Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Introduction to Enterprise Risk Management Liz Ryan On Detail to NOAA OCFO Risk Office.

Published byDerek Long Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Introduction to Enterprise Risk Management Liz Ryan On Detail to NOAA OCFO Risk Office."— Presentation transcript:

1 1 Introduction to Enterprise Risk Management Liz Ryan On Detail to NOAA OCFO Risk Office

2 2 OCFO Organization Chart

3 3 What is Enterprise Risk Management (ERM)? A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. Committee of Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Management – Integrated Framework, 2004.

4 4 Enterprise Risk Management (ERM) Why do organizations use Enterprise Risk Management (ERM)? A key purpose of implementing the ERM process is for executives to be aware of risks sooner. - - - - - - - To increase the likelihood of success in achieving the organization’s mission and objectives.

5 5 Why are federal organizations implementing Enterprise Risk Management (ERM)? OMB Circular A-123 revision (expected in coming months) OMB Circular A-11 (expected Spring 2016) DOC Risk Office ERM in Federal Government “I cannot overstate how important it is that you institutionalize risk management in your day-to-day operations.” “To be effective, organization-wide risk management programs – cybersecurity and otherwise –require the strong commitment, direct involvement, and ongoing support of senior leadership.” – Deputy Secretary Bruce Andrews October 28, 2015 Mid-Atlantic Cybersecurity Conference

6 6 Basic Risk Terminology Risk: An uncertainty of attaining a goal, objective, or requirement. Enterprise Risks affect multiple projects, systems or offices across the organization. Risk response strategies include mitigate, accept, avoid, or transfer. Mitigation steps are taken to decrease the probability and/or impact of the risk. Issue: An event that affects a project, system or office that has already happened and requires attention, action, and/or resources to resolve. Enterprise Issues affect multiple projects, systems or offices across the organization. Mitigation steps should minimize the impact of the issue. Risk Terminology

7 7 Project versus Enterprise Risk Management Project Risk Management Enterprise Risk Management Objectives addressed Time, cost, scope and quality of project Enterprise objectives such as service to the public, credibility, reliability, reputation for excellence Stakeholders considered Mostly management who have determined the project Congress, Department, Administration, Public groups, other agencies, International Scope of concern Project centered, interaction with other programs and operations Entire agency - investments - procurements - operations - financial management - ethics – political climate. Methods Risk management planning - risk identification - qualitative and quantitative analysis - response determination / execution - monitoring Objectives definition - risk identification - prioritization - implementation of systems - monitoring effectiveness - advance risk management maturity Time scope considered Now until the end of the projectCurrent => long-term for the next generations Outlook Focused on the project and its specific objectives - do not get sidetracked Must be able to react to events while keeping a long-term perspective Top Management Model risk awareness - show the importance of risk management - take leadership roles personally - make the atmosphere positive for open discussion about risk Employees, management Employees need to be aware of risk - involved with the risk management processes - communicate risk clearly up and down the organization NOAA

8 8 Enterprise Risk Management at NOAA OMB Framework From OMB Circular A-123 Draft

9

10 10 OMB – ERM Process Model

11 11 UK Treasury Orange Book – Risk Management Model

12 12 CEB – ERM Process Model

13

14 14 ERM at Other Agencies

15 15 Started in 2008 with 2 FTE to standardize project management across the organization. Function grew to include portfolio management, standard business process models, then standard risk management, and now innovation as well. Office now includes those 5 integrated components within the Office of Risk Management and Program Evaluation, with 17 FTE. Of those staff, 5 FTE work full time on risk management standardization, facilitation, and communication. Working groups at a number of levels addressing risks to their areas that cross the organization. They have uniform project, program, portfolio, and enterprise risk reporting. Software captures information and provides executives with live data on status of enterprise and portfolio risks. Census

16 16 Census – Benefits of ERM Benefits: -Accountability -Transparency -Improved cross organizational communication -Reduces duplication of efforts -Supports compliance with federal laws, regulations, and policies -Alerts executives of strategic and operational risks from the bottom up -Improves internal controls -Reliable basis for planning and decision-making Census has both Top-Down and Bottom-Up integration in their risk management process. Across the organization they have a common risk language, standard project management skills and processes, and live reports on risk rolled up to the Enterprise level.

17 17 Census – Software – View of Risks Standardized project management software includes a risk management module that has been customized for Census. The risk management module enables multiple levels of Risk Registers, and supporting tools with details on the management plan, mitigation/contingency plan, risk impact, and elevation criteria.

18 18 In 2013, NIST hired a permanent Enterprise Risk Management Officer. Currently has 4 FTE for the office. Executive group established the NIST ERM Council to guide implementation and priorities for the NIST ERM Program. An interdisciplinary ERM Working Group was established to develop foundational elements of the program, e.g. common risk categories and a standard risk scoring framework for bureau level application. NIST has grouped enterprise risks into two major categories – Strategic and Operational. Enterprise Risk Office has conducted three pilots over the past 3 years to gain lessons learned and success stories on application of ERM. Addressed risk appetite via senior management survey and dialogue. NIST

19

20 20 Agencies/Bureaus with similar mission/function areas to NOAA: U.S. Coast Guard (USCG) - Strategic Risk tracking National Institutes of Health (NIH) - Scientific culture Bureau of Safety and Environmental Enforcement (BSEE) - Engineering and enforcement culture Outside of Commerce

21 21 Risk Process Maturity Level

22 22 Corporate Executive Board (CEB): Evolution of ERM

23 23 The Committee of Sponsoring Organizations of the Treadway Commission (COSO) International Organization for Standardization (ISO) 31000 – Risk Management GAO Standards for Internal Control in the Federal Government “The Green Book” The Association for Federal Enterprise Risk Management (AFERM) The U.K. Treasury Orange Book: Management of Risk - Principles and Concepts The Risk and Insurance Management Society, Inc. (RIMS) The Institute of Internal Auditors (IIA) The Corporate Executive Board (CEB) “Enterprise Risk Management: A Guide for Government Professionals” by Dr. Karen Hardy Resources on Enterprise Risk Management

24 24 Summary

Download ppt "1 Introduction to Enterprise Risk Management Liz Ryan On Detail to NOAA OCFO Risk Office."

Similar presentations

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
Moving Forward with Safety Management Systems December 9, 2014 Standing Committee on Public Transportation Winter Meeting American Association of State.

Moving Forward with Safety Management Systems December 9, 2014 Standing Committee on Public Transportation Winter Meeting American Association of State.
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Strategic Leadership: Creating a Learning Organization and an Ethical Organization Chapter Eleven Copyright © 2010 by The McGraw-Hill Companies, Inc. All.

Strategic Leadership: Creating a Learning Organization and an Ethical Organization Chapter Eleven Copyright © 2010 by The McGraw-Hill Companies, Inc. All.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Operational Auditing--Spring 2011 1 Operational Auditing Spring 2011 Professor Bill O’Brien.

Operational Auditing--Spring Operational Auditing Spring 2011 Professor Bill O’Brien.

Similar presentations

Ads by Google