SlideShare a Scribd company logo

Super Strategies 2014 Risk Strategy Presentation

Download as PPTX, PDF
D
David Fernandes
1 of 37
Enterprise Risk Management Session B8 Thursday, May 1st , 2014 11:30 – 12:45 David Fernandes Incorporating a Risk Management Strategy Throughout the Organization
YOUR EXPECTATIONS Incorporating a Risk Management Strategy Throughout the Organization 2Session B8 Slide # How many in Audit Department ? <5 < 10 What do you want to get out of this presentation? Is there any Risk Management program currently in place? Who owns “Risk” in your company? Board? Management? Legal? When do you want to have a ERM solution in place ?
Incorporating a Risk Management Strategy Throughout the Organization 3Session B8 Slide #
• Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit TOPICS Incorporating a Risk Management Strategy Throughout the Organization 4Session B8 Slide #
TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit Incorporating a Risk Management Strategy Throughout the Organization 5Session B8 Slide #
Management -the act or skill of controlling and making decisions about a business, department Strategy -a careful plan or method for achieving a particular goal usually over a long period of time Risk - The chance of loss or the perils to the subject matter of an insurance contract; also : the degree of probability of such loss Developing a Risk Management Strategy Developing a Risk Management Strategy 6Session B8 Slide #
• Risk Identification: – Identify foreseeable risks which could affect objectives, their cause(s) and possible effect(s). • Risk Assessment: – Establish the Likelihood of occurrence and Impact for each identified risk and prioritizing risks for further attention, grouping risks into categories to identify hotspots of risk exposure or common causes, and analyzing the combined effect of risks on corporate Goals and Objectives. • Risk Management: – Defining the scope and objectives of the risk process, describing the techniques and tools to be used, stating the thresholds of acceptable risk to various stakeholders, detailing roles and responsibilities etc. • Risk Response: – Consideration of response to each risk and selecting a strategy which is appropriate, achievable and affordable, delegating each task or activity to an owner. • Risk Monitoring: – Ensuring that agreed actions are implemented effectively, monitoring the effect on risk exposure, and communicating risk information to stakeholders with appropriate detail and frequency. • Risk Review: – Updating the risk process to assess the status of existing risks, determine the effectiveness of agreed responses, identify emerging risks, and review the Risk Management Strategy Developing a Risk Management Strategy 7Session B8 Slide #
 Risk Management Strategy (RMS) provides a structured and coherent approach to identifying, assessing and managing risk. It builds in a process for regularly updating and reviewing the assessment based on new developments or actions taken.  The process of identifying and reviewing the risks that a business faces is known as Enterprise Risk Assessment (ERA).  The assessment of potential risks enables the company to :  Be aware of where uncertainty surrounding events or outcomes exists and  Identifies the necessary steps that should be taken to protect the company.  Risk Management Strategy can be developed and implemented by even the smallest of groups or projects or built into a complex strategy for a multi- site international organization. Developing a Risk Management Strategy 8Session B8 Slide #
Developing a Risk Management Strategy 9Session B8 Slide #
TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit. Incorporating a Risk Management Strategy Throughout the Organization 10Session B8 Slide #
Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Integrated Approach to Risk Management.  Integrative Risk Management starts with the premise that no measure of exposure can be taken in isolation. It is a view that is well established in a corporate context, with stress being placed on a more holistic understanding of Integrated Risk Management.  Integrated Risk Management is different from traditional management as it allows us to examine what is missing in normal business process, and why those missing elements expose us to risk.  Integrated Risk Management encourages better up-front planning and allows us to determine if our polices and capabilities are well aligned to the strategy we desire to executive. 11Session B8 Slide #
Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Integrated Approach to Risk Management. 12Session B8 Slide #
Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Integrated Approach to Risk Management. Risk Updates Assessment Risk resources across different functions and business processes  Red flags,  Mitigating controls, and  Detection procedures Risk and Controls Become aware of function- specific risks and implement adequate risk controls Learn About the Business Save time and quickly create customized control questionnaires on key business risks. Control environments include:  General IT  Operational  Finance  Human Resources  Business 13Session B8 Slide #
Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Step 1: Risk Identification Step 2: Risk Assessment Step 3: Risk Management List of Possible Risks Likelihood H/M/L Impact H/M/L What are we already doing about it? (mitigating factors) What more can we do about it? Timescale Person Responsible Reviewed Level of Risk Integrated Approach to Risk Management. 14Session B8 Slide #
Develop connected, transparent action plans with measurable metrics Enable mitigation through triggers and focused reporting Analyze key risks and current capabilitiesAnalyze key risks and current capabilitiesAnalyze key risks and current capabilitiesAnalyze key risks and current capabilitiesAnalyze key risks and current capabilities Simplify management strategies to vital risks. Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceIdentify, assess, and prioritize business risks Identify, assess, and prioritize business risks Summarize results & integrate with Risk Mitigation processes R Business Goals, Objectives & Strategists & integrate with decision – making processes Analyze key risks and current capabilities 15Session B8 Slide # Integrated Approach to Risk Management
