Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
© 2017 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
• More “stuff” is happening • Things are move faster • Expectations keep rising • The unexpected is increasing • There is more conflict • The impact of events is greater• We are moving into a new age of technology and
Business Models
DOES “NOW” REQUIRE SOME DIFFERENT THINKING?
2018 Top Global Risks
•Extreme weather events•Natural disasters•Cyber attacks•Data fraud or theft•Failure of climate-change mitigation and adaptation
Source: WEF Global Risks Report 2018
TOP RISKS FOR 2018Rank Risk Issue YOY
Trend
1 Rapid speed of disruptive innovations and new technologies
2 Resistance to change operations
3 Cyber threats
4Regulatory changes and regulatory scrutiny
5Organization's culture may not encourage timely identification and escalation of risk.
8
9
US SEC Proxy Requirement…
Provide Information About Board Leadership Structure and the Board's Role in Risk Oversight:• The SEC approved rules relating to board leadership structure and the board's role in risk
oversight. The rules require disclosure about:• A company's board leadership structure, including whether the company has combined or
separated the chief executive officer and chairman position, and why the company believes its structure is the most appropriate for the company at the time of the filing.
• In certain circumstances, whether and why a company has a lead independent director and the specific role of such director.
• The extent of the board's role in the risk oversight of the company.
10
Mission• COSO’s Mission is “To provide thought leadership
through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.”
COSO’s Fundamental Principle• EFFECTIVE risk management and internal control
are necessary for long term success of all organizations
12
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring Activities
COSO is Happy ! 1. Demonstrates commitment to integrity and ethical values2. Exercises oversight responsibility3. Establishes structure, authority and responsibility4. Demonstrates commitment to competence5. Enforces accountability
6. Specifies suitable objectives7. Identifies and analyzes risk8. Assesses fraud risk9. Identifies and analyzes significant change
10. Selects and develops control activities11. Selects and develops general controls over technology12. Deploys through policies and procedures
13. Uses relevant information14. Communicates internally15. Communicates externally
16. Conducts ongoing and/or separate evaluations17. Evaluates and communicates deficiencies
14
Principle 9: The Organization AssessesChange… • External, Internal, Business Model, Leadership
“Technology innovation creates both opportunities and risks… It may increase complexity, which makes identifying and managing risk more difficult…The principles presented in this framework do not change with the application of technology… it affects how an organization designs, implements, and conducts internal control, but the same principles remain suitable and relevant.”
15
Principle 15: Assesses Substantial Change
“When innovation is introduced, riskresponses and management actionswill likely need to be modified”
Blockchain Internal Control Issues
Issues• NEW technology, processes and
controls• Security, availability, privacy• Lack of standards• De-centralized• Irreversible, unalterable• MORE…
Positives• Strong Audit Trail• Immutability • Faster• Automated controls, execution• Irreversible, unalterable• Reduces counterfeiting • MORE…
17
A New Title… • Retitled as Enterprise Risk Management—Integrating with Strategy and Performance
• Recognizes the importance of strategy and entity performance
• Further delineates enterprise risk management from internal control
18
1) Provides a New Document Structure
• Framework focused on fewer components (five)
• Uses focused call-out examples to emphasize key points (> 30)• Follows the business model versus an isolated risk management process
22
6) Links to Strategy • Explores strategy from three different perspectives:
–The possibility of strategy and business objectives not aligning with mission, vision and values
–The implications from the strategy chosen–Risk to executing the strategy
23
10) Builds Links to Internal Control • The document does not replace
the Internal Control – Integrated Framework
• The two frameworks are distinct and complementary
• Both use a components and principles structure
• Aspects of internal control common to enterprise risk management are not repeated
• Some aspects of internal control are developed further in this framework
NEW!!- Compendium of Examples
The compendium illustrates:• All principles • A variety of entity sizes from global
through to national, regional, and local entities
• Actual company practices and augmented with expected practices in select areas, as needed
• An ERM perspective from the business mindset
In-Depth View of ERM in Practice
Each example:• Sets out the industry context
• Highlights the key benefits of enterprise risk management
• Lists the principles demonstrated
• Provides facts and circumstances for context
• Offers in-depth discussion
COSO, World Business Council for Sustainable Development to Issue First- Ever Guidance for Applying Enterprise Risk Management (ERM) to Environmental, Social, Governance-related Risks"Business is moving into an era of significant change in corporate governance. Integrating the environmental, social and governance factors into a company’s risk assessment will soon be the norm. New tools are needed for managing this new view of risks to the long-term financial and societal profile of business are needed. Using these tools will mean better decisions that will make more sustainable companies become more successful.“
