Introduction to Enterprise Risk Management (ERM)

Slides:



Advertisements
Similar presentations
Organizational Governance
Advertisements

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls
Risk Management in a Solvency II world Mark Burke, Head of Life Insurance Supervision, Central Bank of Ireland 11 December 2014.
It’s Time to Talk About Risk and Control
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
Quality evaluation and improvement for Internal Audit
Presented by: G. Lawrence Buhl, CPA Retired Audit Partner at Ernst & Young 1 Risk Management & ERM: What Insurer Boards Need to Know.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
PAINTING THE FULL PICTURE
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
Chapter 4 Internal Controls McGraw-Hill/Irwin
Information Technology Audit
Internal Auditing and Outsourcing
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.
Governance of the Treasury Function CIPFA Scottish Treasury Management Forum Alan George, Regional Director 23rd February 2012.
8 – 12 December 2008 Bruce Le Bransky MAFC / APEC / AFDC Shanghai Conference: Session 7.2: Challenges to Governance Structures.
The role of internal audit in enterprise-wide risk management (ERM)
Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.
2007 Annual Meeting ● Assemblée annuelle 2007 Vancouver 2007 Annual Meeting ● Assemblée annuelle 2007 Vancouver Canadian Institute of Actuaries Canadian.
1 Enterprise Risk Management (ERM) Program PNM Resources, Inc. March 29, 2007 Presentation to American Public Power Association March 2007 Austin, Texas.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Enterprise Risk Management (ERM) ABN AMRO Business Unit North America (BU NA) Overview for ERM Committee April 11, 2007.
COSO: Current ERM Challenges and Our Responses RIMS 2012 Annual Conference April 17, 2012 by David Landsittel COSO Chairman.
Enterprise Risk Management
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Enterprise Risk Management Expectations Outpacing Capabilities and The Audit Committee’s Role July 30, 2013 Presented by: Suzette E. Ramsden (B.Sc., CISA,
F INANCIAL S ERVICES Institute of International Bankers Enterprise Risk Management October 29, 2007.
How the West Was Lost: What Asia Could Avoid. Corporate Governance Dr. Colin Lawrence Prudential Risk Division, Financial Services Authority, UK ASIAN.
IRS Enterprise Risk Management (ERM)
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
Corporate Governance.  What is risk? ◦ Risks are uncertain future occurrences which, left unchecked, could adversely influence the achievement of a company’s.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.
Assessing ERM Practices ERM Working Group North Carolina State University Raleigh, February 24 th 2006 Copyright © 2005 Standard & Poor's, a division of.
Geneva Association/International Insurance Society Research Presentation, Chicago Enterprise Risk Management in the Insurance Industry Madhusudan.
APPA - Enterprise Risk Management LCRA’s ERM Journey Presented by JoEllen Peterman, ERM Program Manager September.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Balance Between Audit/Compliance and Risk Management- Best Practices FIRMA 21 st National Training Conference Julia Fredricks, U.S. Chief Compliance Officer.
Internal Controls Christina Urias Managing Director – International Regulatory Affairs NAIC.
NEACS: CRO Perspective William Feher Vice President, Internal Audit and Chief Risk Officer October 27, 2015.
Chapter 3 Governance.
1  The objective of operational risk management is the same as for credit, market and liquidity risks that is to find out the extent of the financial.
APPA - Enterprise Risk Management LCRA’s ERM Journey Presented by JoEllen Peterman, ERM Program Manager March 29, 2007.
PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Trinity Industries, Inc. FEI Presentation May 31, 2012.
1 Internal Audit’s Role in Enterprise Risk Management March 22, 2016 Chris Kalafatis, Manager, Risk Advisory Services.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Agenda 1) ERM Principles and Practice by Mike Mahaffey (45 minutes)
JMFIP Financial Management Conference
ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR
How can an Enterprise Risk Management (ERM), programme enable organizations achieve strategic objectives more effectively? Dr P S Sahota  
Audit & Risk Management
Kuveyt Turk Participation Bank
Presentation transcript:

Introduction to Enterprise Risk Management (ERM) John P. Behringer McGladrey (Slides Provided by Rebecca Towne, Director, McGladrey)

Traditional Risk Management vs. ERM Tactical, compliance focused Silo-based processes Business line or risk type view Looks at risks individually Business decisions not closely linked to risks Driven by Risk Management and Internal Audit Supported by rules ERM Strategic, performance focused Consistent risk management approach across the enterprise Holistic view of key risks Considers risk interactions Business decisions based on a clear understanding of risks Driven by the board and owned by the business Supported by a “risk culture”

A Holistic View of Risk What is a holistic view of risk? Risk types vary by institution and may include: Operational risk Liquidity risk Strategic risk Market risk Compliance risk Reputational risk Legal risk Environmental Security What is a holistic view of risk? Aggregated risk exposures across the enterprise For example, concentrations by business line, product, customer segment, industry, or geography Consideration of all types of risk, including interactions between risks Consideration of alternative, forward- looking scenarios

Enterprise Risk Management Financial institution example of interactions between risks Economic shock Credit Risk increases Liquidity Risk losses reduce funds Reputational Risk issues become public Compliance Risk regulatory scrutiny increases Strategic Risk New restrictions/ requirements Legal Risk borrowers under duress Operational Risk cut-backs in resources Market Risk investors leave / values decline

