Insights: Enterprise Risk Management

If concerns about utility leadership retirements, staff turnover and energy generation shifts invade your dreams, enterprise resource management is a proven risk evaluation and mitigation methodology.

A real estate investment management company hired Baker Tilly to review and enhance their internal controls and processes for managing third-party agreements.

In a recent PICPA blog article, Dr. John Park discusses the importance of strategic thinking and planning for individuals and businesses.

Understand the nature of data fatigue, quality data and other concerns big data imposes on mortgage servicing organizations and what companies can do to overcome these challenges by downloading this informative whitepaper.

A large tribal government needed assistance in developing a best-in-class internal audit function to improve internal controls, governance and overall operations.

The internal audit function can play several roles in the formalization of risk management and compliance processes as well as integrating compliance into ERM.

This Baker Tilly and ACUA webinar discusses the latest HIPAA news and recent higher education OCR actions, commonly forgotten areas of the risk assessment, standard tools recommended by OCR and a practical assessment approach that can lead to efficiencies and savings.

Listen in as Baker Tilly and Thompson Hine law firm teamed up to cover this critical discussion on data security.

One of Baker Tilly’s professionals served in the role of interim (CAE) while the university during the recruiting and hiring process for a new full time position, while collaborating with senior leadership and internal audit stakeholders to transition the function to new leadership.

Baker Tilly conducted a compliance infrastructure assessment that resulted in concrete and practical recommendations for enhancing and monitoring compliance-related activities, filling gaps and providing increased visibility to the board and senior leaders.

The organization plans to use Baker Tilly's recommendations to drive their IT planning and budget process.

This is the second article in a four-part series on health plan audits, and it focuses on the risks and important control processes in membership and premium cycles.

This auditing sponsored research article discusses the regulatory environment, risks associated with noncompliance, obstacle to compliance and the role of internal audit.

Leadership needs a strategic partner they can rely on to help foster an effective approach to managing risk, compliance, and the alignment of organizational strategy and operational tactics.

This webinar will share how stakeholders throughout an institution can use various tools, including internal and external assessments, to improve the effectiveness of ERM.

As risks and complexities continue to change and grow, not-for-profit organizations can embrace enterprise risk management (ERM) as a strategic advantage.

Baker Tilly helps WPS Health Solutions strengthen internal audit function and bolster risk management throughout the organization.

Serving as the internal audit department for a global, private equity-owned manufacturer of baked goods

No organization is immune from a cyber attack. Organizations that are best positioned to protect themselves will play both offense and defense—beginning with a thorough cybersecurity risk assessment.

It’s no longer enough for banks and other financial institutions to simply have good working relationships with the third parties that provide IT and other services. New, stricter standards and increased scrutiny by the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB), as well as the Federal Deposit Insurance Corporation (FDIC) and the Federal Financial Institutions Examination Council (FFIEC), mean financial institutions now have the same responsibilities for in-house and out-of-house services.

Baker Tilly talks with Bisnow about cyber fraud threats facing the legal industry and shares solutions about how law firms can protect sensitive data.

U.S. companies are bracing for requirements related to the new EU-U.S. “Privacy Shield”, which establishes a new framework for data transfers that underpin the world’s largest trading relationship between the EU and the U.S. Get a head start on compliance by understanding the agreement’s data transfer protocol requirements, oversight, and compliance implications for affected U.S. companies.

The proposed Cybersecurity Disclosure Act of 2015 has provoked discussion about the role of the Board of Directors in cybersecurity oversight and board member knowledge and awareness of an organization’s cybersecurity management program. Baker Tilly outlines the potential impacts to boards and what’s important to know now.

Baker Tilly talks with Bisnow about how to implement an effective cybersecurity management program by looking at cybersecurity holistically and not just as a technology problem. Learn more about what common, yet critical areas most organizations overlook and actionable steps you can take today to protect your data.

At a recent NACD roundtable discussing emerging trends, key considerations, and hot topics related to mergers and acquisitions (M&A), Baker Tilly CEO and AICPA Chairman Tim Christen facilitated a spirited discussion among corporate board directors. Covering organization targeting, merger strategy, implementation planning, compensation and incentives, deal makers/breakers, and success measures, the diverse group shared insights gleaned from their experiences.