Some Challenges  Building blocks of processes, roles and technologies were not properly established.  Management does not fully understand or accept their critical role and responsibilities.  Risks that the project will not achieve the desired outcomes.  Business owners fail to see the value of the process and terminate the audit program.  Obtaining a complete and controlled population of data required to support a specific test. Companies Face A Wide Array of Risks A Common Challenge: How can you identify and prepare for major risks to your business? Integrated Approach to Risk Management. 16Session B8 Slide #
. Most executives focus their risk assessment and management efforts primarily on financial and compliance risks. Risk Management Strategy that fails to simultaneously identify and address the entire range of major risks types, put the company in danger Incorporating a Risk Management Strategy 17Session B8 Slide #
Incorporating a Risk Management Strategy Throughout the Organization TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit. 18Session B8 Slide #
Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Establishing of a Risk Management Steering Committee Risk Management is the responsibility of every employee of the University . Different stakeholders have different objectives and levels of account ability with respect to risk management. An effective risk management framework includes a comprehensive and defined accountability for risks, controls and risk treatment tasks. The risk management framework documents the roles and responsibilities of the various components of a risk management process. 19Session B8 Slide #
Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage  Develop a framework for assessing different levels of audit analytic techniques and associated benefits.  Define progressive levels to evolve its use of Data / Business Analytics.  Identify the building blocks: People, Process and Technology that must be in place to optimize benefits.  Understand, plan and communicate what needs to be done to achieve and increase benefits.  Establish a proactive and comprehensive view for effective ERA and ERM. Establishing of a risk management steering committee 20Session B8 Slide #
Make up of the committee? o Member from the Senior Management Team: (Board of Directors, Audit Committee, C Suite) What are the committee’s core responsibilities? The committee has three primary responsibilities:  Establish a risk management program,  Implement an annual risk assessment,  Identify the organization’s exposures and  Develop a risk control program. What are main steps in creating a risk management program?  Identify and analyze risks (exposures).  Prioritize risk and communicate the appropriate risk management plan,  Implement the risk management plan and  Monitor and update the plan as needed. Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Establishing of a risk management steering committee . 21Session B8 Slide #
TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit. Incorporating a Risk Management Strategy Throughout the Organization 22Session B8 Slide #
Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Risk Avoidance An organization decides to avoid the risk altogether by not entering into the activity or providing the service. This may be possible for some types of activities carried out by the organization but usually not core activities. Risk Control An organization decides to continue the activity which creates the risk, but to manage it so that it will be less likely to occur and less damaging if it does occur. If an activity is central for an organization then it will need to identify what standards of staff and volunteer training are needed to carry out the activity, what good practice policies must be adhered to. There must be clear record keeping in order to ensure that it is clear that the organization met the good practice requirements laid down in its policy. Good governance is important here too as the Management Committee will need to understand the risks and the control strategies in place. Having a skilled board with an under standing of accounting law, management etc is part of a good risk control strategy. Risk Transfer An organization decides to have a third party perform the risky activity or to transfer the consequences of the risk to another person or organization. This can be through insurance, indemnity, exemption from liability or through transferring the activity to another organization. Mitigating Factors: These are the things which are done to reduce risk. Some of these are internal i.e. within the control of the organization and some are external i.e. they may be regulatory or imposed by funders. Some of these are in place already and it is important to take account of these in planning risk management Managing Risk 23Session B8 Slide #
TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit. Incorporating a Risk Management Strategy Throughout the Organization 24Session B8 Slide #
Creating an Enterprise Risk Assessment Risk Areas Business Risk Organizational Strategic Risks Financial Risks Operational Risks Legal & Compliance Risks IT & Systems Risks Risk Catalog Design a web- based, risk assessment survey that requires s participants to assess each risk using critical criteria: Impact – How significant is this risk to the business? Likelihood – How likely is this risk to come to pass? Web-based Risk Survey Trending and Velocity If the risk comes to pass, how quickly will it impact the company? Risk Committee Guidance on Risk Selection and Participants • Consolidate and analyze the responses of your survey . • Prepare a detailed and comprehensive report. • Include heat maps Board Presentation Present Graphs for Top 5 risks by impact, likelihood and velocity Top 5 risks for each category e.g. Business, Financial, Operational etc 25Session B8 Slide #
Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Risk & Definition# Ref 1 B1 Business Interruption / Service Failure - • The company's capability to continue critical operations and processes are dependent on availability of energy, information technologies, skilled labor, etc. • Critical resources are not available, causing the company to experience difficulty in continuing profitable operations. • A major disaster, such as fires, earthquakes, explosions, floods or terrorism, threatens the company's ability to sustain operations, provide essential products and services or recover operating costs i.e. a disaster impacts the ability to support customers. • Physical Risks : a disaster or extreme weather conditions impact the ability to support customers e.g. tsunamis, fires, earthquakes, explosions, floods. • Regulatory / Legal : changes in government laws e.g. nationalization, import taxes / bans, energy supply impact the company's ability to sustain production. 2 B2 Business Portfolio / Mergers / Acquisitions - • The "due diligence" process is flawed and underlying business performance is not as presented by the buyer. • The company does not negotiate appropriate risk mitigation processes in the deal document. • Merger or acquisition activity results in inconsistent financial processes, lacks operational synergies or has a fragmented IT structure. • Non-delivery of expected synergy benefits / cost savings, loss of market / customer focus during integration process and loss of key employees during integration process. Business Risk Corporate Average - Significance Corporate Average - Likelihood 3.7 2.0 3.0 2.4 Trending Creating an Enterprise Risk Assessment 26Session B8 Slide #
Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Creating an Enterprise Risk Assessment 27Session B8 Slide #
Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Creating an Enterprise Risk Assessment 1.0 2.0 3.0 4.0 5.0 1.0 2.0 3.0 4.0 5.0 Significance Likelihood Total Company Responses Business Technology Manufacturing Information Technology Finance Organizational Sales & Marketing SM1 SM2 SM4 T3 M5 28Session B8 Slide #
Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Creating an Enterprise Risk Assessment 29Session B8 Slide #
TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring Process. • Risk Management and Internal Audit Incorporating a Risk Management Strategy Throughout the Organization 30Session B8 Slide #
Setting up Control Monitoring Process. • Do not over-react to the initial wave of responses to your risk assessment – these will probably have some ‘white noise.” • Establish the facts..Interview. • Effective leadership is to create an environment where people are encouraged to identify risks and possible solutions. • Pay Attention to the Detail: not getting lost in the weeds, but being able to sift the wheat from the chaff. • Evaluate all outcomes and alternatives. • Revisit the directives given to make sure they were executed . Ownership: ERM belongs to the leadership team not consultants. Fact: ERM only works when the bad news is faced up and dealt with not punished nor rationalized. D E E P E R 31Session B8 Slide # Responsibility: belongs to everyone.
Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Setting up Control Monitoring Process. Assigning responsibilities is an integral part of monitoring risk • Role of the executive committee • Risk Champion / Sponsor • Unit responsible for risk mitigation Risk assessment and monitoring techniques Methods for assessing and monitoring risks assist managers in identifying where they should focus their energies and resources • Workshops • Questionnaires. • Control self-assessment • Identification templates. • “Bottom up" risk assessments. 32Session B8 Slide #
Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Incorporating a Risk Management Strategy Throughout the Organization When anyone asks me how I can best describe my experience in nearly forty years at sea, I merely say, uneventful. Of course there have been winter gales, and storms and fog and the like, but in all my experience, I have never been in any accident of any sort worth speaking about. I never saw a wreck and never have been wrecked, nor was I ever in any predicament that threatened to end in disaster of any sort. You see, I am not very good material for a story. Edward J. Smith, Captain, RMS Titanic © 2005 Christie's Images 33Session B8 Slide #
TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit 34Session B8 Slide # Incorporating a Risk Management Strategy Throughout the Organization
Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Risk Management and Internal Audit 35Session B8 Slide #
No Tolerance Serious Concern s Moderate Concern General Tolerance Highest Tolerance Financial Stability Oversight concern for financial integrity Budget overshot Credit ratings downgraded Financial statements subject to strong audit comment Not within budget Threats to credit rating Audit comments on financial reports Budget pressures appearing Financial Reporting Sound Positive audit reports Within budget Sound Balance Sheet Within Budget Strong credit rating Staff Engagement Major staff moral and commitment now a persistent pattern. Attrition is so great that replacements cannot be found and turn away offers. Grievances preoccupy the organization and threaten to move into arbitration Staff moral showing a strong downward trend over many months Attrition generally across the organization creating operational pressure Grievances are increasing and more pervasive. Staff surveys report staff concern about their alignment to organizational goals Attrition increasing, but in isolated areas. Grievances show an increasing pattern. Staff commitment reported positive Attrition within acceptable and replaceable range Grievances occurring but not in large numbers Staff report high level of commitment to work – multi-year pattern Very low level of attrition Low level of internal grievances Risk Management and Internal Audit 36Session B8 Slide #
• Tone from the Top: present risks to the Risk Committee for their consideration. • Acceptance: Risk Committee formally accept the risks to the organization. • Clarification: Review the organizations core values and identify adverse risks. • Training: Address challenging issues associated with risk perceptions. • Identification: Clarify the Company’s core values for the organization and • Communication: include appropriate sharing of information and of concerns. • Assessment: Assign priorities to top risks, integrate these into existing operational plans. • Leadership: Demonstrate ability to innovate and motivate your partners. Risk Management and Internal Audit 37Session B8 Slide #

