integrating coso’s enterprise risk management our classes...integrating coso’s enterprise risk...
TRANSCRIPT
Integrating COSO’s Enterprise Risk Management Framework into Our Classes
November 1, 2016 Webinar at 3:00 pm Eastern
CPE
November 1, 2016 Webinar at 3:00 pm Eastern
To receive CPE Credit, be sure to respond to all of the polling questions during the session and fill out the CPE Verification Form at the end of the session.
The CPE Form will appear as you click off the webinarYour responses, along with your attendance, will comprise the criteria for Continuing Professional Education credit, as regulated by NASBA. Attendees at this presentation who meet the criteria will be awarded 1 CPE Credit Hour in the NASBA Field of Study category, ”Management Advisory Services”NOTE: The American Accounting Association is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors through its Web site: http://www.learningmarket.org
Webinar Resources to become familiar with:
The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) website: http://www.coso.org
Enterprise Risk Management—Integrated Framework FAQs and additional informationhttp://erm.coso.org/Pages/default.aspx
American Accounting Association’s COSO Academic Access program details http://aaahq.org/COSO
Integrating COSO’s Enterprise Risk Management Framework Into Our
Classrooms
Doug Prawitt Mark Beasley Paul Walker
November 1, 2016
4
Webinar Objectives
1. Demonstrate Need for Risk Management Education
2. Highlight COSO’s ERM Leadership and ERM Framework
3. Ensure View of What ERM Is and Isn’t
4. Illustrate Different Approaches to Integrating ERM Into Curriculum
5. Highlight Resources for Classroom Use
5
Webinar Objectives
1. Demonstrate Need for Risk Management Education
2. Highlight COSO’s ERM Leadership and ERM Framework
3. Ensure View of What ERM Is and Isn’t
4. Illustrate Different Approaches to Integrating ERM Into Curriculum
5. Highlight Resources for Classroom Use
6
We Live in a World of Growing Uncertainty and Complexity
7
BrexitPresidential Election
Cyber Threats & Terrorism
Disruptive Innovation
Available Labor w/outNeeded Skills
Shifts in Customer Demographics
Regulator Expectations
Competitor Surprises
BUT…
8
Only 25% Describe their Risk Oversight as
Mature or Robust
45% Public Co.
41% Fin. Services
“The key to risk management is managing risk before it manages you.”
Rick Funston and Stephen Wagner, Surviving and Thriving in Uncertainty
“It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.”
Opening in “The Big Short”
9
Management of Risks…
• It’s everyone’s job!
?Are we adequately preparing our students for assuming risk ownership responsibilities?
10
Webinar Objectives
1. Demonstrate Need for Risk Management Education
2. Highlight COSO’s ERM Leadership and ERM Framework
3. Ensure View of What ERM Is and Isn’t
4. Illustrate Different Approaches to Integrating ERM Into Curriculum
5. Highlight Resources for Classroom Use
11
Who is COSO?
12
Note: COSO Has 2 Frameworks: I/C and ERM
Internal Control – 1992
ERM - 2004
13
IC Framework Updated and Revised 2013
14
COSO’s ERM Framework – Recent Update
• Exposure Draft – Revises 2004 ERM Framework– Issued June 2016– Comment period ended September 30– Prawitt on COSO Board and Beasley &
Walker serving on Advisory Council
15
2004 2016 Exposure Draft
Revised COSO Framework - 2016
16
Builds Off 23 Core Principles
17
Currently, I use COSO frameworks in my class(es):
a) Both, Internal control and ERMb) Internal control onlyc) ERM onlyd) Not yet, want to find out more
Webinar Objectives
1. Demonstrate Need for Risk Management Education
2. Highlight COSO’s ERM Leadership and ERM Framework
3. Ensure View of What ERM Is and Isn’t
4. Illustrate Different Approaches to Integrating ERM Into Curriculum
5. Highlight Resources for Classroom Use
19
So….
What is ERM?
