Compliance Made Simple ™

Enterprise Risk Management

Now * New * Next

2016

2Compliance Made Simple ™

Introductions

• Ali Alizada, ISASr Associate at Aviva Spectrum

Specialize in Control Compliance AssessmentCertified Blackline Implementation Partner

• Amit Dewan, CPA, CISA, CRMA, CA Director of Client Services at Aviva Spectrum. Specialize in Compliance Assessment, ERP implementations

3Compliance Made Simple ™

Source: http://erm.coso.org/Pages/default.aspx

4Compliance Made Simple ™

Polling question

How many of us have in place the existing ERM integrated framework?

5Compliance Made Simple ™

Today’s Agenda

• What is Changing in the ERM Framework• How it may impact the Board & your Strategy

Selection• Guide to aligning Risk with Strategy &

Performance

6Compliance Made Simple ™

Change

7Compliance Made Simple ™

ERM DRAFT – 2016!• Executive Summary (14 pages)• Public Exposure (132 pages)

8Compliance Made Simple ™

ERM DRAFT – 2016!• Application Techniques which provided illustrations of

techniques used at various levels of an organization in applying enterprise risk management components will not be updated as part of this project.

112 pages

9Compliance Made Simple ™

Why New ERM?• The idea behind ERM is to enhance an organizations ability

to manage “uncertainty” and to consider “how much” risk to accept in pursuit of increasing shareholder value.

• Since 2004 (when the original framework was established) the business environment and its risk complexities have changed with emergence of new risks.

• In this new environment Boards need to continue managing risk but with old framework (that was designed in 2004)…..hmmm don’t think so…. So coming to the rescue is the new framework.

10Compliance Made Simple ™

Why new ERM? (cont.)

The Name says it all:Enterprise Risk Management- Aligning Risk with Strategy and Performance

This new framework is expected to provide greater insight into strategy and the role of ERM in:

– Setting and execution of strategy – Enhanced alignment between organizations performance and

ERM– Accommodate expectations for governance oversight

11Compliance Made Simple ™

The ERM Cube!

12Compliance Made Simple ™

The Integrated framework (2004)Its philosophy was to help entities better protect and enhance stakeholder value: “Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives.”

Therefore, the updated Framework in the current publication:- Connects multitude of risks mgmt. with stakeholder expectations- Position risk in terms of performance vs being just an isolated

exercise of with list of risks.- Enable to be more anticipatory. Look at valuable opportunities

created by change.

13Compliance Made Simple ™

New Definition

ERM is defined as “the culture, capabilities, and practices, integrated with strategy-setting and its execution, that organizations rely on to manage risk in creating, preserving, and realizing value.”

The definition brings focus on managing risk through:– Recognizing culture and capabilities– Applying practices– Integrating with strategy- setting and its execution– Managing risk to strategy and business objectives– Linking to creating, preserving, and realizing value.

14Compliance Made Simple ™

Key CHANGES ExpectedAdopts a components and principles structureSimplifies the definition of enterprise risk managementEmphasizes the relationship between risk and valueRenews the focus on the integration of enterprise risk managementExamines the role of cultureElevates discussion of strategy

15Compliance Made Simple ™

Key CHANGES Expected (contd.)Elevates discussion of strategyEnhances the alignment between performance and enterprise risk managementLinks enterprise risk management into decision-making more explicitlyDelineates between enterprise risk management and internal controlsRefines risk appetite and acceptable variation in performance (risk tolerance)

16Compliance Made Simple ™

Impact on Board & Strategy Selection

BOD has a responsibility of risk oversight, and its mix of skills, experience, business knowledge need to be appropriate. Closely link strategy and objectives to both risk and opportunity. It helps the Board gain better understanding of how risk may impact the choice of strategy. Provides sense of selected strategies strength’s and weaknesses as conditions change. More confident that they have looked at alternatives.

17Compliance Made Simple ™

Impact on Board & Strategy Selection (contd.)Strategic Value benefits of integrating ERM (to name a few)

Increasing the range of opportunities

Identifying and managing risk entity-wide

Reducing negative surprises and increasing gains

Reducing performance variability

Improving resource deployment

18Compliance Made Simple ™

Impact on Board & Strategy Selection (contd.)

19Compliance Made Simple ™

Aligning Risk with Strategy & Performance

The framework itself is a set of principles:

Risk Governance and Culture: sets the organization’s tone; establishing oversight responsibilities; ethical values; desired behaviors.

Risk, Strategy, and Objective-Setting: strategic-planning process; risk appetite.

Risk in Execution: achievement of strategy and business objectives; prioritized by severity; risk responses.

Risk Information, Communication, and Reporting: continual process of obtaining and sharing necessary information which flows up, down, and across the organization.

Monitoring ERM Performance: consider how well ERM components are functioning over time and in light of substantial changes.

20Compliance Made Simple ™

21Compliance Made Simple ™

QUESTIONS

22Compliance Made Simple ™

Join the Community

Free CPE – Webinars (LIVE)Free templatesDecoding the Updated ERM- Webinar (Q1/Q2 2017)

23Compliance Made Simple ™

Compliance DiagnosticEmail us for 3 SPOTS ONLY: Info@avivaspectrum.com

SUBJECT: ERM CCA Diagnostic

ReportAnalysisIn-take

24Compliance Made Simple ™

QUESTIONS

25Compliance Made Simple ™

CONNECT