Академический Документы
Профессиональный Документы
Культура Документы
Management Program
IntroductiontoEnterpriseRisk
ManagementatUVM
DRAFT 1
Enterprise Risk
Management Program
WhatisEnterpriseRiskManagement?
Enterpriseriskmanagementisastructured,consistent,andcontinuousprocess
acrossthewholeorganizationforidentifying,assessing,decidingonresponses
to,andreportingonopportunitiesandthreatsthataffecttheachievementofits
objectives.
InstituteofInternalAuditors
Atooltoenhancemanagementdecisionmaking,corporategovernance,
andaccountability
Facilitateseffectivemanagementoftheuncertaintyandassociatedrisks
andopportunitiesfacinganorganization
Helpsanorganizationgettowhereitwantstogo,andavoidpitfallsand
surprisesalongtheway(COSO)
Asystematicapproachtoahistoricallyintuitiveexercise(Klein,Mandl,
andSencer)
DRAFT
Enterprise Risk
Management Program
EnterpriseRiskManagement:
ABroadApproachtoRisk
1. Allorganizationsexisttoachievetheir
objectives
2. Manyinternalandexternalfactorsaffectthose
objectives,causinguncertaintyaboutwhether
theorganizationwillachievethem
3. Theeffectthisuncertaintyhasonan
organizationsobjectivesisrisk
DRAFT
Enterprise Risk
Management Program
HowERMDiffersfromTraditionalRiskManagement
ERMtakesanenterprisewide approach
considersthepotentialimpactofall types
ofrisksonallprocesses,activities,
stakeholders,productsandservices Financial Human
Risk Capital
ERMlooksatboth upsiderisk Risk
(opportunities)anddownsiderisk
(potentiallossesordamage) Enterprise Risk
Management Strategic
Hazard
Risk
ERMassessesriskandopportunityinthe Risk
ERMengagesriskownersorsubject
matterexpertstoaddressandmanage
risks,withconsultingandsupport
DRAFT 4
Enterprise Risk
Management Program
BenefitsofERM
Supportstheachievementofstrategicobjectives
Enhancesinstitutionaldecisionmaking
Createsariskawarecultureacrosstheorganization
Reducesoperationalsurprisesandlosses
Preparestheorganizationtoactonacceptableopportunities
Assuresgreaterbusinesscontinuity
Improvesdeploymentofcapitalbyaligningriskandresourceswith
strategicobjectives
Bridgesdepartmentalsilos;developsacenterofexcellenceformanaging
risk;anddrawsontheexpertiseofhighlyskilledindividualmanagers
DRAFT
Enterprise Risk
Management Program
RelationshipAmongStrategy,Risk,andBudget
xxx BUDGET
xxx xxxxxxxx xxx
DRAFT
Enterprise Risk
Management Program
WhyisUVM ImplementingERM?
Deloitte&Touche externalauditidentifiedweaknessesinourinternal
controlenvironment
FollowupexternalauditbyPwCendorsedtheproposedERMinitiative
andnoteditasleadingpractice
Emergingbestpracticeinhighereducationandprivatesector
BondratingagenciesnowlookforERMwhenratingnonfinancial
organizations
UVMBoardofTrusteessupportstakinganenterpriselevelviewofrisk
Managingrisksupportsstrategicgoals,lessensuncertainty,andhelps
maintaincompetitiveadvantage
Example:economicdownturnandresultingfinancialchallenges
DRAFT
Enterprise Risk
Management Program
ERMBestPractices
BestpracticesforERMarestillemerging,asERMisrelativelynew,especiallyinhighereducation
Obtaincommitment,fullengagement,andsupportofseniormanagementandgoverning
board setthetoneatthetop
TailortheERMprogramtobestmeettheinstitutionsuniqueneedsandenvironment,using
abestpracticemodelasaframework
Articulatetheinstitutionsapproachtorisk
Establishacommoninstitutionallanguagefortalkingaboutrisk
Usecrossfunctionalgroupstocreatebuyin,awareness,andengagement,andtoprovide
thebroadperspectivenecessaryforeffectiveriskidentificationandassessment
IntegrateERMintoexistingprocesses dontmakeitaseparatelayeroranaddon
Buildariskawareculturetoincreaseawarenessandconsiderationofriskindecision
makingthroughouttheorganization
Integrateandretaintheknowledgeofspecialistsiloswhiletakinganenterpriseview
Enhanceinternalcontrolsaroundtheareasofhighestrisk
DRAFT
Enterprise Risk
Management Program
WhatShouldanERMProgramConsistof?
