SlideShare une entreprise Scribd logo

ERM: Understanding Key Risks and Developing Effective Frameworks

Wheelhouse Advisors LLC
Wheelhouse Advisors LLC

This document summarizes a webinar on enterprise risk management (ERM) presented by John A. Wheeler and Kenneth K. Yoo. It discusses the changing risk environment facing companies, key steps to developing an ERM framework, comparing risk assessment to ERM, benefits of ERM, evolving risk and control programs, barriers to overcome, the role of internal audit in ERM, changes required for effective ERM programs, and increased regulatory scrutiny of risk management.

Économie & financeBusiness
1  sur  22
Télécharger pour lire hors ligne
ERM: What’s New & What’s Next Institute of Internal Auditors Webinar February 19, 2009 Presented by: John A. Wheeler, Managing Principal, Wheelhouse Advisors LLC Kenneth K. Yoo, Senior Vice President – Enterprise Risk Management, Federal Home Loan Bank of Atlanta www.theiia.org/Training
Discussion Topics • Key risks facing companies operating both inside and outside the United States • Developing an Enterprise Risk Management Framework & Approach • Evolution of a Risk & Controls Program • Enterprise Risk Management in the era of increased regulatory and shareholder scrutiny www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │1
Changing Risk Environment www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │2
Changing Risk Environment In 2008 & 2009, the risk landscape has shifted dramatically Fannie and Freddie Likely to Plunge, Searing Investors www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │3
Developing an ERM Framework What is “ERM”? “… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Source: COSO Enterprise Risk Management – Integrated Framework - 2004. www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │4
Developing an ERM Framework • ERM is a process that encompasses the following key activities – Identifies potential events that may arise out of and/or impact a company’s strategic objectives – Assesses the severity and likelihood of risk events – Determines risk response • Evaluates in relation to risk tolerances • Determines approach – Avoid, Accept, Reduce, Share • Specifies mitigation plan – Manages risk within the enterprise’s risk appetite – Takes a portfolio view of risk at the top – Monitors performance continuously www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │5
Developing an ERM Framework “Old School” Approach “New School” Approach  Risk perceived as individual hazards that may  Understand risks in context of business negatively impact a given area strategies and objectives  Ad hoc focus on risks with greatest emphasis  Disciplined and forward looking focus on on recent events critical risks  Managing risks is senior management’s  Managing risk is everyone’s responsibility responsibility  Minimize and/or eliminate risk  Manage risk within tolerance levels and capitalize on opportunities  No risk owners  Well defined accountability for risks  No formal risk reporting or monitoring at the  Risk reporting emanating from existing entity level channels to the top  Highly decentralized  Portfolio management www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │6
Risk Assessment vs. ERM • Risk Assessment – Point-in-time snapshot – Often internal audit driven – Identifies where to focus current attention – Great for planning, but not the full solution • ERM – Continuous risk monitoring and identification – Real-time assessment using indicators as well as evaluation of new strategic initiatives – Balanced focus on opportunities and impacts – Built-in ownership of risks at the right level – embedded in the business www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │7
Benefits of ERM ERM provides the ability for a company to: – Understand and define risk appetite as it relates to strategy – Link growth, risk and return – Optimize risk response decisions – Minimize operational losses and surprises – Rationalize capital resources – Strengthen credit ratings – Improve efficiency by integrating responses to multiple risks – Seize opportunities to capitalize on rewards from taking intelligent risks www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │8
Evolution of a Risk & Controls Program • Sarbanes-Oxley (“SOX”) Section 404 as a starting point • Innovation and integration leading to greater efficiency and effectiveness • Barriers to overcome • Required changes in approach www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │9
SOX as a starting point • Similar disciplined approach with primary focus on risks first, processes second and controls third • Streamlining business processes – Eliminating duplicative activities – Process improvement, eliminate outdated procedures – Enhancing data integrity for critical decision-making • Enhancing, automating and integrating data flow – Focus on data analytics and mining opportunities to strengthen controls – Providing more transparent and seamless communication across the business – Viewing the process end-to-end to understand control gaps www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │10
