Ken Kurdziel: Enterprise Risk Management
•Télécharger en tant que PPTX, PDF•
2 j'aime•743 vues
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Ken Kurdziel: Enterprise Risk Management
Similaire à Ken Kurdziel: Enterprise Risk Management (20)
Dernier
Dernier (20)
Ken Kurdziel: Enterprise Risk Management
- 1. EnterpriseRiskManagement www.strangeoldpictures.com
- 2. Ken Kurdziel, CPA | Partner Ken@jmco.com
- 4. Objectives • Understand the concept of enterprise risk management • Apply examples of a well-defined risk assessment program to your organization • Articulate benefits of a risk assessment program EnterpriseRiskManagement
- 5. Enterprise Risk Management Defined • The process of identifying and analyzing relevant risk from an integrated, organization-wide perspective • The concept is designed to identify potential events that may prevent an organization from achieving its operation, financial and compliance objectives EnterpriseRiskManagement
- 6. Risk: Definition “The uncertainty of an event occurring that could have an impact on the achievement of objectives.” – Institute of Internal Auditors (IIA) EnterpriseRiskManagement
- 7. Risk: Key Terms Key terms to note when evaluating risk in an organization: – Likelihood/occurrence – Impact/consequences to the nonprofit or association EnterpriseRiskManagement
- 8. Types of Risk Technology Financial Operations Reputation Human Strategic Compliance Donors Capital EnterpriseRiskManagement
- 9. Types of Risk: Technology EnterpriseRiskManagement
- 10. Types of Risk: Financial www.slidegeeks.com EnterpriseRiskManagement
- 11. Types of Risk: Operational EnterpriseRiskManagement
- 12. Types of Risk: Reputations EnterpriseRiskManagement
- 13. Types of Risk: Strategic EnterpriseRiskManagement
- 14. Types of Risk: Human Capital EnterpriseRiskManagement
- 15. Types of Risk: Compliance EnterpriseRiskManagement
- 16. Types of Risk: Donors EnterpriseRiskManagement
- 17. Attributes For Implementing A Successful Enterprise Risk Program • Obtain strong, visible support from senior management and/or the Board of Directors • Dedicate a cross-functional group to drive the implementation and continue to push it in the operational phase • Closely link ERM to key strategic/financial objectives and to the business planning process • Introduce ERM as an enhancement to well- accepted processes—not a standalone process EnterpriseRiskManagement
- 18. Risk Assessment Activities Establish goals and objectives Identify risks Analyze risks Evaluate the risks Address the risks EnterpriseRiskManagement
- 19. Nonprofit Risk Universe Governance Performance goals and results Information technology/network security/data privacy Human resources Succession planning Donor demographics Safety and security Business continuity Financial reporting/grant EnterpriseRiskManagement
- 20. Evaluation Criteria Area of Focus Impact Vulnerability Scale • Financial • Control efficiency & Operating effectiveness • High Risk • Stakeholder • Speed of response • Moderate Risk • Reputation • Complexity • Low Risk • Legal/Regulatory • People • Operations • Operational efficiency • System change • Rate of change EnterpriseRiskManagement
- 21. Risk Scoring During The Risk Assessment Process Low Moderate High EnterpriseRiskManagement
- 22. Donor Demographic Identified Risks Goals & Outcome EnterpriseRiskManagement
- 25. Resources & EnterpriseRiskManagement
- 26. Risk Management: Justification & Benefits Weak Controls www.imgobject.com EnterpriseRiskManagement
- 27. Risk Management: Justification & Benefits: Governance www.imgobject.com EnterpriseRiskManagement
- 28. Vulnerability Criteria www.imgobject.com EnterpriseRiskManagement
- 29. Impact Criteria www.imgobject.com EnterpriseRiskManagement
- 30. Questions: Ken Kurdziel, CPA | Partner Ken@jmco.com
Notes de l'éditeur
- Understand the concept of enterprise risk managementApply examples of a well-defined risk assessment program to your organizationArticulate benefits of a risk assessment program
- The process of identifying and analyzing relevant risk from an integrated, organization-wide perspectiveThe concept is designed to identify potential events that may prevent an organization from achieving its operation, financial and compliance objectives------Over a decade ago, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued “Internal Control – Integrated Framework” to help businesses and other entities assess and enhance their internal control systems.Recent years have seen heightened concern and focus on risk management. In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers (PWC)to develop framework that would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management. The period of the framework’s development was marked by a series of high-profile business scandals and failures.The underlying premise of enterprise risk management is that every entity exists to providevalue for its stakeholders. All entities face uncertainty, and the challenge for management isto determine how much uncertainty to accept as it strives to grow stakeholder value.Uncertainty presents both risk and opportunity, with the potential to erode or enhance value.Enterprise risk management enables management to effectively deal with uncertainty andassociated risk and opportunity, enhancing the capacity to build value.Enterprise riskmanagement helps ensure effective reporting and compliance with laws and regulations, andhelps avoid damage to the entity's reputation and associated consequences. In sum, enterpriserisk management helps an entity get to where it wants to go and avoid pitfalls and surprisesalong the way.
