SlideShare une entreprise Scribd logo

Gestión de Riesgos y Control Interno en el Sector Público

International Federation of Accountants
International Federation of Accountants

Presentation by Vincent Tophoff, Gerente Técnico Senior, IFAC, at the Seminario Un Aporte de Gobernanza Distinto: El Control Interno, in Santiago,Chile, Enero 2015.

Business
1  sur  45
Page 1 | Confidential and Proprietary Information Gestión de Riesgos y Control Interno en el Sector Público Vincent Tophoff, International Federation of Accountants (IFAC) Contraloría General de la República (CGR) Seminario Un Aporte de Gobernanza Distinto: El Control Interno Santiago, Chile, January, 2015
Page 2 | Confidential and Proprietary Information International Federation of Accountants • Global organization of the accountancy profession • Supports professional accountants in following areas: – Governance and ethics – Risk management and internal control (RM/IC) – Sustainability and corporate responsibility – Financial and performance management – Business reporting – Promoting and contributing to the value of professional accountants • All areas of critical importance to professional accountants (and for CGRs & public sector entities too…)
Page 3 | Confidential and Proprietary Information Relation of Public Sector Governance, Risk Management & Internal Control • How do you think that governance, risk management & internal control are related to each other?
Page 4 | Confidential and Proprietary Information Relation of Public Sector Governance, RM & IC
Page 5 | Confidential and Proprietary Information Today’s Agenda  The Pitfalls – Setting the Scene  Current Thinking  COSO /ISO 31000 Standards  Risk Management & Internal Control Maturity  CGR “Call to Action”  Q&A
Page 6 | Confidential and Proprietary Information The Pitfalls – Setting the Scene
Page 7 | Confidential and Proprietary Information Serious Risk Management & Internal Control Flaws • Having a compliance-only mentality • Treating risk as only negative and overlooking idea that entities need to take risk in pursuit of their objectives • Risk management & internal control that is overly focused on external financial reporting • Regarding risk management & internal control as a separate function or process • Viewing risk management & internal control as predominantly important for operations
Page 8 | Confidential and Proprietary Information Bad vs. Good RM/IC Practices RM/IC as objective in itself vs. RM/IC to help achieve objectives Auditor / staff driven vs. Driven from top down Rules-based vs. Performance & principles-based Off-the-shelf systems vs. Tailored to the entity Focused on loss minimization vs. Also focused on value creation Mainly hard controls vs. Recognizing culture & attitude Imposed vs. Implemented organically Stand-alone / “bolt-on” vs. Integrated / ”built-in” Static, out-of-date vs. Dynamic, evolving Seen as overhead vs. Seen as a sound investment Abandoned vs. Integrated in governance
Page 9 | Confidential and Proprietary Information Global Crisis Global Crisis, according to IFAC research, was caused by:  Ethical flaws  Governance, risk management in name, but not in spirit  Regulatory overload, leading to legalistic compliance  Risk & control systems too narrowly focused on only financial reporting controls Conclusions from the crisis:  Entities should take a broader approach in risk management & internal control  Appropriate application of risk management & internal control standards and principles is often the problem
Page 10 | Confidential and Proprietary Information Current Thinking
Page 11 | Confidential and Proprietary Information Current Thinking About Risk The safest place for a ship… … is to stay in the harbor But that’s not what ships were made for…
Page 12 | Confidential and Proprietary Information … Instead, ships were made to transport people & goods to other destinations… … And that involves risk… So, what is risk? • Risk is nowadays defined as “the effect of uncertainty on (setting and achieving) the entity’s objectives” (ISO 31000) • No Objectives = No Risk. Therefore, risk should always be assessed in light of (setting and achieving) the entity’s objectives! Current Thinking About Risk
Page 13 | Confidential and Proprietary Information Current Thinking About Risk Management Q: “How does your entity address uncertainty in achieving its strategic objectives?” A: “Through our strategic management system;” – Line management engaged in plan-do-check-act cycle – Focused on achieving the entity’s objectives Q: “How does your entity address risk?” A: “Through our risk management system;” – (separate) risk and control system, staff functionaries, risk register – Focused on mitigating risk
Page 14 | Confidential and Proprietary Information What does this example tell us? • That we, risk management professionals, have made great progress in the area of risk management & internal control… • …But that we, in the process, lost the other people in our entity! Risk Management Rest of the entity Current Thinking About Risk Management
Page 15 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management
Page 16 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management 1. Players 2. Captain 3. Coach 4. Referee 5. FIFA
Page 17 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management 1. Players (Operational staff) 2. Captain (Supervisor) 3. Coach (Risk manager) 4. Referee (Internal Audit) 5. FIFA (Controlaría) Line Support
Page 18 | Confidential and Proprietary Information Current Thinking About the Risk Manager Biggest risk facing an entity: Disconnect between those responsible for achieving strategic objectives vs. those responsible for managing risk Solution: Making those responsible for achieving strategic objectives also responsible for managing related risks! Key objective for risk manager is to ensure that risk management is fully integrated in line management!
