cae - session #1 - enterprise risk management - howe...enhanced risk analysis using data analytics...
TRANSCRIPT
5/2/19
1
NEXTGEN ENTERPRISE RISK MANAGEMENT (ERM)Risk-Informed Performance Management
The IIA Philadelphia Chapter2019 Spring Summit - May 3, 2019‘Elevating Performance - Taking a Leadership Role in Raising the Standards’
DISCLAIMER, TRADEMARK, AND COPYRIGHT NOTICEPHILADELPHIA CHAPTER OF THE IIA
• The Philadelphia Chapter was established in 1943, and is the 5th affiliate chapter of The Institute of Internal Auditors (IIA). The Philadelphia Chapter, its board of governors, its officers, The IIA , and today’s presenters are not responsible or liable for any acts or omissions and specifically disclaim any and all responsibility or liability for acts or omissions.
• The material contained herein or communicated is for informational purposes only and should not be construed as accounting, financial, tax, or legal advice. Please seek guidance specific to your questions or concerns from qualified advisors.
• All content including graphics or art work is protected by law and may not be duplicated in any form with out the express written permission from the Philadelphia Chapter.
• © 2015 Philadelphia Chapter of the IIA
IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT #SpringSummit2019
• Benefits of effective ERM
• ERM journey
• NextGen ERM
• Enterprise Risk Assessment (ERA)
• Performance management dashboard
#SpringSummit2019IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT
Agenda
5/2/19
2
Provides visibility into the top risks that may impact strategic goals
Enhances insights into existing and emerging risks
Improves line of sight into drivers of volatility which could impact performance and strategic goals
Advances cross-functional alignment by evaluating risks at the system level while defining priorities for those companies engaged in the process
Enhances alignment to the level of risk-reward that is acceptable for the enterprise and BUs
#SpringSummit2019IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT
Benefits of effective ERM?
#SpringSummit2019IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT
ERM is a journey and has transformed in recent years…
Value Creation
Business Performance
Ris k Enabled PerformanceManagement
Leading practices► Expanded consideration to emerging risks ► Directly links key risks to performance drivers► Enhanced risk analysis using data analytics► Integrated risk and performance management► Aligned with P&L and balance sheet, enabling
risk-adjusted real-time decision support ► Formalized Operational Risk Framework► Defining future trends and predictive indicators► Allows scenario analysis and stress testing► Provides tangible value linked to risk management
Ris k ins ight and performance improvement
Ris k ident ificat ion and report ing
Historical focus - practices► Independent risk identification and assessment process► Designed to provide risk reporting to Leadership and the Board► Process independent of operations and performance management► Evaluation of current exposures based on historical perspectives► Informational and/or compliance focus
Expanded focus
Foundational ERM
Integrate risk and performance management
to create a competitive advantage
Value Protection
#SpringSummit2019IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT
Risk AssessmentAgreement to the key risks to performance and the drivers of the
risks.
PerformanceAgreement to the Key
Performance Measures of the organization and what
drives performance.
StrategyMaximize success by driving value, minimizing cost and improving risk coverage.
A methodology to demonstrate alignment between the performance dimensions that an organization does not want to compromise, and its enterprise risks. The enhanced alignment
supports informed decision-making on what actions to augment, eliminate or exploit in order to increase the probability of executing to or beyond performance targets.
Our NextGen ERM Methodology enhances traditional ERM practices to enable performance oriented enterprise risk assessments (ERA)
Probable OutcomesAssess the probable
variance in performance outcomes (+/-) through
risk adjusted performance.
EY’s NextGen ERM Methodology
5/2/19
3
• Organizations are revisiting their ERM practices and considering risk in both strategy-setting process and in driving performance.
• They position risk in the context of performance, rather than as the subject of an isolated exercise.
• ERM practices should enable companies to better anticipate risk so they can get ahead of it, with an understanding that change creates opportunities, not simply the potential for crises.
• ERM provides a framework for organizations to enhance enterprise resilience and long-term viability.
#SpringSummit2019IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMITSource: COSO September 2017 publication: Enterprise Risk Management — Integrating with Strategy and Performance
Weaving ERM into existing processes
#SpringSummit2019IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT
EnterpriseRisk
Management Process
Monitor
AssessReport
Identify
Respond
Provide holistic and targeted views of risk to support efficient management decision making
Analyze risk trends and monitor status of risk mitigation plans
Determine risk response and perform risk treatment; remediation or acceptance
Identify and report risks by evaluating risk and performing risk assessments against controls, policies and standards
Define the strategy, resource alignment, standard processes, monitoring activities, and controls necessary to consistently and effectively manage enterprise risks to an acceptable level
Assess identified risks against standard risk rating criteria
Risk areas (processes, initiatives, applications, assets) are identified and enter the risk framework
Enterprise Risk Mitigation
Enterprise Risk Assessment
The Enterprise Risk Assessment is a foundational step to identifying and mitigating risks
#SpringSummit2019IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT
• The output of an Enterprise Risk Assessment (ERA) can be used to identify board level reporting risks
• Board-level risks are located in the “Improve” section of the below 2x2 matrix (e.g. Tier 1 risks)
• Risks that should inform the audit plan are located in the “test” section
TestHigh-risk exposures with strong controls and management efforts form the focus for audit to provide assurance that controls are adequate and efficient.
ImproveHigh-risk exposures with low levels of control form the priorities for improvement opportunities.
OptimizeLow-risk exposures with a moderate level of control consciously may be accepted, or there may be a focus to optim ize the processes and controls for greater efficiency.
MonitorLow-risk exposures accompanied by a lower level of control often are considered emerging and must remain a focus of ongoing monitoring efforts.
Risks in this quadrant form the basis of the audit plan
Risks in this quadrant should be the focus of board reporting
An ERA 2X2 action matrix recommends risk response plans and highlights board-level reporting risks
5/2/19
4
#SpringSummit2019IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT
From a heat-map to a performance management dashboard
#SpringSummit2019IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT
Brian Barker
Senior Manager, Risk Transformation – Enterprise Risk Management
►6+ years leading risk engagements►10+ years project management and team leadership experience►Managed large scale ERM program implementations and ongoing ERM operations
for global organizations►Experienced in ERM in numerous industries, including life sciences, consumer
products and retail, diversified industrial products, technology, and government►Led diagnostics, enterprise risk assessments, and response planning and reporting
engagements across industries
Today’s facilitator
Follow us on Social Media:
@IIA Philadelphia
Institute of Internal Auditors Philadelphia Chapter
hhtps://www.linkedingroups.com/groups/106938
Visit our FB page: IIA Philadelphia
Click here to add contact info
IIA PHILADELPHIA CHAPTER 2019 SPRING SUMMIT #SpringSummit2019