Recommended

Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
 
ERM overview
ERM overviewERM overview
ERM overviewHisham Haridy MBA, PMP®, RMP®, SP®
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakYashavanth Nayak
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategyhenrytk2
 

Recommended

Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
 
ERM overview
ERM overviewERM overview
ERM overviewHisham Haridy MBA, PMP®, RMP®, SP®
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakYashavanth Nayak
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategyhenrytk2
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesGlobalStrategyTribe
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
Pm0016 set-1
Pm0016 set-1Pm0016 set-1
Pm0016 set-1Paul Hunt
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Integrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessIntegrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessEneni Oduwole
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalSyzygal
 
Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Andrew Smart
 
The Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementThe Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementCorporater
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 
Security risk management
Security risk managementSecurity risk management
Security risk managementbrijesh singh
 
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Risk management
Risk managementRisk management
Risk managementLepipi
 
A Presentation on Risk Based Auditing
A Presentation on Risk Based AuditingA Presentation on Risk Based Auditing
A Presentation on Risk Based AuditingAmar Deep Ghimire
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAndre Knipe
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORENaresh Parandhaman
 
Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu?
Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu? Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu?
Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu? Vua Tủ Bếp
 
Playground mats
Playground matsPlayground mats
Playground matstayloredu
 

More Related Content

What's hot

Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesGlobalStrategyTribe
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
Pm0016 set-1
Pm0016 set-1Pm0016 set-1
Pm0016 set-1Paul Hunt
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Integrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessIntegrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessEneni Oduwole
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalSyzygal
 
Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Andrew Smart
 
The Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementThe Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementCorporater
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 
Security risk management
Security risk managementSecurity risk management
Security risk managementbrijesh singh
 
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Risk management
Risk managementRisk management
Risk managementLepipi
 
A Presentation on Risk Based Auditing
A Presentation on Risk Based AuditingA Presentation on Risk Based Auditing
A Presentation on Risk Based AuditingAmar Deep Ghimire
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAndre Knipe
 

What's hot (20)

Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
 
Pm0016 set-1
Pm0016 set-1Pm0016 set-1
Pm0016 set-1
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
 
Integrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessIntegrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning Process
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - Syzygal
 
Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.
 
The Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementThe Purpose of Holistic Risk Management
The Purpose of Holistic Risk Management
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
PECB Webinar: Enterprise Risk Management - Unsuccessful efforts due to lack o...
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
 
Risk management
Risk managementRisk management
Risk management
 
A Presentation on Risk Based Auditing
A Presentation on Risk Based AuditingA Presentation on Risk Based Auditing
A Presentation on Risk Based Auditing
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
 

Viewers also liked

Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu?
Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu? Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu?
Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu? Vua Tủ Bếp
 
Playground mats
Playground matsPlayground mats
Playground matstayloredu
 
Food Rescue Canning-Times-Food-Rescue-Millionth-Meal
Food Rescue Canning-Times-Food-Rescue-Millionth-MealFood Rescue Canning-Times-Food-Rescue-Millionth-Meal
Food Rescue Canning-Times-Food-Rescue-Millionth-MealLucky Poulos
 
iNovate Marketing SEO PowerPoint
iNovate Marketing SEO PowerPointiNovate Marketing SEO PowerPoint
iNovate Marketing SEO PowerPointiNovate Marketing
 
Tủ bếp acrylic , Cung cấp các tủ bếp acrylic bóng đẹp hiện đại, xưởng sản xuấ...
Tủ bếp acrylic , Cung cấp các tủ bếp acrylic bóng đẹp hiện đại, xưởng sản xuấ...Tủ bếp acrylic , Cung cấp các tủ bếp acrylic bóng đẹp hiện đại, xưởng sản xuấ...
Tủ bếp acrylic , Cung cấp các tủ bếp acrylic bóng đẹp hiện đại, xưởng sản xuấ...Vua Tủ Bếp
 
Mucoepidermoid Ca
Mucoepidermoid CaMucoepidermoid Ca
Mucoepidermoid CaJoungho Han
 
Atypical Carcinoid
Atypical CarcinoidAtypical Carcinoid
Atypical CarcinoidJoungho Han
 
35 artigo sistema qualidade x controladoria
35 artigo sistema qualidade x controladoria35 artigo sistema qualidade x controladoria
35 artigo sistema qualidade x controladoriaAmanda Fraga
 

Viewers also liked (11)

Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu?
Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu? Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu?
Tủ bếp, tủ bếp đẹp, tủ bếp giá rẻ, tủ bếp acrylic giá bao nhiêu?
 
