Enterprise Risk: Managing Compliance Across the Organization - PowerPoint PPT Presentation

1 / 42

About This Presentation

Title:

Enterprise Risk: Managing Compliance Across the Organization

Description:

Employment Regs (OSHA, Payroll Taxes, etc.) Financial Regs (SEC, Listing Regs) ... Automate activities that underlie ERM Target Areas ... – PowerPoint PPT presentation

Number of Views:63

Avg rating:3.0/5.0

Slides: 43

Provided by: cintra5

Category:

more less

Transcript and Presenter's Notes

Title: Enterprise Risk: Managing Compliance Across the Organization

1
Enterprise Risk Managing Compliance Across the
Organization

88th Annual IMA Conference and Exposition
Presented by Cintra Olson, CIA, MSPM
CODA Financials, Inc.
Phoenix, AZ
June 17, 2007

2
(No Transcript)
3
Todays Agenda

Enterprise Risk Management (ERM) Working
Definitions
A Fully Focused View of Risk
According to COSO ERM
Impacting the Execution of Compliance Activities
Making Technology Work for ERM Programs

Two main sources
Risks Rewards, Scott Berinato, November 1,
2004 issue of CIO Magazine,
Enterprise Risk Management Integrated
Framework, Executive Summary, COSO, September 2004

4
CODA Financials, Inc. What We Do
Serving over 2500 clients in Transportation/Logist
ics, Professional Services, Oil Gas,
Insurance, Shipping, Retail, Education, and the
Public Sector since 1979
5
CODA-Control Compliance Suite
6
ERM Working Definitions

ERM1 The integrated management of business
risk, financial risk, operational risk and risk
transfer to maximize a firms shareholder value
James Lam, GE Capital
COSO ERM2- A process, effected by an entitys
board of directors, management and other
personnel, applied in strategy setting and across
the enterprise, designed to identify potential
events that may affect the entity, and manage
risk to be within its risk appetite, to provide
reasonable assurance regarding the achievement of
entity objectives COSO ERM executive summary

7
What do we mean by Risk

Strategic Risk Where were going
Operations Risk How well get there
Reporting Risk Integrity in what we say about
it
Compliance Risk Obeying rules along the way

8
ERM Helps Us

Align risk appetite and strategy
Enhance risk response decisions (avoidance,
reduction, sharing, acceptance)
Reduce operational surprises and losses
Identify and manage multiple/ cross-enterprise
risks
Seize opportunities by considering a full range
of events
Improve deployment of capital

9
And This is What We Get

A SINGLE VIEW of all risks (internal external)
A Leadership strategy to deal with those risks.

10
According to COSO ERM2.

Set Objectives
Identify Events
Assess Risk
Respond to Risk
Manage Execution (controls)
Inform Communicate
Monitor Ongoing Success

11
According to AS/NZS 43602004
12
Universal Framework Concepts

Establish Goals
Identify and Analyze Risks
Execute to Minimize Risks
Inform and Communicate
Monitor and Report

13
Perceived Top 3 Expected Benefits

Ensuring Compliance with Regulations
Keeping the Board Informed
Assuring Business Continuity

Source Economist Intelligence Unit survey, April
2005
14
A Fully Focused View of Risk 1

A view of risk that is
ongoing
integrated
total-company
bottom-line

15
Externally Enforced Areas of Focus

Employment Regs (OSHA, Payroll Taxes, etc.)
Financial Regs (SEC, Listing Regs)
Environmental Regs (EPA, FDA, etc.)
Industry-Specific Regs (A-123R, FDICIA, BASEL II,
etc.)
International Standards (IFRS, ISO, etc.)
Information Privacy (HIPAA, etc.)
Federal Sentencing Guidelines
Foreign Corrupt Practices Act
Medicare/Medicaid/Govt Health

16
Internally Enforced Areas of Focus

Reputation
Cost Containment
Training Turnover
Deployment of Capital
Product Quality / Safety
Execution of Growth Strategy
Professional Practice Exposures
Detection Deterrence of Fraud
Management of IT Infrastructure
Liquidity/Cash Flow/Going Concern

17
Market/World Driven Areas of Focus

Industry Standards
Market Share
Disaster Planning
Supply Pricing Fluctuations
Global / Local Political Influences
Global / Local Market Influences

18
Effective Management of Focus Areas

Understand how key activities and controls relate
to each Risk area
Link Reporting and Monitoring activities to all
impacted Risk areas

19
How the Outcome Impacts Us

Everyone within an organization plays a role in
the Enterprise Risk initiative, in one or more
dimensions
Risk Assessment
Risk Response
Control Activities
Monitoring

20
How the Outcome Impacts Us

Roles in Managing Enterprise Risk
Risk Assessment - Play a role in capturing and
assessing potential risks
Risk Response
Control Activities
Monitoring

21
How the Outcome Impacts Us

Roles in Managing Enterprise Risk
Risk Assessment
Risk Response Aid in definition of actions or
treatments required for high-target risks
Control Activities
Monitoring

22
How the Outcome Impacts Us

Roles in Managing Enterprise Risk
Risk Assessment
Risk Response
Control Activities Executing or Testing key
underlying processes and activities
Monitoring

23
How the Outcome Impacts Us

Roles in Managing Enterprise Risk
Risk Assessment
Risk Response
Control Activities
Monitoring ongoing evaluation of the status of
risks and activities

24
Enterprise Risk Addressing the Results of ERM

ERM provides critical information for management.
To fully benefit, we need to
Identify and explore significant risks
Define the key areas impacted
Evaluate underlying processes/transactions
Identify critical activities
Formulate responses appropriate to the risk

25
Utilizing Technology for ERM

Find applications that assess risk against known
frameworks (COSO, COBiT, HIPAA, FDA, EPA, FDICA,
ISO, Basel II, IFRS, etc.)
Focus on applications that support more than
Sarbanes
Automate activities that underlie ERM Target
Areas
Effectively manage testing and remediation
efforts
Automate monitoring and testing activities where
possible
Roll out self-assessment where appropriate

26
Step 1 Initial design evaluation
27
Step 2 Evaluate and Select controls to test
28
Self-Assessment and Monitoring

Steps that lead to effective self-assessment and
monitoring efforts
Build consistency in information provided to
teams
Capture and control the flow of information
Ensure key action items/remediation steps are
completed
Capture and link to supporting documentation
Allow visibility to oversight groups (externals,
IAD, regulatory monitoring groups)
Capture high-level certifications on processes

29
(No Transcript)
30
(No Transcript)
31

Strengthen ERM through
Automating the Execution of Controls in High Risk
Areas

32
Process Control Benefits
plan, manage and monitor processes and enable
internal control

Plan process activities
Manage activities by alerts
Collaborate
Monitor progress
Integrate data and process

Centralized management
Rapid deployment
Rapid adoption
Consistency
Visibility and Auditability!

33
Process Control

Transform documented procedures....

...into systems that drive the business
34
Sample Business Processes

General
Holiday requests
Expenses completion
Contract management
Brochure production
Recruitment
New starter training
RD new product
New store opening
Disaster recovery
Event insurance
Your examples

Finance-related
Month end close
Bad debt provision
Group consolidation
Budgets/forecasts
New supplier setup
Insurance losses
Your examples

35
Transparent Technology to Reduce Enterprise Risk

Manage Execution of Activities to Manage
Enterprise Risk
Standardize and simplify processes to decrease
costs and strengthen the control structure
Improve the efficiency and effectiveness of the
work performed
Increase the quality and reliability of task
execution
Minimize sample sizes for newly automated
controls
Implement best practices that emphasize
preventive controls
Provide clear audit trails for key transactions