Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, at the Interagency Council on Enterprise Risk Management, in Washington, DC, January 20, 2015
Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, at the Municipal Control: A Different Contribution to Governance, in Santiago,Chile, January 2015.
This handbook is aimed at assisting those on the governing body of an organisation to: • gain clarity about the interaction of governance and risk management • avoid confusion in the responsibilities of those with an oversight role and those with an implementation role • achieve focus on embedding risk management within the strategic framework. ISO 31000:2009 Risk Management—Principles and guidelines and the related handbook, HB 436:2004 Risk management guidelines—Companion to AS/NZS ISO 31000:2009 deal with the implementation aspects of a risk management framework, and will assist entities to focus on operational risk management. Governance Institute’s publication Enterprise Risk Management1 also provides a framework for approaching the implementation of risk management. This handbook deals with the link between the deliberations of boards and their oversight of management and the alignment of risk management practices with strategic objectives throughout the organisation. This guide is not intended to advise directors on how to create an enterprise risk management system or a technical management-led risk process — these are more suited to development by management. It is intended to assist boards to integrate their governance and risk management frameworks. This in turn will assist organisations to achieve strategic focus, by providing boards with the information they need and ensuring ongoing ownership of risks by all employees in relation to achieving strategic objectives. The questions that conclude each section are included for consideration and to prompt directors’ thinking. Directors will need to decide if they are relevant to their circumstances.
IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses current trends and thinking in risk management and best practices.
Every organization needs to adapt to the ever-changing business environment. Sensing this need, we have come up with these content-ready change management PowerPoint presentation slides. These change management PPT templates will help you deal with any kind of an organizational change. Be it with people, goals or processes. The business solutions incorporated here will help you identify the organizational structure, create vision for change, implement strategies, identify resistance and risk, manage cost of change, get feedback and evaluation, and much more. With the help of various change management tools and techniques illustrated in this presentation design, you can achieve the desired business outcomes. This business transition PowerPoint design also covers certain related topics such as change model, transformation strategy, change readiness, change control, project management and business process. By implementing the change control methods mentioned in the presentation, you will be able to have a smooth transition in an organization. So, without waiting much, download our extensively researched change management framework presentation. With our Change Management Presentation slides, understand the need for change and plan to go through it without any hassles.
Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, at the Municipal Control: A Different Contribution to Governance, in Santiago,Chile, January 2015.
This handbook is aimed at assisting those on the governing body of an organisation to: • gain clarity about the interaction of governance and risk management • avoid confusion in the responsibilities of those with an oversight role and those with an implementation role • achieve focus on embedding risk management within the strategic framework. ISO 31000:2009 Risk Management—Principles and guidelines and the related handbook, HB 436:2004 Risk management guidelines—Companion to AS/NZS ISO 31000:2009 deal with the implementation aspects of a risk management framework, and will assist entities to focus on operational risk management. Governance Institute’s publication Enterprise Risk Management1 also provides a framework for approaching the implementation of risk management. This handbook deals with the link between the deliberations of boards and their oversight of management and the alignment of risk management practices with strategic objectives throughout the organisation. This guide is not intended to advise directors on how to create an enterprise risk management system or a technical management-led risk process — these are more suited to development by management. It is intended to assist boards to integrate their governance and risk management frameworks. This in turn will assist organisations to achieve strategic focus, by providing boards with the information they need and ensuring ongoing ownership of risks by all employees in relation to achieving strategic objectives. The questions that conclude each section are included for consideration and to prompt directors’ thinking. Directors will need to decide if they are relevant to their circumstances.
IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses current trends and thinking in risk management and best practices.
Every organization needs to adapt to the ever-changing business environment. Sensing this need, we have come up with these content-ready change management PowerPoint presentation slides. These change management PPT templates will help you deal with any kind of an organizational change. Be it with people, goals or processes. The business solutions incorporated here will help you identify the organizational structure, create vision for change, implement strategies, identify resistance and risk, manage cost of change, get feedback and evaluation, and much more. With the help of various change management tools and techniques illustrated in this presentation design, you can achieve the desired business outcomes. This business transition PowerPoint design also covers certain related topics such as change model, transformation strategy, change readiness, change control, project management and business process. By implementing the change control methods mentioned in the presentation, you will be able to have a smooth transition in an organization. So, without waiting much, download our extensively researched change management framework presentation. With our Change Management Presentation slides, understand the need for change and plan to go through it without any hassles.
