PwC Corporate Compliance vs. Enterprise-Wide Risk Management Brent Saunders, Partner (973) 236-4682 November 2002.

Slides:



Advertisements
Similar presentations
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
Advertisements

IBM Corporate Environmental Affairs and Product Safety
Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore
Chapter 14 Fraud Risk Assessment.
IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Purpose of the Standards
Board responsibility for internal control and risk management by Kiattisak Jelatianranat Chairman, The Institute of Internal Auditors of Thailand Director,
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Corporate Ethics Compliance *
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Control environment and control activities. Day II Session III and IV.
Chicagoland IASA Spring Conference
Information Technology Audit
Internal Auditing and Outsourcing
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Central Piedmont Community College Internal Audit.
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.
Chapter 3 Internal Controls.
Internal Audit Role in Order to Develop an Ethical Corporate Culture as a Competitiveness Factor A.I.I.A. - Internal Auditing body Università degli Studi.
Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Establishing A Compliance Program: It Makes Sense
Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.
Chapter 5 Internal Control over Financial Reporting
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Internal Control in a Financial Statement Audit
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Conducting Compliance Assessments and Building Internal Controls In Pharmaceutical R&D Third Annual Medical Research Summit – Session 2.01 Michael Swiatocha.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.
Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.
Kathy Corbiere Service Delivery and Performance Commission
Can Your Compliance Program Manage All of Your Organization's Risks? Discussing the Proposition of Enterprise Wide Risk Management February 6, 2003 PwC.
1 COSO ERM Framework Update Our Next Challenge and Opportunity September 2015.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Company LOGO Chapter4 Internal control systems. Internal control  It is any action taken by management to enhance the likelihood that established objectives.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Introduction to Enterprise Risk Management (“ERM”)
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Core Competencies Training for Supervisors
Core Competencies Training for Supervisors
Understanding the Principles and Their Effect on the Audit
PEM PAL IA COP Internal Control Working Group COSO Principles
A Framework for Control
Building the Foundation of Compliance
Building the Foundation of Compliance
COSO Internal Control s Framework
Internal control - the IA perspective
Taking the STANDARDS Seriously
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

PwC Corporate Compliance vs. Enterprise-Wide Risk Management Brent Saunders, Partner (973) November 2002

2 PwC Agenda Corporate Compliance Programs? What is Enterprise-Wide Risk Management? Key Differences Why Will Your Organization Benefit From Enterprise-Wide Risk Management? A Suggested Process for Imlementing EWRM

3 PwC COMPLIANCE DEFINED A compliance program is a management process comprised of formal reporting structures and risk mitigation systems designed to motivate, measure, and monitor an organizations legal and ethical performance around complex business practices. -- For manufacturers…its More Than GXP

Elements of Model Compliance Program Initiatives 1.Written Standards of Conduct 2.Written Policies and Procedures 3.Designate a Chief Compliance Officer 4.Education and Training for All Employees - At Least Annually 5.Audit to Monitor Compliance 6.Discipline Employees Who Have Engaged in Wrongdoing

Elements of Model Compliance Program Initiatives 7.Investigate and Remediate Identified Problems 8.Promote Compliance as an Element in Evaluating Managers and Supervisors 9.Policy to Include Termination as an Option for Sanctioned Individuals 10.Maintain a Hotline to Receive Complaints and Ensure Anonymity of Complainants 11.Create and Maintain Required Documentation

U.S. Sentencing Commission Vice Chair, John R. Steer I think the guidelines may need to say something more about the need to have ongoing auditing and testing of a compliance program on paper to ensure that it is effective in practice.

7 PwC What is Enterprise-Wide Risk Management? Best-in-class organizations are looking beyond the basic objective of implementing effective internal controls to satisfy financial and other reporting obligations, when designing their control structures They recognize that a company must have a dynamic risk management process that covers significant risk exposures, which augments the financial reporting process and enables the company to identify and respond quickly to changing conditions To be highly effective, risk management is being built into a companys infrastructure as an integral part of doing business and is tailored to address the companys critical risk exposures The resulting process is efficient, effective, and non-bureaucratic in nature, as it aligns existing risk management processes, thereby eliminating duplication of efforts This integrated approach is commonly referred to as enterprise-wide risk management

