Your SlideShare is downloading. ×
0
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ken Kurdziel: Enterprise Risk Management

485

Published on

Published in: Economy & Finance, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
485
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
50
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Understand the concept of enterprise risk managementApply examples of a well-defined risk assessment program to your organizationArticulate benefits of a risk assessment program
  • The process of identifying and analyzing relevant risk from an integrated, organization-wide perspectiveThe concept is designed to identify potential events that may prevent an organization from achieving its operation, financial and compliance objectives------Over a decade ago, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued “Internal Control – Integrated Framework” to help businesses and other entities assess and enhance their internal control systems.Recent years have seen heightened concern and focus on risk management. In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers (PWC)to develop framework that would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management. The period of the framework’s development was marked by a series of high-profile business scandals and failures.The underlying premise of enterprise risk management is that every entity exists to providevalue for its stakeholders. All entities face uncertainty, and the challenge for management isto determine how much uncertainty to accept as it strives to grow stakeholder value.Uncertainty presents both risk and opportunity, with the potential to erode or enhance value.Enterprise risk management enables management to effectively deal with uncertainty andassociated risk and opportunity, enhancing the capacity to build value.Enterprise riskmanagement helps ensure effective reporting and compliance with laws and regulations, andhelps avoid damage to the entity's reputation and associated consequences. In sum, enterpriserisk management helps an entity get to where it wants to go and avoid pitfalls and surprisesalong the way.
  • Key terms to note when evaluating risk in an organization:Likelihood/occurrenceImpact/consequences to the nonprofit or association
  • This risk considers the level of use, sophistication, complexity, robustness, ease of use and speed and accuracy of recovery/replacement of systemsAddresses the overall importance of technology within the organization and the availability and quality of information the organization can access to support decision-making and the security of key information
  • The risk that the organization’s financial reporting is inaccurate, incomplete or untimely due to a variety of factors including the pace of change, the amount of uncertainty, the presence of a large error, or the pressure on management to meet investor expectations
  • The organization provides or relies on outsiders to provide processing activities supporting the delivery of services or products to their customersThis risk addresses barriers to the timeliness, accuracy, authorization and completeness of these processing activities
  • The process of identifying and analyzing relevant risk from an integrated, organization-wide perspectiveThe concept is designed to indentify potential events that may prevent an organization from achieving its operation, financial and compliance objectives
  • Addresses the type of behaviors encouraged by managementThe methods used to reward employeesThe approach to consistently enforce policies and proceduresThe selection, screening and training of employeesThe reason for and frequency of turnovers
  • The organization is subject to a variety of federal, state and local laws, regulations and directives or accreditation agenciesFailure to follow prescribed directives may result in substantial fines, restrictions, loss of business, and/or legal action taken by regulations.
  • Need notes…
  • Obtain strong, visible support from senior management and/or the BODDedicate a cross-functional group to drive the implementation and continue to push it in the operational phaseClosely link ERM to key strategic/financial objectives and to the business planning processIntroduce ERM as an enhancement to well-accepted processes—not a standalone process
  • In order to complete a successful ERM program you need to:Establish goals and objectivesIdentify risksAnalyze risksEvaluate the risksAddress the risks
  • Each process within the functional unit is evaluated for cumulative impact and organizational vulnerability using a 3-point scale
  • Identify risk factors and assign weighted risk scores. Utilize a risk multiplier to calculate your average risk scores (Low, Moderate, High)Identify objective/assets/auditable activitiesAnalyze the risks by considering their likelihood and consequence/impactAssign ratings to the risksReview with the BODs, senior management, and outside advisorsUse ranking to develop risk mitigation and action plans (involve line managers in ERM process and roll up firm initiatives to the BODs and senior management)
  • Goals/outcomeStrong and long-lasting donor relationshipsContinuity of programs and serviceInfrastructure to capture and manage donor databaseIdentified RisksLoss of reputationComplexity of giving instrumentsMissed opportunity; wealth transferConflict between development and financeOnline capabilities
  • Goals/outcomeStrong and long-lasting donor relationshipsContinuity of programs and serviceInfrastructure to capture and manage donor databaseIdentified RisksLoss of reputationComplexity of giving instrumentsMissed opportunity; wealth transferConflict between development and financeOnline capabilities
  • Nonprofits need to understand the overall inherent levels of risk embedded within their processes and activitiesIt is important for the organization to then recognize and prioritize significant risks and identify the weakest critical controls
  • GovernanceHow engaged are your BOD members?How effective are BOD members in aligning themselves with the organization’s strategy and short/long-term goals?Do they have the right skills sets?Do they stay up-to-date with current events that may or may not affect their organization/industry?
  • Transcript

    • 1. EnterpriseRiskManagement www.strangeoldpictures.com
    • 2. Ken Kurdziel, CPA | Partner Ken@jmco.com
    • 3. JERRY SANDUSKY
    • 4. Objectives• Understand the concept of enterprise risk management• Apply examples of a well-defined risk assessment program to your organization• Articulate benefits of a risk assessment program EnterpriseRiskManagement
    • 5. Enterprise Risk Management Defined• The process of identifying and analyzing relevant risk from an integrated, organization-wide perspective• The concept is designed to identify potential events that may prevent an organization from achieving its operation, financial and compliance objectives EnterpriseRiskManagement
    • 6. Risk: Definition“The uncertainty of an event occurring thatcould have an impact on the achievement ofobjectives.” – Institute of Internal Auditors (IIA) EnterpriseRiskManagement
    • 7. Risk: Key TermsKey terms to note when evaluating riskin an organization: – Likelihood/occurrence – Impact/consequences to the nonprofit or association EnterpriseRiskManagement
    • 8. Types of RiskTechnology Financial Operations Reputation Human Strategic Compliance Donors Capital EnterpriseRiskManagement
    • 9. Types of Risk: TechnologyEnterpriseRiskManagement
    • 10. Types of Risk: Financial www.slidegeeks.comEnterpriseRiskManagement
    • 11. Types of Risk: OperationalEnterpriseRiskManagement
    • 12. Types of Risk: ReputationsEnterpriseRiskManagement
    • 13. Types of Risk: StrategicEnterpriseRiskManagement
    • 14. Types of Risk: Human CapitalEnterpriseRiskManagement
    • 15. Types of Risk: ComplianceEnterpriseRiskManagement
    • 16. Types of Risk: DonorsEnterpriseRiskManagement
    • 17. Attributes For Implementing A Successful Enterprise Risk Program• Obtain strong, visible support from senior management and/or the Board of Directors• Dedicate a cross-functional group to drive the implementation and continue to push it in the operational phase• Closely link ERM to key strategic/financial objectives and to the business planning process• Introduce ERM as an enhancement to well- accepted processes—not a standalone process EnterpriseRiskManagement
    • 18. Risk Assessment Activities Establish goals and objectives Identify risks Analyze risks Evaluate the risks Address the risksEnterpriseRiskManagement
    • 19. Nonprofit Risk Universe Governance Performance goals and results Information technology/network security/data privacy Human resources Succession planning Donor demographics Safety and security Business continuity Financial reporting/grantEnterpriseRiskManagement
    • 20. Evaluation Criteria Area of Focus Impact Vulnerability Scale• Financial • Control efficiency & Operating effectiveness • High Risk• Stakeholder • Speed of response • Moderate Risk• Reputation • Complexity • Low Risk• Legal/Regulatory • People• Operations • Operational efficiency • System change • Rate of change EnterpriseRiskManagement
    • 21. Risk Scoring During The Risk Assessment ProcessLow Moderate High EnterpriseRiskManagement
    • 22. Donor Demographic Identified RisksGoals & OutcomeEnterpriseRiskManagement
    • 23. ResultsEnterpriseRiskManagement
    • 24. Heat MapEnterpriseRiskManagement
    • 25. Resources &EnterpriseRiskManagement
    • 26. Risk Management: Justification & Benefits Weak Controlswww.imgobject.com EnterpriseRiskManagement
    • 27. Risk Management: Justification & Benefits: Governancewww.imgobject.com EnterpriseRiskManagement
    • 28. Vulnerability Criteriawww.imgobject.com EnterpriseRiskManagement
    • 29. Impact Criteriawww.imgobject.com EnterpriseRiskManagement
    • 30. Questions:Ken Kurdziel, CPA | Partner Ken@jmco.com

    ×