SlideShare una empresa de Scribd logo

Upgrading Risk Management and Internal Control in Your Organization

International Federation of Accountants
International Federation of Accountants

Presentation by Vincent Tophoff, IFAC Senior Technical Manager and J. Stephen McNally, Campbell Soup Company Finance Director and Comptroller at the IMA Annual Conference and Exposition, June 2014

Empresariales
1 de 44
Upgrading Risk Management and Internal Control in Your Organization J. Stephen McNally, Campbell Soup & Vincent H. Tophoff, IFAC
Agenda
Upgrading RM/IC in Your Organization  Current Considerations  Assessing RM/IC Maturity Stage  A Case Study  Recap & Call to Action
Current Considerations
Serious RM/IC Flaws • Having a compliance-only mentality • Treating risk as only negative and overlooking idea that organizations need to take risk in pursuit of their objectives • RM/IC that is overly focused on external financial reporting • Regarding RM/IC as a separate function or process • Viewing risk management as predominantly important for operations
Bad vs. Good RM/IC Practices RM/IC as objective in itself vs. RM/IC to help achieve objectives Auditor / staff driven vs. Driven from top down Rules-based vs. Performance & principles-based Off-the-shelf systems vs. Tailored to the organization Focused on loss minimization vs. Also focused on value creation Mainly hard controls vs. Recognizing culture & attitude Imposed vs. Implemented organically Stand-alone / “bolt-on” vs. Integrated / ”built-in” Static, out-of-date vs. Dynamic, evolving Seen as overhead vs. Seen as a sound investment Abandoned vs. Integrated in governance
2013 COSO Internal Control Cube
2004 COSO ERM Cube
COSO IC vs. COSO ERM
ISO 31000 Principles, Framework & Process
COSO ERM vs. ISO 31000 Many entities use both COSO ERM & ISO 31000… … Biggest challenge is that concepts are not aligned COSO ISO 31000 Lengthy vs. Short Focused on ERM vs. General approach to managing risk One cube vs. Principles, framework & process Skewed to negative vs. Risk can be positive or negative Risk already exists vs. Risk tied to achieving objectives Risk & opportunities vs. Opportunities also source of risk More sequential process vs. More iterative process
Relation of Governance, RM & IC • How do you think that governance, risk management, and internal control are related to each other?
Relation of Governance, RM & IC
Assessing RM/IC Maturity Stage
• Is not to have effective controls… • Is not to effectively manage risk… But to • Properly set & achieve your objectives • Avoid too many surprises along the way • And create sustainable value Main Objective of RM/IC
Governance comprises the arrangements (plan, do, check, and act) put in place to ensure that the intended objectives are defined and achieved • RM/IC are integral part of that! RM/IC Integral Part of Good Governance
Relation of Risk Management & Internal Control
Achieving Objectives Through G/RM/IC
RM/IC Maturity Levels
• Use the Frameworks • Consider good practice developments • Perform gap analysis • Determine performance • Look at audit results • Analyze serious flaws • … • Continuously move to improvement! Thoughts on Assessing RM/IC Maturity
Table Discussions • What is the maturity of risk management & internal control at your organization?
A Case Study
My COSO Story U.S. SOX Act 1992 COSO Cube + =
The Evolution SOX Compliance Control Self- Assessment CFO Protocol 2004 2006 2009 • Annual site visits • Content: “Tone”, Financial, I/C • Focus: Location-specific risks • Execute “formal” procedures • Issue “trip report”
My Challenge • First CFO Protocol ever completed • No specific guidance/ expectations • Cross-functional/ multi-location team • No “big picture” flow diagram and/or procedural documentation • No defined risks/ internal controls CFO Protocol: N/A Co-Manufacturing Operations
