enterprise risk management · •va scandal •opm data breach •2016 hurricanes and wild fires...
TRANSCRIPT
![Page 1: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/1.jpg)
Enterprise Risk Management Jonelle Pianta, Chief Risk Officer Overland Park, KS | December 8, 2017
1
![Page 2: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/2.jpg)
Overview • What it is and why do it • Internal ERM • Auditing ERM
Enterprise Risk Management
2
![Page 3: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/3.jpg)
Enterprise Risk Management
What it is and why we should do it
3
![Page 4: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/4.jpg)
Enterprise Risk Management
4
• GSA scandal • VA scandal • OPM data breach • 2016 hurricanes and wild fires • 2008 financial crisis • IRS screening of politically active exempt orgs
Risks are everywhere
![Page 5: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/5.jpg)
Enterprise Risk Management
5
Opportunities are everywhere
![Page 6: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/6.jpg)
Enterprise Risk Management
6
Trademark by COSO ERM Framework coso.org
![Page 7: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/7.jpg)
Enterprise Risk Management
7
COSO ERM Framework – Trademark by coso.org
![Page 8: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/8.jpg)
Mandated by OMB A-123 • Revised July 15, 2016 • All Federal agencies effectively manage risks to
meet strategic objectives • Coordinate ERM, strategic planning, strategic
review process, and internal control processes
Enterprise Risk Management
8
![Page 9: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/9.jpg)
ERM is • The culture and practices that organizations rely
on to manage risk in creating, preserving, and realizing public value.
• It will identify potential risks and opportunities that could impact how well we achieve our mission, vision, and strategic goals and objectives.
Enterprise Risk Management
9
![Page 10: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/10.jpg)
Enterprise Risk Management
R - 58 G - 16 B - 55
R - 27 G - 41 B - 82
R - 155 G - 128 B - 75
R - 165 G - 166 B - 165
R - 79 G - 80 B - 79
10
![Page 11: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/11.jpg)
Why we do it... • Advance opportunity
– Improve mission delivery – Reduce costs – Focus our corrective actions
• Prioritization – if all risks are important, none are • Better decision making • Gain knowledge to review your agency
Enterprise Risk Management
11
![Page 12: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/12.jpg)
What ERM is not... • It does not replace internal controls; it feeds,
shapes, and guides them. • Are you already doing great? It may just be a way
to do better. • It is not a cure-all. Bad stuff will still happen.
Enterprise Risk Management
12
![Page 13: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/13.jpg)
Enterprise Risk Management
Internal ERM
13
![Page 14: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/14.jpg)
How we do it... • Develop the framework • Create a risk register • Evaluate risks • Risk council ranks the risks for the organization • Affected offices implement corrective actions • Evaluate and repeat
Enterprise Risk Management
14
![Page 15: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/15.jpg)
Enterprise Risk Management
External ERM
15
![Page 16: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/16.jpg)
How we do it... • Develop the framework
– Who does what – Timing
• Evaluate risks • Rank the risks for the agency • Evaluate current risks and continue to find new risks
Enterprise Risk Management
16
![Page 17: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/17.jpg)
Tips • Get support from the top • Sell people on the benefits first so it doesn’t
become a compliance exercise • Use plain language • You don’t know how to do it until you do it
Enterprise Risk Management
17
![Page 18: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/18.jpg)
Enterprise Risk Management
ERM feeds governance and decision making – the process is fair and supportable and what is
determined to be most important is based on what is best for the
organization as a whole.
18
![Page 19: Enterprise Risk Management · •VA scandal •OPM data breach •2016 hurricanes and wild fires •2008 financial crisis •IRS screening of politically active exempt orgs . Risks](https://reader036.vdocument.in/reader036/viewer/2022081523/5fd3e581644acf20f512ebc5/html5/thumbnails/19.jpg)
Questions? www.hudoig.gov
19