Enterprise Risk Management Focusing on the Right Risks

Similar documents
Risk Management Policy

AUDIT & RISK COMMITTEE CHARTER

APPLIED INDUSTRIAL TECHNOLOGIES, INC. EXECUTIVE ORGANIZATION & COMPENSATION COMMITTEE CHARTER

Are you ready for the FUTURE of your Quality Management system?

TASSAL GROUP LIMITED ABN Procedures for the Oversight and Management of Material Business Risks. (Approved by the Board 28 May 2015)

TERMS OF REFERENCE. Audit and Risk Committee (the "Committee") of Wilmcote Holdings Plc (the "Company")

Sempra Energy Environmental, Health, Safety and Technology Committee Charter

AUDIT, RISK MANAGEMENT AND COMPLIANCE COMMITTEE CHARTER

Risk and Audit Committee charter

Chapter 1. Introduction and Overview of Audit & Assurance

Corporate Governance Principles

TASSAL GROUP LIMITED ABN

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Trillium Community Health Plan Innovation Fund

Internal Control Requirements for Adopting New Accounting Standards

The CIA certification has 4 parts. The CCSA exam and the CGAP exam are single part specialty exams.

Park Square Capital, LLP (the Firm, Park Square ) Remuneration Policy Statement

HUMAN RESOURCES AND COMPENSATION COMMITTEE CHARTER

TERMS OF REFERENCE FOR THE PROVISION OF OUTSOURCED INTERNAL AUDIT SERVICE

CITIGROUP INC. AUDIT COMMITTEE CHARTER As of January 18, 2018

The Committee is specifically charged with the following duties and responsibilities:

HEIDRICK & STRUGGLES INTERNATIONAL, INC. Corporate Governance Guidelines

Audit Committee Charter

GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Amended and Restated: December 13, 2017

Audit and Risk Management Committee Charter

Audit, Risk & Compliance Committee Charter

RISK MANAGEMENT POLICY AND PROCEDURE

Practical Applications of Enterprise Risk Management

CRSP Index Governance Committees Terms of Reference. Introduction... 2 Governance and Oversight Control Framework... 3 Index Oversight Committee...

CYBG PLC BOARD REMUNERATION COMMITTEE. Charter

NCTJ Conflicts of Interest Policy and Procedures

Independent Director and Audit Committee

THE CLOROX COMPANY AUDIT COMMITTEE CHARTER. [Effective May 8, 2017]

Human Resources & Remuneration Committee Charter. Bank of Queensland

EXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Kingston JM JULY 2017

Huntington Bancshares Incorporated

Local Code Of Corporate Governance

CORPORATE GOVERNANCE, NOMINATING & RISK COMMITTEE CHARTER

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF PLURALSIGHT, INC. Adopted May 3, 2018

Our vision is: New Zealand values the wellbeing of tamariki above all else.

Active Sussex. Trustee Recruitment Pack

Current Developments: Canadian Securities and Auditing Matters

Policy and Procedures Date: April 23, Subject: Policy and Procedures for Establishment of New Schools at Virginia Tech

Academic and Administrative and Other Related Staff Annual Review

Audit Committee Charter

CORPORATE GOVERNANCE POLICY

Neighborhood Tool Kit. Office of Neighborhood Vitality City of Mesquite, Texas

[AGENCY NAME] Mandate and Roles Document. (Pure Advisory Committees)

Department of Environment Land, Water and Planning

AUDIT and ASSURANCE COMMITTEE TERMS OF REFERENCE

Telephone: Fax: Web: Job Description

PERFORMANCE DEVELOPMENT SYSTEM. Supervisory and Management Staff Appraisal. Department: Reviewer s Name: Review Period:

Copiague Chamber of Commerce

AUDIT COMMITTEE CHARGE

Corporate Governance Charter

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF ON DECK CAPITAL, INC.