Page 19 | Confidential and Proprietary Information Current Thinking About Internal Control Hindering the entity Enabling the entity Good internal control = The Invisible Hand From To
Page 20 | Confidential and Proprietary Information COSO Frameworks (also adopted by INTOSAI)
Page 21 | Confidential and Proprietary Information 2013 COSO Internal Control Cube
Page 22 | Confidential and Proprietary Information 2004 COSO ERM Cube Will be revised soon!
Page 23 | Confidential and Proprietary Information COSO IC vs. COSO ERM
Page 24 | Confidential and Proprietary Information ISO 31000 Risk Management Standard
Page 25 | Confidential and Proprietary Information ISO 31000 Principles, Framework & Process
Page 26 | Confidential and Proprietary Information ISO 31000 Risk Management Principles • Creates Value • Integral Part of Organizational Processes • Part of Decision-Making • Explicitly Addresses Uncertainty • Systematic, Structured & Timely • Based on “Best Available Information” • Tailored • Considers Human & Cultural Factors • Transparent & Inclusive • Dynamic, Iterative & Responsive to Change • Facilitates Continuous Improvement
Page 27 | Confidential and Proprietary Information ISO 31000 Risk Management Framework
Page 28 | Confidential and Proprietary Information ISO 31000 Risk Management Process To be applied in every decision making process and subsequent execution!
Page 29 | Confidential and Proprietary Information COSO ERM vs. ISO 31000 Many entities use both COSO ERM & ISO 31000… … Biggest challenge is that concepts are not aligned COSO ISO 31000 Lengthy vs. Short Focused on ERM vs. General approach to managing risk One cube vs. Principles, framework & process Skewed to negative vs. Risk can be positive or negative Risk already exists vs. Risk tied to achieving objectives Risk & opportunities vs. Opportunities also source of risk More sequential process vs. More iterative process
Page 30 | Confidential and Proprietary Information Risk Management & Internal Control Maturity
Page 31 | Confidential and Proprietary Information RM/IC Maturity Levels
Page 32 | Confidential and Proprietary Information • Is not to have effective controls… • Is not to effectively manage risk… But to • Properly set & achieve its objectives • Avoid too many surprises along the way • And create sustainable value Main Objective of a Public Sector Entity
Page 33 | Confidential and Proprietary Information Argument for Integrating Risk Management & IC • So, risk management & internal control are not objectives in themselves, but means to an end… … Making sound (SWOT) decisions and execute subsequent actions to achieve the entity’s objectives without surprises! … Risk management & internal control should therefore be fully integrated into a public sector entity's overall system of management, including governance, strategy development and planning, operations, reporting, and accountability
Page 34 | Confidential and Proprietary Information Risk Is Inherent to Setting Your Objectives
Page 35 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 1
Page 36 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 2 Strategic, tactical, and operational planning & control cycles A P D C
Page 37 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 3
Page 38 | Confidential and Proprietary Information RM/IC Integral to Achieving Your Objectives
Page 39 | Confidential and Proprietary Information • Use the Frameworks • Consider good practice developments • Perform gap analysis • Determine performance • Look at audit results • Analyze serious flaws • … • Continuously move to improvement! Thoughts on Assessing RM/IC Maturity
Page 40 | Confidential and Proprietary Information CGR “Call to Action”
Page 41 | Confidential and Proprietary Information CGR “Call to Action” CGRs play important roles in implementing good risk management & internal control in public sector entities: • Build subject-matter-expertise regarding RM/IC (incl. INTOSAI standards & guidance, COSO Frameworks, ISO 31000) • Educate the governing bodies, audit committees, management teams & staff of the relevant public sector entities • Champion the importance of good RM/IC: fully integrated in the entity’s overall system of management • Support public sector entities through the provision of high-quality assurance, advice & insight
Page 42 | Confidential and Proprietary Information CGR’s Role - #1 Champion importance of good risk management: • CGRs communicate with public sector entity’s leadership • Attitude and actions of CGR sets tone for good risk management in public sector entities • Promote integrating risk management into line management of a public sector entity! • Most important element: making RM/IC part of every decision making process and subsequent execution in the entity!
Page 43 | Confidential and Proprietary Information CGR’s Role - #2 Support line management by providing high- quality assurance, advice & insight: • Decisions should only be taken with explicit understanding of related risks and their potential consequences for achieving an entity’s objectives • Therefore, decision makers require relevant and reliable information for their decision making and control processes
Page 44 | Confidential and Proprietary Information Key Take Aways • There are many flaws in current risk management and internal control practice • Achieving the entity’s objectives is the overall goal; risk is inherent part of that • Risk management should, therefore, be fully integrated in the entity’s system of management • CGRs support RM/IC in various ways in the public sector entities they oversee • IFAC supports professional accountants / CGRs • However, no matter the guidance provided…
Page 45 | Confidential and Proprietary Information There will always be some … … who do it their own way!

