the top four essential objectives to auditing erm n.
Skip this Video
Loading SlideShow in 5 Seconds..
The Top Four Essential Objectives to Auditing ERM PowerPoint Presentation
Download Presentation
The Top Four Essential Objectives to Auditing ERM

Loading in 2 Seconds...

play fullscreen
1 / 18

The Top Four Essential Objectives to Auditing ERM - PowerPoint PPT Presentation

  • Uploaded on

The Top Four Essential Objectives to Auditing ERM. Stephen E. McBride, CIA. Agenda. Definition of key terms Risk management principles & process Recent financial events Risk governance roles Key areas of focus in establishing audit objectives. Risk.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'The Top Four Essential Objectives to Auditing ERM' - lynde

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
  • Definition of key terms
  • Risk management principles & process
  • Recent financial events
  • Risk governance roles
  • Key areas of focus in establishing audit objectives
  • The possibility of an event occurring that will have an impact on the achievement of objectives. Measured in terms of likelihood and impact
risk management
Risk Management

A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives

why manage risk
Why Manage Risk?
  • Decrease the cost of financial distress
  • Reduce earnings volatility
  • Facilitate optimal investments

Incorporate portfolio theory

enterprise risk management
Enterprise Risk Management

The application of risk management principles to all significant risks facing an organization

risk governance roles
Risk Governance Roles
  • Board of Directors
  • Management
  • Internal Auditors
financial events
Financial Events
  • Enron
  • Washington Mutual Bank
  • AIG
  • MF Global

Were these events:

    • risk management process failures,
    • implementation failures, or
    • both?
where to begin
Where to Begin
  • Failures?
    • Financial: Credit, Market, Liquidity
    • Operational
    • Strategic
  • Review models, assumptions, derivatives, strategies, black swan?
  • Top 4 objectives
1 business strategies and risk appetite
1. Business Strategies and Risk Appetite
  • Determine approval of risk appetite
  • Determine understanding of business model
audit objectives risk appetite
Audit Objectives –Risk Appetite
  • Risk appetite – the entity’s risk appetite defines acceptable and undesirable risks.
  • Parameters for risk
    • Strategic – new products or initiatives
    • Financial – max acceptable loss or performance variations
    • Operating – capacity management, quality targets, environmental requirements.
2 internal environment
2. Internal Environment
  • The Board of active and possesses an appropriate degree of expertise
  • Chief Risk Officer communication
  • Management risk council reporting to the Board
  • Management’s risk appetite is aligned throughout the organization
  • Determine methods for ensuring the Code of Conduct is communicated and complied with across the organization
  • Ensure results are properly communicated
  • Determine whether executives comply with discretionary expenditures policies
follow the money
Follow the Money
  • Determine how management is rewarded for performance
3 event identification
3. Event identification
  • Management identifies potential events
  • Techniques are used to look at both the past and the future
  • Event identification is robust
  • Management understands how events relate to one another
4 control activities
4. Control Activities
  • Management indentifies control activities need to ensure risk responses are carried out properly
  • Policies are implemented consistently
  • Conditions are investigated and appropriate corrective action taken
  • General and application controls are implemented
volume of exceptions
Volume of Exceptions
  • Determine the volume of policy or internal control exceptions
  • Determine steps taken for corrective action
  • Determining the control framework and management practices in these areas will help determine risk culture
  • Risk culture is the primary indicator of an organization’s risk management oversight and its likelihood of continued long term success