The document summarizes a presentation by Alan Siegfried on addressing current governance and risk management challenges in governmental and international organizations. Siegfried discusses how the global economic turmoil has shaken stakeholder confidence and presents opportunities for internal audit to demonstrate leadership in risk management. He outlines 10 current challenges for governance and risk management functions and potential roles for internal audit in risk assessment and monitoring organizational governance.
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Siegfried addressing current governance and risk management challenges in governmental and international organizations
1. ICGFM ‐ Winter 2010 Conference
December 6, 2010
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations
Alan Siegfried
CIA, CCSA, CFSA, CGAP, CPA, CISA, CBA, CSP, CITP, MBA
Auditor General, Inter‐American Development Bank
IIA Chairman, North American Board
2. Our World at a Glance
• Global economic challenges and issues
• Changing regulatory environment
• Financial markets turmoil
• Shrinking workforce and massive layoffs
• Budget restrictions
• Risk management efforts ineffective
• Stakeholder confidence shaken
• Uncertainty and unpredictability
Opportunity for internal audit profession to demonstrate leadership
in risk management, control and governance
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 2
3. Risk of Not Responding
• Diminished stature of Internal Audit in surfacing and
addressing emerging risks
• Significantly reduced credibility as a trusted governance
partner
• Diminished value of internal audit activities
• Seen as being inflexible and non‐responsive to emerging
risk
Where were the Internal Auditors?
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 3
4. Risk Management Lessons Learned
• Short term cost‐cutting with destructive operational or control
implications
• Reliance on a third party supplier, distributor, counterparty or joint
venture partners with financial difficulties what contingency plans
are in place
• Customer dissatisfaction over valued receivables
• Liquidity issues due to the tightening of credit and reduced demand
• Increased incentives for financial fraud
• Disgruntled current and ex‐employees who sabotage, pilfer assets
• Loss or damage to reputation
Internal Audit Role
Help management identify risks, design risk management strategies, assess
and monitor effectiveness of applicable controls
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 4
5. Current Challenges for Governance and
Risk Management
1. Aligning internal audit coverage to meet new expectations
2. Fully embrace a risk‐centric strategy
3. Realigning skills to address new requirements
4. Leveraging technology to achieve greater efficiencies
5. Coping with diminished resources
6. Maintaining stature with the audit committee
7. Integrate fraud and prevention and ethics investigations into audit
strategies
8. Demonstrate stronger commitment to quality
9. Enhance coordination internally
10. Demonstrating value and adding to the bottom line
The IIA 2009
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 5
6. Potential Internal Audit Involvement in Risk
Management and Governance
Participate in cross functional ‘what if’ discussions to
reconsider risks and identify action plans
Help design risk management / monitoring processes (i.e.,
controls!) to address risks
Redirect audit resources to re‐assessed highest risk areas
Internal audit review of risk management and organizational
governance
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 6
7. Video
http://www.youtube.com/watch?v=laKprX‐HP94
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 7
8. Understanding the Difference
• Risk management
“A process to identify, assess, manage and control potential events or
situations to provide reasonable assurance regarding the
achievement of the organization’s objectives”
• Control
“Any action taken by management, the board, and other parties to
manage risk and increase the likelihood that established objectives
and goals will be achieved”
• Governance
“The combination of processes and structures implemented by the
board in order to inform, direct, manage and monitor the activities of
the organization toward the achievement of its objectives”
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 8
9. What is Organizational Governance?
The process through which
Board
(1) values and goals are
IA RM established and
communicated,
(2) the accomplishment of goals
EA Executive
Management C is monitored,
(3) accountability is ensured, and
(4) values are preserved.
ORGANIZATION
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 9
10. Parties in the Governance Process
Oversight group – board and committees of the board
Stewardship group – executive management:
Dual role of stewardship of resources allocated by board
and accountability of results of operations
Performance group – operating and support management
and staff
Assurance group – internal and external auditing
functions,
and in some organizations, compliance and risk
management monitoring functions, are also part of the
assurance group.
