SlideShare a Scribd company logo

Presentation_20110802213554

Download as PPT, PDF
P
P Karlin Panggalo.SE.MM.Ak.CA.CFA.CCM
1 of 51
Operational Risk Management Framework And Control Self Assessment
• Definition(s) of Risk Management & Risk • Impact(s) of Risk • Enterprise Risk Management • ERM Frameworks • DHS Risk Management Framework • NIST Risk Assessment Framework • STF Risk Assessment Framework Overview
• Risk management is a scientific approach to dealing with pure risks by anticipating possible accidental losses and designing and implementing procedures that minimize the occurrence of loss or the financial impact of the losses that do occur. (Fundamentals of Risk and Insurance, Vaughan and Vaughan) • Meaning: Risk as uncertainty concerning the occurrence of a loss. Definition of Risk Management
Risk = Vulnerability x Threat x Impact *Probability • Vulnerability = An error or a weakness in the design, implementation, or operation of a system. • Threat = An adversary that is motivated to exploit a system vulnerability and is capable of doing so • Impact = the likelihood that a vulnerability will be exploited or that a threat may become harmful. • *Probability = likelihood already factored into impact. Risk Equation
Types of Risk • Strategic – Goals of the Organization • Operational – Processes that Achieve Goals • Financial – Safeguarding Assets • Compliance – Laws and Regulations • Reputational – Public Image
Responses to Risk Severity Frequency High Transfer Avoid Low Accept Accept/Transfer Low High
The Vision of Operational Risk Management In 12 to 18 months, your goal should be to create a report for each department and group that summarizes all relevant information that gets combined into a rating for operational risk.
Pillars of Operational Risk Management LossesLosses Senior ManagementSenior Management CSACSA IssuesIssues IndicatorsIndicators Qualitative/Quantitative AnalysesQualitative/Quantitative Analyses Common Operational Risk Classification SchemeCommon Operational Risk Classification Scheme
Control Self Assessment Framework
Control Self Assessment Control-Self Assessment Definition Control-Self Assessment Objectives Enterprise wide Control Self Assessment Framework  Balanced Scorecard  CSA Methodology  Results Corporate Governance CSA Rollout - Project Time Line Appendix - Delivered Solution 1. Risk Map 2. Excel Based Worksheets 3. HTML Interface 4. Excel Based OutlineOutline
Control Self Assessment Control-Self Assessment is a risk management tool used by business managers to transparently assess risk and control strengths and weaknesses against a Control Framework. The “self” assessment refers to the involvement of management and staff in the assessment process. DefinitionDefinition
Control Self Assessment Communication  To ensure better communication of CEO’s objectives and strategies to all business lines  To ensure business line managers communicate their risks and controls more effectively Education  To ensure business line managers have a better comprehension of effective risk control  To ensure business line managers have a better comprehension of risk management Proactive Management  To ensure business line managers align their objectives and strategies with the CEO's objectives and strategies  To ensure business line managers assume greater responsibility and accountability for their risks and controls  To ensure business line managers monitor their risk effectively and timely  To ensure business line managers utilize and allocate their resources effectively ObjectivesObjectives
Enterprise-wide CSA Framework To foster a proactive management framework which is pervasive throughout a firm GoalGoal
Enterprise-wide CSA Framework
Step 1: Objective Setting Balanced Scorecard * A tool that translates a firm’s mission and strategy into a comprehensive set of performance measures that provides the framework for a strategic measurement and management system Objectives Ensures linkage between the objective of senior management and the businesses Increased focus on the appropriateness of the objectives Reinforced as the central “top down” articulation of goals Provides a framework within which the oversight functions, risk management and the business lines operate
Step 2: CSA Methodology ORCA Framework Objectives Risk Assessment of Key Processes Controls Action Plans The ORCA framework components fit logically together to form a comprehensive relationship between firm-wide objectives, processes and risks, and controls. This relationship may be viewed as the core of a firm’s internal control.
Step 2: CSA Methodology ORCA Framework To find equilibrium, the business managers must carefully assess the risks inherent within their key processes and apply controls that will work at a reasonable cost.
Step 2: CSA Methodology ORCA Framework
Step 2: CSA Methodology Key Indicators Metrics to measure the effectiveness of controls in the mitigating or managing risks  TO measure operational problems  TO monitor the quality of the services provided  TO provide early warning for problems  TO aid in the containment of losses  TO determine trends  TO set limits for risk or escalation criteria  TO facilitate everyday decisions.
