Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Risk Management Presentation to the Committee on Audit January 2006 THE TEXAS A&M UNIVERSITY SYSTEM.

Published byMitchell Henry Modified over 10 years ago

Similar presentations

Presentation on theme: "Enterprise Risk Management Presentation to the Committee on Audit January 2006 THE TEXAS A&M UNIVERSITY SYSTEM."— Presentation transcript:

1 Enterprise Risk Management Presentation to the Committee on Audit January 2006 THE TEXAS A&M UNIVERSITY SYSTEM

2 What Is ERM?

3 What is Enterprise Risk Management? (Institute of Internal Auditor’s Definition) A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.

4 What is Enterprise Risk Management? (Institute of Internal Auditor’s Definition) A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.

5 What is Enterprise Risk Management? (Institute of Internal Auditor’s Definition) A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.

6 What is Enterprise Risk Management? (Institute of Internal Auditor’s Definition) A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.

7 What is Enterprise Risk Management? (Institute of Internal Auditor’s Definition) A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.

8 Institute of Internal Auditors Key Objectives of the Risk Management Process Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.

9 Institute of Internal Auditors Key Objectives of the Risk Management Process Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.  Risks arising from business strategies and activities are identified and prioritized.

10 Institute of Internal Auditors Key Objectives of the Risk Management Process Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.  Risks arising from business strategies and activities are identified and prioritized.  Management and the board have determined the level of risks acceptable to the organization, including the acceptance of risks designed to accomplish the organization’s strategic plans.

11 Institute of Internal Auditors Key Objectives of the Risk Management Process Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.  Risks arising from business strategies and activities are identified and prioritized.  Management and the board have determined the level of risks acceptable to the organization, including the acceptance of risks designed to accomplish the organization’s strategic plans.  Risk mitigation activities are designed and implemented to reduce, or otherwise manage, risk at levels that were determined to be acceptable to management and the board.

12 Institute of Internal Auditors Key Objectives of the Risk Management Process Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.  Risks arising from business strategies and activities are identified and prioritized.  Management and the board have determined the level of risks acceptable to the organization, including the acceptance of risks designed to accomplish the organization’s strategic plans.  Risk mitigation activities are designed and implemented to reduce, or otherwise manage, risk at levels that were determined to be acceptable to management and the board.  Ongoing monitoring activities are conducted to periodically reassess risk and the effectiveness of controls to manage risk.

13 Institute of Internal Auditors Key Objectives of the Risk Management Process Institute of Internal Auditors Key Objectives of the Risk Management Process Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.  Risks arising from business strategies and activities are identified and prioritized.  Management and the board have determined the level of risks acceptable to the organization, including the acceptance of risks designed to accomplish the organization’s strategic plans.  Risk mitigation activities are designed and implemented to reduce, or otherwise manage, risk at levels that were determined to be acceptable to management and the board.  Ongoing monitoring activities are conducted to periodically reassess risk and the effectiveness of controls to manage risk.  Enterprise risk management deficiencies are reported upstream, with serious matters reported to top management and the board.

14 IIA’s Risk Management Process Identify and Prioritize Risks

15 IIA’s Risk Management Process Identify and Prioritize Risks Determine Level of Acceptable Risk

16 IIA’s Risk Management Process Identify and Prioritize Risks Determine Level of Acceptable Risk Develop Mitigation Activities

17 IIA’s Risk Management Process Identify and Prioritize Risks Determine Level of Acceptable Risk Develop Mitigation Activities Conduct Ongoing Monitoring

18 IIA’s Risk Management Process Identify and Prioritize Risks Determine Level of Acceptable Risk Develop Mitigation Activities Conduct Ongoing Monitoring Report Periodically on Risk Management Process

19 Today’s Organizations Approach Risk Management in Ways That Can Be Broadly Categorized into Five Levels  Level I organizations see little value in proactive risk management.  In Level II organizations, there is general awareness about risk management and some conceptual appreciation for its value in assuring that not all uncertainties become problems.  Level III organizations are aware of risk management and they have set up some mechanisms to monitor risks.  In Level IV, a broader risk management position is created to review “hot” spots, assist in risk assessment within the business units, and keep score.  Level V organization, the CEO believes that risk management should be imbedded in every part of the organization. Business units track their progress against action plans. Training programs are in place. Internal audit evaluates the program to assure that the process is in place and working effectively.

20 What is TAMUS SIAD Doing?  Formal Presentation to CFO’s – Fall of 2003  Initial Presentation to the Committee on Audit–December 2003  AD HOC Discussions with TAMUS Executives  Briefings with CEO’s – Fiscal Year 2004 and 2005  Preliminary Assessment of ERM Maturity Level – Fall 2004  Assessment of ERM Maturity Level – Fall 2005  Presentation to the Committee on Audit - January 2006

21 Level ILevel IILevel IIILevel IVLevel V System Member Little Value Placed on Risk Management General Awareness of the Value of Risk Management Some Risk Monitoring Mechanisms in Place Risk Management Officer Reviews "hot spots" and Assists in Risk Assessment with Organizational Units and Keeps Track of Risks Risk Management is Imbedded in Every Part of the Organization; Risk Manager, working with Senior Leadership, designs Risk Management Processes, Forms and Training; Organization Units Track Progress Against Action Plans PVAMU √ TSU √ TAMIU √ TAMU √ TAMUG √ TAMUC √ TAMUCC √ TAMUK √ TAMUT √ WTAMU √ HSC √ TAES √ TCE √ TFS √ TVMDL √ TEES √ TEEX √ TTI √ System Offices √

Download ppt "Enterprise Risk Management Presentation to the Committee on Audit January 2006 THE TEXAS A&M UNIVERSITY SYSTEM."

Similar presentations

Organizational Governance

Organizational Governance
Www.theiia.org The Institute & the Profession Personalize here with presenter name.

The Institute & the Profession Personalize here with presenter name.
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
The key steps in an annual cycle Produce the annual work programme Create an annual Internal Audit plan for approval by the Audit Committee, typically.

The key steps in an annual cycle Produce the annual work programme Create an annual Internal Audit plan for approval by the Audit Committee, typically.
Supervisory Committee Communications with Management and the Board

Supervisory Committee Communications with Management and the Board
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
The Role and Value of Internal Audit Association of Credit Union Internal Auditors September 26, 2012.

The Role and Value of Internal Audit Association of Credit Union Internal Auditors September 26, 2012.
System Office Performance Management

System Office Performance Management
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Audit Planning and Analytical Procedures Chapter 8.

Audit Planning and Analytical Procedures Chapter 8.
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Risk Assessment Frameworks

Risk Assessment Frameworks

Similar presentations

Ads by Google