CFO's Guide: The Subscription Economy Operating Plan (Subscribed13)
Deloitte - CFO's Role in Supporting BOD
Transcript of Deloitte - CFO's Role in Supporting BOD
The Dbriefs Corporate Governance series presents:
Risk Intelligent Governance: The Finance Executive’s Role in The Finance Executive’s Role in Supporting the Board
Maureen Errity, Deloitte LLPHenry Ristuccia, Deloitte & Touche LLPSteve Wagner, Senior Advisor, Deloitte Center for Corporate Governance
October 7, 2009
The Dbriefs Corporate Governance series presents:
Risk Intelligent Governance: The Finance Executive’s Role in The Finance Executive’s Role in Supporting the Board
Steve Wagner, Senior Advisor, Deloitte Center for Corporate Governance
Agenda
Why this topic?
A Primer on Risk Intelligence
The Next Evolution – Risk Intelligent Governance
Risk Intelligent Governance Toolkit
Leading Practices and Trends in Risk Management
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Which of the following categories best characterizes the structure of your organization?
• Public company (issuer or registrant)• Private for-profit company• Not-for-profit
Poll question #1
• Not-for-profit• Governmental• Academic institution• Other/Not applicable
Which of the following categories best characterizes the
Public company (issuer or registrant)
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Why the topic of risk?
Ineffective risk management has been thrust into the fore as one of the primary drivers behind the global economic crisis
Regulatory, legislative, and other news
• SEC proposal on the disclosure of the board’s role in risk management processes and greater disclosure in a company’s CD&A concerning a company’s overall compensation program as it relates to risk management
Source: SEC Release No. 33-9052, http://www.sec.gov/rules/proposed/2009/33Source: SEC Release No. 33-9052, http://www.sec.gov/rules/proposed/2009/33
• 9/16/09 – SEC announced it has established a new Division of Risk, Strategy, and Financial Innovation. “The SEC stated that the new division will combine the Office of Economic Analysis and the Office of Risk Assessment…. The division’s responsibilities cover three broad areas: risk and economic analysis; strategic research; and financial innovation.”
Source : SEC Press Release 9/16/09
• Senator Charles E. Schumer's proposed bill would mandate public companies to have a standing risk committee
Source: Shareholder Bill of Rights Act of 2009
• GovernanceMetrics Int’l (GMI) is now incorporating risk oversight and other risk attributes into its governance rating model
Source: GMI press release 6/29/092
Ineffective risk management has been thrust into the fore as one of the primary drivers
SEC proposal on the disclosure of the board’s role in risk management processes and greater disclosure in a company’s CD&A concerning a company’s overall compensation
http://www.sec.gov/rules/proposed/2009/33-9052.pdfhttp://www.sec.gov/rules/proposed/2009/33-9052.pdf
SEC announced it has established a new Division of Risk, Strategy, and Financial Innovation. “The SEC stated that the new division will combine the Office of Economic Analysis and the Office of Risk Assessment…. The division’s responsibilities cover three broad areas: risk and economic analysis; strategic research; and financial
Senator Charles E. Schumer's proposed bill would mandate public companies to have a
Shareholder Bill of Rights Act of 2009, S 1074, http://thomas.loc.gov/
Int’l (GMI) is now incorporating risk oversight and other risk attributes into its governance rating model
Copyright © 2009 Deloitte Development LLC. All rights reserved.
What do we mean by risk?
Is it simply the potential for loss?
• Value and Risk are inseparable
• Upside and downside
• Value creation and value preservation
• Threats and opportunities that affect an organization’s • Threats and opportunities that affect an organization’s strategic objectives
3
What do we mean by risk?
Is it simply the potential for loss?
Value and Risk are inseparable
Value creation and value preservation
Threats and opportunities that affect an organization’s Threats and opportunities that affect an organization’s
Copyright © 2009 Deloitte Development LLC. All rights reserved.
A Risk Intelligent Enterprise
4
A Risk Intelligent EnterpriseTM
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Risk Intelligent governance
What does it mean?• Deloitte’s* view on how companies and more importantly the
board can fulfill its responsibilities for risk oversight
Comprised of six areas of focus:• Define the board’s risk oversight role • Foster a Risk Intelligent culture• Help management incorporate risk intelligence into strategy• Help define the risk appetite• Execute the Risk Intelligent governance process• Benchmark and evaluate the governance process
*As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/aboutdetailed description of the legal structure of Deloitte LLP and its subsidiaries.
