Your SlideShare is downloading. ×
0
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Upgrading Risk Management and Internal Control in Your Organization

801

Published on

Presentation by Vincent Tophoff, IFAC Senior Technical Manager and J. Stephen McNally, Campbell Soup Company Finance Director and Comptroller at the IMA Annual Conference and Exposition, June 2014

Presentation by Vincent Tophoff, IFAC Senior Technical Manager and J. Stephen McNally, Campbell Soup Company Finance Director and Comptroller at the IMA Annual Conference and Exposition, June 2014

Published in: Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
801
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Upgrading Risk Management and Internal Control in Your Organization J. Stephen McNally, Campbell Soup & Vincent H. Tophoff, IFAC
  • 2. Agenda
  • 3. Upgrading RM/IC in Your Organization  Current Considerations  Assessing RM/IC Maturity Stage  A Case Study  Recap & Call to Action
  • 4. Current Considerations
  • 5. Serious RM/IC Flaws • Having a compliance-only mentality • Treating risk as only negative and overlooking idea that organizations need to take risk in pursuit of their objectives • RM/IC that is overly focused on external financial reporting • Regarding RM/IC as a separate function or process • Viewing risk management as predominantly important for operations
  • 6. Bad vs. Good RM/IC Practices RM/IC as objective in itself vs. RM/IC to help achieve objectives Auditor / staff driven vs. Driven from top down Rules-based vs. Performance & principles-based Off-the-shelf systems vs. Tailored to the organization Focused on loss minimization vs. Also focused on value creation Mainly hard controls vs. Recognizing culture & attitude Imposed vs. Implemented organically Stand-alone / “bolt-on” vs. Integrated / ”built-in” Static, out-of-date vs. Dynamic, evolving Seen as overhead vs. Seen as a sound investment Abandoned vs. Integrated in governance
  • 7. 2013 COSO Internal Control Cube
  • 8. 2004 COSO ERM Cube
  • 9. COSO IC vs. COSO ERM
  • 10. ISO 31000 Principles, Framework & Process
  • 11. COSO ERM vs. ISO 31000 Many entities use both COSO ERM & ISO 31000… … Biggest challenge is that concepts are not aligned COSO ISO 31000 Lengthy vs. Short Focused on ERM vs. General approach to managing risk One cube vs. Principles, framework & process Skewed to negative vs. Risk can be positive or negative Risk already exists vs. Risk tied to achieving objectives Risk & opportunities vs. Opportunities also source of risk More sequential process vs. More iterative process
  • 12. Relation of Governance, RM & IC • How do you think that governance, risk management, and internal control are related to each other?
  • 13. Relation of Governance, RM & IC
  • 14. Assessing RM/IC Maturity Stage
  • 15. • Is not to have effective controls… • Is not to effectively manage risk… But to • Properly set & achieve your objectives • Avoid too many surprises along the way • And create sustainable value Main Objective of RM/IC
  • 16. Governance comprises the arrangements (plan, do, check, and act) put in place to ensure that the intended objectives are defined and achieved • RM/IC are integral part of that! RM/IC Integral Part of Good Governance
  • 17. Relation of Risk Management & Internal Control
  • 18. Achieving Objectives Through G/RM/IC
  • 19. RM/IC Maturity Levels
  • 20. • Use the Frameworks • Consider good practice developments • Perform gap analysis • Determine performance • Look at audit results • Analyze serious flaws • … • Continuously move to improvement! Thoughts on Assessing RM/IC Maturity
  • 21. Table Discussions • What is the maturity of risk management & internal control at your organization?
  • 22. A Case Study
  • 23. My COSO Story U.S. SOX Act 1992 COSO Cube + =
  • 24. The Evolution SOX Compliance Control Self- Assessment CFO Protocol 2004 2006 2009 • Annual site visits • Content: “Tone”, Financial, I/C • Focus: Location-specific risks • Execute “formal” procedures • Issue “trip report”
  • 25. My Challenge • First CFO Protocol ever completed • No specific guidance/ expectations • Cross-functional/ multi-location team • No “big picture” flow diagram and/or procedural documentation • No defined risks/ internal controls CFO Protocol: N/A Co-Manufacturing Operations
  • 26. Our Scope In-Scope Oversight activities to: • Identify • Select; and • Manage ongoing co-manufacturing partner relationships Out-of-Scope • Co-manufacturing partners themselves • Non-CNA businesses: o Canada o Latin America o Pepperidge Farm • Special pack business
  • 27. Our Game Plan Step 1 Obtain “big picture” overview Step 9 Step 8 Step 7 Step 6 Step 5 Step 4 Step 3 Step 2 Define testing protocol Walkthrough co-mfg processes Define key controls Identify key risks Test key controls Align findings & recommendations Issue final report Determine co-manufacturing objectives
  • 28. Co-Manufacturing Processes • New partner selection & contracts • Supply Base Quality System Assessments • Formula management & mock recalls • Cost standards & inventory management • Capital investments & fixed assets • Business continuity planning • Other
  • 29. Entity Structure = CFO Protocol Scope Entity Structure Components CNA Co-Mfg. Operations • Campbell Soup Company o Campbell North America  U.S. Retail  CNA Supply Chain ‒ Napoleon Plant • Global Procurement • Other: Legal, Quality, etc.
  • 30. Objectives Entity Structure Components CNA Co-Mfg Operations • Strategic • Operational • Internal Reporting • Compliance
  • 31. Components: Internal Environment Entity Structure Components Encompasses the tone of an organization… What is the internal philosophy and culture?
  • 32. Components: Objective Setting Entity Structure Components Objectives are a prerequisite… What are we trying to accomplish? Leverage external partners to: - Meet new Brand requirements - Optimize total delivered cost - Address supply chain capacity
  • 33. Components: Event Identification Entity Structure Components In terms of internal & external events… What could stop us from achieving our objectives? Co-Mfg Risks: - Product quality - Partner’s financial stability - Formula management - Business continuity
  • 34. Components: Risk Assessment Entity Structure Components Analyze risks to determine how they should be managed… • How good or bad are these events? • Will they really happen?
  • 35. Components: Risk Response Entity Structure Components What can we do to manage the identified risk? What are the options? • Avoid? • Accept? • Reduce? • Share? • Exploit?
  • 36. Components: Control Activities Entity Structure Components What policies & procedures should be established to manage the risks as desired? Co-Mfg. Controls: - Quality audits & mock recalls - Co-Man & D&B reporting - Formula Management - Annual BCP review & testing
  • 37. Components: Information & Communication Entity Structure Components How will we obtain information and communicate? What information is relevant to enable people to carry out their responsibilities? Co-Mfg: - Partner relationship manager - Cross-functional team meetings - Standardized reporting
  • 38. Components: Monitoring Entity Structure Components How will we know we achieved what we wanted to accomplish? What ongoing management activities and/or separate evaluations can we leverage? Co-Mfg: - Quarterly business reviews - CFO protocol visit(s) - Internal audits - SAS 70
  • 39. Recap & Call to Action
  • 40. • Serious RM/IC flaws • Frameworks and guidance can help • Climbing maturity ladder through continual improvement • Companies like Campbell’s are on this journey • What about you and your organization? Recap
  • 41. Effective RM/IC & You • How could you more effectively leverage risk management & internal control within your organization?
  • 42. • Build subject-matter-expertise regarding frameworks, standards & other guidance • Educate audit committee, C-suite, operating unit & functional management • Support line management through provision of high-quality information • Establish good RM/IC for the finance function • Champion importance of continuous RM/IC improvement Management Accountant: Call to Action
  • 43. 10 Paragon Drive, Suite 1 Montvale, New Jersey 07645-1760 U.S.A. (800) 638-4427 +1 (201) 573-9000 www.imanet.org 10 Paragon Drive, Suite 1 Montvale, New Jersey 07645-1760 U.S.A. (800) 638-4427 +1 (201) 573-9000 www.imanet.org

×