Playground mats
Playground matsPlayground mats
Playground mats
 
TeoríA Del Aprendizaje
TeoríA Del AprendizajeTeoríA Del Aprendizaje
TeoríA Del Aprendizaje
 
Andre 2
Andre 2Andre 2
Andre 2
 
Semi Precious
Semi PreciousSemi Precious
Semi Precious
 
Food Rescue Canning-Times-Food-Rescue-Millionth-Meal
Food Rescue Canning-Times-Food-Rescue-Millionth-MealFood Rescue Canning-Times-Food-Rescue-Millionth-Meal
Food Rescue Canning-Times-Food-Rescue-Millionth-Meal
 
iNovate Marketing SEO PowerPoint
iNovate Marketing SEO PowerPointiNovate Marketing SEO PowerPoint
iNovate Marketing SEO PowerPoint
 
Tủ bếp acrylic , Cung cấp các tủ bếp acrylic bóng đẹp hiện đại, xưởng sản xuấ...
Tủ bếp acrylic , Cung cấp các tủ bếp acrylic bóng đẹp hiện đại, xưởng sản xuấ...Tủ bếp acrylic , Cung cấp các tủ bếp acrylic bóng đẹp hiện đại, xưởng sản xuấ...
Tủ bếp acrylic , Cung cấp các tủ bếp acrylic bóng đẹp hiện đại, xưởng sản xuấ...
 
Mucoepidermoid Ca
Mucoepidermoid CaMucoepidermoid Ca
Mucoepidermoid Ca
 
Atypical Carcinoid
Atypical CarcinoidAtypical Carcinoid
Atypical Carcinoid
 
35 artigo sistema qualidade x controladoria
35 artigo sistema qualidade x controladoria35 artigo sistema qualidade x controladoria
35 artigo sistema qualidade x controladoria
 

Similar to Super Strategies 2014 Risk Strategy Presentation

Risk Management Toolkit
Risk Management ToolkitRisk Management Toolkit
Risk Management ToolkitPeterFranz6
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinRamaica Ona
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinAahil Malik
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinSukumar Reddy
 
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final CopyCase Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final CopyKevin Fryatt
 
An introduction to finance
An introduction to financeAn introduction to finance
An introduction to financeRobert Reed
 
Corporate and Project Risk Management Toolkit
Corporate and Project Risk Management Toolkit Corporate and Project Risk Management Toolkit
Corporate and Project Risk Management Toolkit Aurelien Domont, MBA
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerTanaMaeskm
 
A to Z of Risk Management
A to Z of Risk ManagementA to Z of Risk Management
A to Z of Risk ManagementMark Conway
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016Rohit Chawda
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 

Similar to Super Strategies 2014 Risk Strategy Presentation (20)

Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Risk Management Toolkit
Risk Management ToolkitRisk Management Toolkit
Risk Management Toolkit
 
GP for Risk Management product sheet
GP for Risk Management product sheetGP for Risk Management product sheet
GP for Risk Management product sheet
 
Five lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; ermFive lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; erm
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final CopyCase Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
 
An introduction to finance
An introduction to financeAn introduction to finance
An introduction to finance
 
Corporate and Project Risk Management Toolkit
Corporate and Project Risk Management Toolkit Corporate and Project Risk Management Toolkit
Corporate and Project Risk Management Toolkit
 
Erm whitepaper (2)
Erm whitepaper (2)Erm whitepaper (2)
Erm whitepaper (2)
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Risk Intelligence
Risk IntelligenceRisk Intelligence
Risk Intelligence
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and Per
 
A to Z of Risk Management
A to Z of Risk ManagementA to Z of Risk Management
A to Z of Risk Management
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 

