EnterpriseRiskManagement                   www.strangeoldpictures.com
Ken Kurdziel, CPA | Partner     Ken@jmco.com
JERRY SANDUSKY
Objectives• Understand the concept of enterprise risk  management• Apply examples of a well-defined risk  assessment progr...
Enterprise Risk           Management Defined• The process of identifying and analyzing  relevant risk from an integrated, ...
Risk: Definition“The uncertainty of an event occurring thatcould have an impact on the achievement ofobjectives.”         ...
Risk: Key TermsKey terms to note when evaluating riskin an organization:  – Likelihood/occurrence  – Impact/consequences t...
Types of RiskTechnology    Financial   Operations    Reputation               Human Strategic                Compliance   ...
Types of Risk: TechnologyEnterpriseRiskManagement
Types of Risk: Financial                   www.slidegeeks.comEnterpriseRiskManagement
Types of Risk: OperationalEnterpriseRiskManagement
Types of Risk: ReputationsEnterpriseRiskManagement
Types of Risk: StrategicEnterpriseRiskManagement
Types of Risk: Human CapitalEnterpriseRiskManagement
Types of Risk: ComplianceEnterpriseRiskManagement
Types of Risk: DonorsEnterpriseRiskManagement
Attributes For Implementing A            Successful Enterprise Risk Program• Obtain strong, visible support from senior  m...
Risk Assessment Activities   Establish goals and objectives           Identify risks           Analyze risks         Evalu...
Nonprofit Risk Universe                    Governance            Performance goals and results           Information techn...
Evaluation Criteria                            Area of Focus       Impact                          Vulnerability          ...
Risk Scoring During The       Risk Assessment ProcessLow          Moderate            High      EnterpriseRiskManagement
Donor Demographic                  Identified RisksGoals & OutcomeEnterpriseRiskManagement
ResultsEnterpriseRiskManagement
Heat MapEnterpriseRiskManagement
Resources         &EnterpriseRiskManagement
Risk Management:                     Justification & Benefits                                        Weak Controlswww.imgo...
Risk Management:                     Justification & Benefits:                     Governancewww.imgobject.com   Enterpris...
Vulnerability Criteriawww.imgobject.com   EnterpriseRiskManagement
Impact Criteriawww.imgobject.com   EnterpriseRiskManagement
Questions:Ken Kurdziel, CPA | Partner     Ken@jmco.com
Upcoming SlideShare
Loading in …5
×

Ken Kurdziel: Enterprise Risk Management

754 views

Published on

Published in: Economy & Finance, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
754
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
52
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Understand the concept of enterprise risk managementApply examples of a well-defined risk assessment program to your organizationArticulate benefits of a risk assessment program
  • The process of identifying and analyzing relevant risk from an integrated, organization-wide perspectiveThe concept is designed to identify potential events that may prevent an organization from achieving its operation, financial and compliance objectives------Over a decade ago, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued “Internal Control – Integrated Framework” to help businesses and other entities assess and enhance their internal control systems.Recent years have seen heightened concern and focus on risk management. In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers (PWC)to develop framework that would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management. The period of the framework’s development was marked by a series of high-profile business scandals and failures.The underlying premise of enterprise risk management is that every entity exists to providevalue for its stakeholders. All entities face uncertainty, and the challenge for management isto determine how much uncertainty to accept as it strives to grow stakeholder value.Uncertainty presents both risk and opportunity, with the potential to erode or enhance value.Enterprise risk management enables management to effectively deal with uncertainty andassociated risk and opportunity, enhancing the capacity to build value.Enterprise riskmanagement helps ensure effective reporting and compliance with laws and regulations, andhelps avoid damage to the entity's reputation and associated consequences. In sum, enterpriserisk management helps an entity get to where it wants to go and avoid pitfalls and surprisesalong the way.
  • Key terms to note when evaluating risk in an organization:Likelihood/occurrenceImpact/consequences to the nonprofit or association
  • This risk considers the level of use, sophistication, complexity, robustness, ease of use and speed and accuracy of recovery/replacement of systemsAddresses the overall importance of technology within the organization and the availability and quality of information the organization can access to support decision-making and the security of key information
  • The risk that the organization’s financial reporting is inaccurate, incomplete or untimely due to a variety of factors including the pace of change, the amount of uncertainty, the presence of a large error, or the pressure on management to meet investor expectations
  • The organization provides or relies on outsiders to provide processing activities supporting the delivery of services or products to their customersThis risk addresses barriers to the timeliness, accuracy, authorization and completeness of these processing activities
  • The process of identifying and analyzing relevant risk from an integrated, organization-wide perspectiveThe concept is designed to indentify potential events that may prevent an organization from achieving its operation, financial and compliance objectives
  • Addresses the type of behaviors encouraged by managementThe methods used to reward employeesThe approach to consistently enforce policies and proceduresThe selection, screening and training of employeesThe reason for and frequency of turnovers
  • The organization is subject to a variety of federal, state and local laws, regulations and directives or accreditation agenciesFailure to follow prescribed directives may result in substantial fines, restrictions, loss of business, and/or legal action taken by regulations.
  • Need notes…
  • Obtain strong, visible support from senior management and/or the BODDedicate a cross-functional group to drive the implementation and continue to push it in the operational phaseClosely link ERM to key strategic/financial objectives and to the business planning processIntroduce ERM as an enhancement to well-accepted processes—not a standalone process
  • In order to complete a successful ERM program you need to:Establish goals and objectivesIdentify risksAnalyze risksEvaluate the risksAddress the risks
  • Each process within the functional unit is evaluated for cumulative impact and organizational vulnerability using a 3-point scale
  • Identify risk factors and assign weighted risk scores. Utilize a risk multiplier to calculate your average risk scores (Low, Moderate, High)Identify objective/assets/auditable activitiesAnalyze the risks by considering their likelihood and consequence/impactAssign ratings to the risksReview with the BODs, senior management, and outside advisorsUse ranking to develop risk mitigation and action plans (involve line managers in ERM process and roll up firm initiatives to the BODs and senior management)
  • Goals/outcomeStrong and long-lasting donor relationshipsContinuity of programs and serviceInfrastructure to capture and manage donor databaseIdentified RisksLoss of reputationComplexity of giving instrumentsMissed opportunity; wealth transferConflict between development and financeOnline capabilities
  • Goals/outcomeStrong and long-lasting donor relationshipsContinuity of programs and serviceInfrastructure to capture and manage donor databaseIdentified RisksLoss of reputationComplexity of giving instrumentsMissed opportunity; wealth transferConflict between development and financeOnline capabilities
  • Nonprofits need to understand the overall inherent levels of risk embedded within their processes and activitiesIt is important for the organization to then recognize and prioritize significant risks and identify the weakest critical controls
  • GovernanceHow engaged are your BOD members?How effective are BOD members in aligning themselves with the organization’s strategy and short/long-term goals?Do they have the right skills sets?Do they stay up-to-date with current events that may or may not affect their organization/industry?
  • Ken Kurdziel: Enterprise Risk Management

    1. 1. EnterpriseRiskManagement www.strangeoldpictures.com
    2. 2. Ken Kurdziel, CPA | Partner Ken@jmco.com
    3. 3. JERRY SANDUSKY
    4. 4. Objectives• Understand the concept of enterprise risk management• Apply examples of a well-defined risk assessment program to your organization• Articulate benefits of a risk assessment program EnterpriseRiskManagement
    5. 5. Enterprise Risk Management Defined• The process of identifying and analyzing relevant risk from an integrated, organization-wide perspective• The concept is designed to identify potential events that may prevent an organization from achieving its operation, financial and compliance objectives EnterpriseRiskManagement
    6. 6. Risk: Definition“The uncertainty of an event occurring thatcould have an impact on the achievement ofobjectives.” – Institute of Internal Auditors (IIA) EnterpriseRiskManagement
    7. 7. Risk: Key TermsKey terms to note when evaluating riskin an organization: – Likelihood/occurrence – Impact/consequences to the nonprofit or association EnterpriseRiskManagement
    8. 8. Types of RiskTechnology Financial Operations Reputation Human Strategic Compliance Donors Capital EnterpriseRiskManagement
    9. 9. Types of Risk: TechnologyEnterpriseRiskManagement
    10. 10. Types of Risk: Financial www.slidegeeks.comEnterpriseRiskManagement
    11. 11. Types of Risk: OperationalEnterpriseRiskManagement
    12. 12. Types of Risk: ReputationsEnterpriseRiskManagement
    13. 13. Types of Risk: StrategicEnterpriseRiskManagement
    14. 14. Types of Risk: Human CapitalEnterpriseRiskManagement
    15. 15. Types of Risk: ComplianceEnterpriseRiskManagement
    16. 16. Types of Risk: DonorsEnterpriseRiskManagement
    17. 17. Attributes For Implementing A Successful Enterprise Risk Program• Obtain strong, visible support from senior management and/or the Board of Directors• Dedicate a cross-functional group to drive the implementation and continue to push it in the operational phase• Closely link ERM to key strategic/financial objectives and to the business planning process• Introduce ERM as an enhancement to well- accepted processes—not a standalone process EnterpriseRiskManagement
    18. 18. Risk Assessment Activities Establish goals and objectives Identify risks Analyze risks Evaluate the risks Address the risksEnterpriseRiskManagement
    19. 19. Nonprofit Risk Universe Governance Performance goals and results Information technology/network security/data privacy Human resources Succession planning Donor demographics Safety and security Business continuity Financial reporting/grantEnterpriseRiskManagement
    20. 20. Evaluation Criteria Area of Focus Impact Vulnerability Scale• Financial • Control efficiency & Operating effectiveness • High Risk• Stakeholder • Speed of response • Moderate Risk• Reputation • Complexity • Low Risk• Legal/Regulatory • People• Operations • Operational efficiency • System change • Rate of change EnterpriseRiskManagement
    21. 21. Risk Scoring During The Risk Assessment ProcessLow Moderate High EnterpriseRiskManagement
    22. 22. Donor Demographic Identified RisksGoals & OutcomeEnterpriseRiskManagement
    23. 23. ResultsEnterpriseRiskManagement
    24. 24. Heat MapEnterpriseRiskManagement
    25. 25. Resources &EnterpriseRiskManagement
    26. 26. Risk Management: Justification & Benefits Weak Controlswww.imgobject.com EnterpriseRiskManagement
    27. 27. Risk Management: Justification & Benefits: Governancewww.imgobject.com EnterpriseRiskManagement
    28. 28. Vulnerability Criteriawww.imgobject.com EnterpriseRiskManagement
    29. 29. Impact Criteriawww.imgobject.com EnterpriseRiskManagement
    30. 30. Questions:Ken Kurdziel, CPA | Partner Ken@jmco.com

    ×