Recommandé

Governance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public SectorGovernance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public SectorInternational Federation of Accountants
 
Risk Management and Internal Control in the Public Sector
Risk Management and Internal Control in the Public SectorRisk Management and Internal Control in the Public Sector
Risk Management and Internal Control in the Public SectorInternational Federation of Accountants
 
Good Governance in the Public Sector
Good Governance in the Public SectorGood Governance in the Public Sector
Good Governance in the Public SectorInternational Federation of Accountants
 
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...International Federation of Accountants
 
A Relevant Accountancy Profession
A Relevant Accountancy ProfessionA Relevant Accountancy Profession
A Relevant Accountancy ProfessionInternational Federation of Accountants
 
Growing Your Practice
Growing Your PracticeGrowing Your Practice
Growing Your PracticeInternational Federation of Accountants
 
Arnold schilder-iaasb-pcaob-sag-presentation
Arnold schilder-iaasb-pcaob-sag-presentationArnold schilder-iaasb-pcaob-sag-presentation
Arnold schilder-iaasb-pcaob-sag-presentationInternational Federation of Accountants
 
Integrated Reporting: Leading Practices & International Developments
Integrated Reporting: Leading Practices & International DevelopmentsIntegrated Reporting: Leading Practices & International Developments
Integrated Reporting: Leading Practices & International DevelopmentsInternational Federation of Accountants
 

Recommandé

Governance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public SectorGovernance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public SectorInternational Federation of Accountants
 
Risk Management and Internal Control in the Public Sector
Risk Management and Internal Control in the Public SectorRisk Management and Internal Control in the Public Sector
Risk Management and Internal Control in the Public SectorInternational Federation of Accountants
 
Good Governance in the Public Sector
Good Governance in the Public SectorGood Governance in the Public Sector
Good Governance in the Public SectorInternational Federation of Accountants
 
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...International Federation of Accountants
 
A Relevant Accountancy Profession
A Relevant Accountancy ProfessionA Relevant Accountancy Profession
A Relevant Accountancy ProfessionInternational Federation of Accountants
 
Growing Your Practice
Growing Your PracticeGrowing Your Practice
Growing Your PracticeInternational Federation of Accountants
 
Arnold schilder-iaasb-pcaob-sag-presentation
Arnold schilder-iaasb-pcaob-sag-presentationArnold schilder-iaasb-pcaob-sag-presentation
Arnold schilder-iaasb-pcaob-sag-presentationInternational Federation of Accountants
 
Integrated Reporting: Leading Practices & International Developments
Integrated Reporting: Leading Practices & International DevelopmentsIntegrated Reporting: Leading Practices & International Developments
Integrated Reporting: Leading Practices & International DevelopmentsInternational Federation of Accountants
 
Governance, Risk Management, and Internal Control
Governance, Risk Management, and Internal ControlGovernance, Risk Management, and Internal Control
Governance, Risk Management, and Internal ControlInternational Federation of Accountants
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
#corpriskforum2016 - Vincent Tophoff
#corpriskforum2016 - Vincent Tophoff#corpriskforum2016 - Vincent Tophoff
#corpriskforum2016 - Vincent TophoffAlexei Sidorenko, CRMP
 
