berrydunn.com | GAIN CONTROL

Enterprise Risk Management: from Resistance to Resilience

NASACT 2014 Annual Conference Bill Brown, Principal, BerryDunn

DISCUSSION POINTS

• What is Enterprise Risk Management (ERM)?

• Why is it necessary?

• How can it benefit your organization?

2

WHAT IS ERM?

Enterprise Risk Management (ERM) is a holistic approach to identifying, measuring, prioritizing and addressing the risks of an organization at the enterprise level.

3

• Encourage strategic alignment • Standardize core knowledge • Drive success • Support organizational values

• Take a long-term outlook • Be internally managed • Leverage technology • Improve quality

WHAT IS ERM? COMMON STANDARDS & OBJECTIVES

4

WHAT IS ERM? 8 PRINCIPLES

5

ERM

Assess risk environment

Determine expected vs unexpected

Understand risks & current controls

Identify risk activities

Mitigation & mgmt

planning

Assign ownership

Provide governance

Monitor

6

THE BUILDING BLOCKS OF ERM

• Consistent approach

• Government as a single, unified entity

• Shared risk appetite across agencies

• Consistency among diverse initiatives

• Formalized accountability and ownership

• Process to escalate and report risks

• Leadership review of strategic risk initiatives

WHY IS TRADITIONAL RISK MANAGEMENT INADEQUATE?

7

Does not serve the organization as a whole

Inefficiently allocates scarce resources

Ignores the goal of resiliency

CHARACTERISTICS OF A SUCCESSFUL ERM PROGRAM

8

Transparent, holistic, and focused on resiliency

Include action-based frameworks

Encourage enterprise-

wide collaboration

Include a formal

reporting process

Encourage proactive

discussions

A HOLISTIC SOLUTION IS CRITICAL

9

10

SUCCESSES ARE QUIET. EVENTS (AND FAILURES) ARE NOISY.

CASE STUDY: INTEGRATED ERM PROGRAM

State Agencies Manage Risks

Monitor Compliance Implement Corrective Action

Report Results

ERM Committee Compliance Oversight Discuss/Review KRIs Review Dashboards

Review/Update Action Chart

Internal Audit Assess Compliance

Report Results

ERM Dashboard Business Unit KRIs

Charts Action Plans

Controllers’ Office Review ERM Committee Results

Present to Governor’s Office

Governors’ Office Review Strategic KRIs

Review Dashboard Feedback on Strategic Direction

Feedback on Risk Appetite

Audit Committee

11

12

BENEFITS OF ERM

Risk

Cost of Controls

RESILIENCE: THE PROPER GOAL OF ERM

13

THANK YOU! QUESTIONS?

14

Bill Brown, CPA, CFE, MAFF Principal, BerryDunn bbrown@berrydunn.com