WBCSD President and CEO Peter Bakker,January 2018
COSO Framework and SustainabilityLeveraging the COSO Internal Control – Integrated Framework to Improve Confidence in Sustainability Performance Data
9/17/2018
What is the “Environmental, Social andGovernance (ESG) Criteria”
The Environmental, Social And Governance (ESG) Criteria is a set of standards for a company’s operations that socially conscious investors use to screen investments. Environmental criteria looks at how a company performs as a steward of the natural environment. Social criteria examines how a company manages relationships with its employees, suppliers, customers and the communities where it operates.Governance deals with a company’s leadership, executive pay, audits and internal controls, and shareholder rights. Source: Investopedia
6/13/2017 © SASB33
Source: PwC, 2014
SHAREHOLDER PROPOSALS
50%GLOBAL INSTITUTIONAL INVESTORS
Will request sustainability information directly from the company
89% “Very likely” to sponsor or co-sponsor a shareholder proposal
More likely to consider ESG information if common standards used
67%
2011 2012 2013 2014 2015
40% 40%45%
55%
Sources: EY, 2011-2014, As You Sow, 2015
Percent of total proposals filed that arerelated to social and environmental issues
63%
2016
67%
Investor Interest in Sustainability-related Information
9/17/2018 © 2017 SASB™
The Global Sustainability Leaders Index (GSLI)• Companies that manage Environmental, Social and Governance (ESG)
issues well can also yield superior risk-adjusted returns. • The index is composed of 100 Global Compact signatories selected on
the basis of Sustainalytics’ proprietary ESG Rating, which identifies the top sustainability performers within their respective sectors and regions.
• To be eligible for the index, companies must have a consistent base-line profitability and meet a set of stringent minimum sustainability criteria.
ESG Matters…
• Valuation multiples 3% -19% higher than median performers
• Margins up to 14.4 % higher
What the Heck is SASB?
SASB is a private initiative designed to improve the sustainability disclosures of US public companies when those sustainability matters are material.Improvement includes:- Disclosure of ESG matters, when material - Specific, comparable, consistent, defined metrics- Decision useful, investment grade- Driven by industry participants
Think it Doesn’t Apply to You ?April 10, 2018, Wall Street Journal, page B6
Apple said it has achieveda decade-old goal ofhaving its facilities powered exclusively by renewable energy, an achievement that will shift thefocus to its supply chain.“We are not going to stop until our supply chain is 100% renewable”Lisa Jackson, VP of Environment
9/17/2018
Even Internal Audit !
Based upon a thorough review by NIKE’s internal audit function, considerable progress has been made to NIKE’s sustainability data processes over the past several fiscal years, including but not limited to: a performance management data system overhaul, development of standard operating procedures, and an improved data governance model. The review also identified opportunities to further improve systems and controls around sustainability reporting. NIKE will continue to evolve and address information systems in light of this goal.
9/17/2018
And Even Legal Advice…“Be aware that sustainability has become a major, mainstream governance topic that encompasses a wide range of issues, including a company’s long-term durability as a successful enterprise, climate change and other environmental risks and impacts, systemic financial stability, management of human capital, labor standards, resource management, and consumer and product safety, and consider how your company presents itself with respect to these matters.” (Wachtell Lipton, July 2018)
9/17/2018
Some Companies are Responding…
“As part of our commitment to transparency, this year we are expanding the reporting of JetBlue’s sustainability performance by incorporating the SASB’s guidelines for the aviation industry. These additional disclosures focus on four sustainability issues and ten metrics that are deemed to be material for our industry. Disclosure is not a static concept. Markets are dynamic and disclosure must keep pace. Integrating SASB disclosures into our sustainability reporting is proof positive that JetBlue intends to stay on the leading edge of sustainability performance and reporting.” JetBlue 2016 SASB Report
9/17/2018
Jet Blue Says…
• As an airline we depend on natural resources. Fuel, water are essential for flight
• We recognize that the airline industry has an important roles to play in addressing global climate change
• Sustainability is key to our long-term business planning• We view sustainability through the lens of fuel efficiency, risk
preparedness and customer experience• This year we are expanding our reporting by incorporating SASB
guidelines for our industry
Where a company discloses its sustainabilitydata isn’t as important as the quality of thatdata…
9/17/2018
The Elephant in the Room…
If that important to company evaluation and valuation, should the information be subject to some form of management certification and/or some form of third-party verification?
What You Might Think About…
• Bring ESG to the attention of Management and Board• Look at SASB Standards for your industry • Look at Peers and their reporting, website• Determine your current ESG activities, metrics and ESG score• Consider costs and benefits of doing more• Communicate with investors • Validate any ESG reporting