Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Risk Management Dr. Doug Webster, CGFM, PMP Financial Management in Challenging Times May 13, 2009.

Published byJulian Miles Modified over 9 years ago

Similar presentations

Presentation on theme: "Enterprise Risk Management Dr. Doug Webster, CGFM, PMP Financial Management in Challenging Times May 13, 2009."— Presentation transcript:

1 Enterprise Risk Management Dr. Doug Webster, CGFM, PMP Financial Management in Challenging Times May 13, 2009

2 Why Worry About Risk? One of the most commonly heard words in the news for more than a year has been: One of the most commonly heard words in the news for more than a year has been:Change Those in public service are the ones who have to deal with and implement this change. Those in public service are the ones who have to deal with and implement this change. But how will you plan for and react to change? But how will you plan for and react to change? A reluctance to change causes many to seek a “burning platform” A reluctance to change causes many to seek a “burning platform”

3

4 The change that you internally implement in response to external change can take different forms Urgency and Risk Options Proactive Change Reactive Change Reactive Change in Crisis Change Drives Risk

5 Managing Change = Managing Risk Managing an organization requires more than tradeoffs between costs and benefits Managing an organization requires more than tradeoffs between costs and benefits Risk must be considered, but traditional risk management has failed us Risk must be considered, but traditional risk management has failed us Risk management is: Risk management is: Often reactive and not strategically driven Often reactive and not strategically driven Typically conducted within functional silos Typically conducted within functional silos Inconsistently applied across the organization Inconsistently applied across the organization Enterprise level change requires enterprise level risk management that overcomes these shortcomings Enterprise level change requires enterprise level risk management that overcomes these shortcomings

6 So What is ERM? "…the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders.” "…the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders.” ~ Casualty Actuarial Society, Enterprise Risk Management Committee, 2003 Enterprise Risk Management Committee, 2003

7 Key Principles ERM seeks to optimize risk management across the enterprise and address the shortcomings of traditional risk management ERM seeks to optimize risk management across the enterprise and address the shortcomings of traditional risk management ERM is: ERM is: 1. strategically aligned 2. multi-functional/comprehensive 3. consistently applied across the enterprise

8 1) Strategically Driven Effective risk management: Effective risk management: 1. Responds to risks external to the organization that could impact strategic goals and objectives 2. Manages internal risks that could impede achievement of strategic goals and objectives Current risk management is not driven by the strategic planning process (which is often a compliance exercise) Current risk management is not driven by the strategic planning process (which is often a compliance exercise)

9 2) Comprehensive Missed risks due to lack of ownership (risk in the “white space”*) Missed risks due to lack of ownership (risk in the “white space”*) Ignorance of impact of risk management decisions outside of the silo Ignorance of impact of risk management decisions outside of the silo * Rummler, Geary A.; Alan P. Brache (1995). Improving Performance: How to Manage the White Space in the Organization Chart Functional Risk Areas Functional Area “Silos” Financial Reporting IT Capital Investment IT Security ??

10 3) Consistent Risk management must be consistently applied across the organization (consistent risk ROI) Risk management must be consistently applied across the organization (consistent risk ROI) Risks are balanced with rewards within an explicit risk tolerance Risks are balanced with rewards within an explicit risk tolerance Functional Risk Areas Functional & Thematic Area “Silos” Internal Controls COOPBudgetDemographicsEtc. Portfolio-based Risk assessment and management

11 Stages of Risk Management Analytical: Analytical: Analysis of specific risks Analysis of specific risks Integrational: Integrational: Evaluation of a risk portfolio Evaluation of a risk portfolio Decisional: Decisional: Integration of risk into business decision making Integration of risk into business decision making Financial IT Security Physical Security Programmatic Etc. Risk Portfolio Strategically Aligned Business Decisions Other Business Considerations (Rewards)

