Page 1

looking for someone to write dissertation methodology on education due soon 05 13

writing a research evolution writers outline mla style 05 05


essay about sri lanka for kids 05 12




bamboo evolution writers app pen 05 05

write my thesis on economics 05 12

looking for someone to do research proposal on alcohol due soon 05 10


does the essay on the sat count 05 12

mcalvey report 05 14

how hard is it to do a dissertation 05 10

hp iron on transfer evolution writers instructions 05 04

seedsman sleestack x skunk 1 smoke report california 05 15

case study down syndrome 05 10

english language evolution writers 3 tips 05 04

15 august essay in hindi for class 5 05 02


3 paragraph essay on isaac newton 05 02

historical evolution writers of writing 05 05

afrikaans evolution writers 3 grade 10 05 04

affordable care act reinsurance fees 05 11

short essay on i want to be a doctor 05 05

ib chemistry lab report voltaic cell measure 05 17

human right in hindi essay on swachh 05 14

evolution writers artist help 05 04

i need help writing a thesis statement 05 04


123 help me evolution writers 05 05

7th grade expository essay examples 05 02

graphic organizer for cause and effect essay 05 08


gmr annual report 2018 10 08 19



nielsen 2018 social media report software 05 13

1984 essay 05 02

erie county econimic reports 05 15

amarillo essay writers 05 13


evolution writers cut help 05 05

crepe evolution writers skin help 05 03

leader definition essay on success 05 13

how did evolution writers china 05 05

clackamas esd training presentation 05 12


essay editing software 05 02


Sarah Lawrence College, Yonkers ​hi I medchem key in this brief video we're going to talk about enterprise risk management or erm for short erm has been described in many ways but here's a definition that encompasses a common theme enterprise risk management is a systematic objective oriented approach to gain competitive advantage through more efficient deployment of scarce resources better decision-making and improved goal achievement rapid changes in information technology the explosion of globalization and outsourcing the sophistication of business transactions and increased competition combined with economic and political uncertainty is putting more pressure than ever on organisations to understand and assess their wrists however many of the techniques used by boards and senior executives are dated lacks sophistication and are no longer effective in creating and maintaining an organization's competitive advantage I like to quote from Jack well to a CEO of General Electric if the rate of change on the outside exceeds the rate of change on the inside the end is near and i'm pretty sure things are moving even faster today than when he was originally quoted this slide shows the contrast between traditional and enterprise risk management on the left side you see the organization operates in a defensive mode relying on the purchase of insurance when possible the perspective of risk is that of hazards and is oriented around cause of loss risk treatment operates in silos within departments and consequently is a bottom-up process or a defensive position on the right you see that erm looks at the upside of risks and the many opportunities it can present it's tied to strategic objectives and is a coordinated approach that looks at all departments subject matter experts and risk committees are used to identify risks and it is a top-down process or an offensive position the question is how do we make the transition from traditional to erm in the next few slides I'll show you the process we use to help organizations efficiently and effectively accomplish this the first step is to evaluate the organization's existing approach to managing risk we use a benchmark tool that rates against recommended erm practices based on ten key factors and their underlying competency drivers these best practices are from the ISO 31000 international standard risk management principles and guidelines by the way ISO 31000 has become the leading risk management standard due to its flexibility and adaptability to any industry whether for-profit or not-for-profit this then gives us a snapshot of where the organization is today and is also useful for periodically measuring progress as your erm program matures this slide shows the actual ratings for an organization that started the transition in December of 2013 their benchmark rating average was twenty-eight percent which is not unusual for a beginning score just as importantly the benchmark also referred to as a gap analysis tool tells us where the organization needs to improve this in turn is used to create a transition plan that addresses the activities that need to take place including who will be responsible and the timeframe for completion the plan activities are typically completed within a 30-day period now one important aspect is training we do that in live settings like workshops that we'll see in a couple of slides as well as online for convenience let me take a moment to show you the online feature risk skill center is our online membership site where we teach best risk management practices for busy executives here we are on the homepage and as you can see there's two training tracks from which to choose one is for board members and the other is for management the board track has four modules as you can see here and can be completed in less than 30 minutes the management track has five modules and can be completed in less than an hour as an example module one in the board track includes a short video the key messages from the video are on the right and if we scroll down there's a quiz to test knowledge these modules take an average of five minutes each and provide the basic knowledge for the user to effectively participate in the process going forward the next step is to interview business unit managers in order to document objectives identify risks and and determine the current control environment this provides insight to the risks as well as the internal and external context for further analysis we then enter this information into a risk assessment workshop software tool starting with the objectives in this slide you can see the three objectives used for our sample organisation they are to maximize income safety performance and environmental impact of course most organizations have more objectives we're just using three for simplicity sake we then enter the risk that were uncovered from the interviews as they relate to each of the objectives for example the first risk has to do with an IT security breach and its potential impact to the right of that you can see the boxes for raiding the impact likelihood and control effectiveness we then conduct a risk and control assessment workshop with the risk management team a workshop format enables the participants to both contribute and learn in a natural environment the result is not only a ranked list of key risks but a fascinating discussion about the control environment risk appetite and individual risk tolerances as stakeholders walk away from the session their understanding of business

