Lisanne Sison Director ERM Bickmore

Slides:

Advertisements

Similar presentations

Internal Control Integrated Framework

Advertisements

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Internal Control–Integrated Framework

IMFO Audit & Risk Indaba June 2012

Chapter 10 Accounting Information Systems and Internal Controls

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Control and Accounting Information Systems

Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

ERM for the Non-Risk Manager

Risk Assessment Frameworks

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Information Systems Controls for System Reliability -Information Security-

Opportunities & Implications for Turkish Organisations & Projects

The Government Finance Officers Association

Chicagoland IASA Spring Conference

COBIT® 5 for Risk Introduction

COMMON CHALLENGES AND SOLUTIONS IN ERM IMPLEMENTATION TO IMPROVE MUNICIPAL CLEAN ADMINISTRATION PROCESS. M.J. RAMAKGOLO (CCSA)

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Chapter 9: Introduction to Internal Control Systems

1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.

Chapter 3 Internal Controls.

IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253

Building a Corporate Risk Culture Shane Troyer, CPA, CIA, CFE, CISSP Principal Operational Advisory Joost Houwen, CISA,

COSO: Current ERM Challenges and Our Responses RIMS 2012 Annual Conference April 17, 2012 by David Landsittel COSO Chairman.

Chapter Three IT Risks and Controls.

Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.

Enterprise Risk Management

Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.

Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.

Internal Control in a Financial Statement Audit

IRS Enterprise Risk Management (ERM)

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Establishing Effective ERM of IT: Implementation and Operational Issues of the New ‘Risk IT Framework’ Robert.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

Chapter 9: Introduction to Internal Control Systems

A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

Copyright: Internal Auditing: Assurance and Advisory Services, by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte.

Risk Management Standards and Guidelines

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

1 COSO ERM Framework Update Our Next Challenge and Opportunity September 2015.

Dolly Dhamodiwala CEO, Business Beacon Management Consultants

RISK MANAGEMENT IN THE PUBLIC SECTOR CONVERGING MULTIPLE STAKEHOLDER’S EXPECTATIONS Organised by National Treasury Presented by WELEKAZI DUKUZA CEREBRO.

Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.

Company LOGO Chapter4 Internal control systems. Internal control  It is any action taken by management to enhance the likelihood that established objectives.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.

#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

USDA 2016 Financial Management Training Transforming Shared Services

#127 – Risk Management Basics Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

JMFIP Financial Management Conference

An Overview on Risk Management

With current ethical challenges, is it safe to say Risk Management processes are responsive to an accountable government? CIGFARO- AUDIT &RISK INDABA.

COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,

PEM PAL IA COP Internal Control Working Group COSO Principles

COSO Internal Control s Framework

Internal control - the IA perspective

Internal Controls Policies and Procedures

An overview of Internal Controls Structure & Mechanism

Presentation transcript:

Lisanne Sison Director ERM Bickmore

What is ERM? Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

What is ERM? Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

What is ERM? (cont’d) To help assist with the implementation of the ERM process, COSO developed the ERM Integrated Framework (2004), also known as the COSO Cube. This cube is an update to the initial COSO I framework developed in 1992:

What is ERM? (cont’d) These are the high level goals that are aligned with and support the institution’s mission.

What is ERM? (cont’d) Relate to the ongoing management process and daily activities of the organization.

What is ERM? (cont’d) Relates to the protection of the organization’s assets and quality of financial reporting.

What is ERM? (cont’d) Relates to the organization’s adherence to applicable laws and regulations.

What is ERM? (cont’d) The Internal Environment relates to the general culture, values and environment in which an organization or entity operates (e.g. – Tone at the top)

What is ERM? (cont’d) Objective Setting relates to the process management uses to set its strategic goals and objectives. Establishes the organization’s risk appetite and risk tolerance.

What is ERM? (cont’d) Event Identification is the process by which an organization identifies events that influence strategy and objectives, or could affect an organization’s ability to achieve its objectives.

What is ERM? (cont’d) Risk Assessment relates to the organization’s process of evaluating the impact and likelihood of events, and prioritizing related risks.

What is ERM? (cont’d) Risk Response relates to determining how management will respond to the risks an organization faces. Will they avoid the risk, share the risk, or mitigate the risk through updated practices and policies.

What is ERM? (cont’d) Control Activities represent policies and procedures that an institution implements to address the risks the organization chooses to accept.

What is ERM? (cont’d) Information and Communication relate to those practices that ensure that the right information is communicated at the right time to the right people.

What is ERM? (cont’d) Monitoring consists of ongoing evaluations to ensure controls are functioning as designed, and taking corrective action to enhance control activities if needed.

ERM Life Cycle Evaluate Performance Implement Confirm next steps Evaluate options Identify and prioritize risks Goal setting Culture Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

What is ERM? (cont’d) Each of these components are considered at multiple levels of the organization, rather than within a single function, unit, or department.

ERM… Provides a comprehensive and systematic approach to more proactive and holistic risk management Provides a common lexicon of risk terminology, and provides direction and guidance for implementing ERM Requires that organizations examine their complete portfolio of risks, consider how those risks interrelate, and that management develops an appropriate risk mitigation approach to address these risks in a manner that is consistent with the organization’s strategy and risk appetite

ERM is not… A silver bullet to prevent risks from occurring A methodology or a checklist of items that need to be completed that guarantee results The only way organizations can take a more proactive approach to managing risk

Other Frameworks CoCo – Stands for “Criteria of Control” and is a risk management tool developed by the Canadian Institute of Chartered Accountants to assist managers and internal auditors in designing, assessing, and reporting on control systems of an organization

Other Frameworks (cont’d) Cadbury Report – Published in 1992, this report sets out recommendations on the arrangement of company boards and accounting systems to mitigate corporate governance risks and failures. Recommendations focus primarily on practices related to transparency and accountability at the top levels of an organization, (e.g. – Board of Directors members) rather than in throughout organization as a whole.

Other Frameworks (cont’d) Australian and New Zealand Standard on Risk Management (AS/NZS 4360:2004, or ASNZS) – Considered by some to be the gold standard for all other risk management standards. The ASNZS is widely used internationally, and is desirable for its simplicity. (Where the original draft of the COSO ERM Model ran about 154 pages, the ASNZS is only 23 pages.)

Other Frameworks (cont’d) Below is a diagram of the ASNZS framework:

Other Frameworks (cont’d) ISO 31000:2009 – Developed by the International Organization for Standardization (ISO) and based off the AS/NZS, ISO 31000 provides principles and generic guidelines on risk management. Provides a universally recognized paradigm for practitioners and companies employing risk management processes across different industries, subject matters and regions. ISO 31000 is defined as “a process that provides confidence that planned objectives will be achieved within an acceptable degree of residual risk.”

ISO 31000 Framework Overview

Where’s the Value??? The biggest value in each of these frameworks lay in their promotion of continuous improvement, diligent management practices and ongoing monitoring.

Relevance (cont’d) Organizations are increasingly looking to expand their risk management functions to help reduce potential future losses through: Improved monitoring and reporting Better risk identification and response More risk-based decision making

Relevance (cont’d) Based on a recent survey conducted by Towers Watson, the table below illustrates motivating factors to improving various risk management activities in the near term

Relevance (cont’d) A survey conducted by RIMS and Marsh titled “Excellence in Risk Management VI (2009)”, lists the main barriers to adopting a more strategic approach to risk management as follows:

Questions?

Lisanne Sison Bickmore lsison@bickmore.net (916) 244-1119