Post on 25-Jan-2015
description
EnterpriseRiskManagement
www.strangeoldpictures.com
Ken Kurdziel, CPA | PartnerKen@jmco.com
JERRY SANDUSKY
• Understand the concept of enterprise risk management
• Apply examples of a well-defined risk assessment program to your organization
• Articulate benefits of a risk assessment program
Objectives
EnterpriseRiskManagement
• The process of identifying and analyzing relevant risk from an integrated, organization-wide perspective
• The concept is designed to identify potential events that may prevent an organization from achieving its operation, financial and compliance objectives
Enterprise Risk Management Defined
EnterpriseRiskManagement
“The uncertainty of an event occurring that could have an impact on the achievement of objectives.”
– Institute of Internal Auditors (IIA)
Risk: Definition
EnterpriseRiskManagement
Risk: Key Terms
EnterpriseRiskManagement
Key terms to note when evaluating risk in an organization:– Likelihood/occurrence– Impact/consequences to the nonprofit or
association
Types of Risk
EnterpriseRiskManagement
Technology Financial Operations Reputation
Strategic Human Capital Compliance Donors
EnterpriseRiskManagement
Types of Risk: Technology
EnterpriseRiskManagement
Types of Risk: Financial
www.slidegeeks.com
EnterpriseRiskManagement
Types of Risk: Operational
Types of Risk: Reputations
EnterpriseRiskManagement
EnterpriseRiskManagement
Types of Risk: Strategic
Types of Risk: Human Capital
EnterpriseRiskManagement
Types of Risk: Compliance
EnterpriseRiskManagement
EnterpriseRiskManagement
Types of Risk: Donors
• Obtain strong, visible support from senior management and/or the Board of Directors
• Dedicate a cross-functional group to drive the implementation and continue to push it in the operational phase
• Closely link ERM to key strategic/financial objectives and to the business planning process
• Introduce ERM as an enhancement to well-accepted processes—not a standalone process
Attributes For Implementing A Successful Enterprise Risk Program
EnterpriseRiskManagement
Risk Assessment Activities
EnterpriseRiskManagement
Address the risks
Evaluate the risks
Analyze risks
Identify risks
Establish goals and objectives
Nonprofit Risk Universe
EnterpriseRiskManagement
Governance
Performance goals and results
Information technology/network security/data privacy
Human resources
Succession planning
Donor demographics
Safety and security
Business continuity
Financial reporting/grant
Evaluation Criteria
EnterpriseRiskManagement
Area of FocusImpact
• Financial• Stakeholder• Reputation• Legal/Regulatory• Operations
Vulnerability• Control efficiency & Operating effectiveness• Speed of response• Complexity• People• Operational efficiency• System change• Rate of change
Scale• High Risk• Moderate Risk• Low Risk
Risk Scoring During The Risk Assessment Process
EnterpriseRiskManagement
Low Moderate High
Donor Demographic
EnterpriseRiskManagement
Goals & Outcome
Identified Risks
Results
EnterpriseRiskManagement
Heat Map
EnterpriseRiskManagement
Resources
EnterpriseRiskManagement
&
Risk Management: Justification & Benefits
EnterpriseRiskManagementwww.imgobject.com
Weak Controls
Risk Management: Justification & Benefits: Governance
EnterpriseRiskManagementwww.imgobject.com
Vulnerability Criteria
EnterpriseRiskManagementwww.imgobject.com
Impact Criteria
EnterpriseRiskManagementwww.imgobject.com
Questions:Ken Kurdziel, CPA | Partner
Ken@jmco.com