The Auditing Roundtable 2010 January Meeting Phoenix, Arizona Lawrence M. Heim, CPEA The Elm Consulting Group International llc
The Auditing Roundtable 2010 January MeetingPhoenix, Arizona
Lawrence M. Heim, CPEAThe Elm Consulting Group International llc
Risks are known/unknown exposures to uncertainties that may impact a company’s ability to achieve business objectives A predictive concept
Important to separate “exposures” from “effectiveness of controls” Failure of controls should be considered
and reviewed
The Elm Consulting Group International LLC
Frequency/likelihood factors: Actual occurrence history/data – internal and external View of the future, changes in business/operations,
emerging trends
Severity/impact factors: Assumes the event will occur with no mitigation Existing, established and CREDIBLE value
benchmarks Appropriate and CREDIBLE impacts – internal and
external
The Elm Consulting Group International LLC
Leverage Risk Management function Frequency/severity based on risk
management definitions▪ External and/or internal loss and experience data
Develop baseline (uncontrolled) risk profile Reduces assumptions, strengthens
predictions Allows specific evaluation of controls and
possible failure pointsThe Elm Consulting Group International LLC
Audit scope Expand beyond compliance/EHS MS Focus on specific areas, functions, operations, etc Integrate with other audit functions/activities
Audit schedule Improve method for evaluating audit frequency
Identify appropriate corrective action Severity may be better addressed via financial
solution; frequency by management systems
The Elm Consulting Group International LLC
Coordination with Risk Management function Share metrics, benchmarks, data and resources Reduce costs, support better insurance decisions Generally, better acceptance by business/sites
Evaluate economic benefit of EHS expenses Probability-weighted EHS loss determined from risk
assessment/audit process Profits needed to offset the EHS loss; gross revenues
needed to generate offsetting profits
The Elm Consulting Group International LLC
The Elm Consulting Group International LLC
Thinking in terms of risk, not compliance Not easily driven by protocols, different kind
of thinking needed Different performance metrics needed May be seen as rating existing audit
program Turf battles with Risk Manager; concerns
from EHS staff Senior management buy-in to economic
valuation model
The Elm Consulting Group International LLC
Willis North America, 2010 Marketplace Realities & Risk Management Solutions (Oct. 2009) Corporate risk professionals in the U.S. are preparing for
rigorous enforcement of EHS regulations from current administration
Economist Intelligence Unit, The transition of environmental risk management (2008) Ad hoc environmental risk management is common No clear/formal EHS risk management responsibility
established Lack of formal EHS risk assessment in strategic planning
The Elm Consulting Group International LLC
Environmental Risk Management and the Cost of Capital, Mark P. Sharfman and Chitru S. Fernando, Strategic Management Journal, 29: 569–592 (2008)“… firms that develop a strategy that improves their total risk
management through better environmental risk management are rewarded by the financial markets for their efforts.”
Aon Global Risk Management Survey 2009 Respondents indicated significant increased interest in
captive underwriting in the next five years for environmental risk
The Elm Consulting Group International LLC
McKinsey Quarterly, Risk: Seeing around the corners (Oct. 2009)“Risk-assessment processes typically expose only the most
direct threats facing a company and neglect indirect ones that can have an equal or greater impact.”
Aon Global Risk Consulting, Enterprise Risk Management: S&P Enhancement White Paper (Aug. 2009) S&P to begin incorporating ERM references into individual
corporate credit rating reports in 2010
The Elm Consulting Group International LLC
The Auditing Roundtable 2010 January MeetingPhoenix, Arizona
The Elm Consulting Group International LLC