1 / 41

Executive Insight through Enhanced Enterprise Risk Management

Executive Insight through Enhanced Enterprise Risk Management. BDO Consulting November 12, 2009. The Value of ERM ERM Lessons Learned ERM Implementation Measure Focus Embed Intelligence Leveraging Technology BDO Consulting Services Q&A. Agenda. Introduction Meet Our Presenters.

lisandra-chambers
Download Presentation

Executive Insight through Enhanced Enterprise Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Executive Insight through Enhanced Enterprise Risk Management BDO Consulting November 12, 2009

  2. The Value of ERM ERM Lessons Learned ERM Implementation Measure Focus Embed Intelligence Leveraging Technology BDO Consulting Services Q&A Agenda

  3. IntroductionMeet Our Presenters Speaker • Sydney Leo, CIA Managing Director, BDO ConsultingLeads Boston Risk Advisory Services practice

  4. The Value of ERMEnterprise Risk Management A PROCESS, effected by an entity’s board ofdirectors, management and other personnel, applied in strategy-settingandacross the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

  5. The Value of ERMWhy Do ERM? To support the organizations strategies and objectives To enable competitive advantage To leverage ERM to identify opportunities and grow faster To mitigate high impact risks To effectively manage cost throughout the organization To improve bond ratings To lower costs of audits and insurance To support Board of Directors and Senior management’s Governance and Risk Management responsibilities

  6. ERM Lessons Learned Difficulty Measuring Program Stage and Success Lack of Focus Not Embedded Lack of Information/Intelligence

  7. Ad-Hoc Capabilities characteristics of individuals Initial Process Established in parts of the organization Formalized Formal Consistent processes in each department Embedded Integrated processes are embedded in the business planning Optimized Organization focused on ERM as source of competitive advantage Systemically Build and Improve Enterprise Risk Management Capabilities ERM Implementation - MeasureCapabilities Maturity Model • Risk Assessment and Analysis, • Event Identification, • Risk Monitoring and Response, • Risk Reporting, • ERM Awareness and Training • Governance Structure and Processes, and • Risk Management Strategy Development and Policy Setting.

  8. ERM Implementation - MeasureCurrent State and Future State Gap Analysis “FUTURE STATE” VISION “CURRENT STATE” GAP Analysis

  9. ERM Implementation – Focus • Risk Management Strategy Development & Policy Setting • Risk Management Infrastructure • Risk Assessment and Analysis – Risk Assessment Model • Risk Monitoring, Event Identification and Risk Response

  10. ERM Implementation – FocusAlign the Vision ERM is not something to build in a day… But when it is built, it needs to Align to a Vision The Tenets of Effective ERM: • Develop a ERM Strategy and Policies • Leverage what you have already • Integrate with what you do • Train People in ERM Strategy and Policies • Create a Risk Management Culture • Keep it simple!!!

  11. ERM Implementation - FocusDesigning the ERM Infrastructure • The ERM Infrastructure Drives Continuous Improvement of ERM Capabilities • Organization • Processes • Technology

  12. ERM Implementation - Focus Enterprise Risk Assessment and Analysis

  13. ERM Implementation - Focus Creating Context to Business Strategy Inherent Risk Profile BUSINESS PROCESSES BUSINESS STRATEGY / OBJECTIVE § RISK § RISK BUSINESS INITIATIVE BUSINESS INITIATIVE BUSINESS INITIATIVE § RISK BUSINESS PROCESSES § RISK CONTROL/ MANAGEMENT ACTIVITY CONTROL/ MANAGEMENT ACTIVITY § RISK CONTROL/ MANAGEMENT ACTIVITY Link Risks to Business Processes Link Strategy/Objectives To Risks CONTROL/ MANAGEMENT ACTIVITY

  14. ERM Implementation - Focus Common Language - Risk Categorization

  15. ERM Implementation - Focus Common Language - Risk Scoring Risk Category Ratings Risk Mitigation Strategies

  16. ERM Implementation - Focus A Clear View – INHERENT Risk Profile High 25.0 4 2 20.0 6 3 1 12 15.0 9 Risk Exposure 10 Impact 10.0 8 7 5 11 5.0 0.0 Low 1.0 2.0 3.0 4.0 5.0 High Likelihood Low

  17. ERM Implementation - Focus A Clear View – RESIDUAL Risk Profile High 25.0 4 Audit Monitor KRI 2 20.0 6 3 1 12 15.0 9 Risk Exposure (Impact x Likelihood) 10 10.0 8 7 5 Monitor Risks Self Assess 5.0 11 0.0 Low 1.0 2.0 3.0 4.0 5.0 Low Management/Control Level High

  18. ERM Implementation – FocusPrioritizing Investment Strengthen / Monitor Key Risk Indicators Audit Controls High Risk Level (Impact x Likelihood) Monitor Risks Self Assess Low High Management/Control Level

  19. ERM Implementation – Focus Implement and Strengthen Management Control Strengthen / Monitor Key Risk Indicators Audit Controls High Risk Level (Impact x Likelihood) Monitor Risks Self Assess Low High Management/Control Level

  20. ERM Implementation – Focus Identify Key Risks – Outside Management Control Monitor Key Risk Indicators Watch List Audit Controls High Risk Level (Impact x Likelihood) Monitor Risks Self Assess Low High Management/Control Level

  21. ERM Implementation – Focus Risk Monitoring, Event Identification and Risk Response Develop Key Risk Indicators / Events for High Exposure Risks to be monitored Determine Risk Tolerances and corresponding Risk Index threshold Determine Strategic Responses our Business would take if Risk Tolerance is exceeded Monitor Events and Respond!

