Not-For-Profit Risk Management & The 7 Deadly Sins
1. 11th Annual Public Private Partnership Conference
Risk Management and the
Seven Deadly Sins
Developed for PPPC Workshop by
Remonde Brangman, CPA
CBIZ MHM Mid-Atlantic Risk Advisory Practice Leader
August 25, 2011
1
2. Agenda
Introduction to Risk Management
Seven Deadly Sins
A Practical Approach
Q&A
2
3. Risk Management (RM)
Operational Risk Financial Risk
Bid Process Operating Reserves
Communications Accounting Process
Program Management Market Risk
Information Technology Financial Reporting
Four
Quadrants of
Business Risk
Donor/Beneficiary Changes Federal Requirements
Growth Strategy Restricted Funding Requirements
Public Relations [Form 990] Oversight of Subrecipients
Competition Program Reporting
Strategic Risk Compliance Risk
3
4. Risk Management “speak”
To the Technician:
•A holistic risk management process.
To the Layman:
•A way of managing my business.
4
5. RM: Both Negative & Positive Mindsets
Under
Uncontrolled Risk
Performance
VS.
Controlled Risk Maximum
Performance
5
6. Industries that have adopted RM
Health
Care
Energy Transportation
Sector
Financial Education
Services
65%
of Public Firms
Source: Excellence in Risk Management VI, Marsh | RIMS
6
7. RM Implementation Drivers
Public
Companies
Compliance Transparency
Not for Profit
Organizations
Competition Technology
7
9. 7 Deadly Sins
Vanity / Pride
Common Themes: Potential Risks:
I know my risks already Inadequate disaster
planning
I don’t need Risk
Management No succession
planning
We have good people and
pretty good controls Lack of financial
savvy
We have done well without it
Fraud risk
9
10. 7 Deadly Sins
Greed
Common Themes: Potential Risks:
We will take all funding Funding risk
Our donors trust us with Concentration risk
their Contributions
Insufficient working
To date, we have not had capital
any major problems
Misallocation/misuse
Our controls are good of restricted funds
enough
10
11. 7 Deadly Sins
Envy
Common Themes: Potential Risks:
Others seem to do well Lack of business discipline
without risk management
Inadequate policies and
Taking on areas of risk Procedures
beyond the organization’s
expertise Lack of attention to controls
In order to keep up we Failure to execute on new
must focus on growth not business
on risk management
11
12. 7 Deadly Sins
Anger
Common Themes: Potential Risks:
Low morale creates additional Fraud risk
risk (potential fraud risk)
Breakdowns in controls
We’re just not appreciated for
what we do and how well we Inadequate accountability
do it
Our organization pushes its
staff hard. This is the only way
to get the results we need.
12
13. 7 Deadly Sins
Lust
Common Themes: Potential Risks:
Significant short term- Lack of change management
growth without changing
structure Inadequate focus on
updating risks internal
As more funding comes processes and controls
in, we will expand our
capacity to accommodate Structure (people, processes
this demand and systems) has not kept
pace with growth
13
14. 7 Deadly Sins
Gluttony
Common Themes: Potential Risks:
Lack of contentment Lack of long term
planning/stability
Rushing into the next big
idea Inadequate reserves for
future deficits
Taking on too many
initiatives Taking unnecessary risks
(e.g. investment
exposures)
14
15. 7 Deadly Sins
Sloth
Common Themes: Potential Risks:
I trust my people Lack of formalized structure
for Governance, Risk and
The “It won’t happen to Compliance
me” sentiment
Lack of proper segregation
My processes/people work
fine – I don’t need to
review them
15
16. A Practical Approach
Why Risk Management?