Super Strategies 2014 Risk Strategy Presentation

  • 1. Enterprise Risk Management Session B8 Thursday, May 1st , 2014 11:30 – 12:45 David Fernandes Incorporating a Risk Management Strategy Throughout the Organization
  • 2. YOUR EXPECTATIONS Incorporating a Risk Management Strategy Throughout the Organization 2Session B8 Slide # How many in Audit Department ? <5 < 10 What do you want to get out of this presentation? Is there any Risk Management program currently in place? Who owns “Risk” in your company? Board? Management? Legal? When do you want to have a ERM solution in place ?
  • 3. Incorporating a Risk Management Strategy Throughout the Organization 3Session B8 Slide #
  • 4. • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit TOPICS Incorporating a Risk Management Strategy Throughout the Organization 4Session B8 Slide #
  • 5. TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit Incorporating a Risk Management Strategy Throughout the Organization 5Session B8 Slide #
  • 6. Management -the act or skill of controlling and making decisions about a business, department Strategy -a careful plan or method for achieving a particular goal usually over a long period of time Risk - The chance of loss or the perils to the subject matter of an insurance contract; also : the degree of probability of such loss Developing a Risk Management Strategy Developing a Risk Management Strategy 6Session B8 Slide #
  • 7. • Risk Identification: – Identify foreseeable risks which could affect objectives, their cause(s) and possible effect(s). • Risk Assessment: – Establish the Likelihood of occurrence and Impact for each identified risk and prioritizing risks for further attention, grouping risks into categories to identify hotspots of risk exposure or common causes, and analyzing the combined effect of risks on corporate Goals and Objectives. • Risk Management: – Defining the scope and objectives of the risk process, describing the techniques and tools to be used, stating the thresholds of acceptable risk to various stakeholders, detailing roles and responsibilities etc. • Risk Response: – Consideration of response to each risk and selecting a strategy which is appropriate, achievable and affordable, delegating each task or activity to an owner. • Risk Monitoring: – Ensuring that agreed actions are implemented effectively, monitoring the effect on risk exposure, and communicating risk information to stakeholders with appropriate detail and frequency. • Risk Review: – Updating the risk process to assess the status of existing risks, determine the effectiveness of agreed responses, identify emerging risks, and review the Risk Management Strategy Developing a Risk Management Strategy 7Session B8 Slide #
  • 8.  Risk Management Strategy (RMS) provides a structured and coherent approach to identifying, assessing and managing risk. It builds in a process for regularly updating and reviewing the assessment based on new developments or actions taken.  The process of identifying and reviewing the risks that a business faces is known as Enterprise Risk Assessment (ERA).  The assessment of potential risks enables the company to :  Be aware of where uncertainty surrounding events or outcomes exists and  Identifies the necessary steps that should be taken to protect the company.  Risk Management Strategy can be developed and implemented by even the smallest of groups or projects or built into a complex strategy for a multi- site international organization. Developing a Risk Management Strategy 8Session B8 Slide #
  • 9. Developing a Risk Management Strategy 9Session B8 Slide #
  • 10. TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit. Incorporating a Risk Management Strategy Throughout the Organization 10Session B8 Slide #
  • 11. Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Integrated Approach to Risk Management.  Integrative Risk Management starts with the premise that no measure of exposure can be taken in isolation. It is a view that is well established in a corporate context, with stress being placed on a more holistic understanding of Integrated Risk Management.  Integrated Risk Management is different from traditional management as it allows us to examine what is missing in normal business process, and why those missing elements expose us to risk.  Integrated Risk Management encourages better up-front planning and allows us to determine if our polices and capabilities are well aligned to the strategy we desire to executive. 11Session B8 Slide #
  • 12. Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Integrated Approach to Risk Management. 12Session B8 Slide #
  • 13. Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Integrated Approach to Risk Management. Risk Updates Assessment Risk resources across different functions and business processes  Red flags,  Mitigating controls, and  Detection procedures Risk and Controls Become aware of function- specific risks and implement adequate risk controls Learn About the Business Save time and quickly create customized control questionnaires on key business risks. Control environments include:  General IT  Operational  Finance  Human Resources  Business 13Session B8 Slide #
  • 14. Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Step 1: Risk Identification Step 2: Risk Assessment Step 3: Risk Management List of Possible Risks Likelihood H/M/L Impact H/M/L What are we already doing about it? (mitigating factors) What more can we do about it? Timescale Person Responsible Reviewed Level of Risk Integrated Approach to Risk Management. 14Session B8 Slide #
  • 15. Develop connected, transparent action plans with measurable metrics Enable mitigation through triggers and focused reporting Analyze key risks and current capabilitiesAnalyze key risks and current capabilitiesAnalyze key risks and current capabilitiesAnalyze key risks and current capabilitiesAnalyze key risks and current capabilities Simplify management strategies to vital risks. Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceMeasure, monitor, & report risk management performanceIdentify, assess, and prioritize business risks Identify, assess, and prioritize business risks Summarize results & integrate with Risk Mitigation processes R Business Goals, Objectives & Strategists & integrate with decision – making processes Analyze key risks and current capabilities 15Session B8 Slide # Integrated Approach to Risk Management
  • 16. Some Challenges  Building blocks of processes, roles and technologies were not properly established.  Management does not fully understand or accept their critical role and responsibilities.  Risks that the project will not achieve the desired outcomes.  Business owners fail to see the value of the process and terminate the audit program.  Obtaining a complete and controlled population of data required to support a specific test. Companies Face A Wide Array of Risks A Common Challenge: How can you identify and prepare for major risks to your business? Integrated Approach to Risk Management. 16Session B8 Slide #