Pursuing Global Alignment of Risk Management Guidelines
Pursuing Global Alignment of Risk Management GuidelinesPursuing Global Alignment of Risk Management Guidelines
Pursuing Global Alignment of Risk Management GuidelinesInternational Federation of Accountants
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurancewisnu wardhana, i nyoman
 
CMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk ManagementCMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk ManagementInternational Federation of Accountants
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementStephen Ong
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
The Accountancy Profession and Accountants in Business
The Accountancy Profession and Accountants in BusinessThe Accountancy Profession and Accountants in Business
The Accountancy Profession and Accountants in BusinessInternational Federation of Accountants
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Nigel Tebbutt
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit planessbaih
 
Treasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for TreasurersTreasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for TreasurersFIS
 
FERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA
 
DRIDeckFinalMar3
DRIDeckFinalMar3DRIDeckFinalMar3
DRIDeckFinalMar3Chris Mandel, RF, ARM-E
 
Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...
Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...
Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...International Federation of Accountants
 
BCBS239 - A Roadmap for Data Governance - 04202016.pdf
BCBS239 - A Roadmap for Data Governance - 04202016.pdfBCBS239 - A Roadmap for Data Governance - 04202016.pdf
BCBS239 - A Roadmap for Data Governance - 04202016.pdfssusere0e4e8
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - ProtivitiSimone Luca Giargia
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024International Federation of Accountants
 
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDEIFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDEInternational Federation of Accountants
 

Contenu connexe

Similaire à Gestión de Riesgos y Control Interno en el Sector Público

Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurancewisnu wardhana, i nyoman
 
CMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk ManagementCMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk ManagementInternational Federation of Accountants
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementStephen Ong
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Nigel Tebbutt
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit planessbaih
 
Treasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for TreasurersTreasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for TreasurersFIS
 
FERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA
 
Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...
Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...
Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...International Federation of Accountants
 
BCBS239 - A Roadmap for Data Governance - 04202016.pdf
BCBS239 - A Roadmap for Data Governance - 04202016.pdfBCBS239 - A Roadmap for Data Governance - 04202016.pdf
BCBS239 - A Roadmap for Data Governance - 04202016.pdfssusere0e4e8
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 

Similaire à Gestión de Riesgos y Control Interno en el Sector Público (20)

Governance, Risk Management, and Internal Control
Governance, Risk Management, and Internal ControlGovernance, Risk Management, and Internal Control
Governance, Risk Management, and Internal Control
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
#corpriskforum2016 - Vincent Tophoff
#corpriskforum2016 - Vincent Tophoff#corpriskforum2016 - Vincent Tophoff
#corpriskforum2016 - Vincent Tophoff
 
Pursuing Global Alignment of Risk Management Guidelines
Pursuing Global Alignment of Risk Management GuidelinesPursuing Global Alignment of Risk Management Guidelines
Pursuing Global Alignment of Risk Management Guidelines
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurance
 
CMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk ManagementCMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk management
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
The Accountancy Profession and Accountants in Business
The Accountancy Profession and Accountants in BusinessThe Accountancy Profession and Accountants in Business
The Accountancy Profession and Accountants in Business
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit plan
 
Treasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for TreasurersTreasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for Treasurers
 
FERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA presentation at Athens conference
FERMA presentation at Athens conference
 
DRIDeckFinalMar3
DRIDeckFinalMar3DRIDeckFinalMar3
DRIDeckFinalMar3
 
Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...
Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...
Building for Sustainable Growth—(re)Defining Accountancy Profession in the Ag...
 
BCBS239 - A Roadmap for Data Governance - 04202016.pdf
BCBS239 - A Roadmap for Data Governance - 04202016.pdfBCBS239 - A Roadmap for Data Governance - 04202016.pdf
BCBS239 - A Roadmap for Data Governance - 04202016.pdf
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - Protiviti
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 

Plus de International Federation of Accountants

Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...International Federation of Accountants
 
Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...International Federation of Accountants
 

Plus de International Federation of Accountants (20)

Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024
 
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDEIFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
 
IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024
IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024
IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024
 
Preparing for High Quality Sustainability assurance Engagements
Preparing for High Quality Sustainability assurance EngagementsPreparing for High Quality Sustainability assurance Engagements
Preparing for High Quality Sustainability assurance Engagements
 
Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...
 
