“what does synergy have to do with it!”...“what does synergy have to do with it!” john...
TRANSCRIPT
![Page 1: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/1.jpg)
“What does Synergy have to do
with it!”
John Delaney, BComm, CIA, CRMA, CRM, C. Dir.
Senior Planning Advisor
Royal Canadian Navy
Linking IA to Boards, Strategy
Risk Mgmt. and Cyber Security
April 25, 2019
![Page 2: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/2.jpg)
Agenda
• Background
• The importance of strategy
• Personal journey with IRM
• Actions to increase insight and create synergy
• Practical ways to engage
• Your views and questions
![Page 3: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/3.jpg)
Background
• Materiel Management ~ 9 yrs.
• Internal Audit ~ 16 yrs.
• Strategy ~ 3.5 yrs.
• IRM ~ 10.5 yrs.
• Business Management ~ 1 yr.
• Chartered Director – McMaster University
• Volunteer and Mgmt. Boards
![Page 4: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/4.jpg)
Quote
“Results are gained by exploiting opportunities, not by solving
problems.” Peter Drucker
![Page 5: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/5.jpg)
Most Important Tasks of any Board
![Page 6: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/6.jpg)
Strategy Definition
![Page 7: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/7.jpg)
Product/Market Matrix
![Page 8: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/8.jpg)
Principle Causes of Performance Failure
![Page 9: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/9.jpg)
Questions to Ponder
• Shouldn’t being constructively engaged in the organization’s
strategy also be a priority of Internal Audit, Risk Management,
Cyber Security and others?
• Are we currently involved in contributing to our organization’s
strategy?
• Are we currently working with professional partners towards
achieving the organization's strategy?
![Page 10: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/10.jpg)
Proposition
Because of the importance of strategy to the long-term success of
the organization - being constructively engaged must be a priority
of Internal Audit, Risk Management and Cyber Security.
2019 2029
![Page 11: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/11.jpg)
Personal Journey with IRM
![Page 12: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/12.jpg)
Principles - Road Map & Lessons Learned
In 2011, embarked on a complex journey and needed a map.
Framework - ISO 31000 Risk Management Principles and
Guidelines.
Practical implementation principles – based on a study of prior
program failures.
- Proceed incrementally
- Gain senior executive support
- Gain staff and middle management support
- Integrate the new practice into the existing planning and
management regime
![Page 13: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/13.jpg)
Commit and MandateNAVORD
IRM Policy StatementIRM Guidelines
RM Plan and RM ProcessAssurance Plan
Communicate & TrainStakeholder analysis
Training needs analysisCommunication strategy
Training strategyRoles and Reporting
Structure & AccountabilityBoard RM CommitteeExecutive RM GroupRM Working Group
Manager Risk ManagementRM Champions
Risk and Control Owners
Review & ImproveControl assuranceRM Plan Progress
RM Maturity EvaluationRM KPIs
BenchmarkingGovernance reporting Framework
Implementation
Management Information System / Risk Registers / Treatment Plans
/ Assurance Plan / Reporting templates
Framework Implementation
Establish context
Identify risks
Analyse risks
Evaluate risks
Treat risks
Co
mm
un
icate
an
d co
nsu
lt
Mo
nito
r an
d re
vie
w
Risk assessment Steps
Process for Managing Risk
Fram
ew
ork
Imp
lem
en
tatio
nCo
nti
nu
ou
s Im
pro
vem
en
t C
ycl
e
Q31001-11 – Implementation Guide
four elements
which provide the
foundation for
designing,
implementing,
monitoring and
continual
improvement of RM.
Includes:
a well defined
process for
managing risk,
and
![Page 14: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/14.jpg)
Guide Posts
“What you do has far greater impact than
what you say.”
