Enterprise Risk Management (ERM) ‘Integrated Framework’ FUNDAMENTALS & ROLES • • • • • • • The Fundamentals COSO Enterprise Risk Management Role of Executive Management Role of the Director Role of the Chief Risk Officer Risk Management Oversight Structure Role of Internal Audit IMPLEMENTATION • • • • • • • • Risk Management Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions The Fundamentals What is Enterprise Risk Management (ERM)? “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” The Fundamentals • • • • A process, ongoing and flowing through an entity Effected by people at every level of an organization Applied in strategy-setting Applied across the enterprise, at every level and unit, and includes taking an entity-level portfolio view of risk • Designed to identify potential events affecting the entity and manage risk within its risk appetite • Able to provide reasonable assurance to an entity’s management and board • Geared to the achievement of objectives in one or more separate but overlapping categories – it is “a means to an end, not an end in itself.” The Fundamentals Why implement ERM? Reduce unacceptable performance variability Align and integrate varying views of risk management Build confidence of investment community and stakeholders Enhance corporate governance Successfully respond to a changing business environment Align strategy and corporate culture The Fundamentals Traditional Risk Management protecting the tangible assets reported on a company’s balance sheet and the related contractual rights and obligations (physical and financial assets) ERM enhancing business strategy The Fundamentals Five broad categories of assets representing sources of value • Physical • Financial • Customer • Employee Supplier • Organizational The Fundamentals 10 Risk Management Oversight Structure 121 Risk Management Oversight Structure 122 Risk Management Oversight Structure 123 Risk Management Oversight Structure 124 Risk Management Oversight Structure 125 Role of Internal Audit 126 IMPLEMENTATION • • • • • • • • Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions 127 Vision and Objectives 128 Conducting Risk Assessments 129 Getting Started – Set the Foundation 130 Building & Enhancing Capabilities 131 Building a Compelling Business Case 132 Making it Happen 133 Relevance to SOX Compliance 134 Other Questions 135 ... ROLES • • • • • • • The Fundamentals COSO Enterprise Risk Management Role of Executive Management Role of the Director Role of the Chief Risk Officer Risk Management Oversight Structure Role of... Fundamentals What is Enterprise Risk Management (ERM)? “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed... and management? Management s choices as to the relevant business objectives, the specific risk responses and the allocation of entity resources are management decisions and are not part of ERM Risk