• Home

  • Documents

  • Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014...
14
berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

Embed Size (px)

Citation preview

Page 1: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

berrydunn.com | GAIN CONTROL

Enterprise Risk Management: from Resistance to Resilience

NASACT 2014 Annual Conference

Bill Brown, Principal, BerryDunn

Page 2: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

2

DISCUSSION POINTS

• What is Enterprise Risk Management (ERM)?

• Why is it necessary?

• How can it benefit your organization?

Page 3: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

3

WHAT IS ERM?

Enterprise Risk Management (ERM) is a holistic approach to identifying, measuring, prioritizing and addressing the risks of an organization at the enterprise level.

Page 4: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

4

• Encourage strategic alignment

• Standardize core knowledge

• Drive success

• Support organizational values

• Take a long-term outlook

• Be internally managed

• Leverage technology

• Improve quality

WHAT IS ERM? COMMON STANDARDS & OBJECTIVES

Page 5: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

5

WHAT IS ERM?8 PRINCIPLES

ERM

Assess risk environment

Determine expected vs unexpected

Understand risks & current controls

Identify risk activities

Mitigation & mgmt

planning

Assign ownership

Provide governance

Monitor

Page 6: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

6

THE BUILDING BLOCKS OF ERM

• Consistent approach

• Government as a single, unified entity

• Shared risk appetite across agencies

• Consistency among diverse initiatives

• Formalized accountability and ownership

• Process to escalate and report risks

• Leadership review of strategic risk initiatives

Page 7: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

7

WHY IS TRADITIONAL RISK MANAGEMENT INADEQUATE?

Does not serve the organization as a whole

Inefficiently allocates scarce resources

Ignores the goal of resiliency

Page 8: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

8

CHARACTERISTICS OF A SUCCESSFULERM PROGRAM

Transparent, holistic, and focused on resiliency

Include action-based frameworks

Encourage enterprise-

wide collaboration

Include a formal

reporting process

Encourage proactive

discussions

Page 9: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

9

A HOLISTIC SOLUTION IS CRITICAL

Page 10: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

10

SUCCESSES ARE QUIET. EVENTS (AND FAILURES) ARE NOISY.

Page 11: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

11

CASE STUDY: INTEGRATED ERM PROGRAM

State AgenciesManage Risks

Monitor ComplianceImplement Corrective Action

Report Results

ERM CommitteeCompliance OversightDiscuss/Review KRIsReview Dashboards

Review/Update Action Chart

Internal AuditAssess Compliance

Report Results

ERM DashboardBusiness Unit KRIs

ChartsAction Plans

Controllers’ OfficeReview ERM Committee Results

Present to Governor’s Office

Governors’ OfficeReview Strategic KRIs

Review DashboardFeedback on Strategic Direction

Feedback on Risk Appetite

Audit Committee

Page 12: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

12

BENEFITS OF ERM

Risk

Cost of Controls

Page 13: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

13

RESILIENCE: THE PROPER GOAL OF ERM

Page 14: Berrydunn.com | GAIN CONTROL Enterprise Risk Management: from Resistance to Resilience NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

THANK YOU! QUESTIONS?

14

Bill Brown, CPA, CFE, MAFFPrincipal, BerryDunn [email protected]

mailto:[email protected]

Berrydunn.com | GAIN CONTROL USING POWERSHELL TO IMPROVE SHAREPOINT MANAGEMENT SharePoint Saturday Boston June 13, 2015 Mitch Darrow, Senior Consultant

Berrydunn.com | GAIN CONTROL USING POWERSHELL TO IMPROVE SHAREPOINT MANAGEMENT SharePoint Saturday Boston June 13, 2015 Mitch Darrow, Senior Consultant

Documents
Emerging Issues Roundtable NASACT Annual Conference Chicago, IL August 23, 2015

Emerging Issues Roundtable NASACT Annual Conference Chicago, IL August 23, 2015

Documents
Presentation for NASACT Juan Penalosa August 21, 2006

Presentation for NASACT Juan Penalosa August 21, 2006

Documents
Commonwealth of Massachusetts Internal Control Questionnaire (ICQ) NASACT Managing Internal Control with Compliance Technology January 31, 2007

Commonwealth of Massachusetts Internal Control Questionnaire (ICQ) NASACT Managing Internal Control with Compliance Technology January 31, 2007

Documents
Achieving World-Class Performance in Finance, HR/Payroll, IT and Procurement NASACT Benchmarking Overview Q2, 2007

Achieving World-Class Performance in Finance, HR/Payroll, IT and Procurement NASACT Benchmarking Overview Q2, 2007

Documents
2014 NASACT ANNUAL CONFERENCE Stan Czerwinski State Fiscal Pressures 1

2014 NASACT ANNUAL CONFERENCE Stan Czerwinski State Fiscal Pressures 1

Documents
1 2011 Yellow Book: Changes You Need to Know NASACT Training Webinar Marcia Buchanan May 4, 2011

1 2011 Yellow Book: Changes You Need to Know NASACT Training Webinar Marcia Buchanan May 4, 2011

Documents
Accounting Updates - BerryDunn

Accounting Updates - BerryDunn

Documents
HIPAA Security Update - BerryDunn Security... · WV HFMA FALL INSTITUTE 2017. HIPAA Security Update. Presented By. Dan Vogt. September 29, 2017

HIPAA Security Update - BerryDunn Security... · WV HFMA FALL INSTITUTE 2017. HIPAA Security Update. Presented By. Dan Vogt. September 29, 2017

Documents
NASACT 2021

NASACT 2021

Documents
Developing Internal Controls - BerryDunn

Developing Internal Controls - BerryDunn

Documents
Information Technology Review - University of Rhode Islandweb.uri.edu/itreview/files/BerryDunn-IT-Assessment-Final-Report.pdf · Information Technology Assessment Executive Summary

Information Technology Review - University of Rhode Islandweb.uri.edu/itreview/files/BerryDunn-IT-Assessment-Final-Report.pdf · Information Technology Assessment Executive Summary

Documents
NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010

NASACT Grants Management: Are States Ready to Manage More Federal Grant Funds? March 2, 2010

Documents
Financial Condition Reporting NASACT Conference, August 2011 Oregon Secretary of State Audits Division Gary Blackmer Audits Director 1

Financial Condition Reporting NASACT Conference, August 2011 Oregon Secretary of State Audits Division Gary Blackmer Audits Director 1

Documents
CASE STUDY FROM UNC CHARLOTTE - berrydunn.com · IT SECURITY RISK ASSESSMENT CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill. ... Information Security Training and Awareness

CASE STUDY FROM UNC CHARLOTTE - berrydunn.com · IT SECURITY RISK ASSESSMENT CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill. ... Information Security Training and Awareness

Documents
2012 MTF Savage.ppt - BerryDunn Initiatives Shawn Savage.pdf · Shawn Savage IRS Stakeholder Liaison. ... 800-908-4490 • Monday - Friday ... E-Mail Address: Shawn.S.Savage@irs.gov

2012 MTF Savage.ppt - BerryDunn Initiatives Shawn Savage.pdf · Shawn Savage IRS Stakeholder Liaison. ... 800-908-4490 • Monday - Friday ... E-Mail Address: [email protected]

Documents
NASACT News, March 2016

NASACT News, March 2016

Documents
Hyperion in Georgia NASACT Conference - Boston 2013 Hyperion in Georgia NASACT Conference - Boston 2013

Hyperion in Georgia NASACT Conference - Boston 2013 Hyperion in Georgia NASACT Conference - Boston 2013

Documents
Report 17.compressed.pdfBen & Jerry’s Benefit Strategies BerryDunn ... MacKay Vision Manchester Boston Regional Airport ... Statement The Arbors of Bedford

Report 17.compressed.pdfBen & Jerry’s Benefit Strategies BerryDunn ... MacKay Vision Manchester Boston Regional Airport ... Statement The Arbors of Bedford

Documents
MESC MITA SESSION 03 - BerryDunn MITA SESSION 03 SUCCESSFUL INITIATIVES: BUILDING THE PROJECT MANAGEMENT FOUNDATION Introductions • Randy Canoy, Moderator • Renea Steele, Client

MESC MITA SESSION 03 - BerryDunn MITA SESSION 03 SUCCESSFUL INITIATIVES: BUILDING THE PROJECT MANAGEMENT FOUNDATION Introductions • Randy Canoy, Moderator • Renea Steele, Client

Documents
Berrydunn.com | GAIN CONTROL THE AFFORDABLE CARE ACT “WHAT’S IN IT FOR MY SMALL BUSINESS?” TAX CONSIDERATIONS January 21, 2014

Berrydunn.com | GAIN CONTROL THE AFFORDABLE CARE ACT “WHAT’S IN IT FOR MY SMALL BUSINESS?” TAX CONSIDERATIONS January 21, 2014

Documents
NASACT 2019 · Accenture CGI Deloitte EY KPMG Oracle GOLD CORPORATE ASSOCIATES Infor OpenGov SILVER CORPORATE ASSOCIATES Amplifund Bank of America Merrill Lynch BerryDunn CLA (CliftonLarsonAllen)

NASACT 2019 · Accenture CGI Deloitte EY KPMG Oracle GOLD CORPORATE ASSOCIATES Infor OpenGov SILVER CORPORATE ASSOCIATES Amplifund Bank of America Merrill Lynch BerryDunn CLA (CliftonLarsonAllen)

Documents
Moving Government To The Cloud NASACT Annual Conference Chicago, Illinois August 24, 2015

Moving Government To The Cloud NASACT Annual Conference Chicago, Illinois August 24, 2015

Documents
Compliance Technology Solutions NASACT Presentation Material Robert Garagiola – AERS National Technology Practice January 31 st, 2007

Compliance Technology Solutions NASACT Presentation Material Robert Garagiola – AERS National Technology Practice January 31 st, 2007

Documents
CAFR Comprehensive Annual Financial Report · NASACT continues to aid states as they implement OMB’s Uniform Guidance and GASB’s pension standards. NASACT provided input to the

CAFR Comprehensive Annual Financial Report · NASACT continues to aid states as they implement OMB’s Uniform Guidance and GASB’s pension standards. NASACT provided input to the

Documents
1 Yellow Book Update: 2010 Exposure Draft NASACT Webinar James R. Dalkin Marcia B. Buchanan July 21, 2010

1 Yellow Book Update: 2010 Exposure Draft NASACT Webinar James R. Dalkin Marcia B. Buchanan July 21, 2010

Documents
NASACT 2021 - metaformers.com

NASACT 2021 - metaformers.com

Documents
Maximizing the benefits from your ERP – before and after implementation NASACT August, 2009

Maximizing the benefits from your ERP – before and after implementation NASACT August, 2009

Documents
1 Auditing Standards Update NASACT Conference August 14, 2012 James R Dalkin

1 Auditing Standards Update NASACT Conference August 14, 2012 James R Dalkin

Documents
© Grant Thornton LLP. All rights reserved. Independent Verification and Validation Ensuring Project Success NASACT August 24, 2015

© Grant Thornton LLP. All rights reserved. Independent Verification and Validation Ensuring Project Success NASACT August 24, 2015

Documents