Scribd Logo
Carica

Benvenuto in Scribd!

  • ERM-Enterprise Risk Management

    Caricato da

    Usman Hamid
    190 visualizzazioni13 pagine
    Enterprise Risk Management

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Enterprise Risk Management

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    190 visualizzazioni13 pagine

    ERM-Enterprise Risk Management

    Caricato da

    Usman Hamid
    Enterprise Risk Management

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 13

    Enterprise Risk

    Management Program
    DRAFT
    IntroductiontoEnterpriseRisk
    ManagementatUVM
    1
    Enterprise Risk
    Management Program
    DRAFT
    WhatisEnterpriseRiskManagement?
    Enterpriseriskmanagementisastructured,consistent,andcontinuousprocess
    acrossthewholeorganizationforidentifying,assessing,decidingonresponses
    to,andreportingonopportunitiesandthreatsthataffecttheachievementofits
    objectives.
    InstituteofInternalAuditors
    Atooltoenhancemanagementdecisionmaking,corporategovernance,
    andaccountability
    Facilitateseffectivemanagementoftheuncertaintyandassociatedrisks
    andopportunitiesfacinganorganization
    Helpsanorganizationgettowhereitwantstogo,andavoidpitfallsand
    surprisesalongtheway(COSO)
    Asystematicapproachtoahistoricallyintuitiveexercise(Klein,Mandl,
    andSencer)
    Enterprise Risk
    Management Program
    DRAFT
    EnterpriseRiskManagement:
    ABroadApproachtoRisk
    1. Allorganizationsexisttoachievetheir
    objectives
    2. Manyinternalandexternalfactorsaffectthose
    objectives,causinguncertaintyaboutwhether
    theorganizationwillachievethem
    3. Theeffectthisuncertaintyhasonan
    organizationsobjectivesisrisk
    Enterprise Risk
    Management Program
    DRAFT
    HowERMDiffersfromTraditionalRiskManagement
    ERMtakesanenterprisewide approach
    considersthepotentialimpactofall types
    ofrisksonallprocesses,activities,
    stakeholders,productsandservices
    ERMlooksatboth upsiderisk
    (opportunities)anddownsiderisk
    (potentiallossesordamage)
    ERMassessesriskandopportunityinthe
    contextofstrategicobjectives
    ERMenhancesexistingstrategicplanning
    andbudgetingprocessesitsnotastand
    aloneprocess
    ERMengagesriskownersorsubject
    matterexpertstoaddressandmanage
    risks,withconsultingandsupport
    4
    The pur vi ew of t r adi t i onal
    Ri sk Management
    Ent er pr i se Ri sk
    Management
    Financial
    Risk
    Human
    Capital
    Risk
    Strategic
    Risk
    Compliance
    Risk
    Operational
    Risk
    Hazard
    Risk
    Enterprise Risk
    Management Program
    DRAFT
    BenefitsofERM
    Supportstheachievementofstrategicobjectives
    Enhancesinstitutionaldecisionmaking
    Createsariskawarecultureacrosstheorganization
    Reducesoperationalsurprisesandlosses
    Preparestheorganizationtoactonacceptableopportunities
    Assuresgreaterbusinesscontinuity
    Improvesdeploymentofcapitalbyaligningriskandresourceswith
    strategicobjectives
    Bridgesdepartmentalsilos;developsacenterofexcellenceformanaging
    risk;anddrawsontheexpertiseofhighlyskilledindividualmanagers
    Enterprise Risk
    Management Program
    DRAFT
    UNIVERSITYOFVERMONT
    StrategicPlan20092013:
    SustainingtheAdvance
    STRATEGIC OBJECTIVES
    xxxxx xxx xxxxxxxx xxx
    xxx xxx xxxxxxxx xxx
    xxx xxx xxxxxxxx xxx
    xxxxx xxx xxxxxxxx xxx
    xxxxx xxx xxxxxxxx xxx
    BUDGET
    Project1
    Project2
    Project3
    3
    2
    1
    4
    RelationshipAmongStrategy,Risk,andBudget
    Wher e do we want t o go?
    STRATEGIC INITIATIVES
    How do we get t her e?
    What unc er t ai nt i es c oul d
    hel p or hi nder us?
    RISKS &OPPORTUNITIES
    How shoul d we best
    al l oc at e our r esour c es?
    Enterprise Risk
    Management Program
    DRAFT
    WhyisUVM ImplementingERM?
    Deloitte&Touche externalauditidentifiedweaknessesinourinternal
    controlenvironment
    FollowupexternalauditbyPwCendorsedtheproposedERMinitiative
    andnoteditasleadingpractice
    Emergingbestpracticeinhighereducationandprivatesector
    BondratingagenciesnowlookforERMwhenratingnonfinancial
    organizations
    UVMBoardofTrusteessupportstakinganenterpriselevelviewofrisk