Understanding Self Managed Superannuation Funds

Practice Review and Internal Audit Plan

Responsible Investment Policy

AUDIT COMMITTEE CHARTER

Allowable Costs on Sponsored Projects: Policy & Operational Procedure

Nova Scotia Power Integrated Resource Plan Terms of Reference

HSBC USA INC. HSBC BANK USA, N.A. CHARTER OF THE COMPLIANCE COMMITTEE

FINANCE & AUDIT COMMITTEE

Board Committee Charters

Audit & Risk Committee Charter

REA Space Unit guidelines for Individual Evaluation Report Coordination & support actions. DT-SPACE-07-BIZ-2018: Space hubs for Copernicus

THE COMMUNITY NEEDS ASSESSMENT REQUIREMENT FOR THE COMMUNITY DEVELOPMENT BLOCK GRANT (CDBG) PROGRAM

Scope of Services and Timeline. PHASE 1: Project Organization & Best Practices Research Week Completed

FUNDING GUIDELINES PREVENTION GRANTS FOR CULTURALLY AND LINGUISTICALLY DIVERSE COMMUNITIES

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF DROPBOX, INC.

AMENDMENTS TO NASDAQ RULES ON COMPENSATION COMMITTEES

PAE 15: Sustainable Investment

SLA Board of Directors Position Descriptions

Advocacy Prioritization Survey Results Executive Summary

Grant Application Guidelines

ESTABLISHING A BUSINESS

Collaboration Assessment Worksheets

Midwest Association of Housing Cooperative. Board Candidates

Nominations and Remuneration Committee Terms of Reference

Community Hubs in Ontario: A Strategic Framework and Action Plan

Allan MacDonald: Director General, Implementation Branch, AANDC

EXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Mogadishu SO November 7 December 2018

Strategic Plan Request for Proposals. March 2018

School Business Manager

ESTABLISHING A BUSINESS

What type of Bank is best suited to do BOLI?

Windham School District Procurement Policy for Federal Funds

Engineering IT Application Development Governance Workflow

RISK MANAGEMENT AND BUSINESS CONTINUANCE A FAIS Standard. An AC Guidance Note. July 2010

CHARTER OF RESERVES, HEALTH, SAFETY, ENVIRONMENT AND SOCIAL RESPONSIBILITY COMMITTEE 2018

CODE OF CONDUCT AND ETHICS POLICY ON CONFLICTS OF INTEREST

Steering Committee of the Global Nuclear Safety and Security Network (GNSSN)

Terms of Reference - Board of Directors (approved by the Board on 12 April 2018)

CHARTER OF THE NOMINATING AND CORPORATE GOVERNANCE COMMITTEE OF THE BOARD OF DIRECTORS OF PLURALSIGHT, INC. Adopted May 3, 2018

This is a living document that can be adjusted by a majority of the NDS Steering Committee, in consultation with the NDSC general membership.

VIVINT SOLAR, INC. COMPENSATION COMMITTEE CHARTER. (Adopted as of May 9, 2014)

Approval Process and Arrangements for University Consultancy Work

Sirtex Medical Limited Senior Executive Short Term Incentive Policy and Procedure

JOB OPPORTUNITY WITH CIBC FIRSTCARIBBEAN INTERNATIONAL BANK. This Role is being posted internally and externally simultaneously

Transcription:

Enterprise Risk Management Fcusing n the Right Risks Assciatin Cnference September 17, 2014 P L n L e A l n s a r n L t f i l C 3 1 0 2 cliftnlarsnallen.cm

Discussin Objectives 1.Discuss factrs driving the need fr Enterprise Risk Management 2.Learn a prcess fr identifying, assessing and priritizing risks 3.Share infrmatin abut key items t cnsider fr enhancing risk management in rganizatins 2

Factrs Driving Organizatins t Implement Enterprise Risk Management: Why D Yu D It? 3

Increasing Demand fr Enhanced Gvernance and Risk Oversight 2012 Ddd-Frank Act Rules cmpensatin cmmittee independence disclsure f pay-fr-perfrmance, pay ratis, and hedging by emplyees and directrs recvery f executive cmpensatin reprting ver cnflict minerals essential fr business disclsure f gvernment payments t resurce extractin issuers, cmpanies engaging in cmmercial develpment f il, natural gas, and minerals 2010 SEC Rules t Enhance Crprate Gvernance Disclsures Rating Agencies directr and nminee qualificatins and legal prceedings diversity and directr nminatins bard leadership structure and rle in risk versight accelerated disclsure f sharehlder vting results S&P, Mdy s indicate an analysis f ERM capability will be a factr in determining a cmpany s verall credit rating IT Security and Cmpliance Regulatry requirements, standards, and risks related t identity theft, fraud, disclsures, privacy, etc.