20
Traditional Risk Management Approach
21
“Silo” or “Stove-Pipe” Risk Management
Risk #1
Risk #2
Risk #1
Risk #3
Risk #2
Risk #1
Risk #3
Risk #2
Risk #1
Risk #2
Risk #1
Risk #3
Risk #4
Risk #2
Risk #1
Risk #3
Risk #2
Risk #1
Risk #3
Risk #4
Risk #2
Sales and Customer
Service
Production & Distribution
Finance & Treasury
IT Risks Legal & Compliance
Strategic Planning
Human Resources
Traditional Approaches to Risk Management
May Be Overlooking Critical Risks
22
Risk #1
Risk #2
Risk #1
Risk #3
Risk #2
Risk #1
Risk #3
Risk #2
Risk #1
Risk #2
Risk #1
Risk #3
Risk #4
Risk #2
Risk #1
Risk #3
Risk #2
Risk #1
Risk #3
Risk #4
Risk #2
Sales and Customer
Service
Production & Distribution
Finance & Treasury
IT Risks Legal & Compliance
Strategic Planning
Human Resources
Risk that a Competitor Launches a New Innovative Technology
Significantly Affecting Customer Demand
Risk of Demographic
Shifts in Market
Risk of Geo-Political Developments That Significantly
Restrict Market Access
Risk that Future Talent Not
Attracted to Entity’s Business
Model
Risk of “Work-Arounds” by Employees and Customers of IT
Security Protocols Leads to Cyber Breach
Risk of Emerging Regulations Re:
InternationalMarkets
Risk that New Strategic Initiative Undermines Core
Product
ERM Helps Management and Boards Identify Unknown, But Knowable Risks to Enterprise
Core Value Drivers and New Strategies
ERM Should Inform This Picture
Grow Value of
Enterprise
Risks & Opportunities
Missed Opportunities
Missed Opportunities
23
Embracing Enterprise Risk Management for Long-Term Value ERM is a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, managerisks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.-Committee of Sponsoring Organizations of the Treadway Commission
(COSO 2004) (see www.coso.org)
Strategic Purpose
24
Webinar Objectives
1. Demonstrate Need for Risk Management Education
2. Highlight COSO’s ERM Leadership and ERM Framework
3. Ensure View of What ERM Is and Isn’t
4. Illustrate Different Approaches to Integrating ERM Into Curriculum
5. Highlight Resources for Classroom Use
25
Integrating ERM Into Curriculum – So Many Options!
1. Business Strategy Courses
2. Accounting Courses
3. Stand Alone ERM Courses
26
27Ideally ERM Would be Part of our
Strategy Courses
Poor Risk Management Ultimately Affects Success
Core Value Drivers and New Strategies
Effective Risk Oversight Should Inform This Picture
Enhance Global
Reputation & Brand of University
Risks & Opportunities
Missed Opportunities
Missed Opportunities
28
If not in Strategy Courses...
Opportunity for Accounting!!
29
Our university’s coverage of ERM is primarily done through
a) Other business courses outside of accountingb) Existing accounting classesc) Stand‐alone ERM coursesd) A blend of the abovee) Not at allf) I don’t know
Focus on Reporting and Disclosure Requirements
1. Introduce students to Item 1.A Risk Factors– What processes might CFOs rely on to provide inputs to these disclosures?– How might certain risks in Item 1.A trigger footnote disclosures
2. Introduce Students to Proxy Disclosures requirements– How might compensation plans trigger excessive risks?– What is board’s role in risk oversight?
3. Introduce students to Integrated Reporting– see GE’s 2016 Integrated Report
Financial Accounting
32
Internal Control & Governance
33
Internal Control & Governance
Example Assignment:Ask Students to research the requirements of these drivers of ERM as research for the board chair of a company.
Then, have them review Proxy Disclosures for a real company.
Panera Bread’s 2016 Proxy DisclosureRisk Oversight - Role of Our Board in Management of Risk
Our Board administers its risk oversight function directly and through its Audit Committee and receives regular reports from members of senior management, including our Director of Internal Audit, on areas of material risk to the company, including operational, financial, legal and regulatory, strategic and reputational risks.
Our Audit Committee regularly discusses with management and our Director of Internal Audit our major risk exposures, their potential financial impact on our company and the steps we take to manage them.
In addition, our Compensation Committee assists the Board in fulfilling its oversight responsibilities with respect to the management of risks arising from our compensation policies and programs and succession planning for our executive officers.
Our Committee on Nominations and Corporate Governance assists the Board in fulfilling its oversight responsibilities with respect to the management of risks associated with board organization, membership and structure, succession planning for our directors and corporate governance.
34
Auditing Standards Require…
The auditor must obtain a sufficient understanding of the entity and its environment, including its internal
controls, to assess the risk of material misstatement …..
Audit Classes
Identify Risks to Value Drivers
Profitability & Shareholder
Growth
Unique Products
High touch service
Sophisticated Supply Chan
Expand offerings
Pursue acquisitions
Invest in more online services
Potential Risks
Potential Risks
Potential Risks
Potential Risks
Potential Risks
Potential Risks
37
Tapping Into Client’s Risk Assessment
Help Fulfill Requirements to Understand Entity and Its Environment
Example of Student Assignment
• Analysis of the home improvement retail industry
• Students analyze Home Depot’s 10-K to identify strategies.
