Presentation is loading. Please wait.

Presentation is loading. Please wait.

ERM and Information Risks July 2013 Advisory. 1 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent.

Published byKaren Casey Modified over 8 years ago

Similar presentations

Presentation on theme: "ERM and Information Risks July 2013 Advisory. 1 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent."— Presentation transcript:

1 ERM and Information Risks July 2013 Advisory

2 1 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Agenda  Introduction  ISACA’s Risk IT Management Framework  Information Quality Risk Management in Basel II  Managing IT Risk with the Balanced Scorecard  Questions

3 Introduction

4 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. 3 ABCD Purpose An Enterprise Risk Management (ERM) system essentially comprises of a governance component and a risk management process The relevance of information systems risks stem from firstly the quality of information the ERM system itself relies on, and secondly as component of the enterprise-wide business risks in focus The purpose of this presentation is to highlight these dimensions of information systems risks in ERM frameworks notably ISACA’s Risk IT, Basel II and the Balanced Scorecard

5 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. 4 ABCD What is Enterprise Risk Management (ERM) “… a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” - COSO ERM Framework

6 5 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Characteristics of an ERM System Has a primary objective to prioritize and manage risk across the enterprise Establishes ownership for riskHas an oversight over ownership for risk Seeks assurance over the enterprise risk management processes

7 6 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. ERM Benefits

8 ISACA’s Risk IT Management Framework

9 8 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. The Underlying Principle Risk IT framework is based on the principles of Enterprise Risk Management (ERM) standards/frameworks such as COSO ERM and AS/NZS 4360

10 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. 9 ABCD System Risks as Part of Business Risk ISACA’s Risk IT Framework defines IT Risk as “the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise”

11 10 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. IT Risks in Enterprise Risk Management

12 11 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. The Risk IT Framework

13 Information Quality Risk Management in Basel II

14 13 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Objecives Introduce a risk sensitive framework to robustly quantify the bank’s risk profile Introduce incentives for banks to adopt improved risk management practices Refine regulatory capital chargesAlign regulatory capital with economic capital Maintain absolute levels of capital in the banking system while recognising the relative levels of risk across institutions

15 14 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Overview of the Basel II Accord Cont’d PILLAR I Minimum Capital Requirements PILLAR II Supervisory Review PILLAR III Market Disclosure MethodologyMeasurementCapital Adequacy Ratio Standardised Foundation Internal Ratings Advanced Internal Ratings Standardised Advanced Measurement Approaches Basic Indicator Standardised Internal Models Min. Capital for Credit Risk Min. Capital for Operational Risk Min. Capital for Market Risk MINIMUM CAPITAL REQUIREMENTS Total Reg. Capital less deductions = Capital Ratio (min 8%) Min. Capital Requirements x 12.5 + + = Risk Mgmt & Reporting Capital Mgmt Product Pricing Strategic Planning Performance Measures Credit Risk Banking book’s Interest rate risk Operational Risk Market Risk Corporate structure & organisation Board of Directors role Public disclosure & transparency Use TestStress TestInternal Governance DISCLOSURE TO STAKEHOLDERS ++ REGULATOR CAPITAL ADD-ON = Other material risks Liquidity Risk Internal control Capital assessment (ICAAP)

16 15 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Enterprise Risk Management in Basel II

17 16 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Information Risks to the ERM Process of Basel II Pillar I Trustworthiness of risk information used in calculating Capital Requirement Pillar II Poor information for Risk Governance Pillar II Accuracy of Risk reports to External Stake holders

18 17 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Approach to Achieving Information Quality

19 Managing IT Risk with the Balanced Scorecard -

20 19 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Overview ●The Balanced Scorecard (BSC) was first introduced in 1992 by David Norton and Robert Kaplan via an article in the Harvard Business Review ●The BSC is a management “system” that links strategic objectives to performance measures, targets, and initiatives. ●The BSC measures organizational performance from four perspectives: “Financial”, “Customers”, “Internal Business Process”, and “Learning and Growth”

21 20 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. The Traditional Balanced Scorecard

22 21 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Moving toward the IT Balanced Scorecard (IT BSC)

23 22 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Using the IT BSC to Manage Risk Across the Enterprise IT Risk Governance Focus The Corporate Contribution perspective evaluates IT risks from the viewpoint of executive management, the Board of Directors and the shareholders. The Customer Orientation perspective evaluates IT risks from the viewpoint of business users (our customers) and, by extension, the customers of the business units The Future Orientation perspective evaluates IT Risks from the viewpoint of the IT organization itself: process owners, practitioners and support professionals The Operational Excellence perspective evaluates IT Risks from the viewpoint of IT management (process owners and service delivery managers) and the audit and regulatory bodies Corporate ContributionFuture Orientation Customer OrientationOperational Excellence

24 23 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Extrapolate IT Risk Management from IT Governance IT Governance Goals IT Risk Management

25 24 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. Methodology for IT Risk Management Identify BSC Goals Map IT Objectives Identify Risks Assess Risks Finalize Risk Controls Implement Controls Review with Metrics

26 25 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International cooperative (“KPMG International”) a Swiss entity. All rights reserved. Printed in Ghana. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss entity. QUESTIONS?

27 Thank you Andy Akoto, Partner IT Advisory

28 © 2013 KPMG, a Partnership established under Ghanaian Law and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved The KPMG name, logo and ‘cutting through complexity’ are registered trademarks or trademarks of KPMG International Cooperative (KPMG International)

Download ppt "ERM and Information Risks July 2013 Advisory. 1 © KPMG, a partnership established under Ghanaian law and a member firm of the KPMG network of independent."

Similar presentations

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
1 Austrian Workshop on Credit Risk Management Keynote Address Andreas Ittner Director Oesterreichische Nationalbank Vienna, 1 February, 2001.

1 Austrian Workshop on Credit Risk Management Keynote Address Andreas Ittner Director Oesterreichische Nationalbank Vienna, 1 February, 2001.
Presented by Avneesh kumar.  Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel.

Presented by Avneesh kumar.  Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel.
Allan Yu Feb 23, 2011 IFRS Financial Statements Presentation.

Allan Yu Feb 23, 2011 IFRS Financial Statements Presentation.
Views on TRAC and the UWE workload model 12 th December 2013.

Views on TRAC and the UWE workload model 12 th December 2013.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
0 © 2009 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms.

0 © 2009 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms.
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Monitoring Compliance with the Basel II Accord Charles H. Le Grand Reliability of Global Financial Infrastructures, Information, and Reporting Accountability.

Monitoring Compliance with the Basel II Accord Charles H. Le Grand Reliability of Global Financial Infrastructures, Information, and Reporting Accountability.
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
1 Lecture 6b: An Introduction The Basel I & Basel II.

1 Lecture 6b: An Introduction The Basel I & Basel II.
Presented by Muhamad Abrar Bahaman 1000400 W. Fatimatul Akmar Md. Hassan 1000407.

Presented by Muhamad Abrar Bahaman W. Fatimatul Akmar Md. Hassan
Basel III.

Basel III.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Public Private Partnerships: What’s in it for my Government? 14 July 2011 Malcolm Butterfield.

Public Private Partnerships: What’s in it for my Government? 14 July 2011 Malcolm Butterfield.
CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.

CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Linkage of Risk, Capital, and Financial Management CAS and SOA Spring 2008 Meeting – Joint Day of the SOA, CIA, CAS, and IAA June 18, 2008 ADVISORY.

Linkage of Risk, Capital, and Financial Management CAS and SOA Spring 2008 Meeting – Joint Day of the SOA, CIA, CAS, and IAA June 18, 2008 ADVISORY.
Balanced Scorecard as a Performance Management Tool

Balanced Scorecard as a Performance Management Tool
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Similar presentations

Ads by Google