Our Scope In-Scope Oversight activities to: • Identify • Select; and • Manage ongoing co-manufacturing partner relationships Out-of-Scope • Co-manufacturing partners themselves • Non-CNA businesses: o Canada o Latin America o Pepperidge Farm • Special pack business
Our Game Plan Step 1 Obtain “big picture” overview Step 9 Step 8 Step 7 Step 6 Step 5 Step 4 Step 3 Step 2 Define testing protocol Walkthrough co-mfg processes Define key controls Identify key risks Test key controls Align findings & recommendations Issue final report Determine co-manufacturing objectives
Co-Manufacturing Processes • New partner selection & contracts • Supply Base Quality System Assessments • Formula management & mock recalls • Cost standards & inventory management • Capital investments & fixed assets • Business continuity planning • Other
Entity Structure = CFO Protocol Scope Entity Structure Components CNA Co-Mfg. Operations • Campbell Soup Company o Campbell North America  U.S. Retail  CNA Supply Chain ‒ Napoleon Plant • Global Procurement • Other: Legal, Quality, etc.
Objectives Entity Structure Components CNA Co-Mfg Operations • Strategic • Operational • Internal Reporting • Compliance
Components: Internal Environment Entity Structure Components Encompasses the tone of an organization… What is the internal philosophy and culture?
Components: Objective Setting Entity Structure Components Objectives are a prerequisite… What are we trying to accomplish? Leverage external partners to: - Meet new Brand requirements - Optimize total delivered cost - Address supply chain capacity
Components: Event Identification Entity Structure Components In terms of internal & external events… What could stop us from achieving our objectives? Co-Mfg Risks: - Product quality - Partner’s financial stability - Formula management - Business continuity
Components: Risk Assessment Entity Structure Components Analyze risks to determine how they should be managed… • How good or bad are these events? • Will they really happen?
Components: Risk Response Entity Structure Components What can we do to manage the identified risk? What are the options? • Avoid? • Accept? • Reduce? • Share? • Exploit?
Components: Control Activities Entity Structure Components What policies & procedures should be established to manage the risks as desired? Co-Mfg. Controls: - Quality audits & mock recalls - Co-Man & D&B reporting - Formula Management - Annual BCP review & testing
Components: Information & Communication Entity Structure Components How will we obtain information and communicate? What information is relevant to enable people to carry out their responsibilities? Co-Mfg: - Partner relationship manager - Cross-functional team meetings - Standardized reporting
Components: Monitoring Entity Structure Components How will we know we achieved what we wanted to accomplish? What ongoing management activities and/or separate evaluations can we leverage? Co-Mfg: - Quarterly business reviews - CFO protocol visit(s) - Internal audits - SAS 70
Recap & Call to Action
• Serious RM/IC flaws • Frameworks and guidance can help • Climbing maturity ladder through continual improvement • Companies like Campbell’s are on this journey • What about you and your organization? Recap
Effective RM/IC & You • How could you more effectively leverage risk management & internal control within your organization?
• Build subject-matter-expertise regarding frameworks, standards & other guidance • Educate audit committee, C-suite, operating unit & functional management • Support line management through provision of high-quality information • Establish good RM/IC for the finance function • Champion importance of continuous RM/IC improvement Management Accountant: Call to Action
10 Paragon Drive, Suite 1 Montvale, New Jersey 07645-1760 U.S.A. (800) 638-4427 +1 (201) 573-9000 www.imanet.org 10 Paragon Drive, Suite 1 Montvale, New Jersey 07645-1760 U.S.A. (800) 638-4427 +1 (201) 573-9000 www.imanet.org