• Students Analyze Item 1.A Risk Factors to brainstorm about risks that might trigger material misstatements
Traditional Risk Management Approach
39
Risk #1
Risk #2
Risk #1
Risk #3
Risk #2
Risk #1
Risk #3
Risk #2
Risk #1
Risk #2
Risk #1
Risk #3
Risk #4
Risk #2
Risk #1
Risk #3
Risk #2
Risk #1
Risk #3
Risk #4
Risk #2
Sales and Customer
Service
Production & Distribution
Finance & Treasury
IT Risks Legal & Compliance
Strategic Planning
Human Resources
How Might Tax Strategies Trigger Risks Across the Enterprise?
Corporate Tax Courses
KPIs vs. KRIs
Historical Forward Looking
Management Accounting
Near Term Risk (Ability to Deliver Plan)
Impact on EBITLow, Medium, High Current Plan Year
Strategic Impact to Business Model
Likelihood of risk occurring that could impact our ability to meet the strategic goal of the companyLow, Medium, High
1-3 years
Time FrameCompany Performance Attribute and Definitions
Inherent impact and/or likelihood of risk is increasing No change in inherent impact and/or likelihoodInherent impact and/or likelihood of risk is decreasing
Future Risk Trend (1-3 yrs) Definition:
Risk Category Risk Description Risk OwnerLast
Assessment Date
Near Term Risk (Ability to Deliver
Plan)
Strategic Impact to
Business Model
FutureRisk
Trend(1-3 Yrs)
Overall Future
Assessment(1-3 Yrs)
Global Growth August 2013
Competition August 2013
Product August 2013
Brand August 2013
Financial August 2013
HDFS August 2013
People August 2013
Parts & Accessories August 2013
Supply Chain August 2013
Manufacturing August 2013
Information Technology August 2013
Regulatory Compliance August 2013
Reputation August 2013
Strategic
Compliance
Financial
Operational
Information Systems Courses
Stand Alone ERM Courses
1. Overview of ERM Course – Summer/Fall
2. Data Analytics Course – Spring
3. ERM Practicum Course
42
ERM Grad Degrees
• MS ERM– Accredited– 4 to 40
• MBA ERM– accredited
• ERM I• ERM II• ERM III
ERM I
• Foundation• History of risk• History of ERM• ERM components• ERM value proposition• Global view of ERM• RFP
ERM II
• ERM assessment• Deep dives• ERM and decision making• ERM and reputation• ERM and culture• ERM and Governance
ERM III
• 1 in a 1000• But 3 dimensions• Field-based• A few strategy books…
– Blue Ocean– Strategy Needs a Strategy
• Struggle but…– On the right track– We need help; need to learn how to do this better
Webinar Objectives
1. Demonstrate Need for Risk Management Education
2. Highlight COSO’s ERM Leadership and ERM Framework
3. Ensure View of What ERM Is and Isn’t
4. Illustrate Different Approaches to Integrating ERM Into Curriculum
5. Highlight Resources for Classroom Use
47
COSO Resources – www.coso.org Executive Summary of Frameworks:
ERM Thought Pieces:
48
Free
Purchase COSO Resources at: www.coso.org
49
OrEnroll in COSO Annual Academic Access for Faculty and Students
$
Internet Resources
About 500 articles summarized
50
www.erm.ncsu.edu
Research and Thought Pieces
Research:
Thought Pieces:
51
Videos
www.erm.ncsu.edu
Newsletters
I have or plan to join COSO’s Academic Access program offered by the AAA:
a) I plan to joinb) I joined this yearc) I have been a member for more than a yeard) Not sure, want to find out more
Mark S. BeasleyNC State University
www.erm.ncsu.edu
53
Doug PrawittBrigham Young University
www.marriottshool.byu.edu
Paul WalkerSt. John’s [email protected]
212.284.7011www.stjohns.edu
CPE Reminder November 1, 2016
November 1, 2016 Webinar at 3:00 pm Eastern
To receive CPE Credit, be sure to respond to all of the polling questions during the session and fill out the CPE Verification Form at the end of the session.
The CPE Form will appear as you click off the webinarYour responses, along with your attendance, will comprise the criteria for Continuing Professional Education credit, as regulated by NASBA. Attendees at this presentation who meet the criteria will be awarded 1 CPE Credit Hour in the NASBA Field of Study category, ”Management Advisory Services”NOTE: The American Accounting Association is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors through its Web site: http://www.learningmarket.org