Otros pronunciamientos: Guías de Prácticas Recomendadas
Otros pronunciamientos: Guías de Prácticas RecomendadasOtros pronunciamientos: Guías de Prácticas Recomendadas
Otros pronunciamientos: Guías de Prácticas Recomendadas
 
Otros pronunciamientos: Marco conceptual
Otros pronunciamientos: Marco conceptualOtros pronunciamientos: Marco conceptual
Otros pronunciamientos: Marco conceptual
 
Adopción por primera vez de las NICSP de base de devengo
Adopción por primera vez de las NICSP de base de devengoAdopción por primera vez de las NICSP de base de devengo
Adopción por primera vez de las NICSP de base de devengo
 
Moneda Extranjera
Moneda ExtranjeraMoneda Extranjera
Moneda Extranjera
 
Presentación de la información presupuestaria
Presentación de la información presupuestariaPresentación de la información presupuestaria
Presentación de la información presupuestaria
 
Revelaciones de partes relacionadas
Revelaciones de partes relacionadasRevelaciones de partes relacionadas
Revelaciones de partes relacionadas
 
Estado de Flujos de Efectivo
Estado de Flujos de EfectivoEstado de Flujos de Efectivo
Estado de Flujos de Efectivo
 
Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...
 
Combinaciones del sector público
Combinaciones del sector públicoCombinaciones del sector público
Combinaciones del sector público
 
Consolidación
ConsolidaciónConsolidación
Consolidación
 
Instrumentos financieros – Revelaciones
Instrumentos financieros – RevelacionesInstrumentos financieros – Revelaciones
Instrumentos financieros – Revelaciones
 
Instrumentos financieros – Cobertura y derivados
Instrumentos financieros – Cobertura y derivadosInstrumentos financieros – Cobertura y derivados
Instrumentos financieros – Cobertura y derivados
 
Instrumentos financieros – Conceptos básicos
Instrumentos financieros – Conceptos básicos Instrumentos financieros – Conceptos básicos
Instrumentos financieros – Conceptos básicos
 
Instrumentos financieros – Revelaciones
Instrumentos financieros – Revelaciones Instrumentos financieros – Revelaciones
Instrumentos financieros – Revelaciones
 
Instrumentos financieros – Coberturas y derivados
Instrumentos financieros – Coberturas y derivadosInstrumentos financieros – Coberturas y derivados
Instrumentos financieros – Coberturas y derivados
 

Dernier

Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdftbatkhuu1
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...lizamodels9
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 

Dernier (20)

Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdf
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 

