Jim DeLoach has more than 35 years of experience and is a member of the Protiviti Solutions Leadership Team. His market focus is on helping organizations succeed in responding to government mandates, shareholder demands and a changing business environment in a cost-effective and sustainable manner that reduces risk to an acceptable level. To this end, he assists companies with integrating risk management with strategy setting, business planning and performance management. He is also a noted expert in designing and evaluating internal control systems, with particular emphasis on setting an effective tone of the organization.
Jim is author of Managing business risk: An integrated approach, published by The Economist Intelligence Unit in 1995. Widely quoted in the press, he has published more than 250 articles covering various aspects of governance, managing business risk and effective internal controls. His book, Enterprise-wide Risk Management: Strategies for linking risk and opportunity, was published by Financial Times in June 2000 and was the first book written on the subject of enterprise risk management. He wrote Protiviti’s Guide to Enterprise Risk Management: Frequently Asked Questions, released in 2006 and today it remains one of the most comprehensive discussions of the topic. More recently, he co-authored a thought paper sponsored by COSO and published in 2014, Improving Organizational Performance and Governance: How the COSO Frameworks Can Help. He writes monthly blogs for both NACD Directorship and Corporate Compliance Insights. He also wrote all four editions of Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements, the most comprehensive treatment of the Sarbanes-Oxley Section 404 compliance process in the industry.
Jim is one of 25 recipients of the “Consultant of the Year” award from Consulting Magazine in 2011. In 2012, 2013, 2014 and again in 2015, he was named to the National Association of Corporate Directors’ Directorship 100 list, recognizing him as one of the 100 most influential professionals in the boardroom community. He served on the COSO Advisory Council contributing to the development of the Enterprise Risk Management – Integrated Framework, the COSO Project on Monitoring, and the recent update to the Internal Control – Integrated Framework. He has worked with, and delivered numerous presentations on risk management to, hundreds of companies and groups in 30 countries. He writes The Bulletin and Board Perspectives: Risk Oversight, Protiviti’s publications on governance-related issues as well as Protiviti’s Flash Reports.
- Global manufacturing company: Assisted the company with integrating risk considerations into its strategy setting and business planning processes with the objective of ultimately integrating risk management with performance management. Assisted the CEO with providing more focus to the board’s risk oversight process and facilitating a transformation of the corporate culture from a risk adverse to a more risk-aware perspective. Defined a risk philosophy delineating the board’s responsibilities from management’s, formulated an ERM policy statement, prepared a revised charter for the board’s risk oversight responsibilities, articulated an initial risk appetite statement and developed a risk assessment methodology that addresses the unique characteristics of strategic, financial, operational and compliance risks. Continuing to assist the company with updating the prior risk assessment using the enhanced risk assessment approach and developing the approach to integrating the revised risk assessment methodology into the existing strategic management and business planning processes. Next phase is to integrate risk management with the company’s balanced scorecard, completing the convergence of risk management and enterprise performance management.
- Global cement processor: Assisted in development of an enterprise-wide approach to more rigorously, consistently and proactively assess and manage the company’s business risks. The goal was to enhance the company’s corporate governance, with emphasis on integrating business risk management with business and strategic planning. The project defined a risk management vision statement, corporate risk management policy guidelines and a common risk language. It designed a six-step risk management process aligned with the business planning process, supported with tools, frameworks and a database. The project created an organization structure to support the testing and rollout of the process, piloted the first three steps of the process at selected operating units, rolled-out the tested process to the remaining 60+ operating units and pilot tested the remaining three steps of the process. The company’s EWRM approach is being implemented in phases over a multi-year period. The result was improved vertical communications, escalation of issues to executive management and the board of directors and sharing of best practices in a highly decentralized environment.
- Large diversified company: For a $10 billion revenue client, conducted interviews with the CEO and his direct reports and, in turn, with their respective direct reports to understand the risks inherent in executing the company’s business strategy and the issues and opportunities related to managing those risks. The project deliverables included a common risk language, organization and group risk profiles, recommended top quartile risks, sourcing of risks to their root causes and recommended action plans to implement an enterprise-wide risk management capability and reduce identified strategic integration risks to an acceptable level. Deliverables also included a recommended risk management oversight structure and process for identifying, sourcing, measuring, evaluating, addressing and monitoring risks. The result was better alignment of the organization with the organization’s strategic imperatives.
- M.B.A., The University of North Texas
- B.B.A., The University of North Texas
Professional Memberships & Certifications
- National Association of Corporate Directors (NACD)
- Institute of Internal Auditors (IIA)
- Certified Public Accountant (CPA)
- American Institute of Certified Public Accountants (AICPA)
- Texas Society of Certified Public Accountants (TSCPA)