Your SlideShare is downloading. ×
0
ERM and SIX Sigma

                                               Auditing within the ERM Framework
                      ...
What is Six Sigma?




           2/16/2006                                  ERM and Six Sigma (c), Michael Vincent, MBA, ...
Definition

                         A business driven, repeatable
                         process      for     quantifyi...
Overview
           n    Overall it is a problem solving methodology, that includes :
                 ¨     Understanding...
Six Sigma versus Three Sigma Philosophies
                       The 3 Sigma Company                                      ...
Six Sigma Flow

                            Real World Problem
                              or Performance               ...
The Process




           2/16/2006                                  ERM and Six Sigma (c), Michael Vincent, MBA, CISA, P...
DMAIC

           n Define
           n Measure
           n Analyze
           n Implement
           n Control



      ...
DMAIC: Why this structure?
              It is a scientific approach to rapid learning that is
               designed to ...
The 5 (or more) ‘Whys’
                                      Complaints about Room Service
            WHY ?
             ...
The overall structure




                                                                                                ...
DMAIC - Define

           n Customer
           n Customer  Needs
           n Project Team
           n Build Trust
    ...
Understand the Current Process
              n    Definition of Process :
                   a series of actions or operat...
Document the Current Process
              Process mapping is a graphical
                representation of all process st...
DMAIC - Measure
                  n    Identify metrics
                  n    Develop precision
                       re...
DMAIC - Analyze
                n      Identify and correlate
                       statistically significant
           ...
DMAIC - Improve
          n    Confirm causal relationship is statistically significant
          n    Identify factors th...
DMAIC - Control
          n    Identify controls that will
               maintain calibrations at their
               de...
What is ERM?




           2/16/2006                                  ERM and Six Sigma (c), Michael Vincent, MBA, CISA, ...
Definition

                         ‘Enterprise risk management is a process,
                         effected by an ent...
ERM Framework
           n    Internal Environment
           n    Objective Setting
           n    Event Identification
...
ERM must link to Enterprise
           Objectives
           n Organizational Objectives
           n Organizational Strat...
ERM: Still In Infancy
           n    Current Status: ERM is still in infancy with
                regard to practical app...
Hey…You got ERM in my Six
           Sigma!




           2/16/2006                                  ERM and Six Sigma (c...
Proposal: Quality Methodology
           Metrics can be input into ERM
           n    Where to Begin
           n    Gath...
Proposal: Quality Methodology
           Metrics can be input into ERM
           n    Where to Begin
           n    Gath...
Where to Begin
           n    Note: This Process requires support of senior management.
           n    Develop Program
 ...
Proposal: Quality Methodology
           Metrics can be input into ERM
           n    Where to Begin
           n    Gath...
Gathering Information
           n    Identify process owners
           n    Conduct CSAs
           n    Perform “Define...
Proposal: Quality Methodology
           Metrics can be input into ERM
           n    Where to Begin
           n    Gath...
Storing the Data
           n    Store all gathered information in a centralized
                location
           n    ...
Proposal: Quality Methodology
           Metrics can be input into ERM
           n    Where to Begin
           n    Gath...
Risk Assessment
           n    Using Inventory of CTQs
                 ¨ Work           with process owners, senior mana...
Proposal: Quality Methodology
           Metrics can be input into ERM
           n    Where to Begin
           n    Gath...
Issue Management
           n    For CTQs that are not mitigated, measured, or
                defined appropriately
     ...
Proposal: Quality Methodology
           Metrics can be input into ERM
           n    Where to Begin
           n    Gath...
Continuous Monitoring: Information
           and Communication
           n    Using CTQ/KPI metrics at multiple levels o...
Proposal: Quality Methodology
           Metrics can be input into ERM
           n    Where to Begin
           n    Gath...
Reaping the Results
           n    Fully Implemented ERM methodology using Six Sigma techniques can:
                 ¨  ...
Questions?




           2/16/2006                                  ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PM...
Upcoming SlideShare
Loading in...5
×

ERM and SIX Sigma

465

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
465
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
37
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "ERM and SIX Sigma"

  1. 1. ERM and SIX Sigma Auditing within the ERM Framework using Six Sigma Tools : Merging Two Philosophies By Michael Vincent, MBA, CISA, PMP PDF created with pdfFactory Pro trial version www.pdffactory.com
  2. 2. What is Six Sigma? 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 2 PDF created with pdfFactory Pro trial version www.pdffactory.com
  3. 3. Definition A business driven, repeatable process for quantifying, analyzing, implementing, and sustaining customer-driven strategic, operational, and financial business goals. 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 3 PDF created with pdfFactory Pro trial version www.pdffactory.com
  4. 4. Overview n Overall it is a problem solving methodology, that includes : ¨ Understanding and Defining Customers ¨ Understanding and Defining Problems ¨ Using State of the Art Detective Work Tools (this includes some Applied Statistics) to determine the Root Cause of the Problems ¨ Proposing solutions based on the detective work data ¨ Making changes to prevent the root cause from occurring again ¨ Monitoring the process for further improvements and ever-changing customer requirements 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 4 PDF created with pdfFactory Pro trial version www.pdffactory.com
  5. 5. Six Sigma versus Three Sigma Philosophies The 3 Sigma Company The 6 Sigma Company Believes 99% is good and is 99% Believes 99% is bad and is 99.9997% Good … 66,807 defects out of a Good … 3.4 defects out of a million million opportunities opportunities Relies on inspection Relies on capable processes Believes high quality is expensive Knows high quality means low cost Defines customer needs internally Defines customer needs externally Spends 15% to 25% of revenue Spends 5% of revenue dollars on cost dollars on cost of failure of failure Does not have a disciplined approach Uses a structured approach to gather, to gather and analyze data analyze, and identify improvements through metrics 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 5 PDF created with pdfFactory Pro trial version www.pdffactory.com
  6. 6. Six Sigma Flow Real World Problem or Performance Statistical Problem Issue Practical, Real World Statistical Solution Solutions 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 6 PDF created with pdfFactory Pro trial version www.pdffactory.com
  7. 7. The Process 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 7 PDF created with pdfFactory Pro trial version www.pdffactory.com
  8. 8. DMAIC n Define n Measure n Analyze n Implement n Control 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 8 PDF created with pdfFactory Pro trial version www.pdffactory.com
  9. 9. DMAIC: Why this structure? It is a scientific approach to rapid learning that is designed to help prevent a common tendency : Jumping to Conclusions/Solutions Some Examples: ¨ Solutions that do not fix anything (get out the bigger whip) ¨ Treating the Symptoms (the Whack-a-Mole Game) 2/16/2006 ¨ The 5 (or more) Whys … (next slide) ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 9 PDF created with pdfFactory Pro trial version www.pdffactory.com
  10. 10. The 5 (or more) ‘Whys’ Complaints about Room Service WHY ? Cold Food delivered by Room Service WHY ? Delivery Process was taking too long WHY ? Long Delays Waiting for Service Elevator WHY ? Heavier elevator use by housekeeping WHY ? Housekeeping was frequently restocking towels Laundry’s washing process was not completed on time WHY ? Necessary supplies not available WHY ? Vender shipment was late again WHY ? … etc. 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 10 PDF created with pdfFactory Pro trial version www.pdffactory.com
  11. 11. The overall structure Outputs A Identify the B Understand the •CTQs/Ys Define Customers and Current Process •Project Charter their needs and the Problems •Process Map Measure Analyze and Improve The Process C Gather Subjective D Gather Objective Knowledge of the Knowledge of the •Increased Process is Knowledge Continuous Team Process Outputs •The Root Causes •Solutions that fix the Based on E F Root Causes the Use Objective Test (Pilot) •A tested Solution established Knowledge to Solutions Identify Solutions Process Metrics Outputs G H Control Change Process Monitor for future •Improved Process to permanently fix improvements and •Process Controls Root Causes customer changes •Process Metrics 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 11 PDF created with pdfFactory Pro trial version www.pdffactory.com
  12. 12. DMAIC - Define n Customer n Customer Needs n Project Team n Build Trust n Scope 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 12 PDF created with pdfFactory Pro trial version www.pdffactory.com
  13. 13. Understand the Current Process n Definition of Process : a series of actions or operations conducing to an end n When applying to Six Sigma : The OUTPUT(s) of a PROCESS is a function of the INPUT(s) Y = f (X1, X2, X3, X4, … ) The INTPUT(s): The OUTPUT(s): Xs Ys THE PROCESS: CTQs Independent A Series of Steps Dependent Causes Effects Explanation Response Processes are Everywhere ! 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 13 PDF created with pdfFactory Pro trial version www.pdffactory.com
