ERM for the Non-Risk Manager

Slides:



Advertisements
Similar presentations
The Department of Energy Enterprise Risk Management Model
Advertisements

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Internal Controls 101 and ARMICS
Internal Control–Integrated Framework
PROJECT RISK MANAGEMENT
Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012
God Love God Love God – Love Others – Love Yourself.
Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems
COBIT 5 and COSO 2013: Comparing the Frameworks
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
Internal Control.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Operational Auditing--Spring Operational Auditing Spring 2011 Professor Bill O’Brien.
Applying COSO’s Enterprise Risk Management — Integrated Framework
Risk Assessment Frameworks
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
A Safety Management System (SMS) is: “A systematic approach to managing safety, including the necessary organizational structures, accountabilities,
Information Systems Controls for System Reliability -Information Security-
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
PRM 702 Project Risk Management Lecture #28
Central Piedmont Community College Internal Audit.
The role of internal audit in enterprise-wide risk management (ERM)
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.
Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Stephen Vink Senior Vice President Group Risk Management and Internal Audit Lessons learned from ERM.
Building a Corporate Risk Culture Shane Troyer, CPA, CIA, CFE, CISSP Principal Operational Advisory Joost Houwen, CISA,
Section Topics Establish a framework for assessing risk
COSO: Current ERM Challenges and Our Responses RIMS 2012 Annual Conference April 17, 2012 by David Landsittel COSO Chairman.
Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.
Chapter 5 Internal Control over Financial Reporting
Enterprise Risk Management
The Chicken or the Egg: A study of Risk Management and Strategic Planning Presented by Raven Henderson Raven Lane, LLC.
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Internal Control in a Financial Statement Audit
Enterprise Risk Management & IT Compliance March 30, 2010 Presented by: Ken Rowe, Director Enterprise Systems Assurance & Chief Security Officer University.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Seven Habits of Highly Effective People by Stephen R. Covey 1.“Be proactive” 2.“Begin with the end in mind” 3.“Put first things first” 4.“Think win-win”
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
1 EMS Fundamentals An Introduction to the EMS Process Roadmap AASHTO EMS Workshop.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Enterprise Risk Management Dr. Doug Webster, CGFM, PMP Financial Management in Challenging Times May 13, 2009.
CAS Spring Meeting June 2007 Introduction to ERM …The Measurements, Quadrants, Tools, and Solutions Prof. Mark C. Vonnahme Fox Family Clinical Professor.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
1 Introduction to Enterprise Risk Management Liz Ryan On Detail to NOAA OCFO Risk Office.
Business Transformation Project December 18, 2015 Rachel Mercer, Project Director.
The Role of the CRO in ERM Networking Evening Colin Ledlie 12/05/08.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Company LOGO Chapter4 Internal control systems. Internal control  It is any action taken by management to enhance the likelihood that established objectives.
Enterprise Risk MANAGEMENT workshop by Hadeel NASSAr (Facilitator)
How can an Enterprise Risk Management (ERM), programme enable organizations achieve strategic objectives more effectively? Dr P S Sahota  
With current ethical challenges, is it safe to say Risk Management processes are responsive to an accountable government? CIGFARO- AUDIT &RISK INDABA.
COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,
HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE
Internal Audit & Enterprise Risk Management
COSO Internal Control s Framework
Edit Nemeth, Vice Chair of IACOP
Edit Nemeth, Vice Chair of IACOP
Presentation transcript:

ERM for the Non-Risk Manager Presented by: Lisanne Sison Director, ERM Bickmore

What is ERM? “Enterprise Risk Management (ERM) is “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” - Committee on Sponsoring Organizations Enterprise Risk Management Integrated Framework, 2004 Basically plan to start out the presentation with a comment along the lines of “If you ask 5 people how they define ERM or GRC, you are going to get 8 different answers.” I think this lack of clarity has driven the lack of adoption, and plan to make a point about this in the presentation.

What is ERM? “[ERM is] a structured, consistent and continuous process across the whole organization for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievement of it’s objectives.” - The IIA – UK and Ireland

What is ERM? ERM is an integrated systematic process of identifying major risk to achieving the specific goals and objectives of the organization. These risks should be analyzed by likelihood and impact and mitigated to an acceptable level of risk. - The IIA Research Foundation Contrasting GRC and ERM, Perceptions and Practices Among Internal Auditors, 2013

Einstein’s* explanation ERM is a process that helps manage diverse organizational risks and supports successful achievement of objectives This really isn’t Einstein’s explanation, but he would have liked the simplicity…

ERM Life Cycle Evaluate Performance Implement Confirm next steps Evaluate options Identify and prioritize risks Goal setting Culture Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

Information & Communication Start with Why… Simon Sinek’s Golden Circle http://www.youtube.com/watch?v=_I-_0cnj_xQ Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

Information & Communication Opportunity Cost Every decision can be weighed in terms of costs and benefits Decisions can have multiple options Compare both costs and benefits Only realize the benefits of one Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

Failure Mode Effect Analysis Review a process for what can go wrong Assess and prioritize Identification factor (Likelihood error will be caught) Lots of different types of risk assessment Probably the component that people are most familiar with The key for ERM is tying risks to objectives Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

Information & Communication Tippy Tap http://youtu.be/Qdpd3roZjYw This is an example of identifying a risk, identifying constraints / barriers, and developing a solution that works Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

Information & Communication ADKAR Information and Communication is the Change Management component of the ERM Framework Information drives behavior you want Communication helps correct course if something isn’t going as planned Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

Information & Communication Plan Do Check Act Based on the scientific method, which was developed in 1620! Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

Six Sigma (cont’d) A clear focus on achieving measurable and quantifiable financial returns Increased emphasis on strong and passionate management leadership and support Clear commitment to making decisions informed by data, rather than assumptions Developed by Motorola in 1986

Six Sigma

1989!!! Covey’s 7 habits Sharpen the saw Synergize Put first things first Think win-win Seek first to understand, then be understood Begin with the end in mind Be Proactive 1989!!! Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring 1989!!!

Lean Problem: Overtime every day because people were coming in 30 min before their shift to re-organize their ambulance the way they like it Solution: Standardized ambulance set up Communication and training to enable the change

Case Studies Had a state of the art intrusion system in place, but they ignored the warnings/

Case Study – Raley’s Objective is to increase profit What is the most expensive type of produce? [Organic] Used to be in a back hallway, now it has prime real estate with nice lighting and showcasing, removing barriers to me buying the most expensive stuff

Non-Risk Manager ERM Checklist What are you trying to accomplish? What are the realities/barriers? What needs to be addressed immediately, soon, later, or never? What is the best, most efficient way to overcome this challenge? How do we prepare people to accept this change? How will we measure success? ©Lisanne Sison, Bickmore 2014