- Key terms to note when evaluating risk in an organization:Likelihood/occurrenceImpact/consequences to the nonprofit or association
- This risk considers the level of use, sophistication, complexity, robustness, ease of use and speed and accuracy of recovery/replacement of systemsAddresses the overall importance of technology within the organization and the availability and quality of information the organization can access to support decision-making and the security of key information
- The risk that the organization’s financial reporting is inaccurate, incomplete or untimely due to a variety of factors including the pace of change, the amount of uncertainty, the presence of a large error, or the pressure on management to meet investor expectations
- The organization provides or relies on outsiders to provide processing activities supporting the delivery of services or products to their customersThis risk addresses barriers to the timeliness, accuracy, authorization and completeness of these processing activities
- The process of identifying and analyzing relevant risk from an integrated, organization-wide perspectiveThe concept is designed to indentify potential events that may prevent an organization from achieving its operation, financial and compliance objectives
- Addresses the type of behaviors encouraged by managementThe methods used to reward employeesThe approach to consistently enforce policies and proceduresThe selection, screening and training of employeesThe reason for and frequency of turnovers
- The organization is subject to a variety of federal, state and local laws, regulations and directives or accreditation agenciesFailure to follow prescribed directives may result in substantial fines, restrictions, loss of business, and/or legal action taken by regulations.
- Need notes…
- Obtain strong, visible support from senior management and/or the BODDedicate a cross-functional group to drive the implementation and continue to push it in the operational phaseClosely link ERM to key strategic/financial objectives and to the business planning processIntroduce ERM as an enhancement to well-accepted processes—not a standalone process
- In order to complete a successful ERM program you need to:Establish goals and objectivesIdentify risksAnalyze risksEvaluate the risksAddress the risks
- Each process within the functional unit is evaluated for cumulative impact and organizational vulnerability using a 3-point scale
- Identify risk factors and assign weighted risk scores. Utilize a risk multiplier to calculate your average risk scores (Low, Moderate, High)Identify objective/assets/auditable activitiesAnalyze the risks by considering their likelihood and consequence/impactAssign ratings to the risksReview with the BODs, senior management, and outside advisorsUse ranking to develop risk mitigation and action plans (involve line managers in ERM process and roll up firm initiatives to the BODs and senior management)
- Goals/outcomeStrong and long-lasting donor relationshipsContinuity of programs and serviceInfrastructure to capture and manage donor databaseIdentified RisksLoss of reputationComplexity of giving instrumentsMissed opportunity; wealth transferConflict between development and financeOnline capabilities
- Goals/outcomeStrong and long-lasting donor relationshipsContinuity of programs and serviceInfrastructure to capture and manage donor databaseIdentified RisksLoss of reputationComplexity of giving instrumentsMissed opportunity; wealth transferConflict between development and financeOnline capabilities
- Nonprofits need to understand the overall inherent levels of risk embedded within their processes and activitiesIt is important for the organization to then recognize and prioritize significant risks and identify the weakest critical controls
- GovernanceHow engaged are your BOD members?How effective are BOD members in aligning themselves with the organization’s strategy and short/long-term goals?Do they have the right skills sets?Do they stay up-to-date with current events that may or may not affect their organization/industry?