12 Risk Management Stakeholders “Risk management” personnel (actuaries, auditors, IT security specialists, etc.) “Risk management” personnel (actuaries, auditors, IT security specialists, etc.) Financial IT Security Physical Security Programmatic Etc. Risk Portfolio }

13 Risk Management Stakeholders Operational management Operational management } Financial IT Security Physical Security Programmatic Etc. Risk Portfolio Strategically Aligned Business Decisions Other Business Considerations (Rewards)

14 Risk Management Stakeholders Executive/strategic management Executive/strategic management Risk Portfolio Strategically Aligned Business Decisions Other Business Considerations (Rewards) }

15 Isn’t OMB A-123 Risk Management? Internal Control is an integral component of an organization’s management that provides reasonable assurance that the following objectives are being achieved: Effectiveness and efficiency of operations, Effectiveness and efficiency of operations, Reliability of financial reporting, and Reliability of financial reporting, and Compliance with applicable laws and regulations. Compliance with applicable laws and regulations. —GAO/AIMD-00-21.3.1, November 1999

16 ERM is much more than A-123 Difference #1 Difference #1 A-123 is focused on Internal Controls A-123 is focused on Internal Controls ERM focuses broadly on risk management (internal and external) across the enterprise ERM focuses broadly on risk management (internal and external) across the enterprise Difference #2 Difference #2 A-123 / Internal Control reviews look backwards A-123 / Internal Control reviews look backwards ERM looks forward into the future ERM looks forward into the future Difference #3 Difference #3 A-123 lacks two attributes found in current ERM Frameworks and practice: A-123 lacks two attributes found in current ERM Frameworks and practice: Comprehensive - covers ALL risks in an organization, not just internal controls Comprehensive - covers ALL risks in an organization, not just internal controls Consistent– evaluates functional risks on a common basis across the entire organization Consistent– evaluates functional risks on a common basis across the entire organization

17 Requirements for ERM Success Risk management is viewed as an inherent function of all management and decision making Risk management is viewed as an inherent function of all management and decision making Senior leadership establishes an explicit risk tolerance, and balances risk vs. reward in terms of strategic goals and objectives Senior leadership establishes an explicit risk tolerance, and balances risk vs. reward in terms of strategic goals and objectives Operational and executive management balances risk across functions comprehensively and consistently Operational and executive management balances risk across functions comprehensively and consistently Risk professionals are viewed as partners in managing risk, not the “owners” of risk Risk professionals are viewed as partners in managing risk, not the “owners” of risk ERM Requires More than Risk Management…it Requires Organizational Change Management ERM Requires More than Risk Management…it Requires Organizational Change Management Learn and dialog: www.federalerm.com Learn and dialog: www.federalerm.com

Download ppt "Enterprise Risk Management Dr. Doug Webster, CGFM, PMP Financial Management in Challenging Times May 13, 2009."

Similar presentations

Organizational Governance

Organizational Governance
Auditing Governance Functions

Auditing Governance Functions
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
The “New” New Normal: Global Mobility as a Strategic Advisor.

The “New” New Normal: Global Mobility as a Strategic Advisor.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Certified Business Process Professional (CBPP®) Study Session Part 4 Sept. 15, 2010.

Certified Business Process Professional (CBPP®) Study Session Part 4 Sept. 15, 2010.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Enterprise Risk Management Its Meaning and Import Jerry A. Miccolis, FCAS, MAAA Tillinghast - Towers Perrin.

Enterprise Risk Management Its Meaning and Import Jerry A. Miccolis, FCAS, MAAA Tillinghast - Towers Perrin.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.

MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
® © 2005, CARE USA. All rights reserved. A System for Measuring Impact Organizational Performance and Learning November 2, 2010.

® © 2005, CARE USA. All rights reserved. A System for Measuring Impact Organizational Performance and Learning November 2, 2010.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Enterprise Risk Management in DHHS

Enterprise Risk Management in DHHS
ERM for the Non-Risk Manager

ERM for the Non-Risk Manager

Similar presentations

Ads by Google