Bard Respnsibilities are Increasingly Fcused n Risk Oversight Bard fiduciary respnsibilities extend beynd the traditinal hard risk areas t include all types f risk t the rganizatin including strategy and reputatin Bard members have a duty f care respnsibility which includes assuring that risks are cnsidered in decisin-making and all knwn key risks are effectively managed 5

Is ERM relevant fr nn-prfit rganizatins? ERM is just as valuable t nn-prfits as it is t cmmercial/public cmpanies Leading practices in risk management develped in crpratins can be leveraged by nn-prfits and assciatins Every rganizatin, regardless f type, has a need t understand risks that might impact it s ability t fulfill it s missin n ne is immune t risk. 6

Questins Many Organizatins Are Asking What is ur appetite fr risk and what is ur tlerance fr deviating frm expected results? What risks shuld we be fcusing n? D we knw what ur true tp risks are? Once we knw what the risks are, hw prepared are we t address them? Hw well are we ding with the risks we are fcusing n? D we have a sustainable prcess t make risk management mre than a ne time event? Hw d we capture future risks and integrate them int the prcess? Hw aligned are we as an rganizatin t make this happen? 7

What is ERM? Enterprise risk management is a prcess, effected by the entity s bard f directrs, management, and ther persnnel, applied in strategy-setting and acrss the enterprise, designed t identify ptential events that may affect the entity, and manage risk t be within the risk appetite, t prvide reasnable assurance regarding the achievement f bjectives. - COSO Enterprise Risk Management Integrated Framewrk 2004 Organizatinal definitins f Enterprise Risk Management (ERM) can vary widely. At its basic cre, it invlves having a better understanding f the risks yur rganizatin faces, and have a sustainable and repeatable prcess t successfully mitigate them. 8

Benefits f ERM Create a mre risk aware culture Align risk appetite and strategy Enhance risk respnse decisins Minimize peratinal surprises and lsses Identify and manage crss-enterprise risks Prvide integrated respnses t multiple risks Seize pprtunities Supprt cst management effrts Imprve peratinal perfrmance Prvide better basis fr allcating resurces 9

What types f risks are Nn-prfit rganizatins fcusing n? Many rganizatins are realizing that they need t fcus n the full spectrum f risk categries t ensure that they have identified their true tp risks, and fcusing n the right things. Risks are specific t the particular rganizatin but in additin t traditinal risk categries such as finance, rganizatins may identify risks in areas such as: Legislative and Regulatry change Ecnmic Envirnment Vendr Management Human Capital Management Affiliated Organizatins Business Cntinuity Medical Cst Management Benefit Cst Management Fraud Cyber Infrastructure Scial Media Federal Regulatry Cmpliance State Regulatry Cmpliance Safety and Security Reputatin management Cllabratin f Care 1 0

Identifying, Assessing, and Priritizing Risk n an Enterprise- Wide Basis : Hw D Yu D It? 10

The Tw Sides f the Risk Cin RISK TYPES Unrewarded Risk: Risks that must be taken Regulatry Cmpliance is a gd example Rewarded Risk: Risks where yu have an ptin t take Strategy and business decisins, where value can be created Fail t manage the Unrewarded Risks and bad things happen Fail t take the right amunt f Rewarded Risks and yu dn t fully reap the reward 12

Tw Ppular Risk Framewrks COSO integrated framewrk AS/NZ - ISO 31000:2009 Establish the Cntext Cmmunicate & Cnsult Identify Risks Analyze Risks Evaluate Risks Assess Risk Treat Risks Mnitr & Review 13

Gals f an Enterprise Wide Risk Assessment An enterprise risk assessment gives rganizatins insight int risks in multiple categries. Organizatins are finding that the prcess helps them: Understand bth financial and nn-financial risks Develp a sustainable risk assessment prcess yu can use in future years Utilize a cmmn risk rating criteria fr multiple risk types Generate a priritized risk register Develp risk mitigatin strategies fr the key risks vs. attempting t cver all Implement leading practices Manage risk mre effectively and efficiently Develp data fr bard and executive risk reprting 14

Illustrative Basic risk dashbard Using a Risk Heat Map The risk assessment prcess facilitates the identificatin f risks by rating the Impact, Vulnerability and Speed f Onset. The verall impact f the risk can be based n multiple types f impact including: Financial Reputatin Legal/Regulatry Custmers Emplyees Operatins The verall vulnerability f the risk can be based n factrs such as : Existing cntrls and mitigatin effrts Risk management capability Prir risk experience Speed f Onset is based n hw quickly the risk culd ccur 15

