Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Governance, Risk and Compliance Management Pharma Colloquium Princeton University June 6, 2005 

Published bySharlene Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "Enterprise Governance, Risk and Compliance Management Pharma Colloquium Princeton University June 6, 2005 "— Presentation transcript:

1 Enterprise Governance, Risk and Compliance Management Pharma Colloquium Princeton University June 6, 2005 

2 PricewaterhouseCoopers May 11, 2005 Page 1 Agenda PwC Global CEO Survey on Governance, Risk and Compliance Regulatory Expectations COSO Enterprise Risk Management Open Compliance and Ethics Guidelines

3 PricewaterhouseCoopers May 11, 2005 Page 2 PricewaterhouseCoopers 8th Annual Survey CEO Concerns on Governance, Risk Management & Compliance PricewaterhouseCoopers recently released the results of its 8th Annual Global CEO Survey. This year’s survey focuses on governance, risk management and compliance (“GRC”), areas of critical concern to business leaders in every industry. For this year’s report, more than 1,300 CEOs in a wide range of industries were asked to state their perceptions of GRC and to assess their progress, successes, and their failures.

4 PricewaterhouseCoopers May 11, 2005 Page 3 PricewaterhouseCoopers 8th Annual Survey CEO Concerns on Governance, Risk Management & Compliance HIGHLIGHTS OF THE CEO SURVEY Very few CEOs (7 percent) view GRC as related solely to laws and regulations, and a majority (54 percent) consider GRC to be an integrated set of concepts and practices. Yet, only 25 percent state that they are managing GRC effectively. -While a majority of CEOs are very confident that their organizations can respond to GRC matters related to domestic laws and regulations (68 percent) and to internal policies and procedures in domestic business units (57 percent), only 26 percent are very confident that their organizations can respond to similar matters related to foreign laws and regulations and only 24 percent to matters related to internal policies and procedures in foreign business units.

5 PricewaterhouseCoopers May 11, 2005 Page 4 PricewaterhouseCoopers 8th Annual Survey CEO Concerns on Governance, Risk Management & Compliance In high numbers, the CEOs credit GRC with having a major, positive effect on legal liabilities (64 percent) and on reputation and brand (56 percent). However, they perceive other benefits less clearly. While many CEOs say that they adequately address stakeholders' concerns that are based on clear-cut legal requirements, fewer feel the same level of comfort with other constituents, whose expectations are more ambiguous. Fifty-eight percent of the CEOs indicate that GRC expenditures are primarily an investment; 38 percent view them primarily as a cost. Only 17 percent of all CEOs state that they can very accurately measure GRC costs.

6 PricewaterhouseCoopers May 11, 2005 Page 5 PricewaterhouseCoopers 8th Annual Survey CEO Concerns on Governance, Risk Management & Compliance The 25 percent of CEOs who state that they are managing GRC effectively have an advantage over their peers in perceiving GRC benefits and in responding to stakeholders' GRC concerns. Advantages are also evident when business units feel ownership of GRC issues and when the organization and collection of GRC information are fully automated. The CEOs are optimistic about the future. Over 90 percent express confidence in their companies' prospects for revenue growth over the next 12 months. In response to low-cost competition, nearly 40 percent of the CEOs are engaging in offshoring or planning to do so. While these CEOs see the benefits of offshoring, they also perceive the risks.

7 PricewaterhouseCoopers May 11, 2005 Page 6 Regulatory Scrutiny and Expectations Regulators looking for an enterprise-wide approach. Regulators are focusing on conflicts of interest and business conduct. Regulators lack confidence in traditional governance, risk management and compliance practices. New standards have emerged to address expectation gap: -NYSE Corporate Governance Standards -COSO Enterprise Risk Management Framework and Application Techniques -US Sentencing Commission Guidelines on Effective Compliance and Ethics Programs -Open Compliance and Ethics Guidelines

8 PricewaterhouseCoopers May 11, 2005 Page 7 The COSO Enterprise Risk Management Framework and Application Techniques Were Released in September 2004 Genesis -Framework development launched in early 2001 -Over 10,000 hours of development time -Three month public exposure period, over 78 comment letters received and considered The Framework -A definition of risk and risk management -Concepts, categories, principles and common terminology -Key components of an effective risk management program -Direction for enhancing existing risk management -Criteria for determining the effectiveness of risk management Application Techniques -Examples of how principles can be applied Application Techniques Framework COSO ERM – Integrated Framework: Overview

