1 Introduction to Enterprise Risk Management Liz Ryan On Detail to NOAA OCFO Risk Office.

Slides:



Advertisements
Similar presentations
Risk Management at Harvard – Panel Discussion Harvard IT Summit
Advertisements

Lisanne Sison Director ERM Bickmore
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems
Moving Forward with Safety Management Systems December 9, 2014 Standing Committee on Public Transportation Winter Meeting American Association of State.
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
Development of internal control: methodology and responsibility
Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Strategic Leadership: Creating a Learning Organization and an Ethical Organization Chapter Eleven Copyright © 2010 by The McGraw-Hill Companies, Inc. All.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Operational Auditing--Spring Operational Auditing Spring 2011 Professor Bill O’Brien.
Applying COSO’s Enterprise Risk Management — Integrated Framework
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
Risk Assessment Frameworks
Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.
Establishing an Effective Enterprise risk management (ERM) program
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Chicagoland IASA Spring Conference
Corporate Social Responsibility- do we need a Statutory Instrument? Presented to the Zambia Alternative Mining Indaba conference- July 17, 2013 Sombo Chunda,
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
Internal Audit Role in Order to Develop an Ethical Corporate Culture as a Competitiveness Factor A.I.I.A. - Internal Auditing body Università degli Studi.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,
COSO: Current ERM Challenges and Our Responses RIMS 2012 Annual Conference April 17, 2012 by David Landsittel COSO Chairman.
Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.
Chapter 5 Internal Control over Financial Reporting
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
EEC Internal Control Plan (ICP) FY2013. Direction from Secretary Malone Acting EEC Commissioner Thomas Weber shall initiate a top-to-bottom review of.
Agency Risk Management & Internal Control Standards (ARMICS)
IRS Enterprise Risk Management (ERM)
Risk Management For the Board of The Law Society 16 February 2005.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
© 2003 DelCreo, Inc. All rights reserved. | U.S. Toll-free 866.DELCREO | International 001/ |
ABGR XI International Risk management and Insurance Seminar “Introduction to Risk Management” ALARYS Latin American Risk Management Foundation (FUNDALARYS)
Indiana Regional Sewer District Association October 26, 2015.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Copyright: Internal Auditing: Assurance and Advisory Services, by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte.
Enterprise Risk Management Dr. Doug Webster, CGFM, PMP Financial Management in Challenging Times May 13, 2009.
Kathy Corbiere Service Delivery and Performance Commission
CAS Spring Meeting June 2007 Introduction to ERM …The Measurements, Quadrants, Tools, and Solutions Prof. Mark C. Vonnahme Fox Family Clinical Professor.
Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.
1 COSO ERM Framework Update Our Next Challenge and Opportunity September 2015.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
USDA 2016 Financial Management Training Transforming Shared Services
Introduction to Enterprise Risk Management (“ERM”)
#127 – Risk Management Basics Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
JMFIP Financial Management Conference
COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,
Internal Audit & Enterprise Risk Management
A Framework for Control
COSO Internal Control s Framework
Enterprise Risk Management (ERM) at Clayton State University
By Jeff Burklo, Director
Internal Controls Policies and Procedures
Presentation transcript:

1 Introduction to Enterprise Risk Management Liz Ryan On Detail to NOAA OCFO Risk Office

2 OCFO Organization Chart

3 What is Enterprise Risk Management (ERM)? A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. Committee of Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Management – Integrated Framework, 2004.

4 Enterprise Risk Management (ERM) Why do organizations use Enterprise Risk Management (ERM)? A key purpose of implementing the ERM process is for executives to be aware of risks sooner To increase the likelihood of success in achieving the organization’s mission and objectives.

5 Why are federal organizations implementing Enterprise Risk Management (ERM)? OMB Circular A-123 revision (expected in coming months) OMB Circular A-11 (expected Spring 2016) DOC Risk Office ERM in Federal Government “I cannot overstate how important it is that you institutionalize risk management in your day-to-day operations.” “To be effective, organization-wide risk management programs – cybersecurity and otherwise –require the strong commitment, direct involvement, and ongoing support of senior leadership.” – Deputy Secretary Bruce Andrews October 28, 2015 Mid-Atlantic Cybersecurity Conference

