Enterprise risk management presentation to the committee on audit january 2006 l.jpg
Advertisement
This presentation is the property of its rightful owner.
1 / 21

Enterprise Risk Management Presentation to the Committee on Audit January 2006 PowerPoint PPT Presentation

Enterprise Risk Management Presentation to the Committee on Audit January 2006 THE TEXAS A&M UNIVERSITY SYSTEM What Is ERM? What is Enterprise Risk Management? (Institute of Internal Auditor’s Definition)

Download Presentation

Enterprise Risk Management Presentation to the Committee on Audit January 2006

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Enterprise risk management presentation to the committee on audit january 2006 l.jpg

Enterprise Risk ManagementPresentation to the Committee on AuditJanuary 2006

THE TEXAS A&M UNIVERSITY SYSTEM


What is erm l.jpg

What Is ERM?


What is enterprise risk management institute of internal auditor s definition l.jpg

What is Enterprise Risk Management?(Institute of Internal Auditor’s Definition)

A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.


What is enterprise risk management institute of internal auditor s definition4 l.jpg

What is Enterprise Risk Management?(Institute of Internal Auditor’s Definition)

A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.


What is enterprise risk management institute of internal auditor s definition5 l.jpg

What is Enterprise Risk Management?(Institute of Internal Auditor’s Definition)

A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.


What is enterprise risk management institute of internal auditor s definition6 l.jpg

What is Enterprise Risk Management?(Institute of Internal Auditor’s Definition)

A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.


What is enterprise risk management institute of internal auditor s definition7 l.jpg

What is Enterprise Risk Management?(Institute of Internal Auditor’s Definition)

A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives. This includes both upside and downside risks.


Institute of internal auditors key objectives of the risk management process l.jpg

Institute of Internal AuditorsKey Objectives of the Risk Management Process

Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.


Institute of internal auditors key objectives of the risk management process9 l.jpg

Institute of Internal AuditorsKey Objectives of the Risk Management Process

Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.

  • Risks arising from business strategies and activities are identified and prioritized.


Institute of internal auditors key objectives of the risk management process10 l.jpg

Institute of Internal AuditorsKey Objectives of the Risk Management Process

Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.

  • Risks arising from business strategies and activities are identified and prioritized.

  • Management and the board have determined the level of risks acceptable to the organization, including the acceptance of risks designed to accomplish the organization’s strategic plans.


Institute of internal auditors key objectives of the risk management process11 l.jpg

Institute of Internal AuditorsKey Objectives of the Risk Management Process

Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.

  • Risks arising from business strategies and activities are identified and prioritized.

  • Management and the board have determined the level of risks acceptable to the organization, including the acceptance of risks designed to accomplish the organization’s strategic plans.

  • Risk mitigation activities are designed and implemented to reduce, or otherwise manage, risk at levels that were determined to be acceptable to management and the board.


Institute of internal auditors key objectives of the risk management process12 l.jpg

Institute of Internal AuditorsKey Objectives of the Risk Management Process

Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.

  • Risks arising from business strategies and activities are identified and prioritized.

  • Management and the board have determined the level of risks acceptable to the organization, including the acceptance of risks designed to accomplish the organization’s strategic plans.

  • Risk mitigation activities are designed and implemented to reduce, or otherwise manage, risk at levels that were determined to be acceptable to management and the board.

  • Ongoing monitoring activities are conducted to periodically reassess risk and the effectiveness of controls to manage risk.


Institute of internal auditors key objectives of the risk management process13 l.jpg

Institute of Internal AuditorsKey Objectives of the Risk Management Process

Internal auditors should obtain sufficient evidence to satisfy themselves that the five key objectives of the risk management process are being met in order to form an opinion on the adequacy of risk management processes.

  • Risks arising from business strategies and activities are identified and prioritized.

  • Management and the board have determined the level of risks acceptable to the organization, including the acceptance of risks designed to accomplish the organization’s strategic plans.

  • Risk mitigation activities are designed and implemented to reduce, or otherwise manage, risk at levels that were determined to be acceptable to management and the board.

  • Ongoing monitoring activities are conducted to periodically reassess risk and the effectiveness of controls to manage risk.

  • Enterprise risk management deficiencies are reported upstream, with serious matters reported to top management and the board.


Iia s risk management process l.jpg

IIA’s Risk Management Process

Identify and Prioritize Risks


Iia s risk management process15 l.jpg

IIA’s Risk Management Process

Identify and Prioritize Risks

Determine Level of Acceptable Risk


Iia s risk management process16 l.jpg

IIA’s Risk Management Process

Identify and Prioritize Risks

Determine Level of Acceptable Risk

Develop Mitigation Activities


Iia s risk management process17 l.jpg

IIA’s Risk Management Process

Identify and Prioritize Risks

Determine Level of Acceptable Risk

Develop Mitigation Activities

Conduct Ongoing Monitoring


Iia s risk management process18 l.jpg

IIA’s Risk Management Process

Identify and Prioritize Risks

Determine Level of Acceptable Risk

Develop Mitigation Activities

Conduct Ongoing Monitoring

Report Periodically on Risk Management Process


Slide19 l.jpg

Today’s Organizations Approach Risk Management in Ways That Can Be Broadly Categorized into Five Levels

  • Level I organizations see little value in proactive risk management.

  • In Level II organizations, there is general awareness about risk management and some conceptual appreciation for its value in assuring that not all uncertainties become problems.

  • Level III organizations are aware of risk management and they have set up some mechanisms to monitor risks.

  • In Level IV, a broader risk management position is created to review “hot” spots, assist in risk assessment within the business units, and keep score.

  • Level V organization, the CEO believes that risk management should be imbedded in every part of the organization. Business units track their progress against action plans. Training programs are in place. Internal audit evaluates the program to assure that the process is in place and working effectively.


What is tamus siad doing l.jpg

What is TAMUS SIAD Doing?

  • Formal Presentation to CFO’s – Fall of 2003

  • Initial Presentation to the Committee on Audit–December 2003

  • AD HOC Discussions with TAMUS Executives

  • Briefings with CEO’s – Fiscal Year 2004 and 2005

  • Preliminary Assessment of ERM Maturity Level – Fall 2004

  • Assessment of ERM Maturity Level – Fall 2005

  • Presentation to the Committee on Audit - January 2006


  • Login