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 10
11. Two Basic Responsibilities of the Board
Strategic Values
BOARD Direction Boundaries
Governance
Umbrella Accountability
Governance
Oversight Values
Preservation
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 11
12. Audit Committee Areas of Focus
Financial
Reporting
Risk
Internal Management
Audit Internal
Control
Audit
Committees
Areas of
Regulatory Focus
Compliance & External
Ethical Audit
Matters
Maintaining
Measuring Communicating
Effectiveness & Reporting
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 12
13. Key Components of Governance Oversight
Risk Senior
Management -
Governance Management Risk Owners
Stakeholders Umbrella
BOD
Assurance Internal-External
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 13
14. Governance Opportunities
“ Changing business and economic conditions provide an opportunity to reassess
board priorities and re‐focus the agenda”
Board skills and capabilities reflect the changing business environment
Tighten risk management oversight
Keep ahead of the strategic agenda
Extract the most from board committees
Review the flow of information from management to the Board
Create and sustain an ethical organization
Recruit, develop and retain talented managers
Strengthen board governance and organizational policies
KPMG
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 14
15. What can Internal Audit Bring to the Table?
Provide independent, objective assessments on:
Appropriateness of governance structure
Operating effectiveness of governance activities.
Act as catalysts for change by:
Advising or advocating improvements in governance
structure and practices
Providing assurance on the risk management, control, and
governance
The IIA
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 15
16. Risk and Risk Management
• Risk is the probability/likelihood of something happening that will have
an adverse impact on objectives.
• Risk Management is the systematic application of processes and
structures that enable an organization to identify, assess, analyze,
optimize, monitor, improve, or transfer risk while communicating risk
and risk decisions to stakeholders.
Enterprise Risk Management (ERM) deals with risks and opportunities
affecting value creation or preservation.
ERM is a process, effected by an entity’s board of directors and
management which is applied in a strategy setting and across the
enterprise. It is designed to identify potential events that may affect the
entity, and manage those risks to provide reasonable assurance
regarding the achievement of objectives.
Source: Committee of Sponsoring Organizations, “Enterprise Risk
Management – Integrated Framework, Executive Summary”,
Addressing Current Governance and Risk 2004
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 16
17. Benefits of ERM
Holistic view of risk in the organization
Greater likelihood of achieving objectives
Consolidated reporting of risks at board level
Improved understanding of key risks and implications
Identification and sharing of cross business risks
Greater management focus on the issues that really
matter
Fewer surprises or crises
Increased likelihood of change initiatives being achieved
Capability to take on greater risk for greater reward and
More informed risk‐taking and decision‐making.
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 17
18. ERM Quality Classifications
• Advanced capabilities to identify, measure, manage all risk exposures within
tolerances
Excellent
• Advanced implementation, development and execution of ERM parameters
• Consistently optimizes risk adjusted returns throughout the organization
• Clear vision of risk tolerance and overall risk profile
• Risk Control exceeds adequate for most major risks
Strong • Has robust processes to identify and prepare for emerging risks
• Incorporates risk management and decision making to optimize risk adjusted
returns
• Has fully functioning control systems in place for all of their major risks
• May lack a robust process for identifying and preparing for emerging risks
Adequate
• Performing good classical “silo” based risk management
• Not fully developed process to optimize risk adjusted returns
• Incomplete control process for one or more major risks
Weak • Inconsistent or limited capabilities to identify, measure or manage major risk
exposures
Source: Standard & Poor’s
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 18
19. Fundamental Principles of an Effective
Risk Management Strategy in International Organizations
Clearly defined key roles, Common risk
Common definition of risk
responsibilities and management
and risk framework
authority infrastructure
Executive management
Appropriate transparency responsible for designing, Business units held
and visibility of governing implementing, and responsible for risk
bodies maintaining effective risk management
management
Support functions have Oversight functions
pervasive impact on the provide objective
business and the assurance , monitoring
management of risks and reporting
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 19
20. Effective Risk Management Practices
Adopt a risk Provide meaningful
management policy Appoint a risk risk information to
and specific risk manager Senior Management
component definitions and the Board
Quantify and
Set and review risk Perform Regular
communicate losses
limits with the Board assessments.
from risk
Transfer risks if cost is Train Management Provide annual
less that the cost of and the Board in risk assurance on the state
retention. matters. of risk management.
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 20
21. Responsibilities of the Risk Manager
Implement an enterprise‐wide risk management strategy,
processes and controls
Propose risk management policy for Board approval
Coordinate risk management efforts across the
organization
Collect and combine risk information
Assess the information collected
Identify, assess and report risks
Communicate risk information to the Board and
Management
Provide annual assurance on the state of risk management
Affirm policies are appropriate for the foreseeable future.
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 21
23. Internal Audit Value Proposition
Valued.
Moving the profession from recognized ‐ to trusted ‐ to valued
contributions to your organization and assurance to stakeholders Trusted.
Recognized.
Understand the business management’s strategies and
objectives
Focus on the right areas and the right risks
Provide practical, relevant and persuasive
recommendations
Become proactive catalyst for positive change
Balance consultative and assurance services
Help protect AND grow the business
Earn a ‘Seat at the table’
Act as trusted advisor on risk, control and governance
issues
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 23
24. Responsibilities TODAY
Seeking to understand stakeholder expectations and evaluating
effectiveness in meeting those expectations
Developing and demonstrating strong communication skills to
effectively convey findings and recommendations
Embracing and executing a balanced risk based audit plan
Providing leadership on issues of corporate governance, fraud, risk
management, internal control and financial reporting
Willing to challenge status quo, and operating as change agents
Providing a learning environment and career pathway
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 24
25. Useful Tools Corporate Executive Board
Risk Management Evaluation Framework
Level Risk Evaluation Criteria
Provide Clear Risk Management Policies and Procedures
Provide Clear Risk Management Corporate Governance Structures
Provide Tools and Frameworks to Train the Line to Manage Risk
Leverage Company Knowledge to Identify and Assess Risk
Level 1
Focus on Both the Upside and Downside of Risk to optimize Strategic Risk Taking
Prioritize Risk Based on Probability and Inherent Impact
Provide Clear Visibility into Key Risks and Mitigation Status
Aggregate Risk and Mitigation Information into a Central Database
Prioritize Risk Based on Probability and Residual Impact
Embed Risk Considerations into Day-to-Day Planning and Decision Making
Level 2
Link Risk Management to Employee Performance
Assess Effectiveness of Risk Mitigation Efforts
Coordinate Risk Assurance Activities Across the Organization
Assess Risk Velocity to Prioritize Risk Mitigation Efforts
Formally Define Business Unit Risk Appetite as Part of the Risk Opportunity Analysis
Embed Feedback Lops for Continuous Improvement in Risk Strategy
Level 3
Leverage Predictive Risk Metrics to Assess Probable impacts and Mitigation
Strategies
Develop a 360-Degree View of Counterparty Risk to Pinpoint Exposure Levels
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 25
26. Risks to Consider in 2010
Risk Type Risk
Financial • Reporting integrity • System security vulnerabilities • Off balance sheet risk
• Financial statements/disclosures • Inadequate recording/oversight of • Transactions are not properly
are misstated according to financial information approved
accounting standards • Estimates are not adequate • Inability to raise capital
• Lack of reliability in the systems • Interest rate/market risk • Asset/liability risk
reporting key financial data • Foreign currency exchange • Investment risk
• Insufficient liquidity • Credit risk
Compliance • Non‐compliance with • Breaching existing capital • Adherence to pension plan
employment practices requirements requirements
• Environmental contamination • Non‐adherence to debt covenants • Insider trading
• Record retention policy • Data used to support • Safety health privacy violations
• Inability to meet contractual compliance is unreliable • Fraud
obligations
Strategic • Strategic alliances • Competitive pressure • Litigious trends and judicial
• Strategic planning does not • Loss of key customers uncertainty
consider external impacts • Counterparty failures • Reputation risk
• New products and services • Customer pricing pressure • Insufficient governance structure
• Customer demand shortfall • Disruptive technologies and practices
Operational • Loss of key personnel • Natural disasters • Service quality
• Obsolete technology • Acts of terror • Project/change management
• Insufficient information • Third‐party outsourcing • Business disruption/system
technology governance • Security breaches failures
• Inadequate development • Lack of business continuity • Lack of sufficient contractual
effectiveness /disaster recovery planning oversight
• Process control risk
Addressing Current Governance and Risk Grant Thornton,
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 26
27. Final Thoughts
Risks facing our organizations are unprecedented
and stakeholders’ expectations continue to increase
Internal audit profession has an opportunity to step
forward to be a key player in Governance and Risk
Management
Individual practitioners and organizations must
‘raise the bar’ to most effectively represent and
advocate for strong governance and risk
management
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 27
28. Value Final Thoughts
Foresight
Insight
Hindsight
Focus
Addressing Current Governance and Risk
Management Challenges in Governmental and
International Organizations. Alan N. Siegfried 28