOR CORPORATE COMPLIANCE, ETHICS & EMERGING RISKS Due Diligence Review new business, market, product or partner. Return on Investment Value for Money; Payback Period, Government Involvement; legal & regulatory costs; Asset Impairment. Joint Ventures, Mergers & Acquisition Joint Shareholder Agreement; Corporate culture; Distribution of responsibilities; Right to Audit Clause; Non Operators Rights & Liabilities; Operator s Obligations, Duty of Care & Diligence. Financial Distress Liquidity & Currency/ Foreign Exchange Shareholder Demands {Dividends vs Capital Gains}; Take or Pay contracts; Onerous Contracts Loss of Capital Asset Business Disruption or Abandonment {Man made or Natural Disaster} Discontinuity of Related Business Nationalization of Private Assets; Privatization of State Enterprise. CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 10 3) SUSTAINABILITY & PUBLIC TRUST - RETAINING LICENSE TO OPERATE THROUGH EFFECTIVE RISK MANAGEMENT Occupational Safety and Health and Environmental Management Suitable and Sufficient OSH Risk Assessments & Controls National Environmental Policy Environmental Impact Assessments & Certificate of Environmental Clearance (CEC) Inherited Environmental Risks & Provision for Abandonment ISO 14000 Environmental Management System Standards Federal Laws Foreign Account Tax Compliance Act (FATCA); -Proceeds of Crime Act Corporate Social Responsibility & Other Obligations Local Content -Minimum Wage Consumer Protection -Taxations & Royalties Credit Rating Agencies -Loan Covenants 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX CGM 11 4.1) EFFECTIVE RISK MANAGEMENT & CONTROLS FROM CRADLE TO GRAVE TO RESURRECTION To effectively manage risk, EACH RISK Must be identified and assessed using a TOP DOWN APPROACH {i.e Strategic Objectives, then General Business Objectives and then down to Tactical Objectives;} Must be considered holistically using a BOTTOM UP APPROACH {i.e each Business Unit s risk must filter up into the ERM Corporate Risk Register}. Must have an OWNER (Policy Setter)and SINGLE POINT ACCOUNTABILITY (person responsible for ensuring execution). ERM must include identification & assessment of ALL RISKS. Must have CLEAR, CONSISTENT AND SHARED understanding of the Organization s Risk Appetite/Risk Tolerance Thresholds; Risk Terminology, especially for IMPACT/SEVERITY & PROBABILITY/LIKELIHOOD Risk Reporting Framework/Risk Ranking Matrix {Unacceptable/Critical /Significant/Minor; Materializing} CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 12 HOUSTON TX 4

RANKING 4.2a) IMPACT/ SEVERITY THRESHOLD LEVELS IMPACT/SEVERITY HIGH SAFETY & ENVIRONMENT Fatal/Extensive damage to {7-9} Life/Environment {i.e., Loss of life; Group/extensive injury requiring hospitalization; Hospitalization >7Days; permanently maimed; Lost Time Incidents >7 Days; involves National/ International catastrophe; long lasting/unrecoverable damage); or REGULATORY Imprisonment/severe long lasting penalties (i.e., Involves failure to meet OSHA & other legal & statutory requirements, mission critical contracts & permits, loan covenants, national or professional regulatory standards; criminal investigation); or FINANCIAL >$50M; or REPUTATION Serious effect on public image/ stakeholder relationship (i.e, effect lasts for a sustained period or is enduring; reaches national or international media or Parliament; involves Board or high level management; difficult to erase). MEDIUM {4-6} c/fwd LOW {1-3} c/fwd CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 13 RANKING MEDIUM {4-6} LOW {1-3} 4.2b) IMPACT/SEVERITY SAFETY & ENVIRONMENT Serious Injury/Disability/damage to environment; (i.e., long term injury/illness; Medical treatment requiring hospitalization 3 7 Days; LTI 4 7Days; environmental disaster not easily remedied); or REGULATORY Major Penalties, Claims & Fines (i.e., Criminal/Integrity Probe; involves failure to meet non mission critical contracts, shareholder mandates, board policies, industrial standards); or FINANCIAL $25M $50M; or REPUTATION Significant effect on public image/ stakeholder relationship (i.e., effect can be counteracted; reaches the press but there is quick response; some long lasting residual effects). SAFETY & ENVIRONMENT Minor impact on person/environment (i.e., minor injury requiring First Aid treatment; Loss Time Incidents <1 3Days; Hospitalization for observation/treatment <3 Days; or REGULATORY Minor penalties {i.e., involves failure to meet Reporting Requirements & Best Practices {i.e., involves failure to meet Stakeholder/Civil Society Expectations; short term effects}; or FINANCIAL <$25M; or REPUTATION Little or no effect on public image/ stakeholder relationship (i.e., reaches the press/public but it affords quick response; negative impression can be erased with little or no residual effects). CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 14 4.2c) PROBABILITY/ LIKELIHOOD THRESHOLD LEVELS High {7-9} Medium {4-6} Low {1-3} Very likely to occur. The event occurs once or more per year; frequent occurrence. Likely to occur Event occurs once or more every 5 years; Occasional. Unlikely to occur Event occurs outside of 5 years; Rare occurrence. INHERENT RISKS Accept (If within preset criteria) Reduce/Prevent; Share (i.e., Transfer in Part) Transfer in Full 4.2d) RISK TREATMENT RESIDUAL RISKS Retain Insurable Required to be Retained Or Avoid: Proceed using less risky alternative. Avoid: Do not proceed with Activity Not Insurable Insure: {Purchase/ Self Finance} CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 15 Or Do not insure HOUSTON TX 5