  22. ERM Implementation – Focus Develop Key Risk Indicators Conduct Board, Senior Management, and Management Focus groups and facilitated joint design workshops Determine a Key Risk Index and components for each High Exposure Risk we decide to monitor Document Key Risk Indicators Informal Vs Formal Locate data sources for risk components Determine Risk Tolerances and corresponding Risk Index threshold

  23. ERM Implementation – Focus Develop Strategic Risk Response Conduct Board, Senior Management, and Management Focus groups and facilitated joint design workshops Determine Strategic Responses our Business would take if Risk Tolerance is exceeded Often this is a set of responses for progressively more severe tolerances thresholds Strategic Risk Response A – No effect on business even if risk doesn’t occur Strategic Risk Response B – Minor effect on business but can be easily changed back Strategic Risk Response C – Major Effect on Business but not harmful

  24. ERM Predictive Risk Monitoring Risk Score Time ERM Implementation – Focus Risk Monitoring and Event Identification • Predictive Analytics for Key Risk Indicators • Monitor Events – Historical Transactions and External Events (Event Identification) • Formal and Informal • Communication Plan

  25. ERM Implementation - Embed • Management Involvement • ERM Continuous Reporting and Communication • Building the ERM Awareness and Training program

  26. ERM Implementation – EmbedEnterprise Wide Ownership and Participation Corporate Leadership and Oversight Operations and Business Unit Leadership CEO CFO General Counsel Corporate Support and Monitoring Functions BU 1 Pres./CFO BU 2 Pres./CFO BU 3 Pres./CFO BU 3 Pres./CFO Financial Planning CIO Treasury Controller Tax Legal Purchasing Human Resources Internal Control Internal Audit Compliance Risk Management

  27. ERM Implementation – EmbedEmbed into Current Processes Continuous Communication and Reporting

  28. ERM Implementation – Intelligence • Predictive Analytics and Risk Situational Awareness • Risk Intelligence Monitoring

  29. ERM Implementation – IntelligencePredictive Analytics and Risk Situational Awareness ERM High Exposure Risk Monitoring Connects Strategy and Executive Decisions Enables the Executive to make better, more informed insightful decisions Predictive Analytics Leveraging the power of intelligent agents, all of the Red Cell components work together to transform your raw data into current, actionable knowledge to create forward-looking Key Risk Indexes (KRIs) for Predictive Analytics and advanced decision-making.

  30. ERM Implementation – IntelligenceRisk Intelligence Monitoring • Unified Risk Intelligence • Real-Time and Predictive Solutions • Strategic Risk Decision-Support • Intelligence driven decision support • A multi-level, multi-faceted process with Multiple Information Sources • Geo-Political • Economic • Psychological • Physical • Logical • Digital • Geographical

  31. Leveraging Technology • Risk Management Work Flow • Transaction Data Analytics • Risk Intelligence – Predictive Analytics

  32. Leveraging TechnologyWorkflow Tools – Enterprise Risk Assessor

  33. Leveraging TechnologyWorkflow Tools – Risk Rating

  34. Leveraging TechnologyTransaction AnalyticTools – Oversight Systems

  35. Leveraging TechnologyThe Future of Predictive Analytics Technology Executive Decision Risk Dashboards Corporate Risk View Departmental Risk Data Source Internal & External Data Feeds

  36. Q&A

  37. BDO Seidman, LLP is a national professional services firm providing assurance, tax, and consulting services to a wide range of publicly traded and privately held companies and not-for-profits. Guided by core values of integrity, trust, professionalism, independence, and service for almost 100 years, BDO has provided quality service and leadership through the active involvement of our most experienced and committed professionals. BDO Seidman, LLP

  38. BDO Consulting • BDO Consulting provides risk advisory, information technology, business process enhancement, litigation, investigation, restructuring and other consulting services to major corporations, law firms, insurance companies, financial services entities and government organizations • BDO Consulting approaches all engagements in a multidisciplinary fashion, bringing to bear both experience from industry and technical expertise. Our professionals are seasoned internal auditors, compliance experts, fraud investigators, and former industry and government professionals. Rather than managing and staffing engagements with a single skill-set, we furnish a myriad of experience and knowledge.

  39. BDO Consulting’s Enterprise Risk Management professionals are focused on producing value from an organization’s investment in risk management. Our practical and targeted approach to risk management includes strategic alignment, cost containment, operational efficiency, risk mitigation and compliance. We assist clients by analyzing their existing infrastructure to identify areas in which incorporating risk management functions can benefit our clients’ business. BDO ConsultingEnterprise Risk Management Services

  40. Contacts Sydney Rose Leo is a Managing Director in the Boston office of BDO Consulting, a division of BDO Seidman, LLP, where she leads the firm’s Risk Advisory Services practice. Ms. Leo’s practice area includes Business Process Enhancement, CFO Advisory, Enterprise Risk Management, Technology Advisory, Internal Audit, and Compliance Services. Ms. Leo is also the National Enterprise Risk Management Core Competency Lead. She has over 19 years of experience as a business process reengineer, information systems consultant, risk management consultant and operations and information systems auditor in the life sciences, automotive, retail, manufacturing, and media and entertainment industries. Prior to BDO, Ms. Leo was a Director at KPMG and managed the growth of the Detroit KPMG’s Risk Advisory Services practice. She managed multiple global Sarbanes Oxley advisory engagements and was the National Sarbanes Oxley Attest Training and Methodology Lead, as well as, the Oracle Systems Advisory Lead. Professional Affiliations Member, Institute of Internal Auditors Education MS, Computer Information Systems, Bentley College MS, Accounting, University of Hartford BS, Sociology, Smith College Sydney Leo, CIA Managing Director BDO Consulting Boston, MA sleo@bdo.com 617-239-7017

More Related