Best Practices
Risk Management Principles
Risk Management Framework
16
17. RM Best Practice Approach
Keep it simple Principles Integrated approach
and practical – that includes risk
complexity is not / opportunity
an advantage management
Framework
Process
Incorporates most of Requires strong and
the key elements of Sustained
the COSO management
framework commitment
20
18. RM Principals
Risk Management must:
1. Create and protect value
2. Be an integral part of all organizational processes
3. Be part of decision making
4. Explicitly address uncertainty
5. Be systematic, structured and timely
6. Be based on the best available information
7. Be tailored to the organization
8. Take human and cultural factors into account
9. Be transparent and inclusive
10. Be dynamic, iterative and responsive to change
11. Facilitate the continual improvement of the
organization
21
19. Risk Management Framework
Mandate and Commitment
Design of framework for managing risk
Understanding the organization and context
Establishing policy
Accountability
Integration into processes
Resources
Establishing internal and external
communication and reporting mechanisms
Continual improvement Implementing risk management
Framework and process
Monitoring and review
22
20. Risk Management Process
Risk Factor Identification Risk Analysis
Identify all potential risk Analyze presence of risk
exposures - Assess the level of risk
- Quantify the results
- Report the findings
- Recommend action
Risk Monitoring Risk Response
Observe the completed Develop an action plan;
implementation and determine what risks to
report the results control and assign
Risk Control responsible individuals
Implement a
solution to reduce
or transfer the risk
23
21. Risk Management Heat Map
Management addresses these key risks and Developed by
opportunities in its plans and priorities Jay Mattingly
Note: Some adjustment to current priorities may be required
3 3
O - 21 R - 11
Impact on Objectives
Impact on Objectives
2 R-3 2
R - 72
1 O-8 1
O - 14 R - 34
1 2 3 3 2 1
Opportunities Likelihood Likelihood Risks
24
23. Framework Design: Clarifying Who Does What
(Sample Federal Organization)
(Based on the Institute
of Internal Auditors
Position Paper &
revised by CSA)
24. CBIZ MHM 2011 Workshop Presenters
Remonde Brangman, J. Scott
CPA, the CBIZ MHM Denlinger, CPA, is the
Mid-Atlantic Risk & Director in charge of the
Advisory practice leader, CBIZ MHM Outsourced
has 30 years experience Services practice and
providing governance, has more than 20 years
risk and internal controls experience in
advisory.
As a Risk Advisory consultant, Mr. Brangman has extensive accounting,designs and manages outsourced CFO
Mr. Denlinger
tax and
knowledge of best practices in Risk Management and auditing.
and accounting engagements serving both for-profit and
Internal Control. Mr. Brangman is the firm’s resident expert nonprofit organizations. He also performs CFO duties for
on the new International Risk Management Standard ISO several organizations, assisting in the preparation of
31000. He is also a seasoned Forensic Accountant with internal financial statements and presentation to their
over 21 years of fraud investigation and forensic accounting Boards. With his extensive auditing experience, Mr.
experience. Denlinger is able to assist our outsourcing clients in
Mr. Brangman has been responsible for leading compliance preparing for their year-end audits. Combining his
reviews (including Sarbanes-Oxley, section 404) for several communication skills and ability to translate difficult
leading global businesses and has provided guidance to accounting concepts into laymen’s terms, as well as his
overseas governments and regulators in risk management . penchant for teaching, Mr. Denlinger is frequently asked
As a former leader in the E&Y Risk Advisory Practice, he to lead seminars and workshops by various
was responsible for supporting and developing their D.C. organizations on a broad range of financial management
operation with a focus on Government entities (e.g., Fannie and reporting topics. He is a member of the MACPA
Mae and Freddie Mac). Mr. Brangman is the incoming Vice Government and Nonprofit Conference Committee and
President of the D.C. Chapter of the Institute of Internal serves on the Board of Family and Children Services of
Auditors where he has been a keynote speaker for Chief Central Maryland.
Audit Executive events. – Bethesda, MD
CBIZ MHM, LLC CBIZ MHM, LLC – Bethesda, MD
(301) 951-3636 (301) 951-3636
27 rbrangman@cbiz.com sdenlinger@cbiz.com
25. 11th Annual Public Private Partnership Conference
Risk Management and the
Seven Deadly Sins
Developed for PPPC Workshop by
Remonde Brangman, CPA
CBIZ MHM Mid-Atlantic Risk Advisory Practice Leader
August 25, 2011
28