A practical approach to defining indicators within an integrated ERM Framework
Workshop Overview
Many organisations have made considerable progress in the area of enterprise and operational risk management since the financial crisis in 2007/2008. However events over the last few years have demonstrated, and continue to demonstrate the need to make improvements in organisational risk management capabilities and tools.
One area of weakness and, particular challenge for many organisations is around indictors, specifically developing and managing with Key Risk indicators (KRIs). KRIs have a vital role to play in monitoring and managing risk exposure within any organisation, and should be developed and deployed in the context of a wider indicator suite which includes Key Performance Indicators (KPIs) and Key Control Indicators (KCIs).
Workshop Objective
This interactive workshop provided attendees with a deep understanding of developing and managing with Key Risk Indicators. We started by providing an overarching management framework which integrated strategy execution and risk management. We then moved on to clarify the role of KRIs, alongside KPIs and KCIs.
Using a combination of presentations and practical examples, we were able to:
Learn how to define robust suite of indicators, including the different between Leading and Lagging, and Financial and Non-Financial indicators
Understand how to use a well-structured risk definition to guide the definition of KRIs
Understand the relationship between risk appetite and KRIs, and however Risk Appetite should influence the definition of KRIs
Understand the role KRIs play in scenario analysis
Understand the role of KRIs in the risk assessment process
Understand the role of KRIs within the risk, regulatory and management reporting
Who Attended:
CROs, Directors, General Managers, Senior Management and Managers of: Operations, Operational Risk Management, Enterprise Risk Management, Internal Audit, Compliance, Operational Risk, Strategy and Performance.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
2017 coso-erm-integrating-with-strategy-and-performance-executive-summaryVALUES & SENSE
This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance.
Operational Risk Management - Understanding Your Risk LandscapeEneni Oduwole
This presentation provides insights on how the proper implementation of Operational Risk Management can lead to effective risk profiling, analysis and mitigation. It introduces operational risk as a bedrock for meaningful risk management irrespective of which industry an organization plays in.
Presentation by Vincent Tophoff, IFAC Senior Technical Manager at the INTOSAI Subcommittee on Internal Control Standards Annual Meeting, May 27-28, 2014
Financial Reporting And Analysis Explained.as to why is it important, Who is it important for and the different ways of analyzing a financial statement.
Greenwich University
Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, at the Contribution of the Comptroller General of Chile to Good Governance in the Public Sector, in Santiago,Chile, January 2015.
Presentation by Vincent Tophoff, Gerente Técnico Senior, IFAC, at the Seminario Un Aporte de Gobernanza Distinto: El Control Interno, in Santiago,Chile, Enero 2015.
Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, for the Institute of Internal Auditors International Conference, in Vancouver, Canada, July, 5-8 2015.
A practical approach to defining indicators within an integrated ERM Framework
Workshop Overview
Many organisations have made considerable progress in the area of enterprise and operational risk management since the financial crisis in 2007/2008. However events over the last few years have demonstrated, and continue to demonstrate the need to make improvements in organisational risk management capabilities and tools.
One area of weakness and, particular challenge for many organisations is around indictors, specifically developing and managing with Key Risk indicators (KRIs). KRIs have a vital role to play in monitoring and managing risk exposure within any organisation, and should be developed and deployed in the context of a wider indicator suite which includes Key Performance Indicators (KPIs) and Key Control Indicators (KCIs).
Workshop Objective
This interactive workshop provided attendees with a deep understanding of developing and managing with Key Risk Indicators. We started by providing an overarching management framework which integrated strategy execution and risk management. We then moved on to clarify the role of KRIs, alongside KPIs and KCIs.
Using a combination of presentations and practical examples, we were able to:
Learn how to define robust suite of indicators, including the different between Leading and Lagging, and Financial and Non-Financial indicators
Understand how to use a well-structured risk definition to guide the definition of KRIs
Understand the relationship between risk appetite and KRIs, and however Risk Appetite should influence the definition of KRIs
Understand the role KRIs play in scenario analysis
Understand the role of KRIs in the risk assessment process
Understand the role of KRIs within the risk, regulatory and management reporting
Who Attended:
CROs, Directors, General Managers, Senior Management and Managers of: Operations, Operational Risk Management, Enterprise Risk Management, Internal Audit, Compliance, Operational Risk, Strategy and Performance.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
2017 coso-erm-integrating-with-strategy-and-performance-executive-summaryVALUES & SENSE
This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance.
Operational Risk Management - Understanding Your Risk LandscapeEneni Oduwole
This presentation provides insights on how the proper implementation of Operational Risk Management can lead to effective risk profiling, analysis and mitigation. It introduces operational risk as a bedrock for meaningful risk management irrespective of which industry an organization plays in.
Presentation by Vincent Tophoff, IFAC Senior Technical Manager at the INTOSAI Subcommittee on Internal Control Standards Annual Meeting, May 27-28, 2014
Financial Reporting And Analysis Explained.as to why is it important, Who is it important for and the different ways of analyzing a financial statement.
Greenwich University
Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, at the Contribution of the Comptroller General of Chile to Good Governance in the Public Sector, in Santiago,Chile, January 2015.
Presentation by Vincent Tophoff, Gerente Técnico Senior, IFAC, at the Seminario Un Aporte de Gobernanza Distinto: El Control Interno, in Santiago,Chile, Enero 2015.
Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, for the Institute of Internal Auditors International Conference, in Vancouver, Canada, July, 5-8 2015.
Presentation given by Vincent Tophoff, IFAC Senior Technical Manager, on risk management and internal control at the Second International ISO 31000 Conference in Toronto, May 2013.
Presentation by Vincent Tophoff, IFAC Senior Technical Manager, and J. Stephen McNally, Campbell Soup, on the pitfalls in current risk management and internal control practices and the new Internal Control-Integrated Framework from COSO (the Committee of Sponsoring Organizations of the Treadway Commission).
Presentation by Vincent Tophoff, IFAC Senior Technical Manager and J. Stephen McNally, Campbell Soup Company Finance Director and Comptroller at the IMA Annual Conference and Exposition, June 2014
Good Governance : Origin, concepts and componentsNayana Renukumar
The presentation speaks about the origin of Good Governance, its major definitions, key components and strategies. The presentations also dwells upon the Good Governance scenario in India as well that in the state of Andhra Pradesh
From Bolt-on to Built-inManaging Risk as an Integral Part of Managing an Organization
New Horizons in Corporate Risk Management April 5, 2016 Moscow, Russia
Vincent Tophoff, International Federation of Accountants (IFAC)
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
Governance, Culture & Incentives. -Fundamentals of Operational Risk. This presentation provides some practical tools to answer three key questions and create alignment.
Risk Management Presentation to Doyle Property Clubmarcpreston
Effective risk management for Contractors , Specialist trades, Property Developers and Homeowners.
Spending 80% of the effort to avoid problem arising rather than 80% effort sorting them after the event.
Building business continuity through risk management
Presented by Kimberley Hart
Monday 10th October 2016
APM North West branch and Risk SIG conference
Alderley Park, Macclesfield
Presentation given by Szymon Radziszewicz, IFAC Senior Technical Manager, during a seminar on the IFAC and the accountancy profession at the Philippines Institute of Certified Public Accountants.
Similar to Governance, Risk Management, and Internal Control in the Public Sector (20)
Experts from the International Auditing and Assurance Standards Board (IAASB), the European Commission (EC), the Committee of European Audit Oversight Bodies (CEAOB), assurance service providers, investors and the business community met to discuss the regulatory, policy and standard-setting path toward high-quality sustainability assurance.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
In the Adani-Hindenburg case, what is SEBI investigating.pptxAdani case
Adani SEBI investigation revealed that the latter had sought information from five foreign jurisdictions concerning the holdings of the firm’s foreign portfolio investors (FPIs) in relation to the alleged violations of the MPS Regulations. Nevertheless, the economic interest of the twelve FPIs based in tax haven jurisdictions still needs to be determined. The Adani Group firms classed these FPIs as public shareholders. According to Hindenburg, FPIs were used to get around regulatory standards.
