ERM ‘Framework’ FUNDAMENTALS & ROLES • • • • • • • The Fundamentals COSO Enterprise Risk Management Role of Executive Management Role of the Director Role of the Chief Risk Officer Risk Management Oversight Structure Role of Internal Audit IMPLEMENTATION • • • • • • • • Risk Management Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions The Fundamentals What is Enterprise Risk Management (ERM)? “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” The Fundamentals • • • • A process, ongoing and flowing through an entity Effected by people at every level of an organization Applied in strategy-setting Applied across the enterprise, at every level and unit, and includes taking an entity-level portfolio view of risk • Designed to identify potential events affecting the entity and manage risk within its risk appetite • Able to provide reasonable assurance to an entity’s management and board • Geared to the achievement of objectives in one or more separate but overlapping categories – it is “a means to an end, not an end in itself.” The Fundamentals Why implement ERM? Reduce unacceptable performance variability Align and integrate varying views of risk management Build confidence of investment community and stakeholders Enhance corporate governance Successfully respond to a changing business environment Align strategy and corporate culture The Fundamentals Traditional Risk Management protecting the tangible assets reported on a company’s balance sheet and the related contractual rights and obligations (physical and financial assets) ERM enhancing business strategy The Fundamentals Five broad categories of assets representing sources of value • Physical • Financial • Customer • Employee Supplier • Organizational The Fundamentals 10 COSO Enterprise Risk Management 43 Role of Executive Management 44 Role of the Director 45 Role of the Chief Risk Officer 46 Risk Management Oversight Structure 47 Role of Internal Audit 48 IMPLEMENTATION • • • • • • • • Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions 49 Vision and Objectives 50 Conducting Risk Assessments 51 Getting Started – Set the Foundation 52 Building & Enhancing Capabilities 53 Building a Compelling Business Case 54 Making it Happen 55 Relevance to SOX Compliance 56 Other Questions 57 ... ROLES • • • • • • • The Fundamentals COSO Enterprise Risk Management Role of Executive Management Role of the Director Role of the Chief Risk Officer Risk Management Oversight Structure Role of... Fundamentals What is Enterprise Risk Management (ERM)? “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed... and management? Management s choices as to the relevant business objectives, the specific risk responses and the allocation of entity resources are management decisions and are not part of ERM Risk