Presentation is loading. Please wait.

Presentation is loading. Please wait.

ERM for the Non-Risk Manager

Published byAlexandra Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "ERM for the Non-Risk Manager"— Presentation transcript:

1 ERM for the Non-Risk Manager
Presented by: Lisanne Sison Director, ERM Bickmore

2

3

4 What is ERM? “Enterprise Risk Management (ERM) is “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” - Committee on Sponsoring Organizations Enterprise Risk Management Integrated Framework, 2004 Basically plan to start out the presentation with a comment along the lines of “If you ask 5 people how they define ERM or GRC, you are going to get 8 different answers.” I think this lack of clarity has driven the lack of adoption, and plan to make a point about this in the presentation.

5 What is ERM? “[ERM is] a structured, consistent and continuous process across the whole organization for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievement of it’s objectives.” - The IIA – UK and Ireland

6 What is ERM? ERM is an integrated systematic process of identifying major risk to achieving the specific goals and objectives of the organization. These risks should be analyzed by likelihood and impact and mitigated to an acceptable level of risk. - The IIA Research Foundation Contrasting GRC and ERM, Perceptions and Practices Among Internal Auditors, 2013

7 Einstein’s* explanation
ERM is a process that helps manage diverse organizational risks and supports successful achievement of objectives This really isn’t Einstein’s explanation, but he would have liked the simplicity…

8 ERM Life Cycle Evaluate Performance Implement Confirm next steps
Evaluate options Identify and prioritize risks Goal setting Culture Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

9 Information & Communication
Start with Why… Simon Sinek’s Golden Circle Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

10 Information & Communication
Opportunity Cost Every decision can be weighed in terms of costs and benefits Decisions can have multiple options Compare both costs and benefits Only realize the benefits of one Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

11 Failure Mode Effect Analysis
Review a process for what can go wrong Assess and prioritize Identification factor (Likelihood error will be caught) Lots of different types of risk assessment Probably the component that people are most familiar with The key for ERM is tying risks to objectives Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

12 Information & Communication
Tippy Tap This is an example of identifying a risk, identifying constraints / barriers, and developing a solution that works Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

13 Information & Communication
ADKAR Information and Communication is the Change Management component of the ERM Framework Information drives behavior you want Communication helps correct course if something isn’t going as planned Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

14 Information & Communication
Plan Do Check Act Based on the scientific method, which was developed in 1620! Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring

15 Six Sigma (cont’d) A clear focus on achieving measurable and quantifiable financial returns Increased emphasis on strong and passionate management leadership and support Clear commitment to making decisions informed by data, rather than assumptions Developed by Motorola in 1986

16 Six Sigma

17 1989!!! Covey’s 7 habits Sharpen the saw Synergize
Put first things first Think win-win Seek first to understand, then be understood Begin with the end in mind Be Proactive 1989!!! Internal Environment Event Identification Risk Response Control Activities Objective Setting Information & Communication Risk Assessment Monitoring 1989!!!

18 Lean Problem: Overtime every day because people were coming in 30 min before their shift to re-organize their ambulance the way they like it Solution: Standardized ambulance set up Communication and training to enable the change

19 Case Studies Had a state of the art intrusion system in place, but they ignored the warnings/

20 Case Study – Raley’s Objective is to increase profit
What is the most expensive type of produce? [Organic] Used to be in a back hallway, now it has prime real estate with nice lighting and showcasing, removing barriers to me buying the most expensive stuff

21 Non-Risk Manager ERM Checklist
What are you trying to accomplish? What are the realities/barriers? What needs to be addressed immediately, soon, later, or never? What is the best, most efficient way to overcome this challenge? How do we prepare people to accept this change? How will we measure success? ©Lisanne Sison, Bickmore 2014

22

Download ppt "ERM for the Non-Risk Manager"

Similar presentations

The Department of Energy Enterprise Risk Management Model

The Department of Energy Enterprise Risk Management Model
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Internal Controls 101 and ARMICS

Internal Controls 101 and ARMICS
Internal Control–Integrated Framework

Internal Control–Integrated Framework
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
God Love God Love God – Love Others – Love Yourself.

God Love God Love God – Love Others – Love Yourself.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
COBIT 5 and COSO 2013: Comparing the Frameworks

COBIT 5 and COSO 2013: Comparing the Frameworks
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
Internal Control.

Internal Control.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Operational Auditing--Spring 2011 1 Operational Auditing Spring 2011 Professor Bill O’Brien.

Operational Auditing--Spring Operational Auditing Spring 2011 Professor Bill O’Brien.
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework

Similar presentations

Ads by Google