Recomendados

Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for Bankers
David Vu
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
Andrew Smart
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
Jeff B
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
Andrew Smart
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
International Federation of Accountants
 

Recomendados

Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for Bankers
David Vu
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
Andrew Smart
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
Jeff B
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
Andrew Smart
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
International Federation of Accountants
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
GlobalStrategyTribe
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
Treasury Consulting LLP
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
deeptica
 
Implementing a Risk Management System based on the ISO 31000
Implementing a Risk Management System based on the ISO 31000Implementing a Risk Management System based on the ISO 31000
Implementing a Risk Management System based on the ISO 31000
Continuity and Resilience
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
ShivamSharma909
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0
Rachael Phelan
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
Andrew Smart
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
International Federation of Accountants
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
Max Neira Schliemann
 
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
Hafiz Sheikh Adnan Ahmed
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
Irfan Ahmed - ACA, CICA
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
 
Coso framework
Coso frameworkCoso framework
Coso framework
Darryl Woolley
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
PECB
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
Sophia Abigayle
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
Colleen Beck-Domanico
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
Towers Perrin
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your Organization
International Federation of Accountants
 
Governance, Risk Management, and Internal Control
Governance, Risk Management, and Internal ControlGovernance, Risk Management, and Internal Control
Governance, Risk Management, and Internal Control
International Federation of Accountants
 

Más contenido relacionado

La actualidad más candente

Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
Treasury Consulting LLP
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
deeptica
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0
Rachael Phelan
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
PECB
 

La actualidad más candente (20)

PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
Implementing a Risk Management System based on the ISO 31000
Implementing a Risk Management System based on the ISO 31000Implementing a Risk Management System based on the ISO 31000
Implementing a Risk Management System based on the ISO 31000
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
 
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
Leveraging ISO 31000 for Effective Integration of Risk Management and Interna...
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Coso framework
Coso frameworkCoso framework
Coso framework
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 

Destacado

internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessment
Manoj Agarwal
 
Internal control system
Internal control systemInternal control system
Internal control system
Hina Varshney
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
Hardik Shah
 
Strategically managing your insurance program
Strategically managing your insurance programStrategically managing your insurance program
Strategically managing your insurance program
mikaelastafrace
 

Destacado (20)

Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your Organization
 
Governance, Risk Management, and Internal Control
Governance, Risk Management, and Internal ControlGovernance, Risk Management, and Internal Control
Governance, Risk Management, and Internal Control
 
RMIC - It's What We Do
RMIC - It's What We DoRMIC - It's What We Do
RMIC - It's What We Do
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessment
 
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit OrganizationsManaging Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
 
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
IMA Annual Event LA 2015 Brad Monterio and Liv Watson 23 jun15
 
The Essential Experience for CAEs: Risk Management is Dead, Long Live Risk Ma...
The Essential Experience for CAEs: Risk Management is Dead, Long Live Risk Ma...The Essential Experience for CAEs: Risk Management is Dead, Long Live Risk Ma...
The Essential Experience for CAEs: Risk Management is Dead, Long Live Risk Ma...
 
Corporate Governance - Presentation - Karim Virani
Corporate Governance - Presentation - Karim ViraniCorporate Governance - Presentation - Karim Virani
Corporate Governance - Presentation - Karim Virani
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self Assessment
 
8. internal control new
8. internal control new8. internal control new
8. internal control new
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Internal Control
Internal ControlInternal Control
Internal Control
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
 
Corporate Governance
Corporate GovernanceCorporate Governance
Corporate Governance
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009
 
Strategically managing your insurance program
Strategically managing your insurance programStrategically managing your insurance program
Strategically managing your insurance program
 
Governance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public SectorGovernance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public Sector
 
What is Hot About the New COSO Monitoring Guidance for Internal Control Systems?
What is Hot About the New COSO Monitoring Guidance for Internal Control Systems?What is Hot About the New COSO Monitoring Guidance for Internal Control Systems?
What is Hot About the New COSO Monitoring Guidance for Internal Control Systems?
 

