1 / 14

Enterprise Risk Management Overview

2. With you today: Deon Minnaar, Partner Anthony Monaco, Partner . . 3. Agenda. What is ERM?How do you approach ERM?What is happening in the Marketplace in relation to ERM?What is internal audit's role in ERM?. 4. Why Is Risk a Key Organizational Issue? . Risk is now seen as an issue that af

nasya
Download Presentation

Enterprise Risk Management Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    2. 2 With you today: Deon Minnaar, Partner Anthony Monaco, Partner

    3. 3 Agenda What is ERM? How do you approach ERM? What is happening in the Marketplace in relation to ERM? What is internal audit’s role in ERM? Increasingly important factors that are driving organizations to formalize their risk management capabilities – the WHY The fundamentals of KPMG’s leading practice approach to ERM; the WHAT. We employ the very same approach at KPMG LLP Practical illustrations of ERM in 3 contexts: strategy, performance and governance – the HOW An industry illustration – we’ve selected pharmaceuticals -- and will take you through how they’ve advanced their risk profile to meet their challenges head on – the HOW (cont) Convey our Global ERM team and client service model for this integrated service - The WHO 6. Last – a brief look at what's around the corner for ERM – the WHERE (its going)Increasingly important factors that are driving organizations to formalize their risk management capabilities – the WHY The fundamentals of KPMG’s leading practice approach to ERM; the WHAT. We employ the very same approach at KPMG LLP Practical illustrations of ERM in 3 contexts: strategy, performance and governance – the HOW An industry illustration – we’ve selected pharmaceuticals -- and will take you through how they’ve advanced their risk profile to meet their challenges head on – the HOW (cont) Convey our Global ERM team and client service model for this integrated service - The WHO 6. Last – a brief look at what's around the corner for ERM – the WHERE (its going)

    4. 4 Why Is Risk a Key Organizational Issue? Risk is now seen as an issue that affects all parts of the organization and influences success and failure . . . . . consequently, risk management is increasingly the focus of the board and executive management and is proactive versus reactive Discussion Notes For a variety of reasons – some widely known and publicized – the management of enterprise-wide-risk is no longer seen as something that can be an “ad hoc” process or be “delegated” to risk specialists. “Risk management” has joined strategic management, financial management, operations management, etc. as a core management process – in which line, functional, and risk specialists have assigned accountabilities. Triggers driving increased risk management activity include: Flex from the Center: Concerns at HQ about the level of control they have over a diverse business Musical Chairs: A new CEO or Chair of the Board / Audit Committee who is open to fresh approaches PLC Pressure: De-merger or listing on a new exchange that requires additional governance and compliance processes Born in the USA: Sarbanes-Oxley controls reporting is time-consuming and must deliver more than just compliance Capital Concerns: Credit ratings agencies taking an interest in governance and risk management capabilities Premier Position: Executive management want to be best in class and ahead of the competition A Risky Business: Major changes in business direction or the dynamics of an industry Share Shocker: A falling or poor performing share price that smacks of nasty surprises Expansionist: The company is growing fast and is struggling to maintain control over operations Ticking off: Ongoing Audit Committee or major shareholder complaining about a lack of internal control Rules and More Rules: New trends in the regulatory environment at home and abroad Discussion Notes For a variety of reasons – some widely known and publicized – the management of enterprise-wide-risk is no longer seen as something that can be an “ad hoc” process or be “delegated” to risk specialists. “Risk management” has joined strategic management, financial management, operations management, etc. as a core management process – in which line, functional, and risk specialists have assigned accountabilities. Triggers driving increased risk management activity include: Flex from the Center: Concerns at HQ about the level of control they have over a diverse business Musical Chairs: A new CEO or Chair of the Board / Audit Committee who is open to fresh approaches PLC Pressure: De-merger or listing on a new exchange that requires additional governance and compliance processes Born in the USA: Sarbanes-Oxley controls reporting is time-consuming and must deliver more than just compliance Capital Concerns: Credit ratings agencies taking an interest in governance and risk management capabilities Premier Position: Executive management want to be best in class and ahead of the competition A Risky Business: Major changes in business direction or the dynamics of an industry Share Shocker: A falling or poor performing share price that smacks of nasty surprises Expansionist: The company is growing fast and is struggling to maintain control over operations Ticking off: Ongoing Audit Committee or major shareholder complaining about a lack of internal control Rules and More Rules: New trends in the regulatory environment at home and abroad

    5. 5 ERM Fundamentals KPMG’s Leading Approach Notes for Animation: 1. Display triangle first, enlarge to explain and then shrink again to normal size to focus on the other elements 2. Display box and arrow “Value Creation” and risk matrix, enlarge to explain and then shrink again to normal size 3. Display box and arrow “Value Preservation” and risk framework, enlarge to explain and then shrink again to normal sizeNotes for Animation:1. Display triangle first, enlarge to explain and then shrink again to normal size to focus on the other elements2. Display box and arrow “Value Creation” and risk matrix, enlarge to explain and then shrink again to normal size3. Display box and arrow “Value Preservation” and risk framework, enlarge to explain and then shrink again to normal size

