The role of auditing in the erm process
•Download as PPT, PDF•
2 likes•762 views
Internal Audit
Recommended
More Related Content
What's hot
What's hot (19)
Viewers also liked
Viewers also liked (10)
Similar to The role of auditing in the erm process
Similar to The role of auditing in the erm process (20)
More from Salih Islam
More from Salih Islam (20)
Recently uploaded
Recently uploaded (20)
The role of auditing in the erm process
- 2. The Role of Auditing in the ERM Process
- 3. Agenda • Background • Enterprise risk management • Internal audit and ERM • NAIC risk-focused surveillance framework • Conclusion
- 4. An Initial ERM Comment • You don’t become a famous writer by… – Reading a book – Reading about other authors – Watching someone else write • Similarly, you don’t become an “Enterprise Risk Manager” by… – Reading a book – Taking a course – Listening to a presentation
- 5. Rather, ERM is… A complex process… … involving broad-based and in-depth knowledge and understanding,… … requiring an appropriate corporate culture, … … and creativity… … born of a variety of experiences… … and insatiable curiosity.
- 6. ERM Definition from IIA From Position Statement, The Institute of Internal Auditors: ERM “is a structured, consistent and continuous process across the whole organization for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievements of its objectives.”
- 7. Steps in the Risk Management Process • Determine the corporation’s objectives • Identify the risk exposures • Quantify the exposures • Assess the impact • Examine alternative risk management tools • Select appropriate risk management approach • Implement and monitor program
- 8. Enterprise Risk Management • Or “Enterprise Risk and Assurance Management” • What is ERM? – Concerned with a broad financial and operating perspective – Recognizes interdependencies among corporate, financial, and environmental factors – Strives to determine and implement an optimal strategy to achieve the primary objectives: e.g., maximize the value of the firm
- 9. Evolution of ERM • Historically: “risk silo” mentality • Mid-1990s: – First “Chief Risk Officer” – First use of ERM terminology • Late-1990s: – Risk-related regulatory requirements (e.g., Turnbull) – Earnings protection insurance debuts • 2001: – September 11 – Corporate scandals – Beginning of efforts to improve corporate governance (e.g., Sarbanes-Oxley)
- 10. A Paradigm Shift Traditional • Risks managed in silos • Concentrates on physical hazards and financial risks • Insurance orientation • Ad hoc / one-off projects Emerging • Centralized mgt., with exec-level coordination • Integrated consideration of all risks, firm-wide • Opportunities for hedging, diversification • Continuous and embedded
- 11. Current State • Findings from various surveys – An acknowledged need to improve risk management – A recognition that a holistic approach is appropriate and preferable – ERM can improve overall capital management and thus enhance corporate value and competitiveness – A variety of approaches to improving risk management – There are still problems to overcome
- 12. Types of Risks • Operational – Hazard – Physical • Strategic – Capital / resource allocation – Industry / competitors • Technological – Databases – Security – Confidential information • Stakeholder • Legal – Compliance – Regulatory • Financial – Capital markets – Credit risks – Taxes • Human capital – Retention – Training • Reputational
- 13. Issues in ERM Implementation • Different corporate cultures require different ERM approaches • Who is going to be the ERM champion within the company – Among senior executives – Among departments / functions • How to embed a risk management culture and responsibilities throughout the firm
- 14. Components of the ERM Process • Determine corporate objectives • Risk identification – Goal: comprehensiveness – E.g., self-assessment Impact • Risk measurement – Volatility measures – Value at Risk (VaR) Likelihood Size of loss Likelihood
- 15. Components of ERM (cont.) • Assessing the impact – Stress or scenario testing – Stochastic simulation • Examine and select alternative risk management tools and techniques – Traditional risk transfer – Natural hedging / diversification – Integration of risks E.g., “dynamic financial analysis”
- 16. Keys to Success in ERM • Senior management commitment and sponsorship • Embed a “risk management culture” in the corporation at the operational level • Provide for accountability, both specific and widespread • Clearly defined responsibilities for coordination and maintenance • Adequate communication
- 17. Internal Audit and ERM Overview • Provide independent and objective assurance for Board on effectiveness of ERM – Identify/assess/manage key risks – Internal controls • IA has assurance and consulting roles – Function of other resources – Relative time/effort between roles may vary among firms and over time
- 18. Internal Audit and ERM “The Role of Internal Auditing in Enterprise-wide Risk Management” - The Institute of Internal Auditors Core Roles • Assurance regarding, and evaluation of, the risk management process – Risk reporting, evaluation, management • Assurance regarding handling of key risks
- 19. Internal Audit and ERM (cont.) “The Role of Internal Auditing in Enterprise-wide Risk Management” - The Institute of Internal Auditors NOT Roles • Establishment of “risk appetite” • Imposing / implementing risk responses / management
- 20. Internal Audit and ERM (cont.) “The Role of Internal Auditing in Enterprise-wide Risk Management” - The Institute of Internal Auditors Possible Roles • Facilitating risk management – Identification, evaluation, championing • Coordinating ERM • “Developing risk management strategy for board approval”
- 21. NAIC “Risk-Focused Surveillance Framework” Main Objectives • Focus on areas posing greatest risk to solvency • Focus on “the assessment of governance structure, corporate culture, and management processes in insurance companies to identify, assess and manage (where manage is defined as measurement, mitigation and monitoring) risk”
- 22. NAIC (cont.) Risk Classifications • Credit • Market • Pricing and underwriting • Reserving • Liquidity • Operational • Legal • Strategic • Reputation
- 23. NAIC (cont.)
- 24. Conclusion “The revolutionary idea that defines the boundary between modern times and the past is the mastery of risk” - Peter Bernstein, Against the Gods