Similar a Upgrading Risk Management and Internal Control in Your Organization

Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
Aviva Spectrum™
 
performancemeasureme-190924125438.pptx
performancemeasureme-190924125438.pptxperformancemeasureme-190924125438.pptx
performancemeasureme-190924125438.pptx
ManojMba2
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Nimonik
 
Balancedscorecardpresentation
BalancedscorecardpresentationBalancedscorecardpresentation
Balancedscorecardpresentation
Rizwan Ahmed
 
MCO 101 Unit 6 Lecture 5
MCO 101 Unit 6 Lecture 5MCO 101 Unit 6 Lecture 5
MCO 101 Unit 6 Lecture 5
Derek Nicoll
 

Similar a Upgrading Risk Management and Internal Control in Your Organization (20)

Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
 
How Good are you at Managing your processes
How Good are you at Managing your processesHow Good are you at Managing your processes
How Good are you at Managing your processes
 
The Balanced Scorecard
The Balanced ScorecardThe Balanced Scorecard
The Balanced Scorecard
 
Elevating IA
Elevating IAElevating IA
Elevating IA
 
SFC Plan of engagement
SFC Plan of engagementSFC Plan of engagement
SFC Plan of engagement
 
The System and Process of Controlling
The System and Process of ControllingThe System and Process of Controlling
The System and Process of Controlling
 
Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic Framework
 
New York, NY, ALA NYC Chapter Key Performance Indicators (KPI) Presentation
New York, NY, ALA NYC Chapter Key Performance Indicators (KPI) PresentationNew York, NY, ALA NYC Chapter Key Performance Indicators (KPI) Presentation
New York, NY, ALA NYC Chapter Key Performance Indicators (KPI) Presentation
 
performancemeasureme-190924125438.pptx
performancemeasureme-190924125438.pptxperformancemeasureme-190924125438.pptx
performancemeasureme-190924125438.pptx
 
Performance measureme
Performance measuremePerformance measureme
Performance measureme
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
CMMI & Six Sigma Integration
CMMI & Six Sigma IntegrationCMMI & Six Sigma Integration
CMMI & Six Sigma Integration
 
Simplifying Financial Performance Management
Simplifying Financial Performance ManagementSimplifying Financial Performance Management
Simplifying Financial Performance Management
 
Balancedscorecardpresentation
BalancedscorecardpresentationBalancedscorecardpresentation
Balancedscorecardpresentation
 
A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022
 
Kra presentation
Kra presentationKra presentation
Kra presentation
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate Compliance
 
2 jaime graham collections (4 3)
2 jaime graham collections (4 3)2 jaime graham collections (4 3)
2 jaime graham collections (4 3)
 
MCO 101 Unit 6 Lecture 5
MCO 101 Unit 6 Lecture 5MCO 101 Unit 6 Lecture 5
MCO 101 Unit 6 Lecture 5
 
Compliance Capability
Compliance CapabilityCompliance Capability
Compliance Capability
 

Más de International Federation of Accountants

Más de International Federation of Accountants (20)

Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024
 
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDEIFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
 
IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024
IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024
IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024
 
Preparing for High Quality Sustainability assurance Engagements
Preparing for High Quality Sustainability assurance EngagementsPreparing for High Quality Sustainability assurance Engagements
Preparing for High Quality Sustainability assurance Engagements
 
Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...
 
Otros pronunciamientos: Guías de Prácticas Recomendadas
Otros pronunciamientos: Guías de Prácticas RecomendadasOtros pronunciamientos: Guías de Prácticas Recomendadas
Otros pronunciamientos: Guías de Prácticas Recomendadas
 
Otros pronunciamientos: Marco conceptual
Otros pronunciamientos: Marco conceptualOtros pronunciamientos: Marco conceptual
Otros pronunciamientos: Marco conceptual
 
Adopción por primera vez de las NICSP de base de devengo
Adopción por primera vez de las NICSP de base de devengoAdopción por primera vez de las NICSP de base de devengo
Adopción por primera vez de las NICSP de base de devengo
 
Moneda Extranjera
Moneda ExtranjeraMoneda Extranjera
Moneda Extranjera
 
Presentación de la información presupuestaria
Presentación de la información presupuestariaPresentación de la información presupuestaria
Presentación de la información presupuestaria
 
Revelaciones de partes relacionadas
Revelaciones de partes relacionadasRevelaciones de partes relacionadas
Revelaciones de partes relacionadas
 
Estado de Flujos de Efectivo
Estado de Flujos de EfectivoEstado de Flujos de Efectivo
Estado de Flujos de Efectivo
 
Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...
 
