siegfried addressing current governance and risk management challenges in governmental and...
Post on 29-Jan-2018
910 Views
Preview:
TRANSCRIPT
ICGFM ‐Winter 2010 Conference
December 6, 2010
Addressing Current Governance and Risk Management Challenges in Governmental and
International Organizations
Alan SiegfriedCIA, CCSA, CFSA, CGAP, CPA, CISA, CBA, CSP, CITP, MBAAuditor General, Inter‐American Development Bank
IIA Chairman, North American Board
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 2
• Global economic challenges and issues• Changing regulatory environment• Financial markets turmoil• Shrinking workforce and massive layoffs• Budget restrictions• Risk management efforts ineffective• Stakeholder confidence shaken• Uncertainty and unpredictability
Our World at a Glance
Opportunity for internal audit profession to demonstrate leadership in risk management, control and governance
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 3
Risk of Not Responding• Diminished stature of Internal Audit in surfacing and
addressing emerging risks
• Significantly reduced credibility as a trusted governance partner
• Diminished value of internal audit activities
• Seen as being inflexible and non‐responsive to emerging risk
Where were the Internal Auditors?
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 4
Risk Management Lessons Learned• Short term cost‐cutting with destructive operational or control implications
• Reliance on a third party supplier, distributor, counterparty or joint venture partners with financial difficulties what contingency plans are in place
• Customer dissatisfaction over valued receivables• Liquidity issues due to the tightening of credit and reduced demand• Increased incentives for financial fraud• Disgruntled current and ex‐employees who sabotage, pilfer assets• Loss or damage to reputation
Internal Audit RoleHelp management identify risks, design risk management strategies, assess
and monitor effectiveness of applicable controls
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 5
Current Challenges for Governance and Risk Management
1. Aligning internal audit coverage to meet new expectations2. Fully embrace a risk‐centric strategy3. Realigning skills to address new requirements 4. Leveraging technology to achieve greater efficiencies 5. Coping with diminished resources6. Maintaining stature with the audit committee7. Integrate fraud and prevention and ethics investigations into audit
strategies8. Demonstrate stronger commitment to quality9. Enhance coordination internally10. Demonstrating value and adding to the bottom line
The IIA 2009
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 6
Potential Internal Audit Involvement in Risk Management and Governance
Participate in cross functional ‘what if’ discussions to reconsider risks and identify action plans
Help design risk management / monitoring processes (i.e., controls!) to address risks
Redirect audit resources to re‐assessed highest risk areas
Internal audit review of risk management and organizational governance
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 7
Videohttp://www.youtube.com/watch?v=laKprX‐HP94
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 8
Understanding the Difference• Risk management
“A process to identify, assess, manage and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives”
• Control“Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved”
• Governance“The combination of processes and structures implemented by the board in order to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives”
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 9
What is Organizational Governance?
The process through which
(1) values and goals are established and communicated,
(2) the accomplishment of goals is monitored,
(3) accountability is ensured, and (4) values are preserved.
Executive Management EA
IABoard
RM
C
ORGANIZATION
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 10
Parties in the Governance Process
Oversight group – board and committees of the board
Stewardship group – executive management: Dual role of stewardship of resources allocated by board
and accountability of results of operations
Performance group – operating and support management and staff
Assurance group – internal and external auditing functions, and in some organizations, compliance and risk
management monitoring functions, are also part of the assurance group.
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 11
Two Basic Responsibilities of the Board
BOARDGovernance
Umbrella
Strategic Direction
ValuesBoundaries
Governance Oversight
AccountabilityValues
Preservation
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 12
Audit Committees
Areas of Focus
FinancialReporting
Risk Management
Internal Control
External Audit
Communicating& Reporting
MaintainingMeasuring
Effectiveness
RegulatoryCompliance &
EthicalMatters
InternalAudit
Audit Committee Areas of Focus
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 13
Key Components of Governance Oversight
StakeholdersGovernance
UmbrellaBOD
Risk Management
Senior Management -Risk Owners
Assurance Internal-External
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 14
Governance Opportunities“ Changing business and economic conditions provide an opportunity to reassess
board priorities and re‐focus the agenda”
KPMG
Board skills and capabilities reflect the changing business environment
Tighten risk management oversight
Keep ahead of the strategic agenda
Extract the most from board committees
Review the flow of information from management to the Board
Create and sustain an ethical organization
Recruit, develop and retain talented managers
Strengthen board governance and organizational policies
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 15
What can Internal Audit Bring to the Table?
