deloitte - cfo's role in supporting bod

The Dbriefs Corporate Governance series presents:

Risk Intelligent Governance: The Finance Executive’s Role in The Finance Executive’s Role in Supporting the Board

Maureen Errity, Deloitte LLPHenry Ristuccia, Deloitte & Touche LLPSteve Wagner, Senior Advisor, Deloitte Center for Corporate Governance

October 7, 2009

The Dbriefs Corporate Governance series presents:

Risk Intelligent Governance: The Finance Executive’s Role in The Finance Executive’s Role in Supporting the Board

Steve Wagner, Senior Advisor, Deloitte Center for Corporate Governance

Agenda

Why this topic?

A Primer on Risk Intelligence

The Next Evolution – Risk Intelligent Governance

Risk Intelligent Governance Toolkit

Leading Practices and Trends in Risk Management

Copyright © 2009 Deloitte Development LLC. All rights reserved.

Which of the following categories best characterizes the structure of your organization?

• Public company (issuer or registrant)• Private for-profit company• Not-for-profit

Poll question #1

• Not-for-profit• Governmental• Academic institution• Other/Not applicable

Which of the following categories best characterizes the

Public company (issuer or registrant)


Why the topic of risk?

Ineffective risk management has been thrust into the fore as one of the primary drivers behind the global economic crisis

Regulatory, legislative, and other news

• SEC proposal on the disclosure of the board’s role in risk management processes and greater disclosure in a company’s CD&A concerning a company’s overall compensation program as it relates to risk management

Source: SEC Release No. 33-9052, http://www.sec.gov/rules/proposed/2009/33Source: SEC Release No. 33-9052, http://www.sec.gov/rules/proposed/2009/33

• 9/16/09 – SEC announced it has established a new Division of Risk, Strategy, and Financial Innovation. “The SEC stated that the new division will combine the Office of Economic Analysis and the Office of Risk Assessment…. The division’s responsibilities cover three broad areas: risk and economic analysis; strategic research; and financial innovation.”

Source : SEC Press Release 9/16/09

• Senator Charles E. Schumer's proposed bill would mandate public companies to have a standing risk committee

Source: Shareholder Bill of Rights Act of 2009

• GovernanceMetrics Int’l (GMI) is now incorporating risk oversight and other risk attributes into its governance rating model

Source: GMI press release 6/29/092

Ineffective risk management has been thrust into the fore as one of the primary drivers

SEC proposal on the disclosure of the board’s role in risk management processes and greater disclosure in a company’s CD&A concerning a company’s overall compensation

http://www.sec.gov/rules/proposed/2009/33-9052.pdfhttp://www.sec.gov/rules/proposed/2009/33-9052.pdf

SEC announced it has established a new Division of Risk, Strategy, and Financial Innovation. “The SEC stated that the new division will combine the Office of Economic Analysis and the Office of Risk Assessment…. The division’s responsibilities cover three broad areas: risk and economic analysis; strategic research; and financial

Senator Charles E. Schumer's proposed bill would mandate public companies to have a

Shareholder Bill of Rights Act of 2009, S 1074, http://thomas.loc.gov/

Int’l (GMI) is now incorporating risk oversight and other risk attributes into its governance rating model


http://www.sec.gov/rules/proposed/2009/33

http://www.sec.gov/rules/proposed/2009/33

http://www.sec.gov/rules/proposed/2009/33-9052.pdf

http://www.sec.gov/rules/proposed/2009/33-9052.pdf

http://thomas.loc.gov/

What do we mean by risk?

Is it simply the potential for loss?

• Value and Risk are inseparable

• Upside and downside

• Value creation and value preservation

• Threats and opportunities that affect an organization’s • Threats and opportunities that affect an organization’s strategic objectives

3

What do we mean by risk?

Is it simply the potential for loss?

Value and Risk are inseparable

Value creation and value preservation

Threats and opportunities that affect an organization’s Threats and opportunities that affect an organization’s


A Risk Intelligent Enterprise

4

A Risk Intelligent EnterpriseTM


Risk Intelligent governance

What does it mean?• Deloitte’s* view on how companies and more importantly the

board can fulfill its responsibilities for risk oversight

Comprised of six areas of focus:• Define the board’s risk oversight role • Foster a Risk Intelligent culture• Help management incorporate risk intelligence into strategy• Help define the risk appetite• Execute the Risk Intelligent governance process• Benchmark and evaluate the governance process

*As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/aboutdetailed description of the legal structure of Deloitte LLP and its subsidiaries.