Combinaciones del sector público
Combinaciones del sector públicoCombinaciones del sector público
Combinaciones del sector público
 
Consolidación
ConsolidaciónConsolidación
Consolidación
 
Instrumentos financieros – Revelaciones
Instrumentos financieros – RevelacionesInstrumentos financieros – Revelaciones
Instrumentos financieros – Revelaciones
 
Instrumentos financieros – Cobertura y derivados
Instrumentos financieros – Cobertura y derivadosInstrumentos financieros – Cobertura y derivados
Instrumentos financieros – Cobertura y derivados
 
Instrumentos financieros – Conceptos básicos
Instrumentos financieros – Conceptos básicos Instrumentos financieros – Conceptos básicos
Instrumentos financieros – Conceptos básicos
 
Instrumentos financieros – Revelaciones
Instrumentos financieros – Revelaciones Instrumentos financieros – Revelaciones
Instrumentos financieros – Revelaciones
 
Instrumentos financieros – Coberturas y derivados
Instrumentos financieros – Coberturas y derivadosInstrumentos financieros – Coberturas y derivados
Instrumentos financieros – Coberturas y derivados
 

Último

Stages of Startup Funding - An Explainer
Stages of Startup Funding - An ExplainerStages of Startup Funding - An Explainer
Stages of Startup Funding - An Explainer
Alejandro Cremades
 
WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
Western Alaska Minerals Corp.
 
PitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsPitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for Startups
Alejandro Cremades
 
How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?
Alejandro Cremades
 
Constitution of Company Article of Association
Constitution of Company Article of AssociationConstitution of Company Article of Association
Constitution of Company Article of Association
seri bangash
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
nafizanafzal
 
Global Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdfGlobal Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdf
Amer Morgan
 
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di PasuruanObat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Jakarta Wa 085176963835 Apotek Jual Obat Cytotec Di Jakarta
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra
 
Toyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & TransformationsToyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & Transformations
Stefan Wolpers
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 

Último (20)

Stages of Startup Funding - An Explainer
Stages of Startup Funding - An ExplainerStages of Startup Funding - An Explainer
Stages of Startup Funding - An Explainer
 
Unlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA FirmsUnlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA Firms
 
WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
 
PitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsPitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for Startups
 
hyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementshyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statements
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdf
 
How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?
 
Constitution of Company Article of Association
Constitution of Company Article of AssociationConstitution of Company Article of Association
Constitution of Company Article of Association
 
Hyundai capital 2024 1q Earnings release
Hyundai capital 2024 1q Earnings releaseHyundai capital 2024 1q Earnings release
Hyundai capital 2024 1q Earnings release
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
 
Global Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdfGlobal Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdf
 
Series A Fundraising Guide (Investing Individuals Improving Our World) by Accion
Series A Fundraising Guide (Investing Individuals Improving Our World) by AccionSeries A Fundraising Guide (Investing Individuals Improving Our World) by Accion
Series A Fundraising Guide (Investing Individuals Improving Our World) by Accion
 
Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...
Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...
Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...
 