    Managingrisksupportsstrategicgoals,lessensuncertainty,andhelps
    maintaincompetitiveadvantage
    Example:economicdownturnandresultingfinancialchallenges
    Enterprise Risk
    Management Program
    DRAFT
    ERMBestPractices
    BestpracticesforERMarestillemerging,asERMisrelativelynew,especiallyinhighereducation
    Obtaincommitment,fullengagement,andsupportofseniormanagementandgoverning
    board setthetoneatthetop
    TailortheERMprogramtobestmeettheinstitutionsuniqueneedsandenvironment,using
    abestpracticemodelasaframework
    Articulatetheinstitutionsapproachtorisk
    Establishacommoninstitutionallanguagefortalkingaboutrisk
    Usecrossfunctionalgroupstocreatebuyin,awareness,andengagement,andtoprovide
    thebroadperspectivenecessaryforeffectiveriskidentificationandassessment
    IntegrateERMintoexistingprocesses dontmakeitaseparatelayeroranaddon
    Buildariskawareculturetoincreaseawarenessandconsiderationofriskindecision
    makingthroughouttheorganization
    Integrateandretaintheknowledgeofspecialistsiloswhiletakinganenterpriseview
    Enhanceinternalcontrolsaroundtheareasofhighestrisk
    Enterprise Risk
    Management Program
    DRAFT
    Providethe
    foundationand
    describethe
    qualitiesof
    effectiverisk
    managementin
    anorganization
    Managesthe
    overallprocess
    anditsfull
    integrationinto
    theorganization
    Focusesonindividualor
    groupsofrisks,their
    identification,analysis,
    evaluation,andresponse
    Monitoring,review,continualimprovement,andcommunication
    occurthroughout
    WhatShouldanERMProgramConsistof?
    Principles Framework RiskManagementProcess
    Context
    Riskidentification
    Risk
    analysis
    Riskevaluation
    Risk
    response
    Enterprise Risk
    Management Program
    DRAFT
    Commitment,engagement,
    andsponsorship
    Rolesandresponsibilities
    Programoversightand
    management
    Riskdecisions
    ERMContext ERMProcess
    InstitutionalGovernance
    ERMprogramgoalsand
    objectives
    ERMguidingprinciples
    UVMriskphilosophy
    UVMrisktolerance
    Riskawareness
    Riskownership
    Commonlanguage
    ERMpolicyandprocedures
    Riskidentification
    Riskanalysis
    Riskresponse
    Riskevaluation
    Riskassessment
    ERMCulture
    UVMsERMFramework
    Universitymissionandvision
    Universitystrategicplan
    Externalandinternalcontext
    InstitutionalStrategy
    Communication,
    coordination&
    consultation
    Monitoring
    &reporting
    Continuous
    improvement
    Education
    &training
    Change
    management
    ENABLINGACTIVITIES
    10
    Enterprise Risk
    Management Program
    DRAFT
    ERMProgramPurpose&Goals
    11
    ThepurposeofUVMsERMprogramistoenhancetheUniversitysabilitytoachieveitsmission,vision,and
    strategicobjectivesandstrengthenitscompetitivepositionbyfosteringaninstitutionwidecultureofriskand
    opportunityawarenessandbyprovidingastructured,consistent,andcontinuousprocessfortheearlyand
    proactiveidentificationandreportingofmaterialrisksandopportunitiestoseniormanagementandtrustees.
    Insupportofthisoverallpurpose,UVMhasestablishedthefollowinggoalsandobjectivesforERM:
    1. Createacultureofriskawarenesswhereallemployeesunderstandandconsiderriskindecisionmaking.
    [Supportingobjectivesintentionallyomitted]
    2. Reduceoperationalsurprisesandlosses.
    3. Increasecapacitytoidentifyandseizeopportunitiesbyfacilitatinggreatertransparencyandopenness
    regardingrisk.
    4. Enhanceinstitutionaldecisionmakingbyprovidingseniormanagementandtrusteeswithtimelyand
    robustinformationthatimprovestheirunderstandingofenterpriselevelrisksandopportunities.
    [Supportingobjectivesintentionallyomitted]
    5. Improvetheefficiencyandeffectivenessofinstitutionalriskmanagementefforts.
    [Supportingobjectivesintentionallyomitted]
    Enterprise Risk
    Management Program
    DRAFT
    RiskAssessment
    12
    TheRiskManagementProcess
    Response
    Modifytherisk
    bymitigating,
    avoiding,
    transferring,or
    acceptingthe
    risk.
    Response
    Modifytherisk
    bymitigating,
    avoiding,
    transferring,or
    acceptingthe
    risk.
    Monitoring&Reporting