  14. 14. Document the Current Process Process mapping is a graphical representation of all process steps There are always 3 versions : What you THINK it is What it ACTUALLY is What you WANT it to be B Understand the Current Process and the Problems 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 14 PDF created with pdfFactory Pro trial version www.pdffactory.com
  15. 15. DMAIC - Measure n Identify metrics n Develop precision requirements n Identify success criteria of process n Identify tools n Data, Data, and more data 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 15 PDF created with pdfFactory Pro trial version www.pdffactory.com
  16. 16. DMAIC - Analyze n Identify and correlate statistically significant potential causation n Intense statistical deducing n Avoid influencing process while observing n Determine ‘Correlation’ of processes 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 16 PDF created with pdfFactory Pro trial version www.pdffactory.com
  17. 17. DMAIC - Improve n Confirm causal relationship is statistically significant n Identify factors that significantly influence process towards customer driven success expectations. n Verify that calibrations made to factors significantly influence process towards customer driven success factors n Maximize calibrations to their most efficient and effective levels based on customer driven success factors 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 17 PDF created with pdfFactory Pro trial version www.pdffactory.com
  18. 18. DMAIC - Control n Identify controls that will maintain calibrations at their desired levels n Develop monitoring process for controls n Develop fault-tolerances and response mechanisms n Document the process n Develop continual process improvement methodology n Develop a feedback mechanism 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 18 PDF created with pdfFactory Pro trial version www.pdffactory.com
  19. 19. What is ERM? 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 19 PDF created with pdfFactory Pro trial version www.pdffactory.com
  20. 20. Definition ‘Enterprise risk management is a process, effected by an entity’s board of directors, management, and other personnel, applied in a strategy setting and across the enterprise, designed to identify events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of the entity objectives.’ – COSO Definition 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 20 PDF created with pdfFactory Pro trial version www.pdffactory.com
  21. 21. ERM Framework n Internal Environment n Objective Setting n Event Identification n Risk Assessment n Risk Response n Control Activities n Information and Communication n Monitoring 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 21 PDF created with pdfFactory Pro trial version www.pdffactory.com
  22. 22. ERM must link to Enterprise Objectives n Organizational Objectives n Organizational Strategies n Organizational Metrics n Functional Objectives n Functional Strategies n Functional Processes n Functional Metrics 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 22 PDF created with pdfFactory Pro trial version www.pdffactory.com
  23. 23. ERM: Still In Infancy n Current Status: ERM is still in infancy with regard to practical application n Reason: Difficult to ascertain metrics required to develop risk profile at enterprise level ¨ COSO 1 Implementation is in silos and generally only in limited financial risks n Unknown-Unknown: Risk Appetite of Organizations n Missing Link for Auditors: How to Gather this Information 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 23 PDF created with pdfFactory Pro trial version www.pdffactory.com
  24. 24. Hey…You got ERM in my Six Sigma! 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 24 PDF created with pdfFactory Pro trial version www.pdffactory.com
  25. 25. Proposal: Quality Methodology Metrics can be input into ERM n Where to Begin n Gathering the Information n Storing the Data n Risk Assessment n Issue Management n Continuous Monitoring : Information and Communication n Reaping Results 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 25 PDF created with pdfFactory Pro trial version www.pdffactory.com
  26. 26. Proposal: Quality Methodology Metrics can be input into ERM n Where to Begin n Gathering the Information n Storing the Data n Risk Assessment n Issue Management n Continuous Monitoring : Information and Communication n Reaping Results 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 26 PDF created with pdfFactory Pro trial version www.pdffactory.com
  27. 27. Where to Begin n Note: This Process requires support of senior management. n Develop Program ¨ Assign Program Manager ¨ Build Project Plan ¨ Build WBS n Identify Mission of Organization n Identify Strategies to Achieve this Mission n Identify Objectives/Functions that exist to achieve these strategies ¨ How are these measured? ¨ Metrics Objective/Subjective? ¨ Which functional groups) are responsible? ¨ What are strategic requirements of IT? n Goal: Inventory of Processes and Metrics (KPIs) at Enterprise Level ¨ Enterprise CTQs ¨ Operational/Financial CTQs ¨ IT CTQs n Identify ownership of CTQs within organization 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 27 PDF created with pdfFactory Pro trial version www.pdffactory.com
  28. 28. Proposal: Quality Methodology Metrics can be input into ERM n Where to Begin n Gathering the Information n Storing the Data n Risk Assessment n Issue Management n Continuous Monitoring : Information and Communication n Reaping Results 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 28 PDF created with pdfFactory Pro trial version www.pdffactory.com
