Energize Your Enterprise Risk Management

Similar documents
ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

How Internal Audit Can Help Promote Effective ERM

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

Applying COSO s Enterprise Risk Management Integrated Framework

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

Enterprise Risk Management Integrated Framework

Enterprise Risk Management: A Practical Approach

SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY

2018 THE STATE OF RISK OVERSIGHT

RISK MANAGEMENT FRAMEWORK

Senior Director, Fire Life Safety & Risk Management

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

ENTERPRISE RISK MANAGEMENT

ENTERPRISE RISK MANAGEMENT Framework

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Enterprise Risk Management

Risk Management Framework

Excellence in Risk Management via Enterprise Risk Management. Presentation to: Audit Committee Ashok K. Roy, Ph.D., CIA, CFSA, CBA September 18, 2015

GOV : Enterprise Risk Management Policy

Presentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,IIK 6 th JULY 2017

Understanding Enterprise Risk Management: An Overview

Section Defining Risk Management. 11. Principles of Risk Management

Risk Management Policy and Framework

SCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda

D7 Risk Management Policy

First Informal Consultation on ERM Policy. 24 th July 2018

Enterprise Risk Management Sources. Universe. Tolerance. Appetite

Bournemouth Primary MAT Risk Management Policy

The Components of a Sound Emerging Risk Management Framework

Enterprise Risk Management Program

Procedures for Management of Risk

Approved by: Diocesan Council 17 December 2015

Enterprise Risk Management by Many Other Names is Still Enterprise Risk Management David K. Whatley UTH Advisors April 15,2008

Delivering Clarity to Credit Unions Through Expertise and Experience

ENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017

Practical aspects of determining and applying a risk appetite for SMEs

Risk Management Policy

West Coast District Municipality. Risk Management Policy

CORPORATE RISK MANAGEMENT POLICY

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Global Enterprise Risk Management in Insurance

Enterprise Risk Management Focusing on the Right Risks

FIRMA Nashville Tennessee April 21, 2015

Chapter 7: Risk. Incorporating risk management. What is risk and risk management?

University Risk Management Policy

INTERNAL AUDIT PLAN OF ACTIVITIES

ERM: Lessons Learned and Tools Used from One University's Nearly 10-Year Implementation Journey. University Risk and Compliance

SOL PLAATJE MUNICIPALITY

Summary Enterprise Risk Management Framework

There are many definitions of risk and risk management.

Kidsafe NSW Risk Management Plan. August 2014

Risk Management Plan PURPOSE: SCOPE:

Beyond ERM - The Roles, Responsibilities and Costs of Risk Management March 28, 2012

USF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment

GRINDROD SOUTH AFRICA//Policy Risk and opportunity governance framework

Risk Management at the Deutsche Bundesbank March 2011

Product Recall Risk Assessment By Tony Munns. Product recall is a key area of risk for today s company. With greater focus

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

Risk Management Policy. Apollo Hospitals. Risk Management Policy

Auditor s Letter. Timothy M. O Brien, CPA Denver Auditor Annual Audit Plan

Risk Evaluation, Treatment and Reporting

Enhancing Our Risk Appetite Framework. A Case Study

Sunera Canada ULC. Effective Fraud Risk Assessment Annual Fraud Program. October 21, 2016

An Introductory Presentation for ECU Staff

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

Thirty-Second Board Meeting Risk Management Policy

MISSION VALUES. This Framework has been printed by:

Critical Reflection of Two State-of-the-Art Risk Management Frameworks (SRM004)

The Role of Finance and Accounting as Critical Players in ERM and ORSA

Business Auditing - Enterprise Risk Management. October, 2018

28 July May October 2016

Journey of a Compliance Officer in ERM Implementation. SCCE Regional Conference September 8, Introduction

ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK

EFFECTIVE TECHNIQUES IN RISK MANAGEMENT. Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011

RISK MANAGEMENT POLICY October 2015

ENTERPRISE RISK MANAGEMENT (ERM) POLICY

Risk Management Framework

RISK MANAGEMENT FRAMEWORK

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

Presented by. Kristina Narvaez. President of ERM Strategies, LLC

Desjardins Trust Inc. Financial Information and Information on Risk Management (unaudited)

Day 2: Session 2 Tax governance, risk and control

1st Capacity Building Seminar on Enterprise Risk Management

Policy Number: 040 Risk Management August 2018

Now THAT YOUR ORGANIZATION'S INITIAL WORK

RISK MANAGEMENT POLICY

Risk Management in Italy: State of the art and perspectives. PMI Rome Italy Chapter