Illustrative Basic risk dashbard Example f a Basic Risk Reprt Risk Descriptin Risk Directin Risk Respnse Status Risk Owner Status f Additinal Risk Management Activities Initiated Failure t cmply with Federal regulatry standards Inaccurate billing fr services Insufficient business cntinuity planning Mr. Avid Ms. Accept Mr. Reduce Perfrming review f last 12 mnths f adverse cmpliance Develping actin plans fr key trend areas identified frm the review Assess custmer cncerns Measure custmer satisfactin A prject has been initiated t develp apprpriate business cntinuity plans fr all majr peratins and facilities. Inadequate IT backup and disaster recvery prcesses Ms. Transfer Key steps have been cmpleted t imprve IT BCM: cnslidated and imprved the data center, dcumented prcesses, and retrained persnnel. 16

Planning the ERM Jurney: Key items t cnsider 17

Evaluating Risk Management Capability 2 Key Questins n Risk Management Capabilities Where is yur rganizatin in terms f risk management capabilities? Where d yu need (r want) t be? Many rganizatins are assessing their current risk management state and setting gals fr their next ERM milestne. 18

Key Challenges and Obstacles ERM is usually fcused n crprate bjectives and crprate strategies. Des yur rganizatin define these? Many rganizatins r assciatins ften have specific missins, as well as electin r appintment cycles related t bard members which may require a different perspective n assessing risks against lng term bjectives/strategies. Are there ther methds r mdels t apply? What levels f the rganizatin are targeted? Fr yur rganizatin, can enterprise wide be realized? If deplyed at the department r business unit level, is there a risk f incnsistent mdels r assessments f risk? What implicatins des this have n risk, investment, and budget/resurce decisins? Hw is the framewrk and prgram deplyed? Crpratins ften assign an verall Chief Risk Officer, Cmpliance Officer, and/r ERM Directr. D nn-prfits have an entity wide equivalent? Wh wuld wn ERM in the rganizatin? What abut assessments r integratin with ther key stakehlders, departments, etc.? 19

The ERM Jurney Ad-hc Highly dependent n individual knwledge and actins Reactinary respnse t risk events Sme risk categries with defined rles Mstly fcused n un-rewarded risks Leadership drives prcess Defined plicies and prcedures fr risk assessments Enterprise wide risk register Management aware f and addresses the key risks Risk events managed n an integrated basis Fully integrated risk management prgram Risk escalatin prcesses in place Organizatin begins t leverage the rewarded risks Risk Management fully integrated int culture Strategic use f risk infrmatin n a regular basis Sustainable and nging prgram Organizatin fully addresses all risk types Un-rewarded Risk Rewarded Risk 20

Illustrative Rles and Respnsibilities Grup Respnsibility Bard / Audit Cmmittee Establish risk appetite Review enterprise risks Set the Tne at the Tp Executive Management (Can be supprted by ERM executive cmmittee r similar grup) Set risk plicies Ensure plicies and prcedures are fllwed Ensure prper resurces are assigned Serve as primary pint fr crdinatin f all enterprise risk data ERM Functin Prvide ERM supprt t Executive Management and the Bard Perfrm verall ERM prgram management Implement and Crdinate ERM prcesses and prcedures Business Units Identify and assess risks Develp risk mitigatin strategies Mnitr risks and escalate when required Internal Audit Functin Wrk with ERM functin t crdinate and facilitate ERM prgram Review f effectiveness f risk mitigatin effrts Prvide assurance t management and bard n risk expsure 21

Summary What is ERM? Hw des ERM apply t yur rganizatin, and what benefits can be derived? What framewrks, tls, and methdlgies are mst applicable? Challenges exist hw will yur rganizatin apprach these challenges? What skills and capabilities current exist fr risk management within yur rganizatin? Where t begin? Seek executive buy-in Leverage existing practices Start Small pilt pprtunities, fcus n a narrw universe f key risks, stages, etc. Establish metrics and mnitring structures fr accuntability and sustainability 22

Jim Kreiser, CISA, CRMA, CFSA Principal, IT and Risk Management Services James.Kreiser@CLAcnnect.cm 717-558-0860 cliftnlarsnallen.cm twitter.cm/ CLA_CPAs facebk.cm/ cliftnlarsnallen linkedin.cm/cmpany/ cliftnlarsnallen 30

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback