Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pillars of Internal Controls Part 1

Published byХарис Ђуричић Modified over 6 years ago

Similar presentations

Presentation on theme: "Pillars of Internal Controls Part 1"— Presentation transcript:

1 Pillars of Internal Controls Part 1
Harold G. Sherrill Sr. Internal Controls Analyst Risk Assessment and Mitigation Western Electricity Coordinating Council

2 Common Enterprise Risk Management (ERM) Objectives
BUSINESS OBJECTIVES GOVERNANCE OBJECTIVES Market share growth Client satisfaction Volume Cost containment Quality Innovation and technology Profitability Information Reliability (i.e. accounting) Legal Social Responsibility Reliability and Security Western Electricity Coordinating Council

3 Alignment of Program Objectives
Common ERM Objectives Top-Down approach Risk-Based Internal Controls Objectives Bottom-Up Approach Western Electricity Coordinating Council

4 What You Will Learn Today
Part 1 Pillar 1 Risk Assessment Pillar 2 Design and Implementation Exercise: Change Management Risk Assessment Part 2 Pillar 3 Controls Monitoring Pillar 4 Controls Evaluation Panel: Controls Monitoring and Evaluation Western Electricity Coordinating Council

5 Pillar 1 – Risk Assessment
Review activities and process in operation Identify all practices Document entity practices for use in the Risk Assessment process Risk Assessment Western Electricity Coordinating Council

6 Pillar 1 – Risk Assessment
Identify potential failure scenarios of practices that prevent you from achieving objective Potential Failures Points Potential Causes of Failure Points risk targets Align/Map practices to risk address gaps Risk Assessment Western Electricity Coordinating Council

7 Risk Assessment Example
Insurance Scenario Western Electricity Coordinating Council

8 Risk Assessment Example
How do I get a lower rate? Safety is a key factor Research risk associated Western Electricity Coordinating Council

9 Risk Assessment Example
Enterprise Risk Objective Cost containment via reduced risks evaluation outcome. Risk-based determination of insurance cost Risk Assessment Objective Identify risk elements that may result in failure to achieve a favorable risk evaluation Internal Control Objective Achieve a favorable risk evaluation outcome based on designed and implemented controls Western Electricity Coordinating Council

10 Risk Assessment Example
Potential Failure Poor driver experience or education Inability to stop Inability to detect hazards Potential Cause of Failure Failure to have education on safe driving practices to avoid collision Failure to have ability to stop to avoid collision Failure to have ability to rapidly detect hazards to avoid collision Potential Effects of Failure Ineffective skills to prevent collision collision due to inability to stop collision due to inability to rapidly detect hazards Controls We will see these later in the presentation Western Electricity Coordinating Council

11 The Essence of a Control
…activities and/or process in operation that mitigate an identified risk. Western Electricity Coordinating Council

12 Design and Implementation
Pillar 2 – Design Level of coverage relevant to address specific business and governance needs such as: Training, Change Management, Compliance, etc. Controls are capable of mitigating the intended risk targets Reliability and Security Design and Implementation Western Electricity Coordinating Council

13 Design and Implementation
Pillar 2 – Design Control narratives adequately describe the 5Ws + how What is being performed Why is it being performed When is it being performed Who is performing the what How is who performing the what Where is who performing the what Design and Implementation Western Electricity Coordinating Council

14 Pillar 2 – Implementation
Controls will operate to: Mitigate risk targets within the enterprise Address all identified requirement-level risk targets Design and Implementation Western Electricity Coordinating Council

15 Risk and CONTROL Assessment Example
Potential Failure Poor driver experience or education Inability to stop Inability to detect hazards Potential Cause of Failure Failure to have education on safe driving practices to avoid collision Failure to have ability to stop to avoid collision Failure to have ability to rapidly detect hazards to avoid collision Potential Effects of Failure Ineffective skills to prevent collision collision due to inability to stop collision due to inability to rapidly detect hazards Controls Taken Safe Driving course Purchased Antilock Brakes Purchased Collision Detection Western Electricity Coordinating Council

16 Risk & Controls Assessment Change Management
20 minutes Risk & Controls Assessment Change Management Western Electricity Coordinating Council

17 SCENARIO Black Start Generating Facility - Going in Service 2022
WHAT CONTROLS ARE NEEDED TO ADDRESS CHANGE MANAGEMENT? NERC Compliance List of Business Units Impacted Physical Security Changes Cyber System Changes Documentation System Impact Studies Western Electricity Coordinating Council