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di PasuruanObat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
Obat Aborsi Pasuruan 0851\7696\3835 Jual Obat Cytotec Di Pasuruan
 
Should Law Firms Outsource their Bookkeeping
Should Law Firms Outsource their BookkeepingShould Law Firms Outsource their Bookkeeping
Should Law Firms Outsource their Bookkeeping
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
 
Exploring-Pipe-Flanges-Applications-Types-and-Benefits.pptx
Exploring-Pipe-Flanges-Applications-Types-and-Benefits.pptxExploring-Pipe-Flanges-Applications-Types-and-Benefits.pptx
Exploring-Pipe-Flanges-Applications-Types-and-Benefits.pptx
 
Toyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & TransformationsToyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & Transformations
 
wagamamaLab presentation @MIT 20240509 IRODORI
wagamamaLab presentation @MIT 20240509 IRODORIwagamamaLab presentation @MIT 20240509 IRODORI
wagamamaLab presentation @MIT 20240509 IRODORI
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
 

Upgrading Risk Management and Internal Control in Your Organization

  • 1. Upgrading Risk Management and Internal Control in Your Organization J. Stephen McNally, Campbell Soup & Vincent H. Tophoff, IFAC
  • 3. Upgrading RM/IC in Your Organization  Current Considerations  Assessing RM/IC Maturity Stage  A Case Study  Recap & Call to Action
  • 5. Serious RM/IC Flaws • Having a compliance-only mentality • Treating risk as only negative and overlooking idea that organizations need to take risk in pursuit of their objectives • RM/IC that is overly focused on external financial reporting • Regarding RM/IC as a separate function or process • Viewing risk management as predominantly important for operations
  • 6. Bad vs. Good RM/IC Practices RM/IC as objective in itself vs. RM/IC to help achieve objectives Auditor / staff driven vs. Driven from top down Rules-based vs. Performance & principles-based Off-the-shelf systems vs. Tailored to the organization Focused on loss minimization vs. Also focused on value creation Mainly hard controls vs. Recognizing culture & attitude Imposed vs. Implemented organically Stand-alone / “bolt-on” vs. Integrated / ”built-in” Static, out-of-date vs. Dynamic, evolving Seen as overhead vs. Seen as a sound investment Abandoned vs. Integrated in governance
  • 7. 2013 COSO Internal Control Cube
  • 9. COSO IC vs. COSO ERM
  • 10. ISO 31000 Principles, Framework & Process
  • 11. COSO ERM vs. ISO 31000 Many entities use both COSO ERM & ISO 31000… … Biggest challenge is that concepts are not aligned COSO ISO 31000 Lengthy vs. Short Focused on ERM vs. General approach to managing risk One cube vs. Principles, framework & process Skewed to negative vs. Risk can be positive or negative Risk already exists vs. Risk tied to achieving objectives Risk & opportunities vs. Opportunities also source of risk More sequential process vs. More iterative process
  • 12. Relation of Governance, RM & IC • How do you think that governance, risk management, and internal control are related to each other?
  • 15. • Is not to have effective controls… • Is not to effectively manage risk… But to • Properly set & achieve your objectives • Avoid too many surprises along the way • And create sustainable value Main Objective of RM/IC
  • 16. Governance comprises the arrangements (plan, do, check, and act) put in place to ensure that the intended objectives are defined and achieved • RM/IC are integral part of that! RM/IC Integral Part of Good Governance
  • 17. Relation of Risk Management & Internal Control
  • 20. • Use the Frameworks • Consider good practice developments • Perform gap analysis • Determine performance • Look at audit results • Analyze serious flaws • … • Continuously move to improvement! Thoughts on Assessing RM/IC Maturity
  • 21. Table Discussions • What is the maturity of risk management & internal control at your organization?
  • 23. My COSO Story U.S. SOX Act 1992 COSO Cube + =
  • 24. The Evolution SOX Compliance Control Self- Assessment CFO Protocol 2004 2006 2009 • Annual site visits • Content: “Tone”, Financial, I/C • Focus: Location-specific risks • Execute “formal” procedures • Issue “trip report”