Webinar: Deep Dive into Risk, High Risk and Risk Assessments in the GDPR

Jeffrey A. Slotnick CPP, PSP Ron Worman, The Sage Group The ESRM Commission

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT - CORPORATE COMPLIANCE & ETHICS

Pillar 3 As at 31st March 2011

7/25/2013. Presented by: Erike Young, MPPA, CSP, ARM. Chapter 2. Root Cause Analysis

Risk Management. Webinar - July 2017

Transcription:

Energize Your Enterprise Risk Management Presented By Mark Caiazzo, CISA, CISM, CRISC Tammy Michaud, CPA May 15, 2017 Reviewed:

Agenda Enterprise Risk Management Defined Benefits of ERM Key Components of the ERM Process 2017 ERM Survey Results Risks Facing NFP Organizations A Case Study 2

What is Risk? The possibility of an event occurring that may have either a positive or negative impact on the achievement of objectives. Harm, loss, danger, threat, and hazard Chance, uncertainty, and opportunity 3

Healthcare Consultant SARAH BELLIVEAU BS, CPA PRINCIPAL Certified Public Accountant Provides audit, accounting, and management advisory services to a variety of healthcare and not-for-profit organizations ranging in size and complexity TODAY S SESSIONS: 11:30am 1:00pm 1:30pm 3:30pm Purchasing and Payables General Ledger and Grants What is Enterprise Risk Management (ERM)? Committee of Sponsoring Organizations (COSO) key terms Continuous process Effected by key stakeholders Strategically aligned Identification of possible events Implementation of reasonable measures Achievement of entity objectives 4

Benefits of ERM Foundation for many operational activities Emphasizes organization-wide accountability and transparency Establishes processes to identify risks in a timely manner Connects decision-making to risk assessment Builds effective audit and monitoring activities Helps coordinate regulatory and compliance matters Reduces surprises 5

THE COSO CUBE Components of ERM Internal Environment Objective Setting Risk Identification Risk Assessment Risk Response Control Activities Information and Communication Measure & Monitor 6

Internal Environment The general culture and environment in which an organization operates. Mission, vision, and core values Code of conduct Employment policies Communication - tone at the top Strategic plan Governance plan 7

Objective Setting The process management uses to set its strategic goals and objectives and establish the organization s risk appetite and tolerance. Strategic risk Operational risk Financial risk Compliance risk Reputational risk 8

Risk Identification The process used by an organization to identify events that influence strategy and objectives, or could affect an organization s ability to achieve its objectives. Facilitated group discussions Questionnaires Industry benchmarking Historic trend analysis Understanding regulatory requirements Third-party arrangements (downstream risks) 9

Risk Assessment The organization s process of evaluating the impact and likelihood of events, and prioritizing related risks. Probability of risk occurring Potential impact if it occurs Qualitative vs quantitative analysis Consideration of risk appetite Consideration of third-parties Consideration of controls, processes, and systems already in place 10

Risk Response Determining how management will respond to the risks an organization faces. Risk mitigation fix or reduce the risk to a cost-effective level Risk acceptance deal with it Risk avoidance decision not to proceed Risk transfer let a third-party deal with it Risk financing cover with insurance 11

Control Activities Policies, procedures, and systems that an organization implements to address the risks the organization chooses to mitigate. Business resumption plans Incident response plans Training programs Communications plans Vendor due diligence program 12

Information and Communication The practices that ensure that the right information is communicated to the right people, at the right time. Staff education Board education and reporting Customer communication Incident response Compliance reporting 13

Measure and Monitor Ongoing evaluations to ensure controls are functioning as designed, and taking corrective action to enhance control activities if needed. Internal audit program GRC program Balanced scorecard Maturity modeling Customer and stakeholder feedback 14

2017 AICPA ERM Survey Survey Results 58% of NFP respondents believe the volume and complexity of risks have increased significantly in the last 5 years 56% of NFP respondents indicate their organizations are risk averse or strongly risk averse 26% of NFP respondents have no formal ERM program in place or planned 59% of NFP respondents indicate they have provided no or only minimal RM training in the past 2 years 45% of NFP respondents indicate they feel pressure (somewhat or mostly) from outside parties to provide increased risk management information 15

