2010 wrc presentation reid h. griffin
DESCRIPTION
Breakout Session presentation on the perils of business riskTRANSCRIPT
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Enterprise Risk: The ICU Medical Journey
SPEAKERReid H. Griffin CPA, CIA, CCSA, CISA
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Background-Reid Griffin• 30 plus years in finance/accounting/auditing with
private/public companies ranging from start-ups to Fortune 500, including 3.5 years as Director of Risk Assurance Services for ICU Medical, Inc.
• Previous speaking engagements at the IIA National Conferences (GAM and GRC) on the topics of Enterprise Risk and Audit approaches for the new millennium.
• I am from the great state of New Jersey!
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
IIA Definition-Internal Audit
• Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
What is Risk?
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
What is Risk to a Company?
• ...the threat that an event, action or inaction will adversely affect an organization’s ability to achieve its business objectives and execute its strategies successfully.
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
What is Risk Appetite?
• Risk Appetite: Is the amount of risk on a broad levelon a broad level an entity is willing to accept in pursuit of value. It is a strategic guidepoststrategic guidepost in strategy setting. It is a qualitative measurequalitative measure reflecting the entity’s risk management philosophy, and in turn, the entity’s culture and operating style.
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
What is Risk Tolerance?
• Risk Tolerance: Is the acceptable level of variation relative to achievement of a relative to achievement of a specific objectivespecific objective, and often is best measured in the same units as those used to measure the related objective. Risk tolerance is tacticaltactical. In effect, risk tolerance address the question, “How much variability are we willing to accept as we pursue a given business objective.
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Risk-Wasted Time and Resources
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Is Operational Risk more than Financial Reporting Risk?
• Product Recall
• Employee Kidnapping
• Oil Spill
• Sexual Harassment
• Supplier Disruptions
• Recession
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
The Controls House
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Internal Operation Controls permeate
throughout the
organization, not just in Financial
Reporting.
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
How do you sellEnterprise Risk Management?
• Who are your stakeholders?– The Audit Committee– Senior Management– Board of Directors
• What is your message?– Education– Knowledge Transfer
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
How do you implementEnterprise Risk Management
• Sell the need for an Enterprise Risk Assessment– Key to developing a Risk-Based Audit Plan– Completing the Risk Universe– Identify for the stakeholders the areas of
key risks and the extent of management controls to mitigate those risks.
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Executing a Enterprise Risk Assessment
• Effective Project Management-Critical
• Resource Planning: Inside or outside sourcing
• Define deliverables, tools and templates
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Example-Enterprise View
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Example Portfolio of Risks
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Heat Risk Map Example
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
0.0
5.0
10.0
15.0
20.0
25.0
1.0 2.0 3.0 4.0 5.0
Management/Control Level
Ris
k E
xp
os
ure
(Im
pa
ct
x L
ike
lih
oo
d)
High
HighLow
Low
Monitor RisksMonitor Risks
Monitor KRIMonitor KRI
Self AssessSelf Assess
Audit Audit 1
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Pitfalls to watch out for when executing an Enterprise Risk Assessment
• Project Mismanagement
• Management Misunderstanding
• Value Proposition Confusion
• Line Management Confusion
• Risk Map Reporting Misunderstanding
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Questions?
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
Reid H. Griffin-Dogged Consulting
Reid H. Griffin CPA, CIA, CCSA, CISA
www.doggedconsulting.com
949-293-6325 Cell
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com
Reid Griffin CPA, CIA, CCSA, CISADoggedconsulting.com