Enterprise Risk Management Integrating with Strategy and ...

Enterprise Risk Management Integrating with Strategy and EnterprisePReiskrfMoarnmagaenmceen:t Integrating with Strategy anTdhPeerAfourmdaitnocer:'sThReoAleuditor's Role

Joe MaleszewskiJ,oInespMecatolersGzeenwersakl ia,nVdiDceirePctroersoidf Ceonmt pfloiarnAceudit May 17, 2018 Florida Agricultural and Mechanical University flbog.edu August 25, 2021

1

Presentation Outline

? Risk ? Risk Management ? Enterprise Risk Management ? Risk Management Frameworks ? COSO ERM Framework ? Role of Audit ? Q&A

2

RISK: AS OLD AS TIME

3

Risk Defined

Risk is the probability that an event will occur and adversely affect the achievement of objectives.

4

Risk Assessment Defined

Risk Assessment is the identification and analysis of risks to the achievement of an organization's objectives for the purpose of determining how those risks should be managed.

5

TRADITIONAL RISK MANAGEMENT V. ERM

Traditional Risk Management Past-focused Segmented/Siloed

Enterprise Risk Management Future-focused Enterprise-wide

Little or no knowledge of overall organizational risks

Broad perspective on overall organizational risk

Focused on preventing loss within business unit (tactical)

Focused on enhancing value, capitalizing on opportunities, and managing all risks across entire organization (strategic)

Scope: physical and financial assets Scope: entire asset portfolio

Siloed risk mitigation

Enterprise-wide risk mitigation

6

ERM Milestones

YEAR 1900s 1974 1987 1992

MILESTONE Risk Management: Logical, disciplined approach to future uncertainties

Gustave Hamilton Risk Management Circle

COSO: Report on Fraudulent Financial Reporting

COSO: Internal Controls: Integrated Framework Cadbury Report: Financial Aspect of Corporate Governance CoCo: Canadian Institute of Chartered Accountant's Criteria for Control Framework

1993 Chief Risk Officer

1995 First Risk Management Standard: AS/NZS 4360

1996 COBIT: IT Governance

1999 GAO: Standards for Internal Control in Federal Government

2004 COSO: ERM ? Integrated Framework

2009 ISO 31000: Suite of Risk Management Standards

2016 OMB: Circular A-123 requires Federal Agencies to implement ERM and Internal

Controls

2017 COSO: ERM ? Integrating with Strategy and Performance

7

About COSO . . .

> 600,000

professionals

? Originally formed in 1985, COSO is a joint

initiative of five private sector organizations and is dedicated to providing thought

leadership through the development of frameworks and

guidance on enterprise risk management (ERM), internal control, and fraud deterrence.

8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download