Evolution of Risk & Control Programs Developing Implementing Improving Integrating • Highly reactive to • Individual control • Alignment of control • Seamless and proactive individual regulatory programs in various programs to increase risk & control program mandates phases of efficiency and reduce implementation administrative burden • Risk governance & • Immature risk and/or refinement oversight structure fully governance & • More focused risk embedded in business oversight structure • Evolving risk governance & governance structure governance & oversight structure (i.e. from strategy • Informal risk related oversight structure through execution) infrastructure • Identification and • More formal risk implementation of • Risk infrastructure related best practices across automated and fully infrastructure at business units integrated across corporate and enterprise business unit levels Evolving Mature www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │11
Barriers to Overcome Attitudes / Culture • People are “burned-out” by SOX • Seen as interfering with “real work” • Lack of alignment with performance measurements – little incentive to participate • Budget constraints are increasing leaving few resources to commit • View that one-time training is the answer • Wavering support from executive management and board Infrastructure • No shared language • Over reliance on support functions • Little or no linkage between risks, process and controls • Enabling technology is non-existent or fragmented at best www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │12
Barriers to Overcome www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │13
Internal Audit’s ERM Barriers to Overcome Internal Audit ERM Competency Map Enterprise Risk Assessment 30% 53% 17% Fraud prevention / detection 26% 55% 19% Use of technology and analytics 26% 52% 22% Improvement Opportunity Somewhat Competent Very Competent Source: Ernst & Young 2008 Global Internal Audit Survey www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │14
Internal Audit’s Role in ERM Source: The Institute of Internal Auditors www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │15
ERM Program Sustainability Has your company reached a What makes your ERM program sustaining ERM maturity level? sustainable? Senior management endorses the 84% organization’s risk management Yes efforts 29% Management is part of the risk 74% management program No Risk management efforts are part 66% 71% of the organization’s management process and tools 22% Other 0% 20% 40% 60% 80% 100% Source: 2008 ERM Benchmarking Survey - The Institute of Internal Auditors www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │16
Changes Required • Clear and consistent support from executive management • High-level, multi-disciplinary, dedicated core team • Strong business case on how ERM will enhance – Business decision-making – Achievement of corporate and business unit strategic objectives – Identification of opportunities as well as potential impacts • Building ERM into business processes – efficiently and without undue administrative burden • Well defined roles and responsibilities for risk leading to improved accountability – build into incentives and performance management • Long-term commitment to the effort, linked to strategic planning www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │17
Changes Required www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │18
Increased Scrutiny • Legal / Regulatory – SEC – Department of Justice – Stock Exchanges – Securities Fraud Plaintiff Attorneys – Sarbanes-Oxley Act – Sections 302 & 404 – Foreign Corrupt Practices Act – Industry specific regulations (Privacy, Anti-money laundering, Risk-based capital requirements, etc.) • Shareholders & Stakeholders – Outsourcing / Third-party resources – Credit rating agencies – Institutional Investors – Personal liability for Board Members www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │19
Critical Success Factors 1. Organizational Culture – Governance (Board & Executive Management) Continuous – Roles and Responsibilities Monitoring – Incentive Programs 2. Infrastructure Integration – Simple, consistent and well understood risk framework – Effective controls at the appropriate Infrastructure stages of the process 3. Integration – Portfolio view – Mind the control gaps Organizational – Focused effort with optimal use of Culture resources 4. Continuous Monitoring – Current risk levels vs. risk appetite – Effectiveness of control performance www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │20
For more information about service offerings, please visit: www.WheelhouseAdvisors.com Or email us at: NavigateSuccessfully@WheelhouseAdvisors.com www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │21

