Enterprise Risk Management (ERM) ‘Integrated Framework’ The Fundamentals FUNDAMENTALS & ROLES • The Fundamentals • COSO Enterprise Risk Management • Role of Executive Management • Role of the Director • Role of the Chief Risk Officer • Risk Management Oversight Structure • Role of Internal Audit IMPLEMENTATION • • • • • • • • Risk Management Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions The Fundamentals What is Enterprise Risk Management (ERM)? “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” The Fundamentals • • • • A process, ongoing and flowing through an entity Effected by people at every level of an organization Applied in strategy-setting Applied across the enterprise, at every level and unit, and includes taking an entity-level portfolio view of risk • Designed to identify potential events affecting the entity and manage risk within its risk appetite • Able to provide reasonable assurance to an entity’s management and board • Geared to the achievement of objectives in one or more separate but overlapping categories – it is “a means to an end, not an end in itself.” The Fundamentals Why implement ERM? Reduce unacceptable performance variability Align and integrate varying views of risk management Build confidence of investment community and stakeholders Enhance corporate governance Successfully respond to a changing business environment Align strategy and corporate culture The Fundamentals Traditional Risk Management protecting the tangible assets reported on a company’s balance sheet and the related contractual rights and obligations (physical and financial assets) ERM enhancing business strategy The Fundamentals Five broad categories of assets representing sources of value • • • • • Physical Financial Customer Employee Supplier Organizational The Fundamentals 10 COSO Enterprise Risk Management Can a company “partially” adopt the COSO ERM with success? centralized view of the business, an enterprise view must of necessity extend to the entire organization decentralized view of the organization with different units operating autonomously, an enterprise view would apply at the unit level 69 Role of Executive Management 70 Role of the Director 71 Role of the Chief Risk Officer 72 Risk Management Oversight Structure 73 Role of Internal Audit 74 IMPLEMENTATION • • • • • • • • Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions 75 Vision and Objectives 76 Conducting Risk Assessments 77 Getting Started – Set the Foundation 78 Building & Enhancing Capabilities 79 Building a Compelling Business Case 80 Making it Happen 81 Relevance to SOX Compliance 82 Other Questions 83 ...FUNDAMENTALS & ROLES • The Fundamentals • COSO Enterprise Risk Management • Role of Executive Management • Role of the Director • Role of the Chief Risk Officer • Risk Management Oversight Structure • Role... Fundamentals What is Enterprise Risk Management (ERM) ? “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed... management? Management s choices as to the relevant business objectives, the specific risk responses and the allocation of entity resources are management decisions and are not part of ERM Risk management