9 PricewaterhouseCoopers May 11, 2005 Page 8 COSO ERM Proposes a Definition for Enterprise Risk Management Enterprise risk management: -Is a process -Is effected by the people -Is applied in strategy setting -Is applied across the enterprise -Is designed to identify events potentially affecting the entity and manage risk within its risk appetite -Provides reasonable assurance to the entity’s management and board -Is geared to the achievement of objectives COSO ERM – Integrated Framework: Overview

10 PricewaterhouseCoopers May 11, 2005 Page 9 The Enterprise Risk Management Framework Starts with objectives Applies to activities at all levels of the organization Has eight interrelated Components Events and risks Risk appetite and risk tolerance Portfolio view COSO ERM – Integrated Framework: Overview Foundational Aspects Key Concepts

11 PricewaterhouseCoopers May 11, 2005 Page 10 Key Concepts: Events and Risk An Event is an incident or occurrence that could affect the implementation of strategy or achievement of objectives. Distinguish risk and opportunity -Risk is the possibility that an event will occur and adversely affect the achievement of objectives. -Events that may have a positive impact represent natural offsets or opportunities. Risks are measured using the same unit of measure as the related objectives. Time horizons are specified and aligned with objectives. COSO ERM – Integrated Framework: Overview

12 PricewaterhouseCoopers May 11, 2005 Page 11 Key Concepts: Managing Risks Within Risk Appetite and Risk Tolerances Risk appetite is a high-level view of how much risk management and the board are willing to accept Management forms a risk appetite at the entity level Management establishes risk tolerances, which are the acceptable level of variation around objectives, and align with risk appetite COSO ERM – Integrated Framework: Overview

13 PricewaterhouseCoopers May 11, 2005 Page 12 Key Concept: Assigning Roles and Responsibilities Approach 2Approach 1Approach 3 Senior Management Identify, Assess, Respond Identify, Assess risks Resp ond Board Central Function (s) Central Function (s) Central Function (s) Senior Management Board

14 PricewaterhouseCoopers May 11, 2005 Page 13 The Open Compliance and Ethics Guidelines OCEG integrates effective practices associated with multiple disciplines into a framework of guidelines for managing compliance and ethics -Governance -Compliance / Legal Management -Ethics Management -Risk Management -Internal Audit -Human Capital Management -Change Management -Quality Management

15 PwC’s Point of View - Maximizing Value Through Strategic GRC Integration www.pwc.com/governance

16 PricewaterhouseCoopers May 11, 2005 Page 15 Integrate governance, risk management and compliance to drive value, effectiveness and efficiency

17 PricewaterhouseCoopers May 11, 2005 Page 16 Build on a foundation of Enterprise Risk Management and Internal Control

18 PricewaterhouseCoopers May 11, 2005 Page 17 Build a culture of compliance and ethics across silos

19 PricewaterhouseCoopers May 11, 2005 Page 18 Implement an operating model that integrates GRC over time and leverages both regulatory and quality best practices

20 PricewaterhouseCoopers May 11, 2005 Page 19 Strategically integrate Governance, Risk and Compliance Technology and Data Framework Use of an integrated analysis framework for risk and compliance technology allows company to collect essential information and assess the current technology environment across the company. This comprehensive set of requirements can then form the basis of your risk and compliance technology strategy. Security Management Web Portal (Dashboards/Reporting) E-MailOther Devices Data Repository Business Process Management Business Rules Engine Application Integration & Filtering Data Quality Key Perf./ Risk Indicators Provisioning/ Accountability Customer Data Management SurveyOther Modules Structured Data Company Specific GL Front Office Systems Back Office Systems Operational Databases External Data Other Databases Unstructured Data Company Specific Policies & Procedures Content/ Doc MgtOther III. Repository & Processing I. Sources II.Connectivity & Quality IV. Compliance Modules V. User Interaction