5
Risk Intelligent governance
Deloitte’s* view on how companies and more importantly the board can fulfill its responsibilities for risk oversight
Comprised of six areas of focus:Define the board’s risk oversight role Foster a Risk Intelligent cultureHelp management incorporate risk intelligence into strategy
Execute the Risk Intelligent governance processBenchmark and evaluate the governance process
Copyright © 2009 Deloitte Development LLC. All rights reserved.
used in this document, “Deloitte” means Deloitte & Touche LLP, a www.deloitte.com/us/about for a
detailed description of the legal structure of Deloitte LLP and its
Poll question # 2
Do you play a role in the implementation and execution of your organization’s enterprise risk management program?
• Yes• No• Don’t know/Not applicable• Don’t know/Not applicable
Do you play a role in the implementation and execution of your organization’s enterprise risk management program?
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Define the board’s risk oversight role
The essence of risk governance is oversight:
• The board oversees organizational activities and related risks
• Risk management rests with senior management
Board actions and considerations:
• Define the board risk governance structure
• Evaluate board composition in relation to risk oversight responsibilities
• Identify the appropriate risk management framework to use
7
Define the board’s risk oversight role
The essence of risk governance is oversight:
The board oversees organizational activities and related risks
Risk management rests with senior management
Board actions and considerations:
Define the board risk governance structure
Evaluate board composition in relation to risk oversight
Identify the appropriate risk management framework to use
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Define the board’s risk oversight role (cont.)
Considerations for financial executives:
• Do I and my direct reports understand our roles and responsibilities for risk management?
• How is risk overseen by our various board committees? What information could we provide to facilitate the oversight process?process?
• Is technology used effectively in the company's risk management efforts?
• Do you use tools such as risk maps or heat maps to help facilitate discussions about risks and related priorities?
• Are your disclosures about director qualifications considered in the context of risk?
8
Define the board’s risk oversight role (cont.)
Considerations for financial executives:
Do I and my direct reports understand our roles and responsibilities for risk management?
How is risk overseen by our various board committees? What information could we provide to facilitate the oversight
Is technology used effectively in the company's risk
Do you use tools such as risk maps or heat maps to help facilitate discussions about risks and related priorities?
Are your disclosures about director qualifications considered
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Foster a Risk Intelligent culture
At the heart of risk intelligence is culture:
• We are inclusive and focused in educating our entire workforce
• Candid discussions about risk should occur among employees and management and management and the boardboard
• The board's guidelines and committee charters clearly define the board's responsibility in regard to risk oversight
• The board is able to communicate about risk management and oversight beyond the boardroom
• Compensation programs shoumanagement program
9
Foster a Risk Intelligent culture
At the heart of risk intelligence is culture:
We are inclusive and focused in educating our entire
Candid discussions about risk should occur among employees and management and management and the
The board's guidelines and committee charters clearly define the board's responsibility in regard to risk oversight
The board is able to communicate about risk management and oversight beyond the boardroom
Compensation programs should be aligned with a sound risk
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Foster a Risk Intelligent culture (cont.)
Considerations for financial executives
• Does the board work effectively with the finance organization in establishing risk management as a priority?
• Does the culture support open dialogue around risk related issues?
• Do business units and functions communicate across the organization (i.e. operate above the silos)?
• Are the cultural assessments focused on risk?
• Is risk considered an element for documentation in the company policies?
10
Foster a Risk Intelligent culture (cont.)
Considerations for financial executives:
Does the board work effectively with the finance organization in establishing risk management as a priority?
Does the culture support open dialogue around risk related
Do business units and functions communicate across the organization (i.e. operate above the silos)?
Are the cultural assessments focused on risk?
Is risk considered an element for documentation in the
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Poll question # 3
Do you believe that your role in risk management is considered as an element of your total compensation award?
• Yes• No• Don’t know/Not applicable• Don’t know/Not applicable
Do you believe that your role in risk management is considered as an element of your total compensation award?
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Help management incorporate risk intelligence into strategyValue and risk are connected appropriately
Strategic objectives are overseen and approved by the board
Strategic plans are developed by management and the board oversees such plans
Risk-return tradeoff is analyzed through effective scenario Risk-return tradeoff is analyzed through effective scenario planning
Established accountability structures need to be defined at both the board and management levels
12
Help management incorporate risk intelligence
appropriately
Strategic objectives are overseen and approved by the board
Strategic plans are developed by management and the board
return tradeoff is analyzed through effective scenario return tradeoff is analyzed through effective scenario
Established accountability structures need to be defined at both the board and management levels
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Help management incorporate risk intelligence into strategy (cont.)Considerations for financial executives:
• When presented to the board, do capital allocation, acquisition, succession planning, and other strategic decisions include an evaluation of risk
• How could we enhance our process for identifying and evaluating changes in the external environment? evaluating changes in the external environment?