Gestión de Riesgos y Control Interno en el Sector Público

  • 1. Page 1 | Confidential and Proprietary Information Gestión de Riesgos y Control Interno en el Sector Público Vincent Tophoff, International Federation of Accountants (IFAC) Contraloría General de la República (CGR) Seminario Un Aporte de Gobernanza Distinto: El Control Interno Santiago, Chile, January, 2015
  • 2. Page 2 | Confidential and Proprietary Information International Federation of Accountants • Global organization of the accountancy profession • Supports professional accountants in following areas: – Governance and ethics – Risk management and internal control (RM/IC) – Sustainability and corporate responsibility – Financial and performance management – Business reporting – Promoting and contributing to the value of professional accountants • All areas of critical importance to professional accountants (and for CGRs & public sector entities too…)
  • 3. Page 3 | Confidential and Proprietary Information Relation of Public Sector Governance, Risk Management & Internal Control • How do you think that governance, risk management & internal control are related to each other?
  • 4. Page 4 | Confidential and Proprietary Information Relation of Public Sector Governance, RM & IC
  • 5. Page 5 | Confidential and Proprietary Information Today’s Agenda  The Pitfalls – Setting the Scene  Current Thinking  COSO /ISO 31000 Standards  Risk Management & Internal Control Maturity  CGR “Call to Action”  Q&A
  • 6. Page 6 | Confidential and Proprietary Information The Pitfalls – Setting the Scene
  • 7. Page 7 | Confidential and Proprietary Information Serious Risk Management & Internal Control Flaws • Having a compliance-only mentality • Treating risk as only negative and overlooking idea that entities need to take risk in pursuit of their objectives • Risk management & internal control that is overly focused on external financial reporting • Regarding risk management & internal control as a separate function or process • Viewing risk management & internal control as predominantly important for operations
  • 8. Page 8 | Confidential and Proprietary Information Bad vs. Good RM/IC Practices RM/IC as objective in itself vs. RM/IC to help achieve objectives Auditor / staff driven vs. Driven from top down Rules-based vs. Performance & principles-based Off-the-shelf systems vs. Tailored to the entity Focused on loss minimization vs. Also focused on value creation Mainly hard controls vs. Recognizing culture & attitude Imposed vs. Implemented organically Stand-alone / “bolt-on” vs. Integrated / ”built-in” Static, out-of-date vs. Dynamic, evolving Seen as overhead vs. Seen as a sound investment Abandoned vs. Integrated in governance
  • 9. Page 9 | Confidential and Proprietary Information Global Crisis Global Crisis, according to IFAC research, was caused by:  Ethical flaws  Governance, risk management in name, but not in spirit  Regulatory overload, leading to legalistic compliance  Risk & control systems too narrowly focused on only financial reporting controls Conclusions from the crisis:  Entities should take a broader approach in risk management & internal control  Appropriate application of risk management & internal control standards and principles is often the problem
  • 10. Page 10 | Confidential and Proprietary Information Current Thinking
  • 11. Page 11 | Confidential and Proprietary Information Current Thinking About Risk The safest place for a ship… … is to stay in the harbor But that’s not what ships were made for…
  • 12. Page 12 | Confidential and Proprietary Information … Instead, ships were made to transport people & goods to other destinations… … And that involves risk… So, what is risk? • Risk is nowadays defined as “the effect of uncertainty on (setting and achieving) the entity’s objectives” (ISO 31000) • No Objectives = No Risk. Therefore, risk should always be assessed in light of (setting and achieving) the entity’s objectives! Current Thinking About Risk
  • 13. Page 13 | Confidential and Proprietary Information Current Thinking About Risk Management Q: “How does your entity address uncertainty in achieving its strategic objectives?” A: “Through our strategic management system;” – Line management engaged in plan-do-check-act cycle – Focused on achieving the entity’s objectives Q: “How does your entity address risk?” A: “Through our risk management system;” – (separate) risk and control system, staff functionaries, risk register – Focused on mitigating risk
  • 14. Page 14 | Confidential and Proprietary Information What does this example tell us? • That we, risk management professionals, have made great progress in the area of risk management & internal control… • …But that we, in the process, lost the other people in our entity! Risk Management Rest of the entity Current Thinking About Risk Management
  • 15. Page 15 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management
  • 16. Page 16 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management 1. Players 2. Captain 3. Coach 4. Referee 5. FIFA
  • 17. Page 17 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management 1. Players (Operational staff) 2. Captain (Supervisor) 3. Coach (Risk manager) 4. Referee (Internal Audit) 5. FIFA (Controlaría) Line Support
  • 18. Page 18 | Confidential and Proprietary Information Current Thinking About the Risk Manager Biggest risk facing an entity: Disconnect between those responsible for achieving strategic objectives vs. those responsible for managing risk Solution: Making those responsible for achieving strategic objectives also responsible for managing related risks! Key objective for risk manager is to ensure that risk management is fully integrated in line management!
  • 19. Page 19 | Confidential and Proprietary Information Current Thinking About Internal Control Hindering the entity Enabling the entity Good internal control = The Invisible Hand From To