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
An introduction to the cryptocurrency investment platform Binance Savings.Any kyc Account
Learn how to use Binance Savings to expand your bitcoin holdings. Discover how to maximize your earnings on one of the most reliable cryptocurrency exchange platforms, as well as how to earn interest on your cryptocurrency holdings and the various savings choices available.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Governance, Risk Management, and Internal Control in the Public Sector
1. Page 1 | Confidential and Proprietary Information
Governance, Risk Management, and
Internal Control in the Public Sector
Vincent Tophoff, International Federation of
Accountants (IFAC)
Interagency Council on Enterprise Risk
Management
White House Conference Center
Washington DC, January 20, 2015
2. Page 2 | Confidential and Proprietary Information
International Federation of Accountants
• Global organization of the accountancy profession
• Supports professional accountants in following areas:
– Governance and ethics
– Risk management and internal control (RM/IC)
– Sustainability and corporate responsibility
– Financial and performance management
– Business reporting
– Promoting and contributing to the value of professional accountants
• All areas of critical importance to professional accountants
(and for risk managers & public sector entities too…)
3. Page 3 | Confidential and Proprietary Information
Today’s Agenda
• Relationship between Governance, Risk
Management & Internal Control
• IFAC/CIPFA Public Sector Governance
Framework
• Risk Management & Internal Control Pitfalls
• Current Thinking
• COSO/ISO 31000 Standards
• Risk Management & Internal Control
Maturity
• Risk Manager “Call to Action”
• Q&A
4. Page 4 | Confidential and Proprietary Information
Relation of Public Sector Governance, RM & IC
6. Page 6 | Confidential and Proprietary Information
• What are the main challenges for good governance in
public sector organizations?
– Sovereign debt crisis
– Shortage of funding / rationalization
– Short-termism
– Internationalization, technology, complexity
– Corruption
Public Sector Governance: Analyzing the Environment
7. Page 7 | Confidential and Proprietary Information
• What can a governance framework accomplish?
– Establish a benchmark for good governance
– Serve as a reference point for those developing or reviewing national
codes
– Help public sector organizations continually improve governance
systems
– Where no code/guidance exists, provide:
• A shared understanding of what constitutes good governance
• A powerful stimulus for positive action
Public Sector Governance: Analyzing the Environment
8. Page 8 | Confidential and Proprietary Information
Good Governance in the Public Sector:
An International Framework
9. Page 9 | Confidential and Proprietary Information
Public Sector Governance: International Reference Group
Yoseph Asmelash United National Conference on Trade & Development (UNCTAD)
Ian Ball Formerly IFAC
Andreas Bergmann International Public Sector Accounting Standards Board (IPSASB)
Jón Blöndal Organisation for Economic Co-operation & Development (OECD)
Carlo Cottarelli International Monetary Fund (IMF)
Robert Dacey US Government Accountability Office (GAO)
Steve Freer Formerly CIPFA
Gert Jönsson International Organization of Supreme Audit Institutions (INTOSAI)
Mervyn King King Committee on Corporate Governance
Ian McPhee Australian National Audit Office
Maurice McTigue George Mason University (USA)
Roger Tabor Professional Accountants in Business Committee, IFAC
10. Page 10 | Confidential and Proprietary Information
Framework:
• Foreword by Mervyn King, Chair, IIRC, and King Report, South Africa
• Definitions
• Principles-based to maximize relevance, applicability
• Sub-principles and supporting guidance to provide explanation
Supplement:
• Examples
– Provide practical experience and aid understanding
• Evaluation questions to consider
• Further reading
Public Sector Governance: Framework Layout
11. Page 11 | Confidential and Proprietary Information
The fundamental
function of good
governance in the public
sector is to ensure that
entities achieve their
intended outcomes while
acting in the public
interest at all times.