Principles Framework RiskManagementProcess
Focusesonindividualor
groupsofrisks,their
identification,analysis,
evaluation,andresponse
Providethe
foundationand Managesthe Context
describethe overallprocess
qualitiesof anditsfull Riskidentification
effectiverisk integrationinto
managementin theorganization Risk Risk
anorganization response analysis
Riskevaluation
Monitoring,review,continualimprovement,andcommunication
occurthroughout
DRAFT
Enterprise Risk
Management Program
UVMsERMFramework
ERMContext ERMProcess
InstitutionalStrategy ERMCulture
Universitymissionandvision ERMprogramgoalsand
objectives Riskassessment
Universitystrategicplan
Externalandinternalcontext ERMguidingprinciples
Riskidentification
UVMriskphilosophy
InstitutionalGovernance UVMrisktolerance
Commitment,engagement, Riskawareness Riskanalysis
andsponsorship Riskownership
Rolesandresponsibilities Commonlanguage
Programoversightand ERMpolicyandprocedures Riskevaluation
management
Riskdecisions
Riskresponse
Communication,
Change Education Monitoring Continuous
coordination&
management &training &reporting improvement
consultation
ENABLINGACTIVITIES
DRAFT 10
Enterprise Risk
Management Program
ERMProgramPurpose&Goals
ThepurposeofUVMsERMprogramistoenhancetheUniversitysabilitytoachieveitsmission,vision,and
strategicobjectivesandstrengthenitscompetitivepositionbyfosteringaninstitutionwidecultureofriskand
opportunityawarenessandbyprovidingastructured,consistent,andcontinuousprocessfortheearlyand
proactiveidentificationandreportingofmaterialrisksandopportunitiestoseniormanagementandtrustees.
Insupportofthisoverallpurpose,UVMhasestablishedthefollowinggoalsandobjectivesforERM:
1. Createacultureofriskawarenesswhereallemployeesunderstandandconsiderriskindecisionmaking.
[Supportingobjectivesintentionallyomitted]
2. Reduceoperationalsurprisesandlosses.
3. Increasecapacitytoidentifyandseizeopportunitiesbyfacilitatinggreatertransparencyandopenness
regardingrisk.
4. Enhanceinstitutionaldecisionmakingbyprovidingseniormanagementandtrusteeswithtimelyand
robustinformationthatimprovestheirunderstandingofenterpriselevelrisksandopportunities.
[Supportingobjectivesintentionallyomitted]
5. Improvetheefficiencyandeffectivenessofinstitutionalriskmanagementefforts.
[Supportingobjectivesintentionallyomitted]
DRAFT 11
Enterprise Risk
Management Program
TheRiskManagementProcess
RiskAssessment
6 Monitoring&Reporting
Continuallycheckthestatusofarisktoidentifychangefromtheperformancelevelrequiredorexpected.
7 Communication&Consultation
Informandengageindialoguewithstakeholdersregardingthecurrentstateofrisksandtheirmanagement.
DRAFT 12
Enterprise Risk
Management Program
TheRiskManagementProcessatUVM
RiskAssessment
6 Monitoring&Reporting
ResponsibleOfficials andRiskAssuranceGroupmonitorstatusofriskandriskresponse
7 Communication&Consultation
QuarterlyERMstatusreportsandregularComplianceandInternalAuditreportstoBoT AuditCommittee
ERMannualreportincludingriskportfolio,heatmap,andstatusofpriorityriskstoAuditCommittee andCommitteeoftheWhole
DRAFT 13