8 PwC What is Enterprise-Wide Risk Management? Approached this way, compliance moves away from being viewed as a reactive, activity intensive process and towards being viewed as an active program to help an organization manage a broad range of changes to help it achieve a variety of business objectives in an efficient and effective manner Enterprise-wide risk management is anticipatory, flexible, and proactive. Enterprise-wide risk management is not reactive An enterprise-wide risk management framework emphasizes the need for processes to Identify risk, Assess risk, and Monitor and manage changes of all types (financial, operational, legal, etc.) It is implementable at any level of the organization in whole or in part (i.e. business unit, functional process, geography) Enterprise-wide risk management helps mitigate surprises and ensures all organizations are aligned with key objectives

9 PwC What is Enterprise-Wide Risk Management? Reactive Proactive Strategic Building in an Enterprise Wide Risk Management program: Current best practice Pulling together the disciplines that address both sides of risk – minimizing uncertainty and maximizing opportunities – the concept pushes an organization to address risks and their management explicitly – as part of everyday business PwC Most Organizations Today? Risk & Compliance external reporting Strategy Building Enterprise Risk Assessment Control Self Assessment Enterprise Wide Risk Management Program Complying with known laws and regulations Seeking to meet industry compliance requirements Managing crisis

10 PwC Enterprise-wide Risk Management is Supported by the COSO Framework Internal Control is defined (in COSO and US auditing standards – AU 319) as a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations COSO identifies five components of internal control that need to be in place and integrated to ensure the achievement of each of the objectives.

11 PwC A Suggested Process Assess your organizations current techniques, tools and approaches for evaluating risk across the organization and consider appropriate level of opportunity High level view at an enterprise level, or Detailed level view at Business Unit level (Sales, R&D, etc.) Conduct a gap analysis of current risk management practices against leading practice models, identifying existing internal best practices and potential opportunities for improvement Develop recommendations for developing an enterprise-wide risk management framework specific to your organization including an execution plan to not only identify risks but mitigate them with controls

12 PwC Sample Approach for EWRM Once the assessment is complete, design and implement an Enterprise-wide risk management program for your organization Appoint a Risk Management Facilitator This is a leading practice Develop and articulate the risk strategy Develop tools to identify risk (leverage existing initiatives) Develop a methodology to identify and prioritize risk Appoint a Risk Management Facilitator This is a leading practice Develop and articulate the risk strategy Develop tools to identify risk (leverage existing initiatives) Develop a methodology to identify and prioritize risk Create a Template to Capture Risk Profile including: Nature of the risk Busine ss impact Proba bility of occurr ence Expos ure to the compa ny Contro ls that exist to mitigat e the risks Gaps, if any Create a Template to Capture Risk Profile including: Nature of the risk Busine ss impact Proba bility of occurr ence Expos ure to the compa ny Contro ls that exist to mitigat e the risks Gaps, if any Evaluate and Report Cons olidat ed risks to senio r mana geme nt Inclu ding supp orting mana geme nts asser tion under Secti on 404 Ensur e acco untab ility for identi fied gaps within functi onal mana geme nt Evaluate and Report Cons olidat ed risks to senio r mana geme nt Inclu ding supp orting mana geme nts asser tion under Secti on 404 Ensur e acco untab ility for identi fied gaps within functi onal mana geme nt Facilitate decision making and monitor program effectiveness Functional management will take the lead, with counsel from the risk management facilitator to identify, assess and decide how they will mitigate risks More structure will be built into the existing processes which will facilitate your organizations ability to be more proactive in the identification, assessment and curtailment of risks

13 PwC In Summary, Enterprise-Wide Risk Management Provides: An integrated, dynamic display of business objectives, key risks, and controls that are aligned with supporting policies, procedures, and operating principles A robust, flexible structure that can deal systematically with both external and internal changes affecting the company An aligned and supportive infrastructure that facilitates early identification of new risks, communication, training, incident identification, issues management, and internal and external reporting

14 PwC Key Difference between Compliance Programs and EWRM 1.Scope - the EWRM program will be designed to proactively identify, assess and manage all risks (strategic, operational, regulatory, and ethical risks) faced by your organization, rather than just fraud & abuse in sales and marketing. 2.Approach to Risk Identification - the EWRM program will formalize the risk identification process. The EWRM program will incorporate a risk identification process into the formal strategic planning process and everyday business activities. 3.Proactive Risk Management - An EWRM program embeds responsbility for risk management at divisional and functional levels enabling your organization to quantify and analyze risk in a more proactive fashion. 4.Results Orientation - EWRM holds managers accountable for identifying and mitigating risk. A formal process for monitoring and reporting progress is established under EWRM. 5. Reduces Cost - EWRM aligns all existing risk management processes (including existing comliance programs) thereby eliminating duplication of efforts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.