Public Sector Governance: Fundamental Function
• Good governance
tied to:
– Achieving intended
outcomes
– Acting in the public
interest at all times
12. Page 12 | Confidential and Proprietary Information
Public Sector Governance: Achieving Intended Outcomes
While Acting in the Public Interest at all Times
13. Page 13 | Confidential and Proprietary Information
Public Sector Governance: Explicit Attention to Managing
Risk
• “Proper risk assessment assists public sector entities in
making informed decisions about the level of risk they are
prepared to take, and implementing the necessary
controls, in pursuit of the entities’ objectives.”
• “Effective risk management better enables public sector
entities to achieve their objectives, while operating
effectively, efficiently, ethically, and legally.”
• “Governing bodies should ensure that entities have
effective risk management arrangements in place.”
14. Page 14 | Confidential and Proprietary Information
Public Sector Governance: Explicit Attention to Internal
Control
• “Internal control supports a public sector entity in achieving
its objectives by managing its risks while complying with
rules, regulations, and organizational policies.”
• “Controls are a means to an end: the effective management
of risks enables an entity to achieve its objectives.”
• “Public sector entities should also consider the need to
remain agile, avoid over-control, and not become overly
bureaucratic.”
16. Page 16 | Confidential and Proprietary Information
Serious Risk Management & Internal Control Flaws
• Having a compliance-only mentality
• Treating risk as only negative and overlooking idea that
entities need to take risk in pursuit of their objectives
• Risk management & internal control that is overly focused
on external financial reporting
• Regarding risk management & internal control as a
separate function or process
• Viewing risk management & internal control as
predominantly important for operations
18. Page 18 | Confidential and Proprietary Information
Current Thinking About Risk
The safest place for a ship…
… is to stay in the harbor
But that’s not what ships were made for…
19. Page 19 | Confidential and Proprietary Information
Current Thinking About Risk
…Instead, ships were made to transport people & goods to
other destinations…
…And that involves risk…
So, what is risk?
• Risk is defined as the “effect of uncertainly on (setting and
achieving) the entity’s objectives” (ISO 31000)
• No Objectives = No Risk
• Therefore, risk should always be assessed in light of
(setting and achieving) the entity’s objectives!
20. Page 20 | Confidential and Proprietary Information
Current Thinking About Risk Management
Q: How does your entity address uncertainty in achieving its
strategic objectives?
A: Through our strategic management system
– Line management engaged in plan-do-check-act cycle
– Focused on achieving the entity’s objectives
Q: How does your entity address risk?
A: Through our risk management system
– (Separate) risk and control system, staff functionaries, risk register
– Focus on mitigating risk
21. Page 21 | Confidential and Proprietary Information
Risk Management
Rest of the entity
Current Thinking About Risk Management
What does this example tell us?
• That we, risk management professionals, have made
great progress in the area of risk management & internal
control…
• ..But that we, in the process, lost the other people in our
entity!
22. Page 22 | Confidential and Proprietary Information
Five lines of defense:
Current Thinking About Risk Management
23. Page 23 | Confidential and Proprietary Information
Five lines of defense:
Current Thinking About Risk Management
1. Players
2. Captain
3. Coach
4. Referee
5. USSF/FIFA
24. Page 24 | Confidential and Proprietary Information
Five lines of defense:
Current Thinking About Risk Management
1. Players (Operational Staff)
2. Captain (Supervisor /Line Manager)
3. Coach (Risk Manager)
4. Referee (Internal Auditor)
5. USSF/ FIFA (GAO/External Auditor)
Support
Line
25. Page 25 | Confidential and Proprietary Information
Current Thinking About Internal Control
Hindering the entity Enabling the entity
Good internal control = The Invisible Hand
From To
26. Page 26 | Confidential and Proprietary Information
• Is not to have effective
controls…
• Is not to effectively manage
risk…
But to
• Properly set & achieve its
objectives
• Better adapt to surprises and
disruptions
• And create sustainable value
Main Objective of a Public Sector Entity
27. Page 27 | Confidential and Proprietary Information
Risk Is Inherent to Setting Your Objectives
28. Page 28 | Confidential and Proprietary Information
Achieving Your Objectives Through Planning & Control
Strategic, tactical, and
operational planning & control
cycles
A
P
D
C
29. Page 29 | Confidential and Proprietary Information
RM/IC Integral to Achieving Your Objectives
35. Page 35 | Confidential and Proprietary Information
ISO 31000 Principles, Framework & Process
36. Page 36 | Confidential and Proprietary Information
ISO 31000 Risk Management Principles
• Creates Value
• Integral Part of Organizational Processes
• Part of Decision Making
• Explicitly Addresses Uncertainty
• Systematic, Structured & Timely
• Based on “Best Available Information”
• Tailored
• Considers Human & Cultural Factors
• Transparent & Inclusive
• Dynamic, Iterative & Responsive to Change
• Facilitates Continuous Improvement
37. Page 37 | Confidential and Proprietary Information
ISO 31000 Risk Management Framework
38. Page 38 | Confidential and Proprietary Information
ISO 31000 Risk Management Process
To be applied in
every decision
making process
and subsequent
execution!