  • 20. Page 20 | Confidential and Proprietary Information COSO Frameworks (also adopted by INTOSAI)
  • 21. Page 21 | Confidential and Proprietary Information 2013 COSO Internal Control Cube
  • 22. Page 22 | Confidential and Proprietary Information 2004 COSO ERM Cube Will be revised soon!
  • 23. Page 23 | Confidential and Proprietary Information COSO IC vs. COSO ERM
  • 24. Page 24 | Confidential and Proprietary Information ISO 31000 Risk Management Standard
  • 25. Page 25 | Confidential and Proprietary Information ISO 31000 Principles, Framework & Process
  • 26. Page 26 | Confidential and Proprietary Information ISO 31000 Risk Management Principles • Creates Value • Integral Part of Organizational Processes • Part of Decision-Making • Explicitly Addresses Uncertainty • Systematic, Structured & Timely • Based on “Best Available Information” • Tailored • Considers Human & Cultural Factors • Transparent & Inclusive • Dynamic, Iterative & Responsive to Change • Facilitates Continuous Improvement
  • 27. Page 27 | Confidential and Proprietary Information ISO 31000 Risk Management Framework
  • 28. Page 28 | Confidential and Proprietary Information ISO 31000 Risk Management Process To be applied in every decision making process and subsequent execution!
  • 29. Page 29 | Confidential and Proprietary Information COSO ERM vs. ISO 31000 Many entities use both COSO ERM & ISO 31000… … Biggest challenge is that concepts are not aligned COSO ISO 31000 Lengthy vs. Short Focused on ERM vs. General approach to managing risk One cube vs. Principles, framework & process Skewed to negative vs. Risk can be positive or negative Risk already exists vs. Risk tied to achieving objectives Risk & opportunities vs. Opportunities also source of risk More sequential process vs. More iterative process
  • 30. Page 30 | Confidential and Proprietary Information Risk Management & Internal Control Maturity
  • 31. Page 31 | Confidential and Proprietary Information RM/IC Maturity Levels
  • 32. Page 32 | Confidential and Proprietary Information • Is not to have effective controls… • Is not to effectively manage risk… But to • Properly set & achieve its objectives • Avoid too many surprises along the way • And create sustainable value Main Objective of a Public Sector Entity
  • 33. Page 33 | Confidential and Proprietary Information Argument for Integrating Risk Management & IC • So, risk management & internal control are not objectives in themselves, but means to an end… … Making sound (SWOT) decisions and execute subsequent actions to achieve the entity’s objectives without surprises! … Risk management & internal control should therefore be fully integrated into a public sector entity's overall system of management, including governance, strategy development and planning, operations, reporting, and accountability
  • 34. Page 34 | Confidential and Proprietary Information Risk Is Inherent to Setting Your Objectives
  • 35. Page 35 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 1
  • 36. Page 36 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 2 Strategic, tactical, and operational planning & control cycles A P D C
  • 37. Page 37 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 3
  • 38. Page 38 | Confidential and Proprietary Information RM/IC Integral to Achieving Your Objectives
  • 39. Page 39 | Confidential and Proprietary Information • Use the Frameworks • Consider good practice developments • Perform gap analysis • Determine performance • Look at audit results • Analyze serious flaws • … • Continuously move to improvement! Thoughts on Assessing RM/IC Maturity
  • 40. Page 40 | Confidential and Proprietary Information CGR “Call to Action”
  • 41. Page 41 | Confidential and Proprietary Information CGR “Call to Action” CGRs play important roles in implementing good risk management & internal control in public sector entities: • Build subject-matter-expertise regarding RM/IC (incl. INTOSAI standards & guidance, COSO Frameworks, ISO 31000) • Educate the governing bodies, audit committees, management teams & staff of the relevant public sector entities • Champion the importance of good RM/IC: fully integrated in the entity’s overall system of management • Support public sector entities through the provision of high-quality assurance, advice & insight
  • 42. Page 42 | Confidential and Proprietary Information CGR’s Role - #1 Champion importance of good risk management: • CGRs communicate with public sector entity’s leadership • Attitude and actions of CGR sets tone for good risk management in public sector entities • Promote integrating risk management into line management of a public sector entity! • Most important element: making RM/IC part of every decision making process and subsequent execution in the entity!
  • 43. Page 43 | Confidential and Proprietary Information CGR’s Role - #2 Support line management by providing high- quality assurance, advice & insight: • Decisions should only be taken with explicit understanding of related risks and their potential consequences for achieving an entity’s objectives • Therefore, decision makers require relevant and reliable information for their decision making and control processes
  • 44. Page 44 | Confidential and Proprietary Information Key Take Aways • There are many flaws in current risk management and internal control practice • Achieving the entity’s objectives is the overall goal; risk is inherent part of that • Risk management should, therefore, be fully integrated in the entity’s system of management • CGRs support RM/IC in various ways in the public sector entities they oversee • IFAC supports professional accountants / CGRs • However, no matter the guidance provided…
  • 45. Page 45 | Confidential and Proprietary Information There will always be some … … who do it their own way!