21 PricewaterhouseCoopers May 11, 2005 Page 20 Practical Considerations and Evaluation Principles Benchmark against leading practices (industry, COSO, FSG, OCEG) Use risk-based approach to assess and recommend depth of management, monitoring, auditing and reporting activities Develop risk-based monitoring and reporting framework: Periodically risk assess inventory of requirements based on likelihood and impact Apply graduated monitoring resources as risk of non-compliance increases (self assessment, compliance monitoring, internal audit, third-party review, etc) Involve board and senior management committees in reviewing and approving this framework and on an ongoing basis in reviewing and approving ongoing risk assessments and strategic allocation of monitoring resources based on framework principles Focus on regulatory expectations regarding independence and authority Assess and recommend structure, roles and responsibilities in a manner that leverages existing strengths and considers practical criteria, such as: –Where does the core competence and subject matter expertise reside? –Who is closest to the activity/ risk? –How to best ensure ownership, authority and independence?

22 PricewaterhouseCoopers May 11, 2005 Page 21 Carlo di Florio Director, Governance, Risk & Compliance Practice PricewaterhouseCoopers – New York 646-471-2275 An international lawyer by training, Carlo has worked globally helping leading companies assess, improve and sustain corporate governance, risk management, compliance and ethics leading practices Carlo Is widely published, serves on a number of standard setting bodies, and is a frequent speaker on the subject of corporate governance, risk management, compliance and ethics. Carlo served on the PwC team that authored the COSO Enterprise Risk Management Framework and Application Techniques, and serves on the Steering Committee of the Open Compliance and Ethics Guidelines.

23 PricewaterhouseCoopers May 11, 2005 Page 22 Appendices ERM

24 PricewaterhouseCoopers May 11, 2005 Page 23 Considerations in Applying the ERM Framework Enterprise Risk Management Vision – Develop a vision that sets out how enterprise risk management will be used going forward and how it will be integrated within the organization to achieve its objectives, including how the organization focuses its enterprise risk management efforts on aligning risk appetite and strategy, enhancing risk response decisions, identifying and managing cross-enterprise risks, seizing opportunities, and improving deployment of capital. Capability Development – The current state assessment and the enterprise risk management vision provide insights needed to determine the people, technology, and process capabilities already in place and functioning, as well as new capabilities that need to be developed. Considerations in Applying the Framework

25 PricewaterhouseCoopers May 11, 2005 Page 24 Considerations in Applying the ERM Framework (continued) Implementation Plan – The initial plan is updated and enhanced, adding depth and breadth to cover further assessment, design, and deployment. Change Management Development and Deployment – Actions are developed as needed to implement and sustain the enterprise risk management vision and desired capabilities – including deployment plans, training sessions, reward reinforcement mechanisms, and monitoring the remainder of the implementation process. Monitoring – Management will continually review and strengthen risk management capabilities as part of its ongoing management process. Considerations in Applying the Framework

26 PricewaterhouseCoopers May 11, 2005 Page 25 Organization Structure (continued) Our experience indicates that the benefits perceived by institutions of increased centralization include: Enhanced Independence & Objectivity Enhanced Visibility & Stature Across the Organization Enables Greater Understanding & Reporting of Enterprise-Wide Risk Improves Coordination & Consistency in Monitoring and Change Management Allows Flexible Resource Deployment

27 PricewaterhouseCoopers May 11, 2005 Page 26 Organization Structure (continued) Objective: Compliance and Ethics function staffing is sufficient to meet program needs. This includes staff skills, expertise, and experience. -Leading practices can include: Regulation, product, and subject matter specialists Project management specialists Technology, risk modeling, data mining, and board/ management reporting specialists Specialized units in highly-regulated industries (e.g., an advisory unit, a monitoring unit, an examination liaison team, rapid response team, etc.) -Our experience indicates that institutions have found that it is important to consider segregation of duties where appropriate within the function or program, or between centralized resources and line of business “embedded” resources (e.g., advisory & monitoring functions)

Download ppt "Enterprise Governance, Risk and Compliance Management Pharma Colloquium Princeton University June 6, 2005 "

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
IBM Corporate Environmental Affairs and Product Safety

IBM Corporate Environmental Affairs and Product Safety
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Pwc Performance Measurement Frameworks Acumen Fund - Discussion Document June 16, 2008 *connectedthinking.

Pwc Performance Measurement Frameworks Acumen Fund - Discussion Document June 16, 2008 *connectedthinking.
Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.

Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.

Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
Purpose of the Standards

Purpose of the Standards

Similar presentations

Ads by Google