  • 25. My Challenge • First CFO Protocol ever completed • No specific guidance/ expectations • Cross-functional/ multi-location team • No “big picture” flow diagram and/or procedural documentation • No defined risks/ internal controls CFO Protocol: N/A Co-Manufacturing Operations
  • 26. Our Scope In-Scope Oversight activities to: • Identify • Select; and • Manage ongoing co-manufacturing partner relationships Out-of-Scope • Co-manufacturing partners themselves • Non-CNA businesses: o Canada o Latin America o Pepperidge Farm • Special pack business
  • 27. Our Game Plan Step 1 Obtain “big picture” overview Step 9 Step 8 Step 7 Step 6 Step 5 Step 4 Step 3 Step 2 Define testing protocol Walkthrough co-mfg processes Define key controls Identify key risks Test key controls Align findings & recommendations Issue final report Determine co-manufacturing objectives
  • 28. Co-Manufacturing Processes • New partner selection & contracts • Supply Base Quality System Assessments • Formula management & mock recalls • Cost standards & inventory management • Capital investments & fixed assets • Business continuity planning • Other
  • 29. Entity Structure = CFO Protocol Scope Entity Structure Components CNA Co-Mfg. Operations • Campbell Soup Company o Campbell North America  U.S. Retail  CNA Supply Chain ‒ Napoleon Plant • Global Procurement • Other: Legal, Quality, etc.
  • 30. Objectives Entity Structure Components CNA Co-Mfg Operations • Strategic • Operational • Internal Reporting • Compliance
  • 31. Components: Internal Environment Entity Structure Components Encompasses the tone of an organization… What is the internal philosophy and culture?
  • 32. Components: Objective Setting Entity Structure Components Objectives are a prerequisite… What are we trying to accomplish? Leverage external partners to: - Meet new Brand requirements - Optimize total delivered cost - Address supply chain capacity
  • 33. Components: Event Identification Entity Structure Components In terms of internal & external events… What could stop us from achieving our objectives? Co-Mfg Risks: - Product quality - Partner’s financial stability - Formula management - Business continuity
  • 34. Components: Risk Assessment Entity Structure Components Analyze risks to determine how they should be managed… • How good or bad are these events? • Will they really happen?
  • 35. Components: Risk Response Entity Structure Components What can we do to manage the identified risk? What are the options? • Avoid? • Accept? • Reduce? • Share? • Exploit?
  • 36. Components: Control Activities Entity Structure Components What policies & procedures should be established to manage the risks as desired? Co-Mfg. Controls: - Quality audits & mock recalls - Co-Man & D&B reporting - Formula Management - Annual BCP review & testing
  • 37. Components: Information & Communication Entity Structure Components How will we obtain information and communicate? What information is relevant to enable people to carry out their responsibilities? Co-Mfg: - Partner relationship manager - Cross-functional team meetings - Standardized reporting
  • 38. Components: Monitoring Entity Structure Components How will we know we achieved what we wanted to accomplish? What ongoing management activities and/or separate evaluations can we leverage? Co-Mfg: - Quarterly business reviews - CFO protocol visit(s) - Internal audits - SAS 70
  • 39. Recap & Call to Action
  • 40. • Serious RM/IC flaws • Frameworks and guidance can help • Climbing maturity ladder through continual improvement • Companies like Campbell’s are on this journey • What about you and your organization? Recap
  • 41. Effective RM/IC & You • How could you more effectively leverage risk management & internal control within your organization?
  • 42. • Build subject-matter-expertise regarding frameworks, standards & other guidance • Educate audit committee, C-suite, operating unit & functional management • Support line management through provision of high-quality information • Establish good RM/IC for the finance function • Champion importance of continuous RM/IC improvement Management Accountant: Call to Action
  • 43.
  • 44. 10 Paragon Drive, Suite 1 Montvale, New Jersey 07645-1760 U.S.A. (800) 638-4427 +1 (201) 573-9000 www.imanet.org 10 Paragon Drive, Suite 1 Montvale, New Jersey 07645-1760 U.S.A. (800) 638-4427 +1 (201) 573-9000 www.imanet.org