Presentation is loading. Please wait.

Presentation is loading. Please wait.

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

Published byRoderick Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,"— Presentation transcript:

1 2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride, CIA

2 Agenda Definition of key terms Risk management principles & process Recent financial events Risk governance roles Key areas of focus in establishing audit objectives

3 Risk The possibility of an event occurring that will have an impact on the achievement of objectives. Measured in terms of likelihood and impact

4 Risk Management A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives

5 Why Manage Risk? Decrease the cost of financial distress Reduce earnings volatility Facilitate optimal investments Incorporate portfolio theory

6 Enterprise Risk Management The application of risk management principles to all significant risks facing an organization

7 Risk Governance Roles Board of Directors Management Internal Auditors

8 Financial Events Enron Washington Mutual Bank AIG MF Global Were these events: – risk management process failures, – implementation failures, or – both?

9 Where to Begin Failures? – Financial: Credit, Market, Liquidity – Operational – Strategic Review models, assumptions, derivatives, strategies, black swan? Top 4 objectives

10 1. Business Strategies and Risk Appetite Determine approval of risk appetite Determine understanding of business model

11 Audit Objectives –Risk Appetite 1.Risk appetite – the entity’s risk appetite defines acceptable and undesirable risks. 2.Parameters for risk 1.Strategic – new products or initiatives 2.Financial – max acceptable loss or performance variations 3.Operating – capacity management, quality targets, environmental requirements.

12 2. Internal Environment The Board of active and possesses an appropriate degree of expertise Chief Risk Officer communication Management risk council reporting to the Board Management’s risk appetite is aligned throughout the organization

13 Ethics Determine methods for ensuring the Code of Conduct is communicated and complied with across the organization Ensure results are properly communicated Determine whether executives comply with discretionary expenditures policies

14 Follow the Money Determine how management is rewarded for performance

15 3. Event identification Management identifies potential events Techniques are used to look at both the past and the future Event identification is robust Management understands how events relate to one another

16 4. Control Activities Management indentifies control activities need to ensure risk responses are carried out properly Policies are implemented consistently Conditions are investigated and appropriate corrective action taken General and application controls are implemented

17 Volume of Exceptions Determine the volume of policy or internal control exceptions Determine steps taken for corrective action

18 Conclusion Determining the control framework and management practices in these areas will help determine risk culture Risk culture is the primary indicator of an organization’s risk management oversight and its likelihood of continued long term success

Download ppt "2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,"

Similar presentations

Organizational Governance

Organizational Governance
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Manulife Financial Corporation operates as John Hancock in the United States, and Manulife in other parts of the world. Enterprise Risk Management in Life.

Manulife Financial Corporation operates as John Hancock in the United States, and Manulife in other parts of the world. Enterprise Risk Management in Life.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.

Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Presented by: G. Lawrence Buhl, CPA Retired Audit Partner at Ernst & Young 1 Risk Management & ERM: What Insurer Boards Need to Know.

Presented by: G. Lawrence Buhl, CPA Retired Audit Partner at Ernst & Young 1 Risk Management & ERM: What Insurer Boards Need to Know.

Similar presentations

Ads by Google