Stephen Covey
“Getting action is preceded by building a
positive relationship and then exploring
possibilities.” Bob Chartier
![Page 15: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/15.jpg)
Engagement – Building Relationships
• Arranged Leadership Roundtable Discussions in each Region
– Pacific Region
– National Capital Region
– Atlantic Region
• Sponsored Annual Professional IRM Training & Facilitated Discussions
– Regional Review Team
– Regional Business Planners
– Regional Naval Engineering Teams
• Purchased, Shared and Discussed Risk Management Publications
– Risk Management for Dummies
– ISO31000
• Engaged Risk Champions
– System Development
– Initial Practice & Trial Teams
– Customization
![Page 16: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/16.jpg)
Techniques – Exploring Possibilities
• Show them and they will see
– Provided Direction, Guidelines and Templates
• Tell them and they will hear
– Targeted Risk Management Training
– Shared the Impact of their Efforts
– Exposed our Challenges
• Involve them and they will understand
– Facilitated Workshops & Risk Discussions
– Provided Sample Roadmaps / Tools / Presentations
– Supported Risk Profile Development
– Encouraged Feedback
– Maintained Flexibility
![Page 17: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/17.jpg)
Value of Risk Management
• Focuses Effort:
– on the specific interests of the governance board/s related to the organization’s threats
& opportunities;
– on the goals and strategic objectives of the organization;
– on the system of compliance and oversight.
![Page 18: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/18.jpg)
Developing Trust
![Page 19: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/19.jpg)
The Team and Factors to Consider
Board of Directors
Integrated
Risk Mgmt.Strategy
Internal
Audit
CFO
CEO
Cyber Security
Governance
Needs
Strengths
Positioned to do / not do
Value
![Page 20: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/20.jpg)
IRM and their Needs
Board of Directors
Integrated
Risk Mgmt.
Internal
Audit
Needs:
1. Understand the IRM Standard
2. Appreciate of the context
3. Understand the maturity model and indicators
4. Customize your Audit Criteria, discuss it and share it with the Auditee early on
5. Point out strengths and deficiencies
6. Consider developing an ongoing professional relationship with IRM
![Page 21: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/21.jpg)
IRM and their Strengths
Board of Directors
Integrated
Risk Mgmt.
Internal
Audit
Strengths:
1. Knowledge of the organization’s strategy, the leaders responsible and
the teams implementing it
2. Similar credentials, use similar tools and techniques
3. Similar interest in effective controls and contributing to the organizations
success
4. Common interest in the Board receiving quality information
(Plans, Risks, and Performance.)
![Page 22: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/22.jpg)
IRM – Positioned to do / not do
Board of Directors
Integrated
Risk Mgmt.
Internal
Audit
Positioned to do / not do:
1. Develop professional relationship with Audit
2. Explore possibilities of how we can achieve greater effect
3. Share information on process, what: is working / needs improvement
4. Share content information – risk information is primarily the responsibility
of the function owner
![Page 23: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/23.jpg)
Engagement and Value Gained
Board of Directors
Integrated
Risk Mgmt.
Internal
Audit
Value gained by better engagement:
1. Synergistic effect on strategy and its achievement
2. Potential to improve overall organizational control
3. Potential to strengthen ourselves
4. Potential to improve Board insight – “truth” vs “true”
![Page 24: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/24.jpg)
Information on Strategy
Board of Directors
Strategy
Internal
Audit
![Page 25: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/25.jpg)
Information on IRM
Board of Directors
Integrated
Risk Mgmt.
Internal
Audit
![Page 26: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/26.jpg)
Information on Cyber Security Governance
Board of Directors
Internal
Audit
Cyber Security
Governance
![Page 27: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/27.jpg)
Information on Insight for Internal Audit
Board of Directors
Internal
Audit
![Page 28: “What does Synergy have to do with it!”...“What does Synergy have to do with it!” John Delaney, BComm, CIA, CRMA, CRM, C. Dir. Senior Planning Advisor Royal Canadian Navy Linking](https://reader033.vdocument.in/reader033/viewer/2022043003/5f8223b0a411012f19163c7c/html5/thumbnails/28.jpg)
Risk Humor
The Cyber
Security Hub TM