2017 AICPA ERM Survey REPORT ON ERM BARRIERS Competing priorities 45% Insufficient resources 44% Lack of perceived value 37% Perception that ERM adds overhead 28% Lack of executive leadership 27% Legal or regulatory barriers 5% 16

Evolving Risks Operational Financial Compliance Cash management Customer retention Human capital, culture Information technology Industry or economic changes Fraud Reputation, brand, image Privacy 17

Specific NFP Risks Economy Funding sources Donor retention Excess compensation and benefits Transparency / Transactions with related parties Compliance 18

Case Study A Hypothetical A not-for-profit recently found itself with an opportunity for rapid growth. A grant was given, significantly increasing the organization s funding and possibilities. This growth resulted in expansion for a couple of years, but as business grew, the organization s knowledge of proper infrastructure management and how to foresee and address risk did not keep pace. The organization s first step to solving this problem was to identify the major risks they faced, plan an approach to address these risks, and a then developing a plan to monitor the major risks. 19

Case Study Approach to Risk Educate management and key decision-makers in risk management practices and strategies. Ensure there is sponsorship. Assemble a working Committee comprised of management and staff with appropriate skill sets Clearly identify and document roles and responsibilities of those on the Committee Facilitate risk management meetings and provide open discussions and brainstorming to identify risks throughout the organization Rate the identified risks (impact, likelihood, and timeline), identify the controls that mitigate these risks, and establish risk event response plans Establish a communication plan Develop a monitoring and reporting program for risk, including regular updates from the Risk Committee to the Board 20

Roles and Responsibilities Governing Board Oversees audit and risk issues Management Committee Reviews risk policies and recommends to CEO for approval Chief Executive Office Overall risk responsibility Audit Committee Responsible for internal control and financial reporting and risk management oversight Financial Manager Oversees financial reporting and attests to internal controls Auditor Provides assurance on risk management process 21

Case Study The Risks Once management was educated, and roles and responsibilities were defined and understood, they were ready to begin working with the Risk Committee. With work sessions, they identified the risks. Some risks addressed by the committee: Contract Negotiation Cash flow management Inadequate payroll control Client service Licensing/Service authorization providers 22

Case Study Risk, A Deeper Dive After the risks were identified, the Risk Committee was confident enough in its assessment to discuss risks further through the next step, which was to facilitate interactive sessions. These sessions shed light on risks that were related to: Funding sources Human capital Legislative IT Social media Financial Conflicts of interest Reputation 23

Risk Rating Matrix Risk Event Severity Likelihood Timeframe Controls Rating 1 Cash flow impairment High Moderate Moderate Weak High 2 Contract negotiation failure High Moderate Moderate Weak High 3 Pre-authorized failure Low High Rapid Weak High 4 Loss of funding source High Low Slow Weal Moderate 5 Disaster recovery / Business continuity failure High Moderate Rapid Adequate Moderate 6 Client billing failure Low High Rapid Adequate Moderate 7 Key employee departure High Low Moderate Adequate Moderate 8 Payroll fraud Moderate Low Moderate Strong Low 24

Risk Mitigation Risk Event Mitigation Analysis 1 Cash flow impairment Implement cash flow reporting Possible line of credit for short term aid Review current accounts receivable for collectability Develop authorized credit approval procedures for future counterparties. Designate representatives for major accounts Streamline and enhance control of billing and collection processes 2 Contract negotiation failure Identify consulting partner to provide assistance with negotiations Establish a Deal Review Board to authorize material agreements Develop proper training programs for vital resources Analyze in-force agreements for improvement opportunities 25

Risk Monitoring and Reporting A Risk Management Committee to perform on-going reviews and alignments for the organization s operation strategies Risk monitoring responsibilities to senior resources Monthly reporting protocols for key resources Key risk indicators to be addressed at Board Meetings Periodic risk education updates throughout the organization on all levels An environment of employee buy-in, continual process, and control improvement 26

The Never Ending Story Establish ERM Committee Monitor and Report Risk Management Framework Continuously Identify Risk and Risk Events 27

Maturity Model: Where are You? REACTIVATE: Minor management support No common language regarding risk No formal approach Risk areas uncovered DEVELOPING: Some management support Risk leader identified Periodic risk assessments Key risk defined in common language ADVANCED: Proactive management Risk review shared throughout organization Common language regarding risk Timely risk review 28

Interested in more? Mark Caiazzo, CISA, CISM, CRISC Principal mcaiazzo@berrydunn.com Tammy Michaud, CPA Principal tmichaud@berrydunn.com 29

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback