Upload
doanh
View
223
Download
0
Embed Size (px)
Citation preview
Enterprise Risk Management Integrating Compliance, ERM and Internal Control
Dan Kaneshiro, Office of Management and Budget Temika Edwards, Department of Homeland Security John Sammon, Transportation Security Administration Jacki Ponti, USDA Rural Development
Moderator: W. Todd Grams, Deloitte
2
AFERMSummit2017IntegratingCompliance,ERMandInternal
Control
DanKaneshiroOfCiceofManagementandBudget
November1,2017
3
BackgroundandContext
Integra2onofInternalControlsandERM
4
ERMandInternalControls
5
Governance
EnterpriseRiskManagement
RiskManagement
InternalControls
A-123FutureState
A-123Priorto2016
Source:BasedonCOSO
RiskManagement
InternalControls
ERMandInternalControlsTheCubeVersion
6
A-123Sec2onII.Update(EnterpriseRiskManagement)
Source:BasedonCOSO
LevelsofOrganizationalStructure
ComponentsofInternalControl
ControlActivities
InformationandCommunication
Monitoring
RiskAssessment
ControlEnvironment Function
OperatingU
nit
Division
Entity Monitoring
InternalEnvironment
Subsidiary
BusinessUnit
Division
Entity-Level
ObjectiveSetting
EventIdentification
RiskAssessment
RiskResponse
ControlActivities
InformationandCommunication
Monitoring
Source:GAOGreenBook
A-123Sec2onIII.Update(InternalControls)
AFERM Summit 2017 INTEGRATING COMPLIANCE, INTERNAL CONTROLS, ERM Temika Edwards Department of Homeland Security November 1, 2017
7
ERM AND INTERNAL CONTROL IN PRACTICE
8
InJuly2016OMBupdateditsCircularNo.A-123tomodernizeeffortstoimplementandcoordinateERMwithstrategicplanningandinternalcontrols.TSAChiefPerformanceandEnterpriseRiskfacilitatedanA-123workinggrouptoimplementthesesuggestedchanges.TheERMandInternalControlsImplementa2onPlanconsistedofthefollowing:
1. Develop Risk Profile
2. Align Risk Responses & Internal Controls
3. Evaluate & Report Internal Controls
4. Coordinate with Requirements &
Budget
KEYCHALLENGES:
Integra4ngERMandInternalControlTaxonomiescanbecomplexü Iden2fyawaytoalignERMandInternalControls
Taxonomythatmakessensefortheopera2ons
Aligningtopriskandinternalcontroltechniquescanbecumbersomeü Currentriskresponsealignmentwasmoreeffec2ve
1.
2.
3. Collabora4onsshouldbeins4tu4onalizedandnotbasedonrela4onshipsü Embedintegra4onmethodsintopoliciesandbudget
ini4a4ves
9
ERM AND INTERNAL CONTROL INTERGRATION IS KEY TO MISSION SUCCESS
10
StrategicDecisions(OMBA-11)
BudgetDecisions(OMBA-11)
ProgramManagement(OMBA-11)
• Opera4onalControlObjec4ves• Repor4ngControlObjec4ves• ComplianceControlObjec4ves• RiskAssessments
• AgencyPriorityGoals• CrossAgencyPriorityGoals• FedStat
• Policy• President’sBudget• CongressionalJus4fica4on
• Mission/Vision• Goals/Objec4ves• StrategicPlanning
CXO/Opera4onsSupport(OMBA-123)
RisksandUncertainty
• Strategic• Opera4onal• Reputa4onal• Financial• Etc.
Source:OMB
TIPS TO AVOID PITFALS WHEN PREPARING TO IMPLEMENT ERM & INTEGRATE INTERNAL CONTROLS
11