1. berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

2. DISCUSSION POINTS What is Enterprise Risk Management (ERM)? Why is it necessary? How can it benefit your organization? 2

3. WHAT IS ERM? Enterprise Risk Management (ERM) is a holistic approach to identifying, measuring, prioritizing and addressing the risks of an organization at the enterprise level. 3

4. Encourage strategic alignment Standardize core knowledge Drive success Support organizational values Take a long-term outlook Be internally managed Leverage technology Improve quality WHAT IS ERM? COMMON STANDARDS & OBJECTIVES 4

5. WHAT IS ERM? 8 PRINCIPLES 5 ERM Assess risk environment Determine expected vs unexpected Understand risks & current controls Identify risk activities Mitigation & mgmt planning Assign ownership Provide governance Monitor

6. 6 THE BUILDING BLOCKS OF ERM Consistent approach Government as a single, unified entity Shared risk appetite across agencies Consistency among diverse initiatives Formalized accountability and ownership Process to escalate and report risks Leadership review of strategic risk initiatives

7. WHY IS TRADITIONAL RISK MANAGEMENT INADEQUATE? 7 Does not serve the organization as a whole Inefficiently allocates scarce resources Ignores the goal of resiliency

8. CHARACTERISTICS OF A SUCCESSFUL ERM PROGRAM 8 Transparent, holistic, and focused on resiliency Include action-based frameworks Encourage enterprise- wide collaboration Include a formal reporting process Encourage proactive discussions

9. A HOLISTIC SOLUTION IS CRITICAL 9

10. 10 SUCCESSES ARE QUIET. EVENTS (AND FAILURES) ARE NOISY.

11. CASE STUDY: INTEGRATED ERM PROGRAM State Agencies Manage Risks Monitor Compliance Implement Corrective Action Report Results State Agencies Manage Risks Monitor Compliance Implement Corrective Action Report Results ERM Committee Compliance Oversight Discuss/Review KRIs Review Dashboards Review/Update Action Chart ERM Committee Compliance Oversight Discuss/Review KRIs Review Dashboards Review/Update Action Chart Internal Audit Assess Compliance Report Results Internal Audit Assess Compliance Report Results ERM Dashboard Business Unit KRIs Charts Action Plans Controllers’ Office Review ERM Committee Results Present to Governor’s Office Controllers’ Office Review ERM Committee Results Present to Governor’s Office Governors’ Office Review Strategic KRIs Review Dashboard Feedback on Strategic Direction Feedback on Risk Appetite Governors’ Office Review Strategic KRIs Review Dashboard Feedback on Strategic Direction Feedback on Risk Appetite AuditCommitteeAuditCommittee 11

12. 12 BENEFITS OF ERM Risk Cost of Controls

13. RESILIENCE: THE PROPER GOAL OF ERM 13

14. THANK YOU! QUESTIONS? 14 Bill Brown, CPA, CFE, MAFF Principal, BerryDunn bbrown@berrydunn.com bbrown@berrydunn.com