  • 17. . Most executives focus their risk assessment and management efforts primarily on financial and compliance risks. Risk Management Strategy that fails to simultaneously identify and address the entire range of major risks types, put the company in danger Incorporating a Risk Management Strategy 17Session B8 Slide #
  • 18. Incorporating a Risk Management Strategy Throughout the Organization TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit. 18Session B8 Slide #
  • 19. Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Establishing of a Risk Management Steering Committee Risk Management is the responsibility of every employee of the University . Different stakeholders have different objectives and levels of account ability with respect to risk management. An effective risk management framework includes a comprehensive and defined accountability for risks, controls and risk treatment tasks. The risk management framework documents the roles and responsibilities of the various components of a risk management process. 19Session B8 Slide #
  • 20. Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage  Develop a framework for assessing different levels of audit analytic techniques and associated benefits.  Define progressive levels to evolve its use of Data / Business Analytics.  Identify the building blocks: People, Process and Technology that must be in place to optimize benefits.  Understand, plan and communicate what needs to be done to achieve and increase benefits.  Establish a proactive and comprehensive view for effective ERA and ERM. Establishing of a risk management steering committee 20Session B8 Slide #
  • 21. Make up of the committee? o Member from the Senior Management Team: (Board of Directors, Audit Committee, C Suite) What are the committee’s core responsibilities? The committee has three primary responsibilities:  Establish a risk management program,  Implement an annual risk assessment,  Identify the organization’s exposures and  Develop a risk control program. What are main steps in creating a risk management program?  Identify and analyze risks (exposures).  Prioritize risk and communicate the appropriate risk management plan,  Implement the risk management plan and  Monitor and update the plan as needed. Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Establishing of a risk management steering committee . 21Session B8 Slide #
  • 22. TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit. Incorporating a Risk Management Strategy Throughout the Organization 22Session B8 Slide #
  • 23. Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Risk Avoidance An organization decides to avoid the risk altogether by not entering into the activity or providing the service. This may be possible for some types of activities carried out by the organization but usually not core activities. Risk Control An organization decides to continue the activity which creates the risk, but to manage it so that it will be less likely to occur and less damaging if it does occur. If an activity is central for an organization then it will need to identify what standards of staff and volunteer training are needed to carry out the activity, what good practice policies must be adhered to. There must be clear record keeping in order to ensure that it is clear that the organization met the good practice requirements laid down in its policy. Good governance is important here too as the Management Committee will need to understand the risks and the control strategies in place. Having a skilled board with an under standing of accounting law, management etc is part of a good risk control strategy. Risk Transfer An organization decides to have a third party perform the risky activity or to transfer the consequences of the risk to another person or organization. This can be through insurance, indemnity, exemption from liability or through transferring the activity to another organization. Mitigating Factors: These are the things which are done to reduce risk. Some of these are internal i.e. within the control of the organization and some are external i.e. they may be regulatory or imposed by funders. Some of these are in place already and it is important to take account of these in planning risk management Managing Risk 23Session B8 Slide #
  • 24. TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit. Incorporating a Risk Management Strategy Throughout the Organization 24Session B8 Slide #
  • 25. Creating an Enterprise Risk Assessment Risk Areas Business Risk Organizational Strategic Risks Financial Risks Operational Risks Legal & Compliance Risks IT & Systems Risks Risk Catalog Design a web- based, risk assessment survey that requires s participants to assess each risk using critical criteria: Impact – How significant is this risk to the business? Likelihood – How likely is this risk to come to pass? Web-based Risk Survey Trending and Velocity If the risk comes to pass, how quickly will it impact the company? Risk Committee Guidance on Risk Selection and Participants • Consolidate and analyze the responses of your survey . • Prepare a detailed and comprehensive report. • Include heat maps Board Presentation Present Graphs for Top 5 risks by impact, likelihood and velocity Top 5 risks for each category e.g. Business, Financial, Operational etc 25Session B8 Slide #
  • 26. Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Risk & Definition# Ref 1 B1 Business Interruption / Service Failure - • The company's capability to continue critical operations and processes are dependent on availability of energy, information technologies, skilled labor, etc. • Critical resources are not available, causing the company to experience difficulty in continuing profitable operations. • A major disaster, such as fires, earthquakes, explosions, floods or terrorism, threatens the company's ability to sustain operations, provide essential products and services or recover operating costs i.e. a disaster impacts the ability to support customers. • Physical Risks : a disaster or extreme weather conditions impact the ability to support customers e.g. tsunamis, fires, earthquakes, explosions, floods. • Regulatory / Legal : changes in government laws e.g. nationalization, import taxes / bans, energy supply impact the company's ability to sustain production. 2 B2 Business Portfolio / Mergers / Acquisitions - • The "due diligence" process is flawed and underlying business performance is not as presented by the buyer. • The company does not negotiate appropriate risk mitigation processes in the deal document. • Merger or acquisition activity results in inconsistent financial processes, lacks operational synergies or has a fragmented IT structure. • Non-delivery of expected synergy benefits / cost savings, loss of market / customer focus during integration process and loss of key employees during integration process. Business Risk Corporate Average - Significance Corporate Average - Likelihood 3.7 2.0 3.0 2.4 Trending Creating an Enterprise Risk Assessment 26Session B8 Slide #