    Continuallycheckthestatusofarisktoidentifychangefromtheperformancelevelrequiredorexpected.
    Monitoring&Reporting
    Continuallycheckthestatusofarisktoidentifychangefromtheperformancelevelrequiredorexpected.
    Communication&Consultation
    Informandengageindialoguewithstakeholdersregardingthecurrentstateofrisksandtheirmanagement.
    Communication&Consultation
    Informandengageindialoguewithstakeholdersregardingthecurrentstateofrisksandtheirmanagement.
    5
    6
    7
    Evaluation
    Comparethe
    resultsofrisk
    analysiswithrisk
    criteriato
    determine
    whethertherisk
    isacceptable.
    Prioritizerisks.
    Evaluation
    Comparethe
    resultsofrisk
    analysiswithrisk
    criteriato
    determine
    whethertherisk
    isacceptable.
    Prioritizerisks.
    4
    Analysis
    Comprehend
    thenatureof
    riskand
    determinethe
    levelofarisk
    Determinethe
    riskspotential
    impactand
    likelihood
    Analysis
    Comprehend
    thenatureof
    riskand
    determinethe
    levelofarisk
    Determinethe
    riskspotential
    impactand
    likelihood
    3 Identification
    Find,recognize,
    anddescribe
    risks
    Writearisk
    statementthat
    includes
    sources,events,
    causesand
    consequences
    Identification
    Find,recognize,
    anddescribe
    risks
    Writearisk
    statementthat
    includes
    sources,events,
    causesand
    consequences
    2 Context
    Understand
    organizational
    objectivesandthe
    externaland
    internal
    environment
    Context
    Understand
    organizational
    objectivesandthe
    externaland
    internal
    environment
    1
    Enterprise Risk
    Management Program
    DRAFT
    13
    TheRiskManagementProcessatUVM
    RiskAssessment
    Response
    Responsible
    Officials develop
    plan
    PACERMreviews
    plans
    Presidentapproves
    plans
    Responsible
    Officials
    implementplans
    Response
    Responsible
    Officials develop
    plan
    PACERMreviews
    plans
    Presidentapproves
    plans
    Responsible
    Officials
    implementplans
    Monitoring&Reporting
    ResponsibleOfficials andRiskAssuranceGroupmonitorstatusofriskandriskresponse
    Monitoring&Reporting
    ResponsibleOfficials andRiskAssuranceGroupmonitorstatusofriskandriskresponse
    Communication&Consultation
    QuarterlyERMstatusreportsandregularComplianceandInternalAuditreportstoBoT AuditCommittee
    ERMannualreportincludingriskportfolio,heatmap,andstatusofpriorityriskstoAuditCommittee andCommitteeoftheWhole
    Communication&Consultation
    QuarterlyERMstatusreportsandregularComplianceandInternalAuditreportstoBoT AuditCommittee
    ERMannualreportincludingriskportfolio,heatmap,andstatusofpriorityriskstoAuditCommittee andCommitteeoftheWhole
    5
    6
    7
    Evaluation
    ERMAdvisory
    Committee
    Presidents
    Advisory
    CommitteeonERM
    PresidentsSr.
    Leadershipand
    DeansCouncil
    President
    Evaluation
    ERMAdvisory
    Committee
    Presidents
    Advisory
    CommitteeonERM
    PresidentsSr.
    Leadershipand
    DeansCouncil
    President
    4
    Analysis
    Responsible
    Officials and
    designated
    participants,
    facilitatedby
    ERMACCoChairs
    Analysis
    Responsible
    Officials and
    designated
    participants,
    facilitatedby
    ERMACCoChairs
    3 Identification
    RiskAssurance
    Group (RiskMgmt
    &Safety,
    Compliance&
    Privacy,Internal
    Audit,VPFA,
    GeneralCounsel)
    SeniorUVM
    officials
    Identification
    RiskAssurance
    Group (RiskMgmt
    &Safety,
    Compliance&
    Privacy,Internal
    Audit,VPFA,
    GeneralCounsel)
    SeniorUVM
    officials
    2 Context
    President,other
    seniorUVMofficials
    establishUVM
    StrategicPlan
    Deans,Vice
    Presidents,and
    otherseniorofficials
    establishCollege,
    School,and
    Divisionalplans
    Context
    President,other
    seniorUVMofficials
    establishUVM
    StrategicPlan
    Deans,Vice
    Presidents,and
    otherseniorofficials
    establishCollege,
    School,and
    Divisionalplans
    1
    Preliminaryrisk
    inventory
    Riskregister
    Riskportfolio
    Riskresponse
    plans&budgets

    Potrebbero piacerti anche