How Enterprise Risk Management, Sustainability and ROI Work Together
Enterprise Risk Management (ERM)
is a process, effected by an organization’s board of directors, management and
other personnel, a key part of strategy and applied across the enterprise,
designed to identify potential events that may affect the organization, and
manage risk to be within its risk appetite, to provide reasonable assurance
regarding the achievement of organization objectives. ERM is a complex area that
challenges organizations and Board of Directors in deciding how to effectively
implement this critical process.
We will discuss how to obtain a
Return On Investment (ROI) for your ERM process, and how sustainability is an
important part of ERM. There are pitfalls to avoid when implementing your ERM
process such as lack of understanding or clarification of the definition of the
risk terms i.e. risk appetite, inherent risk, and residual risk. Also, we will
discuss how to avoid other pitfalls such as not including all stakeholders,
allowing technology to drive the process, failing to clarify roles and
responsibilities, and others.
We will explore a practical
approach to implementing ERM and will learn which risk framework to adopt for
how to develop a common risk
how to identify key risks and
establish an organization’s risk portfolio
how to establish management’s
decide who has responsibility
and authority to address risk or take on risk on behalf of the organization
how to assess risk that
influence value and develop risk responses
and how to develop risk
monitoring and reporting processes.
This will be a highly
interactive one and a half days with a fun case study where we will practice the
primary elements of ERM, participate in how to exercises, and group projects.
Key goals of the conference will include learning:
Learn how to determine the risks for your organization – How to get started on the ERM journey
Learn how to weigh Risk to determine the key risks – Not all risks are created equal
Learn how to develop a common risk language – ERM has a language that needs to be customized for your organization
Learn to determine Risk Appetite – Learn the steps for establishing your organization’s Risk Appetite
Learn which is the appropriate Risk Framework for your organization – Evaluate the different Risk Frameworks
Learn how to develop and prioritize a Risk Portfolio – Develop an ERM heat map
Learn how to develop your management’s Risk Tolerance – A tactical consideration for your ERM journey
Learn who is responsible for the Risk – What are the roles of the Board Of Directors, Executive Management, Chief Risk Officer, and Internal Audit
Learn how to decide to Avoid, Accept, Reduce, or Control A Risk – How do you respond to The risks identified
Learn the appropriate Risk Monitoring and Reporting Processes – How do you prepare a presentation to the Board Of Directors And Executive Management
Learn how to perform Risk Assessments effectively – Risk Assessments are a critical part of ERM, and are Part Art, and Part Science
Learn how to calculate the ROI on your ERM process
Learn how sustainability is an important part of the ERM process
Course Description & Agenda
8:30 - 9:00
9:00 - 10:30
ERM Process Overview -We will discuss the history of ERM, and the successful elements of an ERM process.
Define Common Risk Language-We will discuss the definitions of the key risk terms so that you can begin developing a common risk language for your organization.
Interactive Exercise to Select a Risk Framework -We will discuss the major risk frameworks and perform an exercise so that you can select the appropriate framework for your organization.
10:30 - 10:45
10:45 - 12:00
Each Team Members Responsibilities and Reporting Methods to Create an Effective Risk Management Program – We will discuss the Board of Directors, Executive Management, Chief Risk Officer, and Internal Audit
Role of Risk Committee – We will discuss how to develop an effective Risk Committee within your organization.
Introduction of Case Study – We will begin our fun case study of a Company to apply the principles of ERM that we have discussed.
12:00 - 01:00
01:00 - 2:45
Develop Business Case for ERM – We will discuss the steps to develop a business case for ERM, and then apply these steps by developing a business case for our case study Company.
Calculate the ROI on ERM
Identify Key Risks (Facilitated Workshop) – We will identify the risks for our case study Company, and introduce a tool to identify the key risks.
2:45 - 3:00
3.00 - 4:30
We will learn how Sustainability is a key part of the ERM process.
Develop Questionnaire for ERM risks – We will develop an ERM questionnaire for our case study Company.
Develop Companywide Risk Portfolio for the Case Study – We will apply the tool we discussed for identifying key risks to our case study Company.
Risk Assessments – Risk assessments are a critical part of ERM, and we will discuss how to effectively perform these assessments
End of day 1 Session
8:30 - 10:15
Assign Ownership for the Risks – We will discuss how to appropriately ensure ownership of the key risks by obtaining buy in from executive management.
Assess Risk That Influence Value and Develop Risk Responses (Avoid/Accept/Reduce/Control) – We will learn how to respond to the key risks, and practice this approach in our case study.
Develop Heat Map for Case Study
Develop Supporting Data Sheets to Support Heat Map Results – There is a lot of back of the scenes work in developing a heat map, and we will review a methodology to provide the needed support for your heat map.
10:15 - 10:30
10:30 - 12:00
ERM Risks Mapped to Auditable Entities – After the key risks have been agreed upon we will discuss how this drives the internal audit schedule.
ERM Risks Mapped to 10-K Risk Factors – We will explore how the ERM risks relate to the 10K risks included in your SEC filing.
Develop Risk Monitoring and Reporting Processes – It is important to have a process to ensure risk mitigation plans are implemented and have the desired outcome.
How to Link ERM and the Strategic Plan – We will discuss how to link ERM to your organization’s strategic planning process.
About the Speaker
Bob Brewer currently is a Senior Consultant and Trainer with JPA International, Inc., a private consulting/training firm with a wide range of services that support auditing and financial professionals to thrive in a competitive work place. Bob served as Senior Vice President and Chief Compliance Officer for Office Depot from 2005 to 2013. In this role, Bob had overall responsibility for compliance activities on a global basis for a retailer who provided supplies and services to its customers through 2,200 worldwide retail stores, have annual sales reaching $17 billion, employing 66,000 associates around the world. Office Depot provides more office supplies and services to more customers in more countries than any other company, and currently sells to customers directly or through affiliates in 59 countries. Among other functions, global internal audit, loss prevention, risk management functions and social compliance reported to Bob. He had direct reporting relationship with the Audit Committee of the Board with respect to audit and risk assessment matters. He also served as the Chair of the Board of Directors for the Office Depot Foundation providing resources and product valued at over $12 million annually. He previously served as Vice President of Global Corporate Audit Services for six years.
Prior to joining Office Depot, Bob was Director of Audit for W.R. Grace & Co., Boca Raton, FL; Director of Audits/Security for Praxair Inc., Danbury, CT; Manager of Audit Regions for Union Carbide Corporation, Danbury, CT; and Manager of Internal Audits for the West Virginia Department of Highways, Charleston, WV. He holds a MBA from the University of New Haven, CT; a CPA from the State of West Virginia; and a BS from the West Virginia Institute of Technology, Montgomery, WV.
Bob is a member of the Audit/Finance Committee of Neighborhood Housing Services of South Florida, the American Institute of CPA’s (Past Chairman of the Business & Industry Executive Committee, and served on the Nominations and Board of Examiners Committees); the West Virginia Society of CPA’s; and the Institute of Internal Auditors (Board of Governors and former Vice President of Student Relations). He is a frequent speaker at professional conferences, focusing his remarks on best practices in the field of internal audit and risk assessment.
In his free time, Bob enjoys playing golf, traveling, reading and spending time with his family. Additionally, he is active in his church and local community projects.