Credit union aligns internal audit and risk management by working with Baker Tilly’s risk, internal audit, and financial institution specialists.

Baker Tilly’s Service Organization Controls (SOC) specialists explained new developments for SOC reports in 2015 in this recent webinar.

The American Institute of Certified Public Accountants (AICPA) recently released an updated Service Organization Controls (SOC) 2 report audit guide with a number of enhancements that impact SOC 2 reports.

Cybersecurity is a critical business issue for hedge funds and other investment management firms. The financial consequences of a cyber attack can be significant and could result in a serious impact to a firm’s reputation. Not surprisingly, cybersecurity is also a growing concern for regulators, and an area where fund managers are increasing their focus.

The National Credit Union Administration (NCUA) has proposed five new rules that, if enacted as written, have the potential to significantly change the commercial lending playing field for both credit unions and banks.

Overall, the 2015 Working Group memo indicated that the depth and breadth of the content of the ORSA reports varied significantly from company to company, and that the ORSA reports of life insurers generally demonstrated more mature ERM and capital management frameworks than those of property-casualty and health insurers.

Network Health’s CFO initially turned to Baker Tilly for staff augmentation and accounting assistance with tax and quarterly state insurance department filings.

We are pleased to have the opportunity to provide feedback to the AICPA Assurance Services Executive Committee (ASEC) Trust Information Integrity Task Force's Privacy Working Group with respect to its recent Proposed Revision of Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

The AICPA recently released an exposure draft of the proposed revisions to the Trust Services Principles and Criteria. The most significant change in the proposed revisions is the integration of the privacy principles and criteria into the common criteria.

Since the Committee of Sponsoring Organizations (COSO) issued its Internal Control — Integrated Framework (2013 Framework) in May 2013, many organizations have implemented the new framework to comply with the initial December 15, 2014 transition deadline. The 2013 Framework requires management to assess whether 17 principles are present and functioning, which is a change from the previous framework. Further, the 2013 Framework includes points of focus, which are important characteristics of the 17 principles and assist management with determining whether controls are properly present and functioning.

The heightened complexity of vendor risk management for US banks was evident at a conference sponsored by Marcus Evans in Chicago on June 3-4. Need for resources, maintaining oversight, and how organizations are managing the process internally were all hot topics of conversation.

Recent activity by regulators shows an increased focus on cybersecurity in the insurance industry. The National Association of Insurance Commissioners (NAIC) has published its Principles for Effective Cybersecurity Insurance Regulatory Guidance. In addition, the New York Department of Financial Services (NY DFS) recently released guidance for New York insurance organizations with their Report on Cybersecurity in the Insurance Sector.

Within the last several months, two significant insurance organizations have announced greater involvement in initiatives to reduce cybersecurity risk throughout the insurance industry. The New York State Department of Financial Services (NY DFS) released the results of its survey on cybersecurity practices and the National Association of Insurance Commissioners (NAIC) recently adopted a set of cybersecurity regulatory principles.

Baker Tilly's insurance industry specialists discuss if captive insurance companies could be a solution for your organization.

How housing is financed has changed significantly in the seven years since the mortgage crisis, from tighter regulation and increased oversight to shifts in housing needs and our country’s cultural dynamics. What role do banks, local not-for-profits, and individuals play in the ever evolving mortgage and housing markets?

As the holders of sensitive information and the provider of essential human services, state and local governments should be concerned about cybersecurity.

The final rules for the Basel III international capital accord, which will be phased in between the beginning of this year and 2019, include some relief for community banks. There are also some changes that affect the capital standards and reporting for community banks.

2015 marks the first year that an ORSA Summary Report must be filed with an insurer’s state of regulatory domicile. Some state regulators have already notified companies of the report due date, while other states have not. Regardless, all insurance companies that exceed the $500 million written premium threshold should be preparing the first drafts of their reports.