  29. 29. Gathering Information n Identify process owners n Conduct CSAs n Perform “Define” phase of Six Sigma with each process area to refine process maps and critical metrics ¨ Gather process area metrics ¨ Gather process area process maps ¨ Gather process area narratives n Define Key Controls within each process/sub-process that support process area CTQ n Identify measurement activities using “Measure” phase of Six Sigma n Validate that Measurements are accurate and relevant with ‘Analyze’ phase of Six Sigma n Purpose: Validating that Metrics being used to support CTQs are complete, accurate, and valid n Note: IT must also have metrics (ITIL, COBIT, etc.) n Items that cannot be clearly identified are written up as issues 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 29 PDF created with pdfFactory Pro trial version www.pdffactory.com
  30. 30. Proposal: Quality Methodology Metrics can be input into ERM n Where to Begin n Gathering the Information n Storing the Data n Risk Assessment n Issue Management n Continuous Monitoring : Information and Communication n Reaping Results 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 30 PDF created with pdfFactory Pro trial version www.pdffactory.com
  31. 31. Storing the Data n Store all gathered information in a centralized location n ERM Software is abundant n Statistical Software (ex. MiniTab, ACL, etc.) can be used to analyze the stored Data n Goal: Identify and procure (build/buy) ERM software that fits framework 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 31 PDF created with pdfFactory Pro trial version www.pdffactory.com
  32. 32. Proposal: Quality Methodology Metrics can be input into ERM n Where to Begin n Gathering the Information n Storing the Data n Risk Assessment n Issue Management n Continuous Monitoring : Information and Communication n Reaping Results 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 32 PDF created with pdfFactory Pro trial version www.pdffactory.com
  33. 33. Risk Assessment n Using Inventory of CTQs ¨ Work with process owners, senior management: n Categorize risks ¨ Inherent, Residual, External, Internal, etc. n Determine likelihood and impact of each risk ¨ May require both qualitative and quantitative analysis n Identify Risk Response n Validate that controls are in place that mitigate risk ¨ Identify Issues throughout this process 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 33 PDF created with pdfFactory Pro trial version www.pdffactory.com
  34. 34. Proposal: Quality Methodology Metrics can be input into ERM n Where to Begin n Gathering the Information n Storing the Data n Risk Assessment n Issue Management n Continuous Monitoring : Information and Communication n Reaping Results 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 34 PDF created with pdfFactory Pro trial version www.pdffactory.com
  35. 35. Issue Management n For CTQs that are not mitigated, measured, or defined appropriately ¨ Working with management, define issue clearly with language that links to CTQ ¨ Each Issue is then developed by management as project to develop ¨ Revisit ERM Model once issue has been mitigated by management ¨ Issue mitigation technique requires ‘Implement’ phase of Six Sigma 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 35 PDF created with pdfFactory Pro trial version www.pdffactory.com
  36. 36. Proposal: Quality Methodology Metrics can be input into ERM n Where to Begin n Gathering the Information n Storing the Data n Risk Assessment n Issue Management n Continuous Monitoring : Information and Communication n Reaping Results 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 36 PDF created with pdfFactory Pro trial version www.pdffactory.com
  37. 37. Continuous Monitoring: Information and Communication n Using CTQ/KPI metrics at multiple levels of organization n Build Dashboard of multi-tiered CTQs using an ERM “data warehouse” ¨ Data mining ¨ Heat maps ¨ Exception Reporting ¨ Executive dashboards n This stage is developed and monitored using ‘Control’ phase of Six Sigma 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 37 PDF created with pdfFactory Pro trial version www.pdffactory.com
  38. 38. Proposal: Quality Methodology Metrics can be input into ERM n Where to Begin n Gathering the Information n Storing the Data n Risk Assessment n Issue Management n Continuous Monitoring : Information and Communication n Reaping Results 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 38 PDF created with pdfFactory Pro trial version www.pdffactory.com
  39. 39. Reaping the Results n Fully Implemented ERM methodology using Six Sigma techniques can: ¨ Clearly identify CTQs that feed enterprise KPIs ¨ Translate complex data into actionable information ¨ Develop predictive modeling infrastructure to anticipate and mitigate risks ¨ Provide a competitive advantage ¨ Provide Compliance Infrastructure for Risk Based Audits, Compliance Audits, etc. ¨ Validate inter/intra process relationships and linkage to organizational objectives ¨ Enterprise Process Improvement ¨ Raise awareness of risks to organizational objectives ¨ Direct correlation of risks to shareholder value ¨ Quantify enterprise risk appetite ¨ Assist in providing monetary metrics to CBA exercises (opportunity cost) 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 39 PDF created with pdfFactory Pro trial version www.pdffactory.com
  40. 40. Questions? 2/16/2006 ERM and Six Sigma (c), Michael Vincent, MBA, CISA, PMP 40 PDF created with pdfFactory Pro trial version www.pdffactory.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×