• Do external changes get communicated to the board for their consideration in strategic planning?
• Can we provide the board with more balanced information on both the upside and downside risks impacting the strategic choices?
• Is the “right” information escalated to the board by management?
13
Help management incorporate risk intelligence
Considerations for financial executives:
When presented to the board, do capital allocation, acquisition, succession planning, and other strategic decisions include an evaluation of risk-return tradeoffs?
How could we enhance our process for identifying and evaluating changes in the external environment? evaluating changes in the external environment?
Do external changes get communicated to the board for their consideration in strategic planning?
Can we provide the board with more balanced information on both the upside and downside risks impacting the strategic
Is the “right” information escalated to the board by Copyright © 2009 Deloitte Development LLC. All rights reserved.
Help define the risk appetite
Defining risk appetite
Risk appetite starts with the CEO and is approved by the board
Continual monitoring by management against actual risks taken
Distinguish between risk appetite (what) and risk tolerance Distinguish between risk appetite (what) and risk tolerance (limits within a range)
14
Help define the risk appetite
Risk appetite starts with the CEO and is approved by the board
Continual monitoring by management against actual risks
Distinguish between risk appetite (what) and risk tolerance Distinguish between risk appetite (what) and risk tolerance
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Help define the risk appetite (cont.)
Considerations for financial executives
• Does our risk appetite relate to employee and management performance goals and compensation metrics?
• Are risk tolerances set collaboratively across business units and functions, such that interdependencies are evaluated?
• Does scenario planning assist in setting an appetite and tolerances that management and the board with?
• Are priorities of the organization reevaluated against established levels of risk appetite and tolerances?
15
Help define the risk appetite (cont.)
Considerations for financial executives:
Does our risk appetite relate to employee and management performance goals and compensation metrics?
Are risk tolerances set collaboratively across business units and functions, such that interdependencies are evaluated?
Does scenario planning assist in setting an appetite and tolerances that management and the board are comfortable
Are priorities of the organization reevaluated against established levels of risk appetite and tolerances?
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Poll question #4
Who do you believe should set the risk appetite of your organization?
• Board• Chief executive officer• Chief financial officer• Chief financial officer• Chief risk officer• Other• Don’t know/Not applicable
Who do you believe should set the risk appetite of your
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Execute the Risk Intelligent governance processStrategic design that promotes awareness of the relationship between value and risk
Collaboration between management and the board and continual dialogue on the priority risks is essential
Effective execution depends on maintaining a disciplined, Effective execution depends on maintaining a disciplined, collaborative approach focused on process design, monitoring, and accountability
Perform periodic assessments of the effectiveness of the risk management program
17
Execute the Risk Intelligent governance
Strategic design that promotes awareness of the relationship
anagement and the board and continual dialogue on the priority risks is essential
Effective execution depends on maintaining a disciplined, Effective execution depends on maintaining a disciplined, collaborative approach focused on process design, monitoring,
Perform periodic assessments of the effectiveness of the risk
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Execute the Risk Intelligent governance process (cont.)Considerations for financial executives
• Are people at all levels — across silos risk management?
• Is the information flow between management and the board enhancing the effectiveness of the risk management program? program?
• Are issues and opportunities escalated timely enough to maximize opportunities and minimize losses?
• Are resource allocations aligned with priority risks?
• Is the level of detail of information provided to the board reevaluated to ensure that the focus is on the critical risks affecting the company?
18
Execute the Risk Intelligent governance
Considerations for financial executives:
across silos — actively engaged in
Is the information flow between management and the board enhancing the effectiveness of the risk management
Are issues and opportunities escalated timely enough to maximize opportunities and minimize losses?
Are resource allocations aligned with priority risks?
Is the level of detail of information provided to the board reevaluated to ensure that the focus is on the critical risks
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Benchmark and evaluate the governance processRisk Intelligent governance relies on periodic assessments of effectiveness relative to goals and objectives
Develop internal monitoring and feedback mechanisms that incorporate evaluations by the internal audit department
Education is critical – implement training programs for Education is critical – implement training programs for employees, the board, and senior management
The board should be including risk oversight as a component of its annual evaluation process
19
Benchmark and evaluate the governance
Risk Intelligent governance relies on periodic assessments of effectiveness relative to goals and objectives
Develop internal monitoring and feedback mechanisms that incorporate evaluations by the internal audit department
mplement training programs for mplement training programs for employees, the board, and senior management
The board should be including risk oversight as a component of its annual evaluation process
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Benchmark and evaluate the governance process (cont.)Considerations for financial executives
• How have we gone about assessing our risk governance and management programs?