39. Page 39 | Confidential and Proprietary Information
COSO ERM vs. ISO 31000
Many entities use both COSO ERM & ISO 31000…
… Biggest challenge is that concepts are not aligned
COSO ISO 31000
Lengthy vs. Short
Focused on ERM vs. General approach to managing risk
One cube vs. Principles, framework & process
Skewed to negative vs. Risk can be positive or negative
Risk already exists vs. Risk tied to achieving objectives
Risk & opportunities vs. Opportunities also source of risk
More sequential process vs. More iterative process
41. Page 41 | Confidential and Proprietary Information
RM/IC Maturity Levels
42. Page 42 | Confidential and Proprietary Information
• Consult and Communicate!
• Consider good practice developments
• Use the Frameworks
• Perform gap analysis
• Determine performance
• Look at audit results
• Analyze serious flaws
• …
• Continuously move to improvement!
Thoughts on Assessing RM/IC Maturity
43. Page 43 | Confidential and Proprietary Information
RM/IC Maturity: Continuous Improvement
From RM/IC as objective in itself to RM/IC to help achieve objectives
From Auditor / staff driven to Driven from top down
From Rules-based to Performance & principles-based
From Off-the-shelf systems to Tailored to the entity
From Focused on loss minimization to Also focused on value creation
From Mainly hard controls to Recognizing culture & attitude
From Imposed to Implemented organically
From Stand-alone / “bolt-on” to Integrated / ”built-in”
From Static, out-of-date to Dynamic, evolving
From Seen as overhead to Seen as a sound investment
From Abandoned to Integrated in governance
45. Page 45 | Confidential and Proprietary Information
Risk Manager “Call to Action”
Risk managers play important roles in implementing
good governance and RM&IC in public sector entities:
• Build subject-matter-expertise regarding governance & RM/IC (incl.
IFAC/CIPFA Governance Framework, INTOSAI standards &
guidance, COSO Frameworks, ISO 31000)
• Educate the governing bodies, audit committees, management
teams & staff of the relevant public sector entities
• Champion the importance of good governance and RM/IC: fully
integrated in the entity’s overall system of management
• Support public sector entities through the provision of high-quality
advice, insight, and assurance
46. Page 46 | Confidential and Proprietary Information
Risk Manager’s Role - #1
Champion importance of good risk management:
• Risk managers communicate with public sector entity’s
leadership
• Attitude and actions of risk manager sets tone for good
risk management in public sector entities
• Promote integrating risk management into risk
management of public sector entity!
• Most important element: making RM/IC part of every
decision-making process and subsequent execution in the
entity!
47. Page 47 | Confidential and Proprietary Information
Risk Manager’s Role - #2
Support line management by providing high-quality
advice, insight, and assurance:
• Decisions should only be made with explicit understanding
of related risks and their potential consequences for
achieving an entity’s objectives
• Therefore, decision makers require relevant and reliable
information for their decision-making and control
processes
48. Page 48 | Confidential and Proprietary Information
Key Take Aways
• There are many flaws in current RM/IC practices
• Achieving the entity’s objectives is the overall goal; risk is
an inherent part
• Risk management should, therefore, be fully integrated in
the entity’s system of management
• Risk manager support RM/IC in various ways in the public
sector entities they oversee
• IFAC supports professional accountants/risk managers
• However, no matter the guidance provided…
49. Page 49 | Confidential and Proprietary Information
There will always be some …
… who do it their own way!