1 / 18

The Top Four Essential Objectives to Auditing ERM

The Top Four Essential Objectives to Auditing ERM. Stephen E. McBride, CIA. Agenda. Definition of key terms Risk management principles & process Recent financial events Risk governance roles Key areas of focus in establishing audit objectives. Risk.

lynde
Download Presentation

The Top Four Essential Objectives to Auditing ERM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Top Four Essential Objectives to Auditing ERM Stephen E. McBride, CIA

  2. Agenda • Definition of key terms • Risk management principles & process • Recent financial events • Risk governance roles • Key areas of focus in establishing audit objectives

  3. Risk • The possibility of an event occurring that will have an impact on the achievement of objectives. Measured in terms of likelihood and impact

  4. Risk Management A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives

  5. Why Manage Risk? • Decrease the cost of financial distress • Reduce earnings volatility • Facilitate optimal investments Incorporate portfolio theory

  6. Enterprise Risk Management The application of risk management principles to all significant risks facing an organization

  7. Risk Governance Roles • Board of Directors • Management • Internal Auditors

  8. Financial Events • Enron • Washington Mutual Bank • AIG • MF Global Were these events: • risk management process failures, • implementation failures, or • both?

  9. Where to Begin • Failures? • Financial: Credit, Market, Liquidity • Operational • Strategic • Review models, assumptions, derivatives, strategies, black swan? • Top 4 objectives

  10. 1. Business Strategies and Risk Appetite • Determine approval of risk appetite • Determine understanding of business model

  11. Audit Objectives –Risk Appetite • Risk appetite – the entity’s risk appetite defines acceptable and undesirable risks. • Parameters for risk • Strategic – new products or initiatives • Financial – max acceptable loss or performance variations • Operating – capacity management, quality targets, environmental requirements.

  12. 2. Internal Environment • The Board of active and possesses an appropriate degree of expertise • Chief Risk Officer communication • Management risk council reporting to the Board • Management’s risk appetite is aligned throughout the organization

  13. Ethics • Determine methods for ensuring the Code of Conduct is communicated and complied with across the organization • Ensure results are properly communicated • Determine whether executives comply with discretionary expenditures policies

  14. Follow the Money • Determine how management is rewarded for performance

  15. 3. Event identification • Management identifies potential events • Techniques are used to look at both the past and the future • Event identification is robust • Management understands how events relate to one another

  16. 4. Control Activities • Management indentifies control activities need to ensure risk responses are carried out properly • Policies are implemented consistently • Conditions are investigated and appropriate corrective action taken • General and application controls are implemented

  17. Volume of Exceptions • Determine the volume of policy or internal control exceptions • Determine steps taken for corrective action

  18. Conclusion • Determining the control framework and management practices in these areas will help determine risk culture • Risk culture is the primary indicator of an organization’s risk management oversight and its likelihood of continued long term success

More Related