Presentation is loading. Please wait.

Presentation is loading. Please wait.

ERM 203 – When Storming the Castle Alone Doesn’t Work: Internal Audit as Ally Wednesday, April 18, 2012.

Published byDeirdre Mills Modified over 8 years ago

Similar presentations

Presentation on theme: "ERM 203 – When Storming the Castle Alone Doesn’t Work: Internal Audit as Ally Wednesday, April 18, 2012."— Presentation transcript:

1 ERM 203 – When Storming the Castle Alone Doesn’t Work: Internal Audit as Ally Wednesday, April 18, 2012

2 Agenda Speaker introductions Discuss key points from RIMS & IIA joint paper – Risk Management’s perspective – Internal Audit’s perspective – Collaborative Practices & Value Realized ERM & IA collaboration at Whirlpool Corporation Q&A session 2

3 Risk Management and Internal Audit: Forging a Collaborative Alliance (white paper) RIMS and IIA joint project White paper including interviews with: – Cisco Systems – Hospital Corporation of America – TD Ameritrade – Whirlpool Highlights RIMS’ and The IIA’s recommendation for these functions to work together collaboratively 3

4 4

5 5

6 The Role of IA in ERM Core internal audit roles: – Giving assurance on the RM program – Giving assurance that risks are correctly evaluated – Evaluating risk management processes – Evaluating the reporting of key risks – Reviewing the management of key risks 6

7 The Role of IA in ERM Legitimate internal audit roles (with safeguards): – Facilitating identification and evaluation of risks – Coaching management in responding to risks – Coordinating ERM activities – Consolidated reporting on risks – Maintaining and developing the ERM framework – Championing establishment of ERM – Developing ERM strategy for board approval 7

8 The Role of IA in ERM Roles IA should not undertake: – Setting the risk appetite – Imposing risk management processes – Management assurance on risks – Taking decisions on risk exposures – Implementing risk responses on management’s behalf – Accountability for risk management 8

9 Risk Management and Internal Audit: Forging a Collaborative Alliance - interview questions 1.Who does Internal Audit report to (functionally and administratively)? Who does Risk Management report to? How often does each interact with the Board or a Board committee? 2.How does the risk assessment process work between and among Internal Audit and Risk Management? And how are the results of these risk assessment processes shared with management and/or the Board? What information does each of the functions provide to the other, and how is that information used? 3.Are you satisfied with the level of collaboration? If so, what do you attribute this success to? If not, what is the biggest impediment? 4.How do Internal Audit and Risk Management collaborate in your organization? What are the areas of collaboration? What is working well? What are you working on to improve the relationship? Also, what formal or informal procedures are in place to minimize duplication and overlap with other risk-related functions such as legal, health and safety, and regulatory and Sarbanes-Oxley compliance? 5.What advice do you have for Chief Audit Executives and/or Chief Risk Officers as they seek to achieve greater levels of collaboration between Internal Audit and Risk Management? 9

10 Collaborative Practices & Value Realized 10 Link the audit plan and the enterprise risk assessment, and share other work products. Provides assurance that critical risks are being identified effectively. Share available resources wherever and whenever possible. Allows for efficient use of scarce resources (such as financial, staff, time). Cross-leverage each function’s respective competencies, roles and responsibilities. Provides communication depth and consistency, especially at the board and management levels. Assess and monitor strategic risks. Allows for deeper understanding and focused action on the most significant risks.

11 ABOUT WHIRLPOOL CORPORATION  World’s leading marketer and manufacturer of home appliances  Approximately $18 billion in revenues  70,000+ employees worldwide  67 Manufacturing & Technology Centers  World Headquarters: Southwest Michigan 11

12 MAKE PRODUCTS PEOPLE WANT TO OWN IN THEIR HOMES 12 CONSUMER-RELEVANT AND VALUE-CREATING INNOVATION  Consumer-relevant innovation  Strong cadence to the market  Build strong brands BRAND PLATFORM BEST CONSUMER POSITION

13 Risk Management  Whirlpool’s Risk Management  Core team of 5  Reporting to the Vice President and Treasurer  Enterprise Risk Management  Traditional risk management of hazard and financial risks  Business continuity program  Loss Prevention and Engineering Chief Financial Officer Vice President Treasurer Director Risk Management Risk Engineer Risk Manager Associate Risk Analyst Senior Risk Analyst Claim Manager Administrative Assistant WHIRLPOOL’S RISK MANAGEMENT FUNCTION 13

14 ENTERPRISE RISK MANAGEMENT PROCESS  Enterprise Risk Management is a strategic activity within Whirlpool.  Our ERM process ensures that:  Risks are appropriately identified.  Risks are assessed at the senior management, business, and functional unit level.  Risk mitigation is owned by business unit leaders.  Oversight:  Ultimate responsibility for managing risks rests with the Chief Executive.  Board of Directors oversees the overall risk management process through its Audit Committee.  The success of risk management is determined by:  Identifying the right risks and events driving them.  Quantifying and ranking risks.  Developing risk management plans which reduce the impact of and help the company prepare for risk events. 14

