Enterprise Risk Management: A Practical Approach Presented by: - - PowerPoint PPT Presentation

enterprise risk management a practical
SMART_READER_LITE
LIVE PREVIEW

Enterprise Risk Management: A Practical Approach Presented by: - - PowerPoint PPT Presentation

Mar 05, 2023 301 likes •529 views

Enterprise Risk Management: A Practical Approach Presented by: Ellen M. Labita, CPA, Partner, Not-for-Profit Services Baker Tilly Virchow Krause, LLP Ellen.Labita@bakertilly.com 631-719-3232 Agenda Overview of Enterprise Risk Management

slide-1
SLIDE 1

Enterprise Risk Management: A Practical Approach

Presented by: Ellen M. Labita, CPA, Partner, Not-for-Profit Services Baker Tilly Virchow Krause, LLP Ellen.Labita@bakertilly.com 631-719-3232

slide-2
SLIDE 2

Agenda

  • Overview of Enterprise Risk Management
  • ERM Process
  • Risk Assessment
  • Infrastructure / Ongoing Process

2

slide-3
SLIDE 3

Risk management failures in history 1637: The tulip bulb craze 1720: The South Sea bubble 1989: The S&L crisis 1995: The Barings Bank derivatives scandal 2001: Enron 2002: WorldCom 2008: Housing collapse 2010: Gulf oil spill 2012: JP Morgan, Knight Capital

3

slide-4
SLIDE 4

RISK AND ITS IMPORTANCE WHY IS THERE AN INCREASED EMPHASIS ON RISK?

4

Risk is the possibility of an event occurring that will impact the achievement of an

  • rganization’s mission and objectives.
slide-5
SLIDE 5

What is ERM? COSO definition – A process, effected by an entity’s board of directors, management and

  • ther personnel, applied in strategy setting and

across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

5

slide-6
SLIDE 6

COSO model

6

Source: COSO, Enterprise Risk Management – An Integrated Framework

slide-7
SLIDE 7

Why implement ERM: The Value Proposition

  • Broaden view of risk to address how it

affects strategic plan and sustainability

  • Optimize the cost of risk management
  • Improve business performance
  • Improve process efficiency
  • Enhance governance

7

slide-8
SLIDE 8

Tips for Implementing ERM

8

Get started Keep it simple and doable Remember that risk is constantly changing

slide-9
SLIDE 9

Keys to Success

  • Support of and from the top
  • Use incremental steps
  • Focus on key risks
  • Leverage existing resources
  • Build on existing risk management activities
  • Embed ERM into the business culture
  • Ongoing updates

9

slide-10
SLIDE 10

Steps for ERM

  • Determine ERM leadership and working

group

  • Define risk appetite
  • Conduct enterprise-wide risk assessment
  • Implement plan for high priority risks
  • Inventory/advance risk management

infrastructure and reporting

  • Continuous update

10

slide-11
SLIDE 11

Conducting Risk Assessment

  • Identify risks
  • Prioritize risks

11

slide-12
SLIDE 12

Types of Risk

12

Fraud Operations Finance Compliance Technology Strategy Reputation

slide-13
SLIDE 13

Identify Risks

  • Brainstorm potential risks at a strategic entity-wide

level

  • Alternatively, use an outside, objective party to

interview key Board Members and Management and draft an initial set of priorities

13

slide-14
SLIDE 14

Prioritize Risks

  • Prioritize risks based on significance (i.e., potential

impact) and likelihood (i.e., chance of occurrence)

  • Use a risk map as a roadmap for discussions and
  • versight
  • Risks with the biggest potential impact and highest

likelihood of occurrence are the top priority

14

slide-15
SLIDE 15

Risk Mapping

15

Potential Impact Likelihood of Occurrence Moderate Impact / Moderate Likelihood Moderate Impact / High Likelihood High Impact / Moderate Likelihood High Impact / High Likelihood

slide-16
SLIDE 16

Sample Risk Map

16

Likelihood of Occurrence

Moderate Impact / Moderate Likelihood High Impact / High Likelihood

P

  • t

e n t i a l I m p a c t

High Impact / Moderate Likelihood Moderate Impact / High Likelihood

Compliance Legal and Regulatory Environment Reputation Program Safety Strategy Operations Management Succession Technology Data Security and Privacy Information Retention and Institutional Knowledge Media /Social Media Governance Effectiveness Growth Business Continuity Planning and Disaster Recovery Accounting Systems / Financial Reporting Employee Conduct Funding Cuts/ Budgeting

slide-17
SLIDE 17

Implement for High Priority Risks

  • Clarify who is responsible for developing,

implementing, and managing risk management plans

  • Who “owns” each risk and is responsible for

developing plans?

  • The CEO/ED has ultimate responsibility for risk

management in an organization

  • Develop responses/plans to manage and mitigate

risk, and monitor results

  • This should include determining what risk

management activities are already in place and weighing cost/benefit of risk reduction proposals

17

slide-18
SLIDE 18

Risk Response

  • Avoid the risk
  • Seek an opportunity and exploit the risk
  • Remove the source of risk
  • Change the likelihood
  • Change the consequences
  • Share the risk with another party
  • Retain the risk

18

slide-19
SLIDE 19

Key Questions

19

Was the risk assessment process comprehensive? Are conclusions related to strategic risk appropriate? Are problems and solutions presented and discussed within a comprehensive context of competing priorities and resources? Are solutions transparently vetted in terms of alternative approaches? Are solutions discussed and decided based on risk/return characteristics? Do solutions address enterprise-wide risks? Are resources being allocated to key strategic risks and strategies to protect the

  • rganization and help achieve goals?
slide-20
SLIDE 20

Risk Management Infrastructure and Reporting

  • Assess risk management capabilities
  • Develop/enhance infrastructure to reach the

desired state of ERM

  • Develop reporting plan/requirements

20

slide-21
SLIDE 21

Ongoing Process ERM is a journey, not a destination!

21