Provide independent, objective assessments on:
Appropriateness of governance structure Operating effectiveness of governance activities.
Act as catalysts for change by:
Advising or advocating improvements in governance structure and practices
Providing assurance on the risk management, control, and governance The IIA
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 16
Risk and Risk Management
• Risk is the probability/likelihood of something happening that will have an adverse impact on objectives.
• Risk Management is the systematic application of processes and structures that enable an organization to identify, assess, analyze, optimize, monitor, improve, or transfer risk while communicating risk and risk decisions to stakeholders.
Enterprise Risk Management (ERM) deals with risks and opportunities affecting value creation or preservation.
ERM is a process, effected by an entity’s board of directors and management which is applied in a strategy setting and across the enterprise. It is designed to identify potential events that may affect the entity, and manage those risks to provide reasonable assurance regarding the achievement of objectives.
Source: Committee of Sponsoring Organizations, “Enterprise Risk Management – Integrated Framework, Executive Summary”,2004
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 17
Benefits of ERM Holistic view of risk in the organization Greater likelihood of achieving objectives Consolidated reporting of risks at board level Improved understanding of key risks and implications Identification and sharing of cross business risks Greater management focus on the issues that really
matter Fewer surprises or crises Increased likelihood of change initiatives being achieved Capability to take on greater risk for greater reward and More informed risk‐taking and decision‐making.
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 18
ERM Quality Classifications
Excellent
• Advanced capabilities to identify, measure, manage all risk exposures within tolerances
• Advanced implementation, development and execution of ERM parameters• Consistently optimizes risk adjusted returns throughout the organization
Strong
• Clear vision of risk tolerance and overall risk profile• Risk Control exceeds adequate for most major risks• Has robust processes to identify and prepare for emerging risks• Incorporates risk management and decision making to optimize risk adjusted
returns
Adequate
• Has fully functioning control systems in place for all of their major risks• May lack a robust process for identifying and preparing for emerging risks• Performing good classical “silo” based risk management• Not fully developed process to optimize risk adjusted returns
Weak• Incomplete control process for one or more major risks• Inconsistent or limited capabilities to identify, measure or manage major risk
exposures
Source: Standard & Poor’s
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 19
Fundamental Principles of an Effective Risk Management Strategy in International Organizations
Common definition of risk and risk framework
Clearly defined key roles, responsibilities and
authority
Common risk management infrastructure
Appropriate transparency and visibility of governing
bodies
Executive management responsible for designing,
implementing, and maintaining effective risk
management
Business units held responsible for risk
management
Support functions have pervasive impact on the
business and the management of risks
Oversight functions provide objective
assurance , monitoring and reporting
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 20
Effective Risk Management Practices
Adopt a risk management policy and specific risk
component definitions
Appoint a risk manager
Provide meaningful risk information to Senior Management
and the Board
Quantify and communicate losses
from risk
Set and review risk limits with the Board
Perform Regular assessments.
Transfer risks if cost is less that the cost of
retention.
Train Management and the Board in risk
matters.
Provide annual assurance on the state of risk management.
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 21
Responsibilities of the Risk Manager
Implement an enterprise‐wide risk management strategy, processes and controls
Propose risk management policy for Board approval Coordinate risk management efforts across the
organization Collect and combine risk information Assess the information collected Identify, assess and report risks Communicate risk information to the Board and
Management Provide annual assurance on the state of risk management Affirm policies are appropriate for the foreseeable future.