6 Basic Risk Terminology Risk: An uncertainty of attaining a goal, objective, or requirement. Enterprise Risks affect multiple projects, systems or offices across the organization. Risk response strategies include mitigate, accept, avoid, or transfer. Mitigation steps are taken to decrease the probability and/or impact of the risk. Issue: An event that affects a project, system or office that has already happened and requires attention, action, and/or resources to resolve. Enterprise Issues affect multiple projects, systems or offices across the organization. Mitigation steps should minimize the impact of the issue. Risk Terminology

7 Project versus Enterprise Risk Management Project Risk Management Enterprise Risk Management Objectives addressed Time, cost, scope and quality of project Enterprise objectives such as service to the public, credibility, reliability, reputation for excellence Stakeholders considered Mostly management who have determined the project Congress, Department, Administration, Public groups, other agencies, International Scope of concern Project centered, interaction with other programs and operations Entire agency - investments - procurements - operations - financial management - ethics – political climate. Methods Risk management planning - risk identification - qualitative and quantitative analysis - response determination / execution - monitoring Objectives definition - risk identification - prioritization - implementation of systems - monitoring effectiveness - advance risk management maturity Time scope considered Now until the end of the projectCurrent => long-term for the next generations Outlook Focused on the project and its specific objectives - do not get sidetracked Must be able to react to events while keeping a long-term perspective Top Management Model risk awareness - show the importance of risk management - take leadership roles personally - make the atmosphere positive for open discussion about risk Employees, management Employees need to be aware of risk - involved with the risk management processes - communicate risk clearly up and down the organization NOAA

8 Enterprise Risk Management at NOAA OMB Framework From OMB Circular A-123 Draft

10 OMB – ERM Process Model

11 UK Treasury Orange Book – Risk Management Model

12 CEB – ERM Process Model

14 ERM at Other Agencies

15 Started in 2008 with 2 FTE to standardize project management across the organization. Function grew to include portfolio management, standard business process models, then standard risk management, and now innovation as well. Office now includes those 5 integrated components within the Office of Risk Management and Program Evaluation, with 17 FTE. Of those staff, 5 FTE work full time on risk management standardization, facilitation, and communication. Working groups at a number of levels addressing risks to their areas that cross the organization. They have uniform project, program, portfolio, and enterprise risk reporting. Software captures information and provides executives with live data on status of enterprise and portfolio risks. Census

16 Census – Benefits of ERM Benefits: -Accountability -Transparency -Improved cross organizational communication -Reduces duplication of efforts -Supports compliance with federal laws, regulations, and policies -Alerts executives of strategic and operational risks from the bottom up -Improves internal controls -Reliable basis for planning and decision-making Census has both Top-Down and Bottom-Up integration in their risk management process. Across the organization they have a common risk language, standard project management skills and processes, and live reports on risk rolled up to the Enterprise level.

17 Census – Software – View of Risks Standardized project management software includes a risk management module that has been customized for Census. The risk management module enables multiple levels of Risk Registers, and supporting tools with details on the management plan, mitigation/contingency plan, risk impact, and elevation criteria.

18 In 2013, NIST hired a permanent Enterprise Risk Management Officer. Currently has 4 FTE for the office. Executive group established the NIST ERM Council to guide implementation and priorities for the NIST ERM Program. An interdisciplinary ERM Working Group was established to develop foundational elements of the program, e.g. common risk categories and a standard risk scoring framework for bureau level application. NIST has grouped enterprise risks into two major categories – Strategic and Operational. Enterprise Risk Office has conducted three pilots over the past 3 years to gain lessons learned and success stories on application of ERM. Addressed risk appetite via senior management survey and dialogue. NIST

20 Agencies/Bureaus with similar mission/function areas to NOAA: U.S. Coast Guard (USCG) - Strategic Risk tracking National Institutes of Health (NIH) - Scientific culture Bureau of Safety and Environmental Enforcement (BSEE) - Engineering and enforcement culture Outside of Commerce

21 Risk Process Maturity Level

22 Corporate Executive Board (CEB): Evolution of ERM

23 The Committee of Sponsoring Organizations of the Treadway Commission (COSO) International Organization for Standardization (ISO) – Risk Management GAO Standards for Internal Control in the Federal Government “The Green Book” The Association for Federal Enterprise Risk Management (AFERM) The U.K. Treasury Orange Book: Management of Risk - Principles and Concepts The Risk and Insurance Management Society, Inc. (RIMS) The Institute of Internal Auditors (IIA) The Corporate Executive Board (CEB) “Enterprise Risk Management: A Guide for Government Professionals” by Dr. Karen Hardy Resources on Enterprise Risk Management

24 Summary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.