• To what extent are our compliance, internal audit, and risk management teams employing Risk Intelligent approaches?
• Do management and employee level surveys provide valuable information on the effectiveness of risk management programs?
• Are current risk management programs and disclosures evaluated against leading practices?
20
Benchmark and evaluate the governance
Considerations for financial executives :
How have we gone about assessing our risk governance and
To what extent are our compliance, internal audit, and risk management teams employing Risk Intelligent approaches?
Do management and employee level surveys provide valuable information on the effectiveness of risk management
Are current risk management programs and disclosures evaluated against leading practices?
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Deloitte’s Risk Intelligent governance toolkit
Toolkit elements:• Board value and risk oversight process map• Risk Intelligence Map – board level• Board skills matrix• Cultural assessment• Risk management policy documentation leading practices• Risk environment snapshot• Board level documentation of risk oversight• Risk focused board self-assessment• Risk Intelligence diagnostic and maturity model• Risk Intelligence Map
21
Deloitte’s Risk Intelligent governance toolkit
Board value and risk oversight process mapboard level
Risk management policy documentation leading practices
Board level documentation of risk oversightassessment
Risk Intelligence diagnostic and maturity model
Leading practices and trends in risk managementDefine the board governance structure for risk oversight, including the audit committee’s role versus the other board committees; coordinate impact of risks overseen by other committees on the financial statements
Incorporate risk programs into new markets and new relationships, include considerations of local market conditions relationships, include considerations of local market conditions and compliance requirements
Ensure that you have the right inpartners to help manage new/complex risk issues for new ventures
Reevaluate the board's role in risk oversight
22
Leading practices and trends in risk
Define the board governance structure for risk oversight, including the audit committee’s role versus the other board committees; coordinate impact of risks overseen by other committees on the financial statements
Incorporate risk programs into new markets and new relationships, include considerations of local market conditions relationships, include considerations of local market conditions
Ensure that you have the right in-house skills or strategic partners to help manage new/complex risk issues for new
Reevaluate the board's role in risk oversight
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Leading practices and trends in risk management (cont.)Some shift from audit committees to other board committees, in conjunction with the full board
Committee expertise drives which risks are overseen by certain committees
A Risk Intelligent board is one in which all committees and the full board are discussing risks associated with each topic on their respective agendas
23
Leading practices and trends in risk
Some shift from audit committees to other board committees, in conjunction with the full board
Committee expertise drives which risks are overseen by certain
A Risk Intelligent board is one in which all committees and the full board are discussing risks associated with each topic on
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Poll question #5
Are you experiencing/seeing measurable shifts in the focus on risk in your organization by the board and management team?
• Yes• No• Don’t Know/Not applicable• Don’t Know/Not applicable
Are you experiencing/seeing measurable shifts in the focus on risk in your organization by the board and management team?
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Questions & AnswersQuestions & Answers
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Join us November 4as our Corporate Governance series presents:
An Enterprise without An Enterprise without Borders – Subsidiary and Third-Party Controls and Governance Practices
Join us November 4th at 2 PM EST as our Corporate Governance
An Enterprise without An Enterprise without Subsidiary and
Party Controls and Governance Practices
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Thank you for joining today’s webcast.
To request CPE credit, To request CPE credit, click the link below.
Thank you for joining today’s webcast.
To request CPE credit,
Copyright © 2009 Deloitte Development LLC. All rights reserved.
To request CPE credit, click the link below.
Contact information
Henry Ristuccia, PartnerDeloitte & Touche [email protected]
Maureen Errity, DirectorDeloitte [email protected]@deloitte.com
Steve Wagner, Retired PartnerDeloitte & Touche LLPSenior Advisor to Deloitte Center for Corporate [email protected]
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Senior Advisor to Deloitte Center for Corporate Governance
This presentation contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this presentation, rendering business, financial, investment, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation.
This presentation contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this presentation, rendering business, financial, investment, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by
Copyright © 2009 Deloitte Development LLC. All rights reserved.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Copyright © 2009 Deloitte Development LLC. All rights reserved.