Advanced ERM practices ERM Process Range of ERM Practices Advanced ERM practices Formally documented ERM framework Decisions based on complex, data-driven analysis ERM function and CRO Active board and Risk Committee involvement Highly automated aggregation and reporting processes ERM training based on a common risk language Basic ERM practices Policies for each risk type Decisions based primarily on management judgment CFO or other executive responsible for risk oversight Less board involvement / reliance on Audit Committee Manual aggregation processes Tactical risk management training

Roles and Responsibilities Three Lines of Defense 1st Business Lines and Functions “Own” the risks associated with their activities and execute risk management processes 2nd Risk Management Designs & coordinates the implementation of the ERM program 3rd Internal Audit Validates the effectiveness of the ERM program

Internal Audit’s Role in ERM Boards require objective assurance that risk management processes are working and key risks are being managed effectively. Internal (or external) auditors respond to this need by giving assurance on: The appropriateness of the company’s ERM framework The accuracy of risk and control assessments The effectiveness of risk management processes The appropriateness of management’s actions to address risks The accuracy of risk reports

Internal Audit’s Role in ERM In smaller institutions, Internal Audit may play a larger role in developing and overseeing the ERM framework, with appropriate safeguards to protect their independence. Audit should not be involved in actually managing risk, as this is the responsibility of the management team. Audit’s responsibilities should be documented and approved by the Audit Committee. Audit cannot give objective assurance on any part of the ERM framework for which it is responsible. Audit should not undertake any ERM responsibilities in which the function does not have adequate expertise.

ERM Framework An ERM Framework should include: Risk governance Risk appetite setting Enterprise-wide risk management processes Identification of risks Assessment / measurement of risks Monitoring of risks and actions to address risks Management of risk through controls/risk responses Reporting of risks and the status of action plans Integration with business decision-making Establishment of a strong risk culture

Risk Governance ERM function ERM committee Risk committ ees Board oversight ERM committee Risk committ ees (e.g., ALCO) ERM function Risk policies Risk appetite Incentives ERM training Capital adequacy Product/strategy review Reviews and approves risk strategies, frameworks, and policies Reviews risk reports and recommends/monitors risk limits and action plans Oversees the implementation of the ERM framework/controls

Risk Appetite An effective ERM program relies on the establishment and communication of the company’s risk appetite Helps employees to understand the specific risks that the company is willing and not willing to take. Provides a means for ensuring that actual risk-taking is consistent with the company’s risk-taking capacity.

Risk Culture Development of a risk culture is critical to effective ERM Ways to establish a risk culture that is supportive of risk management: “Tone at the top” Reference the importance of risk management in the company’s objectives Incorporate risk management into ongoing executive management communications Exhibit the desired risk management behaviors Code of Conduct or Ethics Risk management factors included in incentive and performance evaluation plans Clearly defined roles and responsibilities that are consistent with three lines of defense

Integrating ERM into decision-making To be effective, risk management must be integrated into day-to-day business line activities and corporate decisions Risk Managers must be involved at the onset of strategy setting processes Risks associated with new products should be considered and communicated to the board Analysis of emerging risks and stress tests should influence business decisions Risk information should be shared across the company to avoid the same event recurring

Risk Management Processes Identify measure Assess/ respond Manage/ Monitor Report Risk management processes are grouped in different ways but generally include the following: Ideally, each of these processes should be ongoing rather than, for example, annual.

Risk Identification Risk identification processes should begin with appropriate planning: Mapping of the company’s business lines and processes Determination of the risk types to be included in the process (e.g., operational, legal, reputational) Identification of resources responsible for the process in each area Risks can be identified through various methods, such as interviews, surveys and/or facilitated workshops Different levels of the organization may have different perspectives on risks Include emerging risks Be wary of risks that are really the absence of controls Identify measure Assess/ respond Manage/ Monitor Report

Risk Assessment Best practices in risk assessment include: Identification of risks against key business objectives Coordination of risk assessments through interviews, surveys or facilitated workshops to ensure consistency Use of available information, such as Key Risk Indicators (KRIs), to ensure objectivity Assessments of the adequacy of internal controls must also be objective Oversight and use of information, such as the results of quality control reviews, are critical

Using Risk Assessments Internal Audit assessments are generally used to: Determine the scope and frequency of audits Compare to business line assessments Business Line assessments are used to: Prioritize risks across the company Identify the top risks to the company Identify appropriate responses to risks, as well as areas where the adequacy of controls is too low for the level of risk Drive risk-based monitoring processes Avoid the “black hole” of risk assessment data!

Risk Management / Responses Risk responses should be based on assessment of loss frequency and impact Management actions should be specific to reducing likelihood or impact, depending on which one was assessed as high The most common risk responses include: Avoid (get out) Accept/retain (monitor) Reduce (institute controls) Transfer or share (partner with someone) Action plans with assigned owners should be developed and monitored by a risk committee Identify measure Assess/ respond Manage/ Monitor Report

Risk Reporting Reporting should also follow from risk assessments, with higher risks reported in more depth Emphasis of risk reporting should be on highlighting key risks and recommendations for and status of management action Volumes of detail should be avoided, particularly for board reporting Reports should include early indicators and emerging risks Best practices include the development of ERM dashboards that provide a holistic view of risk and thoughtful analysis Identify measure Assess/ respond Manage/ Monitor Report

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.