1 The Integration of Governance, Risk Management, Compliance and Culture to facilitate the achievement of goals and objectives. Enterprise Risk Management.

Slides:

Advertisements

Similar presentations

COSO I COSO II. Meycor COSO, a Comprehensive Solution for Enterprise Risk Management (ERM)

Advertisements

Organizational Governance

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Lisanne Sison Director ERM Bickmore

Chapter 10 Accounting Information Systems and Internal Controls

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Control and Accounting Information Systems

Control and Accounting Information Systems

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

It’s Time to Talk About Risk and Control

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci.

Integrity - Service - Innovation Enterprise Risk Management for the Federal Government – Where’s the Value? Donna Davis Defense Finance and Accounting.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.

Risk Identification Chapter 6.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

Applying COSO’s Enterprise Risk Management — Integrated Framework

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Risk Assessment Frameworks

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

PAINTING THE FULL PICTURE

Information Technology Audit

What is Business Analysis Planning & Monitoring?

The role of internal audit in enterprise-wide risk management (ERM)

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

COSO: Current ERM Challenges and Our Responses RIMS 2012 Annual Conference April 17, 2012 by David Landsittel COSO Chairman.

Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.

F INANCIAL S ERVICES Institute of International Bankers Enterprise Risk Management October 29, 2007.

GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.

IRS Enterprise Risk Management (ERM)

Risk Management For the Board of The Law Society 16 February 2005.

Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

Project Management By: Dr Madhu Fernando Project Risk Management

Software Project Management

Conducting Compliance Assessments and Building Internal Controls In Pharmaceutical R&D Third Annual Medical Research Summit – Session 2.01 Michael Swiatocha.

The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,

Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn.

Top 10 Global Impacts of SOX on Internal Auditing.

RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.

IT Controls Global Technology Auditing Guide 1.

Section Topics Risk and control terminology Risk elements

Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.

Purchasing Forum – May The integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together.

Governance for SMEs Nigeria

12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)

PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.

The Proactive Risk Assessment: Keeping it Fresh. PRESENTER John Snell, CIA John is a partner at Moss Adams and has performed internal audit, enterprise.

Dolly Dhamodiwala CEO, Business Beacon Management Consultants

Enterprise Risk Management in the Construction Industry

Stoimen Stoimenov QA Engineer SitefinityLeads,SitefinityTeam6 Telerik QA Academy Telerik QA Academy.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

JMFIP Financial Management Conference

An Overview on Risk Management

COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,

HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE

Enterprise Risk Management (ERM) at Clayton State University

COSO I COSO II. Meycor COSO, a Comprehensive Solution for Enterprise Risk Management (ERM)

Understanding the current Public Sector landscape from an risk management point of view Applying the ethical responsibility to the Triple Bottom-line:

Internal controls Project support overview.

Risk Analysis Objectives Discuss the importance of Risk Analysis

Presentation transcript:

1 The Integration of Governance, Risk Management, Compliance and Culture to facilitate the achievement of goals and objectives. Enterprise Risk Management Presented By David B. Crawford, CIA, CCSA Justina Crawford, MA, BME

2 ERM is Management 101 Plan Organize Direct Control Goals & Objectives Risk Assessment Communication & Information Control Activities Monitoring

3 Why Implement ERM? Quick response to new State Government requirements US Sentencing Guidelines for Organizations (Compliance) Sarbanes Oxley Act of 2002 (Financial Reporting) Transparency and Accountability (Operations and Strategic)

4 Benefits of ERM Align organization priorities from top to bottom for managing risks Quickly identify emerging risks and problem areas before they escalate and cause serious harm or produce negative surprises Respond to expectations of regulators, stakeholders, and others Make risk and controls understandable Focus efforts on important issues and concerns

5 ERM will CHANGE your Organizational Culture Ownership of risk and controls Questioning before acting Two-way communication Bad as well as good news Rapid response to changes Rapid response to failures in risk management

6 Primary ERM Process Activities Know the boundaries and obstacles that will have a critical effect on the achievement of objectives Optimize the set of strategies to minimize the effect of boundary violations and obstacle occurrences Perform on-going assessments of the design and application of mitigation strategies

7 Assurance Continuum ERM Model Standard risk assessment methodology Common risk language Standard tools and techniques Standard outputs

8 Risk Self Assessment Techniques Facilitated Workshop Management Directed External Facilitator Directed Interviews Questionnaires

9 Common Risk Language Examples Business risk Impact Probability/likelihood Monitoring plan On-going assurance Periodic assurance Goals and objectives Level 1 Controls Level 2 Controls Level 3 Controls Level 4 Controls Process Mitigation strategy Assurance Continuum Certification Self-assessment workshop Control footprint Risk Footprint

10 Standard Tools and Techniques Texas Instrument ’ s Brainstorming Excel Workbook (powered by Visual Basic Macros) Standard Outputs Risk Footprint Control Footprint The Levels of Control in COSO Monitoring Footprint

11 Know the Boundaries and Obstacles (Risk Assessment) Know the desired objectives Inventory activities performed to achieve objectives Inventory risks (boundary and obstacle) associated with each activity Value each risk as to impact on achievement of objectives and probability of occurrence without mitigation strategies Produce a risk footprint

12 Risk Footprint

13 Optimize the Portfolio of Mitigation Strategies (Control Optimization) Inventory mitigation strategies used to manage each activity row on the risk footprint Assign appropriate Level of Control to each mitigation strategy Assign inventoried strategies to identified risks Identify under-controlled and over-controlled risks Identify excess or unproductive mitigation strategies Optimize the mitigation strategy portfolio

14 Assurance Continuum Levels of Control in COSO Collaborative Assurance (Governance and Management Control Processes) Periodic Assurance (Governance Control Processes) I On-going Assurance I (Management Control Processes) Level 4 Controls (Internal Audit) Level 4 Controls ( Internal Audit) Level 3 Controls (Oversight) Level 2 Controls ( Supervisory ) Level 1 Controls (Execution ) Pre-operations design review of on-going assurance During execution of event or transaction Immediately after execution of event or transaction Soon after execution of event or transaction Post-operations audit of execution of on- going assurance I I

15 Control Footprint

16 Perform On-going Assessments Determine the mitigation strategies that provide the most assurance that critical risks are being managed Develop a monitoring plan for assessment of the proper application of planned mitigation strategies Perform continuous monitoring using the plan to ensure acceptable performance and desired results

17 Monitoring Footprint

18 Resources Effective Compliance Systems: A Practical Guide for Educational Institutions [Crawford,et al]

19 Risk Ranking Characteristics Impact: Effect on achievement of goals & objectives [H]High - “showstopper” [M] Medium -inefficient and extra work [L]Low-no effect Probability: Likelihood of the risk happening [H] High -will happen frequently [M] Medium -will happen infrequently [L] Low -will seldom happen

20 How to Value Impact Develop a list of consequences to the organization if a risk were to become a reality (Every organization has a finite number of potential consequences) Value the effect on the organization for each consequence (high, medium, or low) The Impact value of an identified risk is the value of its highest potential consequence

21 Example: Impact Valuation Activity: Own an Automobile Consequence with Value to Owner Loss of asset Medium Death/Major InjuryHigh Minor InjuryLow Criminal penaltyHigh Risk with associated consequence & value Fender BenderMinor InjuryL DWICriminal penalty or D/IH No PMLoss of assetM