15 ENTERPRISE RISK PROGRESS TIMELINE 2011 2008 2009 An Ongoing Process Since 2007 Identified unique regional risks and 2011 mitigation plans Conducted emerging risk survey at the regional level…aggregated results Included Duration and Detectability in new risk assessments Identified Trade Partner and Competitor risk factors Coordinate with Internal Audit monthly and during annual emerging risk identification ERM – Incorporated into Internal Controls course of WHR University WHR University – Instructor lead courses developed and taught for Finance Group Incorporated ERM into the CAPEX Process System shared with Internal Audit, hosts and reports ERM Interviews with risk owners and direct reports in cooperation with Internal Audit Detailed risk assessments completed for Strategic and Financial Level Risks Qualitative and quantitative metrics included where warranted Critical events and root causes identified Benchmark ERM Maturity ERM presented to S&P Coordinate with Internal Audit Detailed risk assessments completed for Operational and Compliance Level Risks Velocity metric introduced Regions identify top risks, mitigation and controls Coordinate with Internal Audit monthly and during annual emerging risk identification 2010 Annually: Risk Map Repositioned, Risk Owners’ Mitigation Plans Confirmed 15

16 ENTERPRISE RISK MANAGEMENT AT WHIRLPOOL Annual risk assessment process is used by both Internal Audit and Risk Management 16

17 Risk CategoriesLevel/Representative Risks Control Source Good Rules Good Decisions 1 2 3 4 5 ENTERPRISE RISK MANAGEMENT AT WHIRLPOOL Risks are rated, ranked and assigned to one of five categories 17

18 ENTERPRISE RISK MANAGEMENT AT WHIRLPOOL Key Risks are owned by its executive committee and projects and actions to achieve mitigation goals and objectives are ongoing 18

19 WHIRLPOOL’S INTERNAL AUDIT FUNCTION  IA reports to the CFO & Audit Committee  Represented in all regions globally  Core team of ~60 Auditors  KPMG FTE’s utilized  Core Competency includes Talent management:  Rotation into business  Financial Leadership Development Program Chief Financial Officer VP Internal Audit EMEA Senior Manager Auditors 6 NAR Senior Director Auditors 23 LAR Director Auditors 7 ASIA Senior Manager Auditors 11 Information Technology Manager Auditors 4 Administrative Assistant Co Sourced KPMG Audit Committee Administrative Reporting Relationship Functional Reporting Relationship Internal Audit 19

20 AUDIT PLAN AND DEVELOPMENT PROCESS  Quantitative and qualitative assessment of all Whirlpool functions and locations  Approach considers internal and external changes in the business environment, Whirlpool’s strategy and key objectives  VP Internal Audit and IA Management team gathered input from Senior Executives, including regional CFO’s and management from various functional areas  Integrated risk assessment process with Enterprise Risk Management and the Compliance & Ethics Office  Reviewed risk assessment and IA Plan with Ernst & Young  Reviewed IA Plan with Executive Committee & Global Finance Leadership Team (GFLT)  Audit Committee approves annual plan 20

21 INCORPORATING TECHNOLOGY ERM PROCESS EMBEDDED WITHIN INTERNAL AUDIT SYSTEM 21

22 Collaboration  Monthly meetings between IA and RM  RM receives IA reports  Annually interview senior leaders  WHR University ‘Risk and Controls’ course  RM utilizes IA software system Benefits  Collaborative effort  Identify emerging risks earlier  Optimize and leverage efforts  Common language  Shared IT software ENTERPRISE RISK MANAGEMENT 22

23 Q & A 23

Download ppt "ERM 203 – When Storming the Castle Alone Doesn’t Work: Internal Audit as Ally Wednesday, April 18, 2012."

Similar presentations

Organizational Governance

Organizational Governance
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Program Management Office (PMO) Design

Program Management Office (PMO) Design
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.

1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.

BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Seminar in Accounting & Society SOX – Section 404 April 23, 2008.

Seminar in Accounting & Society SOX – Section 404 April 23, 2008.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
1 Strategies to Maintaining Internal & External Relationships The Institute of Internal Auditors April 13, 2004 Xenia Parker, CIA, CISA, CFSA Principal.

1 Strategies to Maintaining Internal & External Relationships The Institute of Internal Auditors April 13, 2004 Xenia Parker, CIA, CISA, CFSA Principal.
Page 1 Recording of this session via any media type is strictly prohibited. Page 1 A Company’s Journey Towards Strategic Risk Management Tuesday, April.

Page 1 Recording of this session via any media type is strictly prohibited. Page 1 A Company’s Journey Towards Strategic Risk Management Tuesday, April.

Similar presentations

Ads by Google