Recommandé

Shared Services for Finance & Accounting - Wheelhouse Advisors 7.15.08
Shared Services for Finance & Accounting - Wheelhouse Advisors 7.15.08Shared Services for Finance & Accounting - Wheelhouse Advisors 7.15.08
Shared Services for Finance & Accounting - Wheelhouse Advisors 7.15.08Wheelhouse Advisors LLC
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAEWheelhouse Advisors LLC
 
Leadership and Risk Management report
Leadership and Risk Management reportLeadership and Risk Management report
Leadership and Risk Management reportFERMA
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskPECB
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Julia graham@bdm2014
Julia graham@bdm2014Julia graham@bdm2014
Julia graham@bdm2014bdm2014
 
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia GrahamAlexei Sidorenko, CRMP
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 

Recommandé

Shared Services for Finance & Accounting - Wheelhouse Advisors 7.15.08
Shared Services for Finance & Accounting - Wheelhouse Advisors 7.15.08Shared Services for Finance & Accounting - Wheelhouse Advisors 7.15.08
Shared Services for Finance & Accounting - Wheelhouse Advisors 7.15.08Wheelhouse Advisors LLC
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAEWheelhouse Advisors LLC
 
Leadership and Risk Management report
Leadership and Risk Management reportLeadership and Risk Management report
Leadership and Risk Management reportFERMA
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskPECB
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Julia graham@bdm2014
Julia graham@bdm2014Julia graham@bdm2014
Julia graham@bdm2014bdm2014
 
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia GrahamAlexei Sidorenko, CRMP
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 
Leading risk culture change webinar
Leading risk culture change webinarLeading risk culture change webinar
Leading risk culture change webinarFERMA
 
CFO Summit XVI - Wheelhouse Advisors LLC
CFO Summit XVI - Wheelhouse Advisors LLCCFO Summit XVI - Wheelhouse Advisors LLC
CFO Summit XVI - Wheelhouse Advisors LLCWheelhouse Advisors LLC
 
Introductory Considerations for Enterprise Security Risk Management Programs
Introductory Considerations for Enterprise Security Risk Management ProgramsIntroductory Considerations for Enterprise Security Risk Management Programs
Introductory Considerations for Enterprise Security Risk Management ProgramsWesley Bull
 
Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)simonffg
 
ERM Overview for Credit Unions
ERM Overview for Credit UnionsERM Overview for Credit Unions
ERM Overview for Credit UnionsRussell White
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
Delivering stronger business security and resilience
Delivering stronger business security and resilienceDelivering stronger business security and resilience
Delivering stronger business security and resiliencezadok001
 
51_operational_risk
51_operational_risk51_operational_risk
51_operational_riskHafeez Farooq
 
2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentation2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentationFERMA
 
Risk Treatment Standard-ASB
Risk Treatment Standard-ASBRisk Treatment Standard-ASB
Risk Treatment Standard-ASBMichel Rochette
 
ERM: DIFFERENCES BETWEEN SECTORS
ERM: DIFFERENCES BETWEEN SECTORSERM: DIFFERENCES BETWEEN SECTORS
ERM: DIFFERENCES BETWEEN SECTORSMichel Rochette
 
Discover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad FheiliDiscover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad FheiliMohammad Ibrahim Fheili
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks ManagementTariq minhas
 
Navigating the edge of risk
Navigating the edge of risk Navigating the edge of risk
Navigating the edge of risk TheAloftGroup
 
Risk 2012 Walenta 120926 sanitized
Risk 2012 Walenta 120926 sanitizedRisk 2012 Walenta 120926 sanitized
Risk 2012 Walenta 120926 sanitizedThomas Walenta, PMI Fellow
 
Final Aerice Newsflash 9 Dec2011
Final Aerice Newsflash 9 Dec2011Final Aerice Newsflash 9 Dec2011
Final Aerice Newsflash 9 Dec2011dgeoghegan
 
Risk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITIRisk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITISimone Luca Giargia
 
Open source technology
Open source technologyOpen source technology
Open source technologyMitesh Katira
 
Cloud computing and emerging technology
Cloud computing and emerging technologyCloud computing and emerging technology
Cloud computing and emerging technologyMitesh Katira
 

Contenu connexe

Tendances

Leading risk culture change webinar
Leading risk culture change webinarLeading risk culture change webinar
Leading risk culture change webinarFERMA
 
CFO Summit XVI - Wheelhouse Advisors LLC
CFO Summit XVI - Wheelhouse Advisors LLCCFO Summit XVI - Wheelhouse Advisors LLC
CFO Summit XVI - Wheelhouse Advisors LLCWheelhouse Advisors LLC
 
Introductory Considerations for Enterprise Security Risk Management Programs
Introductory Considerations for Enterprise Security Risk Management ProgramsIntroductory Considerations for Enterprise Security Risk Management Programs
Introductory Considerations for Enterprise Security Risk Management ProgramsWesley Bull
 
Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)simonffg
 
ERM Overview for Credit Unions
ERM Overview for Credit UnionsERM Overview for Credit Unions
ERM Overview for Credit UnionsRussell White
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
Delivering stronger business security and resilience
Delivering stronger business security and resilienceDelivering stronger business security and resilience
Delivering stronger business security and resiliencezadok001
 
2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentation2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentationFERMA
 
Risk Treatment Standard-ASB
Risk Treatment Standard-ASBRisk Treatment Standard-ASB
Risk Treatment Standard-ASBMichel Rochette
 
ERM: DIFFERENCES BETWEEN SECTORS
ERM: DIFFERENCES BETWEEN SECTORSERM: DIFFERENCES BETWEEN SECTORS
ERM: DIFFERENCES BETWEEN SECTORSMichel Rochette
 
Discover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad FheiliDiscover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad FheiliMohammad Ibrahim Fheili
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks ManagementTariq minhas
 
Navigating the edge of risk
Navigating the edge of risk Navigating the edge of risk
Navigating the edge of risk TheAloftGroup
 
Final Aerice Newsflash 9 Dec2011
Final Aerice Newsflash 9 Dec2011Final Aerice Newsflash 9 Dec2011
Final Aerice Newsflash 9 Dec2011dgeoghegan
 

Tendances (20)

Leading risk culture change webinar
Leading risk culture change webinarLeading risk culture change webinar
Leading risk culture change webinar
 
CFO Summit XVI - Wheelhouse Advisors LLC
CFO Summit XVI - Wheelhouse Advisors LLCCFO Summit XVI - Wheelhouse Advisors LLC
CFO Summit XVI - Wheelhouse Advisors LLC
 
Introductory Considerations for Enterprise Security Risk Management Programs
Introductory Considerations for Enterprise Security Risk Management ProgramsIntroductory Considerations for Enterprise Security Risk Management Programs
Introductory Considerations for Enterprise Security Risk Management Programs
 
Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)
 
ERM Overview for Credit Unions
ERM Overview for Credit UnionsERM Overview for Credit Unions
ERM Overview for Credit Unions
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 
Delivering stronger business security and resilience
Delivering stronger business security and resilienceDelivering stronger business security and resilience
Delivering stronger business security and resilience
 
51_operational_risk
51_operational_risk51_operational_risk
51_operational_risk
 
2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentation2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentation
 
Risk Treatment Standard-ASB
Risk Treatment Standard-ASBRisk Treatment Standard-ASB
Risk Treatment Standard-ASB
 
ERM: DIFFERENCES BETWEEN SECTORS
ERM: DIFFERENCES BETWEEN SECTORSERM: DIFFERENCES BETWEEN SECTORS
ERM: DIFFERENCES BETWEEN SECTORS
 
Discover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad FheiliDiscover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad Fheili
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summary
 
ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks Management
 
Navigating the edge of risk
Navigating the edge of risk Navigating the edge of risk
Navigating the edge of risk
 
Risk 2012 Walenta 120926 sanitized
Risk 2012 Walenta 120926 sanitizedRisk 2012 Walenta 120926 sanitized
Risk 2012 Walenta 120926 sanitized
 
Final Aerice Newsflash 9 Dec2011
Final Aerice Newsflash 9 Dec2011Final Aerice Newsflash 9 Dec2011
Final Aerice Newsflash 9 Dec2011
 
Risk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITIRisk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITI
 

En vedette

Open source technology
Open source technologyOpen source technology
Open source technologyMitesh Katira
 
Cloud computing and emerging technology
Cloud computing and emerging technologyCloud computing and emerging technology
Cloud computing and emerging technologyMitesh Katira
 
Digitization and EPR
Digitization and EPRDigitization and EPR
Digitization and EPRMitesh Katira
 
Reverse charge mechanism
Reverse charge mechanismReverse charge mechanism
Reverse charge mechanismMitesh Katira
 
Tech Audit overview
Tech Audit overviewTech Audit overview
Tech Audit overviewedtech111
 
Internal Audit with Data Analytics
Internal Audit with Data AnalyticsInternal Audit with Data Analytics
Internal Audit with Data AnalyticsMitesh Katira
 
7 Habits of Highly Effective Enterprise Risk Managers
7 Habits of Highly Effective Enterprise Risk Managers7 Habits of Highly Effective Enterprise Risk Managers
7 Habits of Highly Effective Enterprise Risk ManagersAndrew Koh
 
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditUse Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditManoj Agarwal
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Nidhi Gupta
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
How technology continues to revolutionize auditing tmuc 2011
How technology continues to revolutionize auditing tmuc 2011How technology continues to revolutionize auditing tmuc 2011
How technology continues to revolutionize auditing tmuc 2011Jim Kaplan CIA CFE
 
An Anatomy of a Digital Audit (Digital Marketing Audit)
An Anatomy of a Digital Audit (Digital Marketing Audit)An Anatomy of a Digital Audit (Digital Marketing Audit)
An Anatomy of a Digital Audit (Digital Marketing Audit)Tim Bourgeois
 
Data Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data StrategyData Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data StrategyAlan McSweeney
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkColleen Beck-Domanico
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 

En vedette (20)

Open source technology
Open source technologyOpen source technology
Open source technology
 
Cloud computing and emerging technology
Cloud computing and emerging technologyCloud computing and emerging technology
Cloud computing and emerging technology
 
Digitization and EPR
Digitization and EPRDigitization and EPR
Digitization and EPR
 
Reverse charge mechanism
Reverse charge mechanismReverse charge mechanism
Reverse charge mechanism
 
India
IndiaIndia
India
 
Tech Audit overview
Tech Audit overviewTech Audit overview
Tech Audit overview
 
Forensic Auditing
Forensic AuditingForensic Auditing
Forensic Auditing
 
Company Profile
Company ProfileCompany Profile
Company Profile
 
Internal Audit with Data Analytics
Internal Audit with Data AnalyticsInternal Audit with Data Analytics
Internal Audit with Data Analytics
 
7 Habits of Highly Effective Enterprise Risk Managers
7 Habits of Highly Effective Enterprise Risk Managers7 Habits of Highly Effective Enterprise Risk Managers
7 Habits of Highly Effective Enterprise Risk Managers
 
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditUse Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal Audit
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
How technology continues to revolutionize auditing tmuc 2011
How technology continues to revolutionize auditing tmuc 2011How technology continues to revolutionize auditing tmuc 2011
How technology continues to revolutionize auditing tmuc 2011
 
An Anatomy of a Digital Audit (Digital Marketing Audit)
An Anatomy of a Digital Audit (Digital Marketing Audit)An Anatomy of a Digital Audit (Digital Marketing Audit)
An Anatomy of a Digital Audit (Digital Marketing Audit)
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
Data Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data StrategyData Audit Approach To Developing An Enterprise Data Strategy
Data Audit Approach To Developing An Enterprise Data Strategy
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
 
6. audit techniques
6. audit techniques6. audit techniques
6. audit techniques
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 

Similaire à ERM: Understanding Key Risks and Developing Effective Frameworks

Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEIjravi
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk ManagementManoj Jain
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk TransformationAndrew Smart
 
Erm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & MethodologyErm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & Methodologysteinkamps6
 
Executive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management WebinarExecutive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management WebinarFERMA
 
Building Risk Management into Enterprise Architecture
Building Risk Management into Enterprise ArchitectureBuilding Risk Management into Enterprise Architecture
Building Risk Management into Enterprise Architectureiasaglobal
 
John Hancock PowerPoint Presentation
John Hancock PowerPoint PresentationJohn Hancock PowerPoint Presentation
John Hancock PowerPoint PresentationPulse Design Studio
 

Similaire à ERM: Understanding Key Risks and Developing Effective Frameworks (20)

Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEI
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
 
Riskpro orm
Riskpro ormRiskpro orm
Riskpro orm
 
Coso erm frmwrk
Coso erm frmwrkCoso erm frmwrk
Coso erm frmwrk
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk Transformation
 
Erm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & MethodologyErm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & Methodology
 
Risk pro trainings brochure 2013
Risk pro trainings brochure 2013Risk pro trainings brochure 2013
Risk pro trainings brochure 2013
 
Executive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management WebinarExecutive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management Webinar
 
Riskpro Trainings Telecom Industry
Riskpro Trainings Telecom IndustryRiskpro Trainings Telecom Industry
Riskpro Trainings Telecom Industry
 
Riskpro Trainings Telecom Industry
Riskpro Trainings Telecom IndustryRiskpro Trainings Telecom Industry
Riskpro Trainings Telecom Industry
 
Risk pro trainings brochure 2013
Risk pro trainings brochure 2013Risk pro trainings brochure 2013
Risk pro trainings brochure 2013
 
Risk Pro Trainings Brochure
Risk Pro Trainings BrochureRisk Pro Trainings Brochure
Risk Pro Trainings Brochure
 
Risk Pro Trainings Brochure
Risk Pro Trainings BrochureRisk Pro Trainings Brochure
Risk Pro Trainings Brochure
 
Risk management benchmarking 2013
Risk management benchmarking 2013Risk management benchmarking 2013
Risk management benchmarking 2013
 
Risk Management Benchmarking
Risk Management BenchmarkingRisk Management Benchmarking
Risk Management Benchmarking
 
Building Risk Management into Enterprise Architecture
Building Risk Management into Enterprise ArchitectureBuilding Risk Management into Enterprise Architecture
Building Risk Management into Enterprise Architecture
 
John Hancock PowerPoint Presentation
John Hancock PowerPoint PresentationJohn Hancock PowerPoint Presentation
John Hancock PowerPoint Presentation
 
Riskpro Trainings Automotive Industry
Riskpro Trainings Automotive IndustryRiskpro Trainings Automotive Industry
Riskpro Trainings Automotive Industry
 
Riskpro Trainings Automotive Industry
Riskpro Trainings Automotive IndustryRiskpro Trainings Automotive Industry
Riskpro Trainings Automotive Industry
 
Riskpro Trainings Automotive Industry
Riskpro Trainings Automotive IndustryRiskpro Trainings Automotive Industry
Riskpro Trainings Automotive Industry
 

Dernier

The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfGale Pooley
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Call Girls in Nagpur High Profile
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfGale Pooley
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designsegoetzinger
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spiritegoetzinger
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...Call Girls in Nagpur High Profile
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure servicePooja Nehwal
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Pooja Nehwal
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptxFinTech Belgium
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home DeliveryPooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home DeliveryPooja Nehwal
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxanshikagoel52
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceanilsa9823
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 

Dernier (20)

The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdf
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
 
Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home DeliveryPooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptx
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 

ERM: Understanding Key Risks and Developing Effective Frameworks

  • 1. ERM: What’s New & What’s Next Institute of Internal Auditors Webinar February 19, 2009 Presented by: John A. Wheeler, Managing Principal, Wheelhouse Advisors LLC Kenneth K. Yoo, Senior Vice President – Enterprise Risk Management, Federal Home Loan Bank of Atlanta www.theiia.org/Training
  • 2. Discussion Topics • Key risks facing companies operating both inside and outside the United States • Developing an Enterprise Risk Management Framework & Approach • Evolution of a Risk & Controls Program • Enterprise Risk Management in the era of increased regulatory and shareholder scrutiny www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │1
  • 3. Changing Risk Environment www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │2
  • 4. Changing Risk Environment In 2008 & 2009, the risk landscape has shifted dramatically Fannie and Freddie Likely to Plunge, Searing Investors www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │3
  • 5. Developing an ERM Framework What is “ERM”? “… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Source: COSO Enterprise Risk Management – Integrated Framework - 2004. www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │4
  • 6. Developing an ERM Framework • ERM is a process that encompasses the following key activities – Identifies potential events that may arise out of and/or impact a company’s strategic objectives – Assesses the severity and likelihood of risk events – Determines risk response • Evaluates in relation to risk tolerances • Determines approach – Avoid, Accept, Reduce, Share • Specifies mitigation plan – Manages risk within the enterprise’s risk appetite – Takes a portfolio view of risk at the top – Monitors performance continuously www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │5
  • 7. Developing an ERM Framework “Old School” Approach “New School” Approach  Risk perceived as individual hazards that may  Understand risks in context of business negatively impact a given area strategies and objectives  Ad hoc focus on risks with greatest emphasis  Disciplined and forward looking focus on on recent events critical risks  Managing risks is senior management’s  Managing risk is everyone’s responsibility responsibility  Minimize and/or eliminate risk  Manage risk within tolerance levels and capitalize on opportunities  No risk owners  Well defined accountability for risks  No formal risk reporting or monitoring at the  Risk reporting emanating from existing entity level channels to the top  Highly decentralized  Portfolio management www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │6
  • 8. Risk Assessment vs. ERM • Risk Assessment – Point-in-time snapshot – Often internal audit driven – Identifies where to focus current attention – Great for planning, but not the full solution • ERM – Continuous risk monitoring and identification – Real-time assessment using indicators as well as evaluation of new strategic initiatives – Balanced focus on opportunities and impacts – Built-in ownership of risks at the right level – embedded in the business www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │7
  • 9. Benefits of ERM ERM provides the ability for a company to: – Understand and define risk appetite as it relates to strategy – Link growth, risk and return – Optimize risk response decisions – Minimize operational losses and surprises – Rationalize capital resources – Strengthen credit ratings – Improve efficiency by integrating responses to multiple risks – Seize opportunities to capitalize on rewards from taking intelligent risks www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │8
  • 10. Evolution of a Risk & Controls Program • Sarbanes-Oxley (“SOX”) Section 404 as a starting point • Innovation and integration leading to greater efficiency and effectiveness • Barriers to overcome • Required changes in approach www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │9
  • 11. SOX as a starting point • Similar disciplined approach with primary focus on risks first, processes second and controls third • Streamlining business processes – Eliminating duplicative activities – Process improvement, eliminate outdated procedures – Enhancing data integrity for critical decision-making • Enhancing, automating and integrating data flow – Focus on data analytics and mining opportunities to strengthen controls – Providing more transparent and seamless communication across the business – Viewing the process end-to-end to understand control gaps www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │10
  • 12. Evolution of Risk & Control Programs Developing Implementing Improving Integrating • Highly reactive to • Individual control • Alignment of control • Seamless and proactive individual regulatory programs in various programs to increase risk & control program mandates phases of efficiency and reduce implementation administrative burden • Risk governance & • Immature risk and/or refinement oversight structure fully governance & • More focused risk embedded in business oversight structure • Evolving risk governance & governance structure governance & oversight structure (i.e. from strategy • Informal risk related oversight structure through execution) infrastructure • Identification and • More formal risk implementation of • Risk infrastructure related best practices across automated and fully infrastructure at business units integrated across corporate and enterprise business unit levels Evolving Mature www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │11
  • 13. Barriers to Overcome Attitudes / Culture • People are “burned-out” by SOX • Seen as interfering with “real work” • Lack of alignment with performance measurements – little incentive to participate • Budget constraints are increasing leaving few resources to commit • View that one-time training is the answer • Wavering support from executive management and board Infrastructure • No shared language • Over reliance on support functions • Little or no linkage between risks, process and controls • Enabling technology is non-existent or fragmented at best www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │12
  • 14. Barriers to Overcome www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │13
  • 15. Internal Audit’s ERM Barriers to Overcome Internal Audit ERM Competency Map Enterprise Risk Assessment 30% 53% 17% Fraud prevention / detection 26% 55% 19% Use of technology and analytics 26% 52% 22% Improvement Opportunity Somewhat Competent Very Competent Source: Ernst & Young 2008 Global Internal Audit Survey www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │14
  • 16. Internal Audit’s Role in ERM Source: The Institute of Internal Auditors www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │15
  • 17. ERM Program Sustainability Has your company reached a What makes your ERM program sustaining ERM maturity level? sustainable? Senior management endorses the 84% organization’s risk management Yes efforts 29% Management is part of the risk 74% management program No Risk management efforts are part 66% 71% of the organization’s management process and tools 22% Other 0% 20% 40% 60% 80% 100% Source: 2008 ERM Benchmarking Survey - The Institute of Internal Auditors www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │16
  • 18. Changes Required • Clear and consistent support from executive management • High-level, multi-disciplinary, dedicated core team • Strong business case on how ERM will enhance – Business decision-making – Achievement of corporate and business unit strategic objectives – Identification of opportunities as well as potential impacts • Building ERM into business processes – efficiently and without undue administrative burden • Well defined roles and responsibilities for risk leading to improved accountability – build into incentives and performance management • Long-term commitment to the effort, linked to strategic planning www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │17
  • 19. Changes Required www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │18
  • 20. Increased Scrutiny • Legal / Regulatory – SEC – Department of Justice – Stock Exchanges – Securities Fraud Plaintiff Attorneys – Sarbanes-Oxley Act – Sections 302 & 404 – Foreign Corrupt Practices Act – Industry specific regulations (Privacy, Anti-money laundering, Risk-based capital requirements, etc.) • Shareholders & Stakeholders – Outsourcing / Third-party resources – Credit rating agencies – Institutional Investors – Personal liability for Board Members www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │19
  • 21. Critical Success Factors 1. Organizational Culture – Governance (Board & Executive Management) Continuous – Roles and Responsibilities Monitoring – Incentive Programs 2. Infrastructure Integration – Simple, consistent and well understood risk framework – Effective controls at the appropriate Infrastructure stages of the process 3. Integration – Portfolio view – Mind the control gaps Organizational – Focused effort with optimal use of Culture resources 4. Continuous Monitoring – Current risk levels vs. risk appetite – Effectiveness of control performance www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │20
  • 22. For more information about service offerings, please visit: www.WheelhouseAdvisors.com Or email us at: NavigateSuccessfully@WheelhouseAdvisors.com www.theiia.org/Training © Copyright 2009 - Wheelhouse Advisors LLC │21