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 22
Internal Audit’s Role in ERM
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 23
Internal Audit Value Proposition
Moving the profession from recognized ‐ to trusted ‐ to valued contributions to your organization and assurance to stakeholders
Understand the business management’s strategies and objectives
Focus on the right areas and the right risks Provide practical, relevant and persuasive
recommendations Become proactive catalyst for positive change Balance consultative and assurance services Help protect AND grow the business Earn a ‘Seat at the table’ Act as trusted advisor on risk, control and governance
issues
Recognized.
Trusted.
Valued.
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 24
Responsibilities TODAY Seeking to understand stakeholder expectations and evaluating
effectiveness in meeting those expectations
Developing and demonstrating strong communication skills to effectively convey findings and recommendations
Embracing and executing a balanced risk based audit plan
Providing leadership on issues of corporate governance, fraud, risk management, internal control and financial reporting
Willing to challenge status quo, and operating as change agents
Providing a learning environment and career pathway
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 25
Useful ToolsRisk Management Evaluation Framework
Level Risk Evaluation Criteria
Level 1
Provide Clear Risk Management Policies and Procedures
Provide Clear Risk Management Corporate Governance Structures
Provide Tools and Frameworks to Train the Line to Manage Risk
Leverage Company Knowledge to Identify and Assess Risk
Focus on Both the Upside and Downside of Risk to optimize Strategic Risk Taking
Prioritize Risk Based on Probability and Inherent Impact
Provide Clear Visibility into Key Risks and Mitigation Status
Aggregate Risk and Mitigation Information into a Central Database
Level 2
Prioritize Risk Based on Probability and Residual Impact
Embed Risk Considerations into Day-to-Day Planning and Decision Making
Link Risk Management to Employee Performance
Assess Effectiveness of Risk Mitigation Efforts
Coordinate Risk Assurance Activities Across the Organization
Level 3
Assess Risk Velocity to Prioritize Risk Mitigation Efforts
Formally Define Business Unit Risk Appetite as Part of the Risk Opportunity Analysis
Embed Feedback Lops for Continuous Improvement in Risk Strategy
Leverage Predictive Risk Metrics to Assess Probable impacts and Mitigation Strategies
Develop a 360-Degree View of Counterparty Risk to Pinpoint Exposure Levels
Corporate Executive Board
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 26
Risks to Consider in 2010 Risk Type Risk
Financial • Reporting integrity• Financial statements/disclosures are misstated according to accounting standards• Lack of reliability in the systems reporting key financial data
• System security vulnerabilities• Inadequate recording/oversight of financial information• Estimates are not adequate• Interest rate/market risk• Foreign currency exchange• Insufficient liquidity
• Off balance sheet risk• Transactions are not properly approved• Inability to raise capital• Asset/liability risk• Investment risk• Credit risk
Compliance • Non‐compliance with employment practices
• Environmental contamination• Record retention policy• Inability to meet contractual obligations
• Breaching existing capital requirements
• Non‐adherence to debt covenants• Data used to support compliance is unreliable
• Adherence to pension planrequirements• Insider trading• Safety health privacy violations• Fraud
Strategic • Strategic alliances• Strategic planning does not consider external impacts• New products and services• Customer demand shortfall
• Competitive pressure• Loss of key customers• Counterparty failures• Customer pricing pressure• Disruptive technologies
• Litigious trends and judicial uncertainty• Reputation risk• Insufficient governance structure and practices
Operational • Loss of key personnel• Obsolete technology• Insufficient informationtechnology governance• Inadequate development effectiveness
• Natural disasters• Acts of terror• Third‐party outsourcing• Security breaches• Lack of business continuity /disaster recovery planning
• Service quality• Project/change management• Business disruption/system failures
• Lack of sufficient contractual oversight
• Process control risk
Grant Thornton,
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 27
Final Thoughts
Risks facing our organizations are unprecedented and stakeholders’ expectations continue to increase
Internal audit profession has an opportunity to step forward to be a key player in Governance and Risk Management
Individual practitioners and organizations must ‘raise the bar’ to most effectively represent and advocate for strong governance and risk management
Addressing Current Governance and Risk Management Challenges in Governmental and International Organizations. Alan N. Siegfried 28
Final Thoughts
Hindsight
Insight
Foresight
Value
Focus
top related