Daniel Kim | Product Marketing Manager | DoximJoanne Lam | Risk Management Practice Leader | MNPSharon Russell | Enterprise Risk Manager, Privacy Officer | Doxim

Enterprise Risk ManagementGaining Control Over Your Risks

Agenda

Framework for Enterprise Risk Management (ERM) Performance Risk Management Approach ERM Evolution Challenges in Implementation Key Benefits Doxim RiskManager Demo Q & A session

MNP LLP

Founded in 1945 7th largest accountancy and advisory firm in Canada 80 locations and 3,000 team members Enterprise Risk Services:

Enterprise Risk Management Regulatory Compliance Internal Audit Business Resilience Security & Forensics Technology Risk Insurance

What is Performance Risk Management?

Traditional ERM is regarded as a compliance process; a tick-the-box exercise.

PRM is an enhanced risk management process that increases your organization’s ability to achieve its objectives by focusing on managing barriers to achieving your annual performance goals.

Leading practice companies use ERM as a critical tool to facilitate performance management

What is The Principle Goal For ERM at Your Organization?

• To increase the likelihood that your company will achieve the targets set out in its Strategic Plan.

• The Important Questions are…

What is your organization trying to accomplish?

What are the biggest influencers of this success (positive or negative)?

How should your company use its resources most effectively to manage these risks?

What is the status of your ERM efforts?

Performance Risk Management Approach

Key Objectives

Partners & Suppliers

Significant Projects

Key Processes

Critical IT Systems

A. Key Objectives• Risk 1• Risk 2…

B. Significant Projects• Risk 1• Risk 2…

C. Key Processes• Risk 1• Risk 2…

D. Critical IT Systems• Risk 1• Risk 2…

E. Partners & Suppliers• Risk 1• Risk 2…

Assess risk impact and likelihood

Compare risk scores to risk appetite

Identify risk owners

Develop risks responses for risks above appetite

Align and agree strategic drivers

Risks are understoodRisks are managed

and resourced effectively

Predictable and improved

performance

Management is breaking down silos

Uses corporate and departmental objectives, key processes, significant projects, critical IT systems and supply chain to categorize risks

As a result, all risks become aligned with your business priorities

Helps to shift risk management focus from process to cultural

What is Distinct About This Approach?

1 2 3 4 5

TIME ELAPSED (YEARS)

VA

LU

E

0

ProgramInitiation

Leading Practices

· Process in place to identify and record risks at an acceptable level

· ERM documentation tool supports decision making and communication of risk profiles

· ERM tool compliments Planning processes

· Consistent methodologies are in place to assess risks (inherent, residual, and tolerance)

· ERM concepts and practices are integrated into the Planning processes

· Risks are managed formally at all levels in organization

· Risk management is part of routine activities

· Management has in place processes and programs to anticipate future and emerging risks

· ERM is leveraged to identify opportunities

FO

CU

S S

HIF

T

Process Focus

Cultural Focus

ERM Evolution

Challenges in Implementing ERM

Unclear/changing objectives

Lack of ownership and accountability of risks

Risk adverse climate lowering risk tolerance to unrealistic levels

ERM is compliance-driven, not strategy-driven

Information Management

Lack of support/understanding from the top

ERM Key Benefits

Financial and operational performance

• Less volatility

• Costs under control

• Better allocation of resources – time and money

• More informed decision making

- Enhanced management capability / forward looking focus

- Greater clarity of responsibilitiesand accountabilities

• Efficiency and effectiveness of processes

- Reinforce focus in high priority areas

• Culture and behaviour:

- More open

- Risk aware versus risk averse or risk taking

- Better teamwork

• Assists with management of change

• Improved assurance – to management and regulatory bodies

• Reputation protected and enhanced

Measurable Improvements Less measurable but still valuable

• Help senior leadership fulfill their role

• Comply with policies & regulations

• Assisting in shaping / prioritizing focus of assurance functions

Conformance Improvements

ERM Workshop Series for Credit Unions

Workshop #1: Current State Assessment

Workshop #2: Risk Evaluation & Measurement

Workshop #3: Risk Response

Workshop #4: Risk Framework Development

Workshop #5: Provincial Compliance Checklist

Doxim RiskManager

Doxim Inc.

13

Founded in 1999 Leading service provider to 65% Canadian Credit Unions 3 locations, 100+ staff Products and Services:

ERM Software Statement Processing Enhanced Statements ePresentment Automated Account Opening

Doxim RiskManager for ERMDoxim’s clients have voiced a new need;

Regulator mandates are driving need to implement ERM DICO, DGCM, CUDIC, etc… Subset of Risk Management imperative

Difficult to manage manually Need a cost effective, purpose built tool:

Doxim RiskManager: Best of Breed, cloud based solution Easy to use, secure, collaborative Manage all risks across a Credit Union

Doxim RiskManager Benefits

SaaS solution = monthly fee vs big upfront investment Priced for the Credit Union marketplace Fully scalable for any sized organization Secure multi-tenant environment ensures data privacy Pre-built content:

DICO, DGCM and other provincial

ERM regulations framework preloaded Facilitates collaboration across

departments/locations

Doxim RiskManager Benefits One version for all users Not a black box

Universal accessibility and visibility Supports multi-user access Flexible, real time reporting:

Pre-built and adhoc Custom Dashboards

Multiple user levels admin, mixed, reporting User based permissions

Key Capabilities Aligned With ERM Roadmap

Strategic Drivers Work from your Strategic Drivers out

Understand Risk Universe Align all Risks Under the Strategic Drivers

Manage and Resource Your Risks Identifying Inherent Likelihood and Impact Compare Risk Scores to Risk Appetite Identify the Risk Owners Develop Risk Responses

Risk Monitoring/Reporting Optimization Including Continuous

Improvement Dashboards and Reporting

Contact Information

Joanne Lam MBA, CRMA, ABCPRisk Management Practice LeaderMNP LLP416-263-6991joanne.lam@mnp.ca

Sharon RussellEnterprise Risk Manager, Privacy OfficerDoxim416-204-7522srussell@doxim.com

Connect With Us

facebook.com/doxim

@Doxim_Inc

linkedin.com/company/doxim-inc.

doxim.com/blog

youtube.com/doximTV

www.doxim.com