18 POTENTIAL CAUSE OF FAILURE POTENTIAL EFFECTS OF FAILURE
POTENTIAL FAILURE POTENTIAL CAUSE OF FAILURE (failure points) POTENTIAL EFFECTS OF FAILURE CONTROLS Unmanaged change Failure to have a formalized change standards and procedures Changes performed without ability to detect, manage, or mitigate risk to enterprise Enterprise-wide change management policy, standards, and procedures Lack of knowledge about change standards and procedures Failure to provide training on change standards and procedures Changes performed without management of enterprise risk  Mandatory training on enterprise change management program via CBT during onboarding and with refreshers. Change execution without knowledge of impacts to systems Failure to develop entity specific impact assessment criteria Impact to mission critical systems during a change Enterprise-wide procedure on development and documentation of assets, systems, and functional architecture Change execution without awareness of business operational needs Failure to develop entity specific prioritization process Changes performed that did not align with enterprise business operations Enterprise-wide documentation of assets, systems, and functional architecture relationship to business operations Unauthorized change Failure to develop entity specific authorization process Changes performed that did not inform enterprise risk owners Enterprise-wide documentation of asset, system, and functional ownership Needs of the operation hindered by change process Failure to develop entity specific emergency change qualification criteria Inability to support real-time business needs due to lack of resiliency in change process Enterprise-wide documentation of criteria for Emergency Changes Uncoordinated change Failure to develop entity specific change status tracking Inability to see opportunity and risk in governance of change process Enterprise-wide change process methodology and workflow System owner/business owner unaware of changes or status of changes that may impact operations Failure to develop entity specific reporting process Inability to manage opportunity and risk in governance of change process Enterprise-wide change process workflow and reporting requirements Change process unmanageability Failure to develop entity specific closure criteria Incomplete changes and undocumented change performance metrics Policy requiring procedural or technical task to close records

19 Pillars of Internal Controls - Part 2
Harold G. Sherrill Sr. Internal Controls Analyst Risk Assessment and Mitigation (RAM) Western Electricity Coordinating Council

20 What You Will Learn Today
Part 2 Pillar 3 Controls Monitoring Pillar 4 Controls Evaluation Panel: Controls Monitoring and Evaluation Western Electricity Coordinating Council

21 Pillar 3 – Controls Monitoring
Monitoring of Internal Controls Ensure your controls are implemented as designed on a consistent basis. Frequency Scope Placement Controls Monitoring Western Electricity Coordinating Council

22 Pillar 4 – Controls Evaluation
Evaluation of Internal Controls Designed and implemented controls continue to meet overall objectives. Possible triggers for a controls evaluation Changes in operational responsibilities Changes impacting the entity such as; system events, compliance activities. Controls Evaluation Western Electricity Coordinating Council

23 Controls Monitoring and Evaluation
Panel Harold Sherrill, WECC Joe Carluccio, BPA Tina Kilgore-Goodwin, CAISO Lisa Milanes, CAISO Eric Olsen, SMUD Western Electricity Coordinating Council

24 Ultimate Reliability & Security Approach
Proactive risk posture instinctively aides in compliance excellence! Western Electricity Coordinating Council

25 Western Electricity Coordinating Council
Key Takeaway! “….A truly effective and efficient internal control structure requires taking a deliberate and fundamental approach to the design, execution, and monitoring of the controls, rather than just creating them to address perceived outcomes.” - Kevin Hickey, Keynote Speaker, Signature Bank NY Western Electricity Coordinating Council

Download ppt "Pillars of Internal Controls Part 1"

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Environmental Management System Bruce Barnard Terry Parish Teresa Woodley.

Environmental Management System Bruce Barnard Terry Parish Teresa Woodley.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
ISO General Awareness Training

ISO General Awareness Training
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects
Information Technology Audit

Information Technology Audit
Measure what matters – to build stronger financial performance and to achieve financial stability under OFR Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

Measure what matters – to build stronger financial performance and to achieve financial stability under OFR Peter Scott Peter Scott Consulting
An Overview of Environmental Management Systems (EMS)

An Overview of Environmental Management Systems (EMS)
Ship Recycling Facility Management System IMO Guideline A.962

Ship Recycling Facility Management System IMO Guideline A.962
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
Environmental Health and Safety (EH&S) Supplier Awareness Training ISR Systems Danbury, CT 2011.

Environmental Health and Safety (EH&S) Supplier Awareness Training ISR Systems Danbury, CT 2011.
Logistics and supply chain strategy planning

Logistics and supply chain strategy planning
Presented by: Meg Boyd The Blue Mountains Drinking Water System: DWQMS Overview.

Presented by: Meg Boyd The Blue Mountains Drinking Water System: DWQMS Overview.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the Preface to the Standards on Internal.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Similar presentations

Ads by Google