4.2e) ERM - CORPORATE RISK RANKING MATRIX MAJOR CRITICAL UNACCEPTABLE {HIGH IMPACT / HIGH {HIGH IMPACT / LOW LIKE D} {HIGH IMPACT / MED LIKE D} LIKE D} 9 9 18 27 36 45 54 63 73 81 HIGH 8 IMPACT 8 16 24 32 40 48 56 64 72 7 7 14 21 28 35 42 49 56 63 SIGNIFICANT {MED IMPACT / LOW LIKE D} MAJOR {MED IMPACT / MED LIKE D} CRITICAL {MED IMPACT/HIGH LIKE D} MED 6 IMPACT 6 12 18 24 30 36 42 48 54 5 5 10 15 20 25 30 35 40 45 4 4 8 12 16 20 24 28 32 36 INSIGNIFICANT MINOR SIGNIFICANT {LOW IMPACT / HIGH {LOW IMPACT / LOW LIKE D} {LOW IMPACT / MED LIKE D} LIKE D} LOW 3 3 6 9 12 15 18 21 24 27 IMPACT 2 2 4 6 8 10 12 14 16 18 1 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 LOW LIKEL D MED LIKEL D HIGH LIKEL D CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 16 4.3) EFFECTIVE RISK MANAGEMENT & CONTROLS FROM CRADLE TO GRAVE TO RESURRECTION To effectively manage risk, EACH RISK must be consistently managed FROM CRADLE TO GRAVE TO RESURRECTION. For EACH GENERAL BUSINESS AND STRATEGIC OBJECTIVE What will prevent me from achieving my Objective? From INHERENT RISK STAGE If I don t manage this risk, what is the Potential Impact Safety & Environmental? Regulatory? Financial? Reputation? And what is the Likelihood? Down to RESIDUAL RISK STAGE Managed State, after mitigating measures & controls If still unacceptable, then seek to insure the residual risk. To RISK MATERIALIZATION STAGE Response what must I do when the risk materializes? And RECOVERY Business Continuity what must I do to restart my business process/operations? CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 17 4.4) EFFECTIVE RISK MANAGEMENT FROM CRADLE TO GRAVE TO RESURRECTION AN EXAMPLE CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 18 HOUSTON TX 6

7) INTERNAL AUDITING:- 100% FOCUS ON RISK MANAGEMENT, CONTROLS & GOVERNANCE IIA DEFINITION : Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. NATURE OF WORK Internal Auditors MUST Evaluate the RISK EXPOSURES and the ADEQUACY AND EFFECTIVENESS OF CONTROLS IN RESPONDING TO RISKS within the organization s governance, operations, and information systems regarding the: Achievement of the organization s strategic objectives Reliability and integrity of financial & operational information; Effectiveness and efficiency of operations; Safeguarding of assets; and Compliance with laws, regulations, and contracts. Promote appropriate ethics and values within the organization; Ensure effective organizational performance management and accountability; Communicate risk and control information to appropriate areas of the organization; and Coordinate the activities of and communicate information among the board, external and internal auditors, and management. CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 19 CGM 22FEB2015 SCCE Utilities & Energy Conference 2015, Houston TX 20 HOUSTON TX 7

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback