Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Integration of Governance, Risk Management, Compliance and Culture to facilitate the achievement of goals and objectives. Enterprise Risk Management.

Published byMervyn Skinner Modified over 9 years ago

Similar presentations

Presentation on theme: "1 The Integration of Governance, Risk Management, Compliance and Culture to facilitate the achievement of goals and objectives. Enterprise Risk Management."— Presentation transcript:

1 1 The Integration of Governance, Risk Management, Compliance and Culture to facilitate the achievement of goals and objectives. Enterprise Risk Management Presented By David B. Crawford, CIA, CCSA Justina Crawford, MA, BME JDEnterprisescrawfordjd@earthlink.net

2 2 ERM is Management 101 Plan Organize Direct Control Goals & Objectives Risk Assessment Communication & Information Control Activities Monitoring

3 3 Why Implement ERM? Quick response to new State Government requirements US Sentencing Guidelines for Organizations (Compliance) Sarbanes Oxley Act of 2002 (Financial Reporting) Transparency and Accountability (Operations and Strategic)

4 4 Benefits of ERM Align organization priorities from top to bottom for managing risks Quickly identify emerging risks and problem areas before they escalate and cause serious harm or produce negative surprises Respond to expectations of regulators, stakeholders, and others Make risk and controls understandable Focus efforts on important issues and concerns

5 5 ERM will CHANGE your Organizational Culture Ownership of risk and controls Questioning before acting Two-way communication Bad as well as good news Rapid response to changes Rapid response to failures in risk management

6 6 Primary ERM Process Activities Know the boundaries and obstacles that will have a critical effect on the achievement of objectives Optimize the set of strategies to minimize the effect of boundary violations and obstacle occurrences Perform on-going assessments of the design and application of mitigation strategies

7 7 Assurance Continuum ERM Model Standard risk assessment methodology Common risk language Standard tools and techniques Standard outputs

8 8 Risk Self Assessment Techniques Facilitated Workshop Management Directed External Facilitator Directed Interviews Questionnaires

9 9 Common Risk Language Examples Business risk Impact Probability/likelihood Monitoring plan On-going assurance Periodic assurance Goals and objectives Level 1 Controls Level 2 Controls Level 3 Controls Level 4 Controls Process Mitigation strategy Assurance Continuum Certification Self-assessment workshop Control footprint Risk Footprint

10 10 Standard Tools and Techniques Texas Instrument ’ s Brainstorming Excel Workbook (powered by Visual Basic Macros) Standard Outputs Risk Footprint Control Footprint The Levels of Control in COSO Monitoring Footprint

11 11 Know the Boundaries and Obstacles (Risk Assessment) Know the desired objectives Inventory activities performed to achieve objectives Inventory risks (boundary and obstacle) associated with each activity Value each risk as to impact on achievement of objectives and probability of occurrence without mitigation strategies Produce a risk footprint

12 12 Risk Footprint

13 13 Optimize the Portfolio of Mitigation Strategies (Control Optimization) Inventory mitigation strategies used to manage each activity row on the risk footprint Assign appropriate Level of Control to each mitigation strategy Assign inventoried strategies to identified risks Identify under-controlled and over-controlled risks Identify excess or unproductive mitigation strategies Optimize the mitigation strategy portfolio

14 14 Assurance Continuum Levels of Control in COSO Collaborative Assurance (Governance and Management Control Processes) Periodic Assurance (Governance Control Processes) I------------ On-going Assurance ------------I (Management Control Processes) Level 4 Controls (Internal Audit) Level 4 Controls ( Internal Audit) Level 3 Controls (Oversight) Level 2 Controls ( Supervisory ) Level 1 Controls (Execution ) Pre-operations design review of on-going assurance During execution of event or transaction Immediately after execution of event or transaction Soon after execution of event or transaction Post-operations audit of execution of on- going assurance I----------I

15 15 Control Footprint

16 16 Perform On-going Assessments Determine the mitigation strategies that provide the most assurance that critical risks are being managed Develop a monitoring plan for assessment of the proper application of planned mitigation strategies Perform continuous monitoring using the plan to ensure acceptable performance and desired results

17 17 Monitoring Footprint

18 18 Resources Effective Compliance Systems: A Practical Guide for Educational Institutions [Crawford,et al] www.theiia.org www.COSO.org Email: crawfordjd@earthlink.net www.csa-pdk.com

19 19 Risk Ranking Characteristics Impact: Effect on achievement of goals & objectives [H]High - “showstopper” [M] Medium -inefficient and extra work [L]Low-no effect Probability: Likelihood of the risk happening [H] High -will happen frequently [M] Medium -will happen infrequently [L] Low -will seldom happen

20 20 How to Value Impact Develop a list of consequences to the organization if a risk were to become a reality (Every organization has a finite number of potential consequences) Value the effect on the organization for each consequence (high, medium, or low) The Impact value of an identified risk is the value of its highest potential consequence

21 21 Example: Impact Valuation Activity: Own an Automobile Consequence with Value to Owner Loss of asset Medium Death/Major InjuryHigh Minor InjuryLow Criminal penaltyHigh Risk with associated consequence & value Fender BenderMinor InjuryL DWICriminal penalty or D/IH No PMLoss of assetM

Download ppt "1 The Integration of Governance, Risk Management, Compliance and Culture to facilitate the achievement of goals and objectives. Enterprise Risk Management."

Similar presentations

COSO I COSO II. Meycor COSO, a Comprehensive Solution for Enterprise Risk Management (ERM)

COSO I COSO II. Meycor COSO, a Comprehensive Solution for Enterprise Risk Management (ERM)
Organizational Governance

Organizational Governance
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci.

Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci.
Integrity - Service - Innovation Enterprise Risk Management for the Federal Government – Where’s the Value? Donna Davis Defense Finance and Accounting.

Integrity - Service - Innovation Enterprise Risk Management for the Federal Government – Where’s the Value? Donna Davis Defense Finance and Accounting.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
Risk Identification Chapter 6.

Risk Identification Chapter 6.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Similar presentations

Ads by Google