This ERM webinar takes you into the practical application of establishing a formal ERM program in your not-for-profit organization.

When you don’t properly secure your IT infrastructure, risk is sure to follow.

While safeguarding information assets is not a new business objective, cybersecurity has emerged as an area of critical concern for executives and boards of directors. As organizations’ key business operations have become more technology-reliant, they also have become more vulnerable to a cyber-attack.

This Enterprise Risk Management, or ERM, webinar takes you into the practical application of establishing a formal ERM program in your utility.

Understand the framework underlying a SOC 2 report and learn what principles your organization should have examined.

Baker Tilly's financial services industry specialists review internal controls best practices in the Internal Controls 2014 webinar.

A SOC 2 report is an independent examination of a service organization’s controls over its system’s security, availability, processing integrity, confidentiality, and privacy.

Baker Tilly addressed IT challenges to increase efficiency across mission critical operations.

Mobile devices transform the way your organization serves customers and generates business, as well as communicates with your employees and stakeholders. These same devices bring new and increased risks to your organization’s data, competitive advantage/intellectual property, and reputation. Managing these risks requires a holistic approach, which goes beyond just securing the software on a device.

Over the last few years the NAIC has established its expectations for insurance companies to maintain a risk management framework and conduct an Own Risk and Solvency Assessment (ORSA), including the filing of an ORSA Summary Report with state regulators. In 2012, the NAIC issued a Guidance Manual to provide insurers guidance with respect to reporting on ORSA, and later the NAIC adopted an ORSA Model Act. In 2012 and 2013 the NAIC conducted two separate feedback pilot projects and provided feedback and observations in a memo to the industry.

At the recent National Association of Insurance Commissioners (NAIC) Spring 2014 national meeting, two new documents were approved for release as exposure drafts: the Draft Own Risk and Solvency Assessment (ORSA) Guidance for Financial Analysts and the Draft ORSA Guidance for Financial Examiners. While the documents are intended to be guidance for insurance department financial analysts and examiners, the guidance provides a window into expectations for the future.

While mobile devices improve productivity and efficiency with increased mobility and functionality, they also, increase your risks, especially as worldwide laws and regulations regarding the privacy and security of data evolve.

The NAIC formally adopted the Own Risk and Solvency Assessment (ORSA) Model Act in September 2012, and the ORSA requirement for qualifying insurers will be effective January 2015. In an effort to improve guidance and regulation, the NAIC’s ORSA (E) Subgroup has completed two feedback pilot projects, one in June 2012 and the most recent in September 2013.

Business continuity planning can seem overwhelming when you first think about all you need to cover. Use this overview checklist to assist your organization in preparing for its planning process.

Too many banks prepare a business continuity/disaster recovery plan that collects dust on a shelf or ignores critical components. Plans aren’t tested or updated. They fail to plan for certain contingencies, such as a CEO who’s unavailable when disaster strikes. Federal and state agencies require a written business continuity and disaster recover plan. Smart business requires something more: a thorough plan that takes every contingency into account and is tested and updated regularly.

During and following the 2013 ORSA, insurance accounting, and financial reporting updates webinar, the Baker Tilly insurance team fielded several questions around ORSA – Own Risk Solvency Assessment. Here are some of the most common questions and answers.

The paper will examine domestic and global insurer solvency requirements with a primary focus on the United States’ National Association of Insurance Commissioners’ (NAIC) Risk Management and Own Risk and Solvency Assessment (RMORSA) Model Act. In addition, this paper will provide industry guidance to small through midsized insurance companies that have recently breached or are close to reaching the $500 million of annual direct written and unaffiliated assumed premium.

Baker Tilly assists manufacturer with Sarbanes-Oxley compliance

Today’s banking environment presents unprecedented challenges to successfully managing risk and establishing a platform for achieving predictable and sustainable earnings.

The board of trustees of a large organization expressed concern to management about whether the board was receiving information about their highest risk areas. The organization desired to objectively assess its most significant risks and ensure that risk mitigation plans were in place to address them.

The realities of the economic recession related to the legal profession have resulted in what appears to be long term changes to the business model of law firms.