  • 27. Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Creating an Enterprise Risk Assessment 27Session B8 Slide #
  • 28. Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Creating an Enterprise Risk Assessment 1.0 2.0 3.0 4.0 5.0 1.0 2.0 3.0 4.0 5.0 Significance Likelihood Total Company Responses Business Technology Manufacturing Information Technology Finance Organizational Sales & Marketing SM1 SM2 SM4 T3 M5 28Session B8 Slide #
  • 29. Analyze key risks and current capabilities Measure, monitor, & report risk management performanceMeasure, monitor, & report risk management performance Creating an Enterprise Risk Assessment 29Session B8 Slide #
  • 30. TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring Process. • Risk Management and Internal Audit Incorporating a Risk Management Strategy Throughout the Organization 30Session B8 Slide #
  • 31. Setting up Control Monitoring Process. • Do not over-react to the initial wave of responses to your risk assessment – these will probably have some ‘white noise.” • Establish the facts..Interview. • Effective leadership is to create an environment where people are encouraged to identify risks and possible solutions. • Pay Attention to the Detail: not getting lost in the weeds, but being able to sift the wheat from the chaff. • Evaluate all outcomes and alternatives. • Revisit the directives given to make sure they were executed . Ownership: ERM belongs to the leadership team not consultants. Fact: ERM only works when the bad news is faced up and dealt with not punished nor rationalized. D E E P E R 31Session B8 Slide # Responsibility: belongs to everyone.
  • 32. Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Setting up Control Monitoring Process. Assigning responsibilities is an integral part of monitoring risk • Role of the executive committee • Risk Champion / Sponsor • Unit responsible for risk mitigation Risk assessment and monitoring techniques Methods for assessing and monitoring risks assist managers in identifying where they should focus their energies and resources • Workshops • Questionnaires. • Control self-assessment • Identification templates. • “Bottom up" risk assessments. 32Session B8 Slide #
  • 33. Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Incorporating a Risk Management Strategy Throughout the Organization When anyone asks me how I can best describe my experience in nearly forty years at sea, I merely say, uneventful. Of course there have been winter gales, and storms and fog and the like, but in all my experience, I have never been in any accident of any sort worth speaking about. I never saw a wreck and never have been wrecked, nor was I ever in any predicament that threatened to end in disaster of any sort. You see, I am not very good material for a story. Edward J. Smith, Captain, RMS Titanic © 2005 Christie's Images 33Session B8 Slide #
  • 34. TOPICS • Developing a Risk Management Strategy. • Integrated Approach to Risk Management. • Establishing of a Risk Management Committee. • Managing Risk • Creating an Enterprise Risk Assessment. • Setting up Control Monitoring process. • Risk Management and Internal Audit 34Session B8 Slide # Incorporating a Risk Management Strategy Throughout the Organization
  • 35. Right Sized Technology Adds More Business Value Reduces Complexity and Increases Adoption & Usage Risk Management and Internal Audit 35Session B8 Slide #
  • 36. No Tolerance Serious Concern s Moderate Concern General Tolerance Highest Tolerance Financial Stability Oversight concern for financial integrity Budget overshot Credit ratings downgraded Financial statements subject to strong audit comment Not within budget Threats to credit rating Audit comments on financial reports Budget pressures appearing Financial Reporting Sound Positive audit reports Within budget Sound Balance Sheet Within Budget Strong credit rating Staff Engagement Major staff moral and commitment now a persistent pattern. Attrition is so great that replacements cannot be found and turn away offers. Grievances preoccupy the organization and threaten to move into arbitration Staff moral showing a strong downward trend over many months Attrition generally across the organization creating operational pressure Grievances are increasing and more pervasive. Staff surveys report staff concern about their alignment to organizational goals Attrition increasing, but in isolated areas. Grievances show an increasing pattern. Staff commitment reported positive Attrition within acceptable and replaceable range Grievances occurring but not in large numbers Staff report high level of commitment to work – multi-year pattern Very low level of attrition Low level of internal grievances Risk Management and Internal Audit 36Session B8 Slide #
  • 37. • Tone from the Top: present risks to the Risk Committee for their consideration. • Acceptance: Risk Committee formally accept the risks to the organization. • Clarification: Review the organizations core values and identify adverse risks. • Training: Address challenging issues associated with risk perceptions. • Identification: Clarify the Company’s core values for the organization and • Communication: include appropriate sharing of information and of concerns. • Assessment: Assign priorities to top risks, integrate these into existing operational plans. • Leadership: Demonstrate ability to innovate and motivate your partners. Risk Management and Internal Audit 37Session B8 Slide #

Editor's Notes

  1. MIS Training Institute Section # - Page 1 XXXXXX XXX ©
  2. PLAY 4. Dilbert Risky Business
  3. MIS Training Institute Section # - Page 7 XXXXXX XXX ©
  4. PLAY 5. Dilbert - The Vicious Cycle, It's Called Managing and Documented Process
  5. Workshops. Organizations are starting to develop risk-focused facilitated workshops that help operating personnel determine and prioritize their objectives and identify and assess risks. Questionnaires. Operating units are tasked with completing questionnaires on objectives and risks. For example, managers may annually update risks and progress on managing them. Self-assessment. Managers self-assess with support from Audit, Finance and an external accountant. Risk identification templates. Business units are given templates. These assist them in identifying and evaluating risks during their business planning process. "Bottom up" risk assessments. Operating managers identify and evaluate risks. These are then rolled up at the corporate level.