objectives operations and challenges has expanded and they're equipped with the knowledge and the detailed analysis to make improve decisions to avoid groupthink or the potential bias at one individual can place on the group opinion voting software is used to enable anonymous assessment of risk in a workshop environment each risk is then projected on a screen with a rating scale now here's an example of the IT security breach the risk is described and then the question is asked to rate it in this case it's regarding the impact the risk would have on the organization each of the workshop attendees has a handheld remote in which they can enter their rating which is instantly displayed on the screen here's an example of six votes with for being different into the same with this kind of diversity of opinion occurs it's time to stop and discuss the risk in more detail as more information is shared the group decides at some point during further discussion when it's appropriate to vote again now here's an example of a revote on the same risk after discussion as you can see the scores are much tighter indicating a consensus based upon the improved information once all the votes are completed the scores are now recorded for the impact likelihood and control effectiveness for each risk it's now time to discuss which individuals would be appropriate to take ownership of each risk as well as action plans were appropriate for improving the effectiveness of controls this information is then uploaded to GRC cloud web-based software that enables the organization to collaboratively manage the risks gr c stands for governance risk and compliance and let me show you how it works when you log into GRC cloud you'll be on the home page that displays a dashboard from here you can access details by clicking on any portion of the pie charts or we can build custom reports that you can access from the reports section in the upper left corner let's take a look at performance risk management report the performance risk management report starts on the left-hand side with the corporate objectives here we can see those objectives that we brought over from the workshop starting with maximize income I'll scroll down here there are safety performance and environmental impact now the next column to the right of the report here is overall risk which is a combination of the impact and likelihood for the objective risk event description the impact in likelihood that came over from the workshop a description of the impact of this risk if it did occur the risk owner that was assigned in this case it'll be Thomas Jefferson level of risk which is a total of the combination of the impact in likelihood a risk response description in this case there was currently no controls in place nor do we have insurance for this type of event and then a rating for the effectiveness of the risk response here it's saying it's non-existent not at all or unknown let's go back to the homepage and let's take a look at another report let's look at the report for action plan status now this report starts out on the left side again with the risk event description it includes the impact and likelihood description of impact our risk owner in this case for the IT security thomas jefferson the response and the effectiveness that we've already looked at and then it comes up with the gap summary the gap summary is the difference between the effectiveness the response we have right now for the risk and where we would like to be then we can scroll the right here we can see that there's an action plan status basically tells us how this is progressing a plan owner now that can be the risk owner such as Thomas Jefferson or could be delegated to another individual the detailed action plan in this case we're going to implement a general computer security policy and a data breach response policy due date and priority now Thomas Jefferson can come in here at any time and he can change the things having to do with the risk that he owns for example you can come in here and edit the date maybe he needs to change the date because he's got other projects going on he can edit the action plan and put more information in there and he can come in and he can edit the action plan workflow he can click it when it's complete so everybody knows that this is done so he has total control over his risk now if we score down our scale down here in just a second we'll see the next wrist down is acceptable and committed this means that the risk has no gap and we're going to leave it in the in the system just to show that we've already looked at it and that it is acceptable there's no action plans scrolling down further here we can see a risk Abraham Lincoln overdue and it shows up as in red because his was due back on june thirtieth so again he can come in here and update it he can revise the due date but once again that's going to show up in all the reports as overdue so it's a control measure here to know when things are taking place at the right time one of the other features of the system too by the way is that it will send out email reminders when actions are either coming to do or pass do in order to keep things on track so basically when we upload the information to the system this really puts your program on autopilot and allows you to check the status any time and prepare reports for the board or committee meetings I mentioned the benchmarking tool that we use to establish baseline and measure progress for the same organization we saw earlier this slide shows an updated rating as of July thirty-first 2004 as you can see the average rating of 64% has more than doubled since when they started the transition seven months previously more importantly they're now effectively managing the risks that are most important to achieving their objectives here are just a few of the benefits that can be derived by transitioning to erm increase the likelihood of achieving objectives it does this by understanding the linkage between risk and drivers of value across the breadth of the business there by aligning risk management objectives with the objectives and strategies of the

organization improve governance the board of directors will know the status of risks controls and actions at any point in time providing assistance in fulfilling its responsibilities for risk oversight now this not only improves governance it also enables the organisation to attract and retain high quality board members who engage in the process encourage proactive management designated individuals fully accept accountability are appropriately skilled and have adequate resources to check controls monitor risks improve controls and communicate effectively about risk and their management to external and internal stakeholders establish a reliable basis for cessation making and planning as we saw in the workshop identified risks are analysed in order to make decisions on the most appropriate risk treatment strategies and methods this also fits in nicely when developing the annual strategic business plan improve stakeholder confidence and trust appropriate and timely involvement of stakeholders and in particular decision makers at all levels of the organization ensures that risk management remains relevant and up-to-date improve operational effectiveness and efficiency an emphasis is placed on continual improvement in risk management through the setting of organizational performance goals measurement review and the subsequent modification of processes systems resources capabilities and skills just like we saw in the example of the benchmark tool is enterprise risk management right for your organization you probably have more questions and I'd be happy to provide the answers give me a call let's discuss your needs and see if erm can benefit you as much as it has others thanks again for listening School of American Ballet.