5

Risk Intelligent governance

Deloitte’s* view on how companies and more importantly the board can fulfill its responsibilities for risk oversight

Comprised of six areas of focus:Define the board’s risk oversight role Foster a Risk Intelligent cultureHelp management incorporate risk intelligence into strategy

Execute the Risk Intelligent governance processBenchmark and evaluate the governance process


used in this document, “Deloitte” means Deloitte & Touche LLP, a www.deloitte.com/us/about for a

detailed description of the legal structure of Deloitte LLP and its

www.deloitte.com/us/about

www.deloitte.com/us/aboutfor

Poll question # 2

Do you play a role in the implementation and execution of your organization’s enterprise risk management program?

• Yes• No• Don’t know/Not applicable• Don’t know/Not applicable

Do you play a role in the implementation and execution of your organization’s enterprise risk management program?


Define the board’s risk oversight role

The essence of risk governance is oversight:

• The board oversees organizational activities and related risks

• Risk management rests with senior management

Board actions and considerations:

• Define the board risk governance structure

• Evaluate board composition in relation to risk oversight responsibilities

• Identify the appropriate risk management framework to use

7

Define the board’s risk oversight role

The essence of risk governance is oversight:

The board oversees organizational activities and related risks

Risk management rests with senior management

Board actions and considerations:

Define the board risk governance structure

Evaluate board composition in relation to risk oversight

Identify the appropriate risk management framework to use


Define the board’s risk oversight role (cont.)

Considerations for financial executives:

• Do I and my direct reports understand our roles and responsibilities for risk management?

• How is risk overseen by our various board committees? What information could we provide to facilitate the oversight process?process?

• Is technology used effectively in the company's risk management efforts?

• Do you use tools such as risk maps or heat maps to help facilitate discussions about risks and related priorities?

• Are your disclosures about director qualifications considered in the context of risk?

8

Define the board’s risk oversight role (cont.)


Do I and my direct reports understand our roles and responsibilities for risk management?

How is risk overseen by our various board committees? What information could we provide to facilitate the oversight

Is technology used effectively in the company's risk

Do you use tools such as risk maps or heat maps to help facilitate discussions about risks and related priorities?

Are your disclosures about director qualifications considered


Foster a Risk Intelligent culture

At the heart of risk intelligence is culture:

• We are inclusive and focused in educating our entire workforce

• Candid discussions about risk should occur among employees and management and management and the boardboard

• The board's guidelines and committee charters clearly define the board's responsibility in regard to risk oversight

• The board is able to communicate about risk management and oversight beyond the boardroom

• Compensation programs shoumanagement program

9

Foster a Risk Intelligent culture

At the heart of risk intelligence is culture:

We are inclusive and focused in educating our entire

Candid discussions about risk should occur among employees and management and management and the

The board's guidelines and committee charters clearly define the board's responsibility in regard to risk oversight

The board is able to communicate about risk management and oversight beyond the boardroom

Compensation programs should be aligned with a sound risk


Foster a Risk Intelligent culture (cont.)

Considerations for financial executives

• Does the board work effectively with the finance organization in establishing risk management as a priority?

• Does the culture support open dialogue around risk related issues?

• Do business units and functions communicate across the organization (i.e. operate above the silos)?

• Are the cultural assessments focused on risk?

• Is risk considered an element for documentation in the company policies?

10

Foster a Risk Intelligent culture (cont.)


Does the board work effectively with the finance organization in establishing risk management as a priority?

Does the culture support open dialogue around risk related

Do business units and functions communicate across the organization (i.e. operate above the silos)?

Are the cultural assessments focused on risk?

Is risk considered an element for documentation in the


Poll question # 3

Do you believe that your role in risk management is considered as an element of your total compensation award?

• Yes• No• Don’t know/Not applicable• Don’t know/Not applicable

Do you believe that your role in risk management is considered as an element of your total compensation award?


Help management incorporate risk intelligence into strategyValue and risk are connected appropriately

Strategic objectives are overseen and approved by the board

Strategic plans are developed by management and the board oversees such plans

Risk-return tradeoff is analyzed through effective scenario Risk-return tradeoff is analyzed through effective scenario planning

Established accountability structures need to be defined at both the board and management levels

12

Help management incorporate risk intelligence

appropriately

Strategic objectives are overseen and approved by the board

Strategic plans are developed by management and the board

return tradeoff is analyzed through effective scenario return tradeoff is analyzed through effective scenario

Established accountability structures need to be defined at both the board and management levels


Help management incorporate risk intelligence into strategy (cont.)Considerations for financial executives:

• When presented to the board, do capital allocation, acquisition, succession planning, and other strategic decisions include an evaluation of risk

• How could we enhance our process for identifying and evaluating changes in the external environment? evaluating changes in the external environment?

• Do external changes get communicated to the board for their consideration in strategic planning?

• Can we provide the board with more balanced information on both the upside and downside risks impacting the strategic choices?

• Is the “right” information escalated to the board by management?

13

Help management incorporate risk intelligence


When presented to the board, do capital allocation, acquisition, succession planning, and other strategic decisions include an evaluation of risk-return tradeoffs?

How could we enhance our process for identifying and evaluating changes in the external environment? evaluating changes in the external environment?

Do external changes get communicated to the board for their consideration in strategic planning?

Can we provide the board with more balanced information on both the upside and downside risks impacting the strategic

Is the “right” information escalated to the board by Copyright © 2009 Deloitte Development LLC. All rights reserved.

Help define the risk appetite

Defining risk appetite

Risk appetite starts with the CEO and is approved by the board

Continual monitoring by management against actual risks taken

Distinguish between risk appetite (what) and risk tolerance Distinguish between risk appetite (what) and risk tolerance (limits within a range)

14

Help define the risk appetite

Risk appetite starts with the CEO and is approved by the board

Continual monitoring by management against actual risks

Distinguish between risk appetite (what) and risk tolerance Distinguish between risk appetite (what) and risk tolerance


Help define the risk appetite (cont.)

Considerations for financial executives

• Does our risk appetite relate to employee and management performance goals and compensation metrics?

• Are risk tolerances set collaboratively across business units and functions, such that interdependencies are evaluated?

• Does scenario planning assist in setting an appetite and tolerances that management and the board with?

• Are priorities of the organization reevaluated against established levels of risk appetite and tolerances?

15

Help define the risk appetite (cont.)


Does our risk appetite relate to employee and management performance goals and compensation metrics?

Are risk tolerances set collaboratively across business units and functions, such that interdependencies are evaluated?

Does scenario planning assist in setting an appetite and tolerances that management and the board are comfortable

Are priorities of the organization reevaluated against established levels of risk appetite and tolerances?


Poll question #4

Who do you believe should set the risk appetite of your organization?

• Board• Chief executive officer• Chief financial officer• Chief financial officer• Chief risk officer• Other• Don’t know/Not applicable

Who do you believe should set the risk appetite of your


Execute the Risk Intelligent governance processStrategic design that promotes awareness of the relationship between value and risk

Collaboration between management and the board and continual dialogue on the priority risks is essential

Effective execution depends on maintaining a disciplined, Effective execution depends on maintaining a disciplined, collaborative approach focused on process design, monitoring, and accountability

Perform periodic assessments of the effectiveness of the risk management program

17

Execute the Risk Intelligent governance

Strategic design that promotes awareness of the relationship

anagement and the board and continual dialogue on the priority risks is essential

Effective execution depends on maintaining a disciplined, Effective execution depends on maintaining a disciplined, collaborative approach focused on process design, monitoring,

Perform periodic assessments of the effectiveness of the risk


Execute the Risk Intelligent governance process (cont.)Considerations for financial executives

• Are people at all levels — across silos risk management?

• Is the information flow between management and the board enhancing the effectiveness of the risk management program? program?

• Are issues and opportunities escalated timely enough to maximize opportunities and minimize losses?

• Are resource allocations aligned with priority risks?

• Is the level of detail of information provided to the board reevaluated to ensure that the focus is on the critical risks affecting the company?

18

Execute the Risk Intelligent governance


across silos — actively engaged in

Is the information flow between management and the board enhancing the effectiveness of the risk management

Are issues and opportunities escalated timely enough to maximize opportunities and minimize losses?

Are resource allocations aligned with priority risks?