    6. 6 ENTERPRISE RISK MANAGEMENT Create Content: Develop Risk Profile

    7. 7 ERM is not a “One Size Fits All” approach. The key is to determine the degree of maturity that is right for your entity ENTERPRISE RISK MANAGEMENT Create Process: KPMG’s Risk Maturity Continuum Discussion Note The complexity of ERM comes in the design of a process that fits within company’s strategy, culture, and operations. A framework is essential – but it is a guide to the right implementation approach rather than the answer. It is not a one-size for all model – but a tool to identify individual client issues and solutions A framework is only as good as it is flexible. Prescriptive approaches that try to squeeze companies into a model are best avoided. Using the framework properly can help considerably to get real results and to avoid the mistake of trying to implement processes or methods that the company is not ready to adopt. Giving the audience relevant examples may facilitate discussion. The following are just illustrations to get you thinking. Example #1: Not for Profit Youth Serving Agency With New Strategic Plan and Major Capital Campaign: Targeted Mature position on governance, assessment, and monitoring and reporting – positioning itself significantly ahead of competition re: risk management practices. Targeted Basic on quantification and risk and control optimization – a viable position given the homogeneity and stability in its services. Example #2: Top 10 U.S. Bank versus Regional U.S. Bank. Top 10 must be Basel compliant—therefore, needs to be Advanced on most components. Regional Bank is more likely to working to most effectively integrate risk management disciplines – achieve a Mature state.Discussion Note The complexity of ERM comes in the design of a process that fits within company’s strategy, culture, and operations. A framework is essential – but it is a guide to the right implementation approach rather than the answer. It is not a one-size for all model – but a tool to identify individual client issues and solutions A framework is only as good as it is flexible. Prescriptive approaches that try to squeeze companies into a model are best avoided. Using the framework properly can help considerably to get real results and to avoid the mistake of trying to implement processes or methods that the company is not ready to adopt. Giving the audience relevant examples may facilitate discussion. The following are just illustrations to get you thinking. Example #1: Not for Profit Youth Serving Agency With New Strategic Plan and Major Capital Campaign: Targeted Mature position on governance, assessment, and monitoring and reporting – positioning itself significantly ahead of competition re: risk management practices. Targeted Basic on quantification and risk and control optimization – a viable position given the homogeneity and stability in its services. Example #2: Top 10 U.S. Bank versus Regional U.S. Bank. Top 10 must be Basel compliant—therefore, needs to be Advanced on most components. Regional Bank is more likely to working to most effectively integrate risk management disciplines – achieve a Mature state.

    8. 8 ERM Fundamentals Creating Process – Value Preservation Risk process provides sustainability to the program ; and process begins with a framework. We covered the 5 framework elements earlier – also note The KPMG framework reconciles to COSO ERM. The other important concept introduced through the KPMG methodology is the risk continuum. The continuum provides 3 levels of capability: Basic / Mature / Advanced. The KPMG methodology assists in the setting of each element relevant to the continuum, through evaluation, interview and review the “today”, industry and “target” positioning can be established. Target positioning is established through understanding the aspirations of the client and mindful of the risk content and the level of satisfaction with actions to manage risk. PRESERVING VALUE. Risk process provides sustainability to the program ; and process begins with a framework. We covered the 5 framework elements earlier – also note The KPMG framework reconciles to COSO ERM. The other important concept introduced through the KPMG methodology is the risk continuum. The continuum provides 3 levels of capability: Basic / Mature / Advanced. The KPMG methodology assists in the setting of each element relevant to the continuum, through evaluation, interview and review the “today”, industry and “target” positioning can be established. Target positioning is established through understanding the aspirations of the client and mindful of the risk content and the level of satisfaction with actions to manage risk. PRESERVING VALUE.

    9. 9 Using ERM to Empower Governance Dash Board View

    10. 10 Current Market Concerns

    11. 11 Current Market Concerns - continued

    12. 12 Internal Audit’s Role in ERM Core Internal Audit Roles e.g., Assurance on the risk management process, assurance that risks are correctly evaluated Legitimate Internal Audit Roles With SAFEGUARDS e.g., Facilitating identification & evaluation of risks, coaching management in responding to risks, coordinating of ERM activities Safeguard examples include: Documenting role in the charter and obtaining approval from Audit Committee, clearly stating that management is responsible for risk management Roles Internal Audit Should NOT Undertake e.g., Setting risk, taking decisions on risk responses, accountability for risk management Note –in determining accountability for risk you need to distinguish between managements role as risk owners and the role of internal audit in providing oversight namely monitoring and providing assuranceNote –in determining accountability for risk you need to distinguish between managements role as risk owners and the role of internal audit in providing oversight namely monitoring and providing assurance

    13. 13 Internal Audit’s Role in ERM

    14. 14 What Types of Questions Should Senior Officers Ask?

    15. 15

More Related