the role of risk management and assurance in effective organizational governance urton anderson the...
TRANSCRIPT
![Page 1: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/1.jpg)
The Role of Risk Management and Assurance in Effective Organizational Governance
Urton AndersonThe University of Texas at Austin
![Page 2: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/2.jpg)
Disclaimer
The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees.
The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or of the author’s colleagues upon the staff of the Commission.
![Page 3: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/3.jpg)
What is organizational governance?
The process through which
(1) values and goals are established and communicated,
(2) the accomplishment of goals is monitored,
(3) accountability is ensured, and
(4) values are preserved.
![Page 4: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/4.jpg)
The Two Basic Responsibilities of the Governance Body of an Organization
Board of Directors
Governance “Umbrella”
StrategicDirection
GovernanceOversight
• Values• Objectives• Boundaries
• Accountability• Values preservation
![Page 5: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/5.jpg)
Key Components of Governance Oversight
![Page 6: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/6.jpg)
Governance
• Strategic Direction– Set boundaries– Set objectives– Establish values– Determine risk
appetite
• Oversight– Risk management– Assurance
![Page 7: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/7.jpg)
Depiction of Key Governance Elements
![Page 8: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/8.jpg)
The Demand for Assurance
• Board
• Executive Management
• Management and Process Owners
![Page 9: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/9.jpg)
Objectives
• Effectiveness and Efficiency of Operations
• Reliability of Financial Reporting and Safeguarding of Assets
• Compliance with Laws and Regulations
![Page 10: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/10.jpg)
Responsibilities – Effectiveness & Efficiency?
• Board’s
• Executive Management
![Page 11: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/11.jpg)
Responsibilities – Reliability of Financial Reporting and Safeguarding of Assets?
• Board’s
• Executive Management
![Page 12: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/12.jpg)
12
Sky-rocketing Demand for Compliance Assurance
Factors Increasing Complexity of the Legal and Regulatory Environment
– Technological Advancements – Globalization– Increased Interdependency of Organizations – Demand for Accountability
![Page 13: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/13.jpg)
The Board’s Role in Compliance
![Page 14: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/14.jpg)
Board’s Role
2) (A) The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.
Fed. Sent. Guidelines Chapter 8
![Page 15: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/15.jpg)
Reasonable Oversight
A director has a duty to attempt in good faith to assure that
(1) a corporate information and reporting system exists, and
(2) this reporting system is adequate to assure the board that appropriate information as to compliance with applicable laws will come to its attention in a timely manner as a matter of ordinary operations.
In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).
![Page 16: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/16.jpg)
The Executive Management’s Role in Compliance
![Page 17: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/17.jpg)
Management’s ResponsibilityTo ensure that all operations are conducted in
accordance with applicable law, regulations and policies, including internal policies.
Compliance Programs are designed to establish a culture within a organization that promotes prevention, detection and resolution of instances of conduct that do not conform to federal and state law, as well as the organization’s ethical and operations policies.
![Page 18: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/18.jpg)
Sources of Assurance• Line management and employees (management provides assurance
as a first line of defense over the risks and controls for which they are responsible.)
• Senior management• Internal and external auditors• Compliance• Quality assurance• Risk management• Environmental auditors• Workplace health and safety auditors• Government performance auditors• Financial reporting review teams• External financial statement auditors• Other external assurance providers, including surveys, specialist
reviews (health and safety), etc.
![Page 19: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/19.jpg)
Assurance Net (PWC)
![Page 20: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/20.jpg)
3 Lines of Defense
• Basel II - Basel Committee on Banking Supervision, UK, ECIIA
Line 1 Management oversight - management review, control self-assessment, andcontinuous monitoring mechanisms
Line 2 Staff functions – Risk management, SOX review, compliance
Line 3 Independent and objective assurance – IA, EA, ISO, regulatory audits and other impendent reviews
![Page 21: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/21.jpg)
Lines of Defense
![Page 22: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/22.jpg)
![Page 23: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/23.jpg)
How is assurance provided
![Page 24: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/24.jpg)
COMBINED ASSURANCE
King IIIPrinciple 3.5
The audit committee should ensure that a combined assurance model is applied to
provide a coordinated approach to all assurance activities.
![Page 25: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/25.jpg)
Combined Assurance Benefits
• Provides Board/Governance Body and senior management with assurance needed to carry out their responsibilities
• Reduce “assurance fatigue”
![Page 26: The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin](https://reader035.vdocuments.mx/reader035/viewer/2022062421/56649d9f5503460f94a8a8d2/html5/thumbnails/26.jpg)
Assurance Map (PWC)