Is the level of detail of information provided to the board reevaluated to ensure that the focus is on the critical risks


Benchmark and evaluate the governance processRisk Intelligent governance relies on periodic assessments of effectiveness relative to goals and objectives

Develop internal monitoring and feedback mechanisms that incorporate evaluations by the internal audit department

Education is critical – implement training programs for Education is critical – implement training programs for employees, the board, and senior management

The board should be including risk oversight as a component of its annual evaluation process

19

Benchmark and evaluate the governance

Risk Intelligent governance relies on periodic assessments of effectiveness relative to goals and objectives

Develop internal monitoring and feedback mechanisms that incorporate evaluations by the internal audit department

mplement training programs for mplement training programs for employees, the board, and senior management

The board should be including risk oversight as a component of its annual evaluation process


Benchmark and evaluate the governance process (cont.)Considerations for financial executives

• How have we gone about assessing our risk governance and management programs?

• To what extent are our compliance, internal audit, and risk management teams employing Risk Intelligent approaches?

• Do management and employee level surveys provide valuable information on the effectiveness of risk management programs?

• Are current risk management programs and disclosures evaluated against leading practices?

20

Benchmark and evaluate the governance

Considerations for financial executives :

How have we gone about assessing our risk governance and

To what extent are our compliance, internal audit, and risk management teams employing Risk Intelligent approaches?

Do management and employee level surveys provide valuable information on the effectiveness of risk management

Are current risk management programs and disclosures evaluated against leading practices?


Deloitte’s Risk Intelligent governance toolkit

Toolkit elements:• Board value and risk oversight process map• Risk Intelligence Map – board level• Board skills matrix• Cultural assessment• Risk management policy documentation leading practices• Risk environment snapshot• Board level documentation of risk oversight• Risk focused board self-assessment• Risk Intelligence diagnostic and maturity model• Risk Intelligence Map

21

Deloitte’s Risk Intelligent governance toolkit

Board value and risk oversight process mapboard level

Risk management policy documentation leading practices

Board level documentation of risk oversightassessment

Risk Intelligence diagnostic and maturity model

Leading practices and trends in risk managementDefine the board governance structure for risk oversight, including the audit committee’s role versus the other board committees; coordinate impact of risks overseen by other committees on the financial statements

Incorporate risk programs into new markets and new relationships, include considerations of local market conditions relationships, include considerations of local market conditions and compliance requirements

Ensure that you have the right inpartners to help manage new/complex risk issues for new ventures

Reevaluate the board's role in risk oversight

22

Leading practices and trends in risk

Define the board governance structure for risk oversight, including the audit committee’s role versus the other board committees; coordinate impact of risks overseen by other committees on the financial statements

Incorporate risk programs into new markets and new relationships, include considerations of local market conditions relationships, include considerations of local market conditions

Ensure that you have the right in-house skills or strategic partners to help manage new/complex risk issues for new

Reevaluate the board's role in risk oversight


Leading practices and trends in risk management (cont.)Some shift from audit committees to other board committees, in conjunction with the full board

Committee expertise drives which risks are overseen by certain committees

A Risk Intelligent board is one in which all committees and the full board are discussing risks associated with each topic on their respective agendas

23

Leading practices and trends in risk

Some shift from audit committees to other board committees, in conjunction with the full board

Committee expertise drives which risks are overseen by certain

A Risk Intelligent board is one in which all committees and the full board are discussing risks associated with each topic on


Poll question #5

Are you experiencing/seeing measurable shifts in the focus on risk in your organization by the board and management team?

• Yes• No• Don’t Know/Not applicable• Don’t Know/Not applicable

Are you experiencing/seeing measurable shifts in the focus on risk in your organization by the board and management team?


Questions & AnswersQuestions & Answers


Join us November 4as our Corporate Governance series presents:

An Enterprise without An Enterprise without Borders – Subsidiary and Third-Party Controls and Governance Practices

Join us November 4th at 2 PM EST as our Corporate Governance

An Enterprise without An Enterprise without Subsidiary and

Party Controls and Governance Practices


Thank you for joining today’s webcast.

To request CPE credit, To request CPE credit, click the link below.

Thank you for joining today’s webcast.

To request CPE credit,


To request CPE credit, click the link below.

Contact information

Henry Ristuccia, PartnerDeloitte & Touche [email protected]

Maureen Errity, DirectorDeloitte [email protected]@deloitte.com

Steve Wagner, Retired PartnerDeloitte & Touche LLPSenior Advisor to Deloitte Center for Corporate [email protected]


Senior Advisor to Deloitte Center for Corporate Governance

mailto:[email protected]




This presentation contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this presentation, rendering business, financial, investment, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation.

This presentation contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this presentation, rendering business, financial, investment, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by


About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its






deloitte - cfo's role in supporting bod

Documents