Step 3: Results Qualitative Bottom-up feedback to executive management to ascertain how successfully the organization accomplished its strategic vision Identification of the interdepartmental and thematic risks within the firm QuantitativeQuantitative CSA Metric Score Inherent & Residual Risks Model CSA Scenario Engine
Step 3: Results
Step 3: Results Inherent and Residual risk models provide a sense of the potential monetary impact before and after the implementation of controls. CSA scenario engine may shed insight on how the department’s or firm’s control environment may evolve – for better or worse.
Corporate Governance Furthermore, the framework readily lends itself to Sarbanes-Oxley and BIS II compliance The enterprise-wide CSA framework presented here is a key component of a robust corporate governance structure. It enables the organization to inform executive management of the current state of the firm’s risk environment on an ongoing basis The expected benefits of a strong corporate governance structure are:
Summary The presented enterprise-wide control self-assessment framework: Provides flexibility and dynamism to evolve with the changing firm Allows a firm to manage risks from both the “top-down” and “bottom-up” perspectives Is an integral component of a strong corporate governance structure
CSA Rollout - Project Time Line  Design and Development (Prototype) Meet with Business Lines Gather Key business processes Establish Create Data Model Create Database Create user interface Load master tables data into database Create procedure guide Deliverables: CSA beta version software, User guide  Analysis Define Op Risk components ⇒ Firm wide objectives ⇒ Risk map Define CSA components ⇒ Objectives and key processes ⇒ Risks ⇒ Control Methods ⇒ Action Plans ⇒ Key Risk Indicators Refine Timeline and estimates Deliverables: Business requirements, User presentation  Implementation Rollout Control Self Assessment Software Data Gathering of Business Units CSA Support business units performing CSA Deliverables: Cutover Plan, CSA application  Planning Project Scope ⇒ Define CSA scope ⇒ Evaluate current firm wide objectives ⇒ Identify key business areas and processes ⇒ Obtain Sr. Management support Project Planning ⇒ Create project timeline ⇒ Allocate resources Deliverables: Project Plan, Road map  Close-out Review user feedback Establish cyclical review requirements Update CSA reporting package MarchFebruary Planning Analysis April May June NovemberOctoberAugust SeptemberJuly Closeout Implementation June Design December January Development
Internal Control A strong system of internal control is essential to effective enterprise risk management.
Relationship to Internal Control — Integrated Framework • Expands and elaborates on elements of internal control as set out in COSO’s “control framework.” • Includes objective setting as a separate component. Objectives are a “prerequisite” for internal control. • Expands the control framework’s “Financial Reporting” and “Risk Assessment.”
ERM Roles & Responsibilities • Management • The board of directors • Risk officers • Internal auditors
Internal Auditors • Play an important role in monitoring ERM, but do NOT have primary responsibility for its implementation or maintenance. • Assist management and the board or audit committee in the process by: - Monitoring - Evaluating - Examining - Reporting - Recommending improvements
Standards • 2010.A1 – The internal audit activity’s plan of engagements should be based on a risk assessment, undertaken at least annually. • 2120.A1 – Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization’s governance, operations, and information systems. • 2210.A1 – When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment.
Example: Risk Model • Environmental Risks – Capital Availability – Regulatory, Political, and Legal – Financial Markets and Shareholder Relations • Process Risks – Operations Risk – Empowerment Risk – Information Processing / Technology Risk – Integrity Risk – Financial Risk • Information for Decision Making – Operational Risk – Financial Risk – Strategic Risk
Risk Analysis Control It Share or Transfer It Diversify or Avoid It Risk Management Process Level Activity Level Entity Level Risk Monitoring Identification Measurement Prioritization Risk Assessment
Example: Call Center Risk Assessment Low High High I M P A C T PROBABILITY High Risk Medium Risk Medium Risk Low Risk • Loss of phones • Loss of computers • Credit risk • Customer has a long wait • Customer can’t get through • Customer can’t get answers • Entry errors • Equipment obsolescence • Repeat calls for same problem • Fraud • Lost transactions • Employee morale
Example: Accounts Payable Process Control Risk Control Objective Activity Completeness Material Accrual of transaction open liabilities not recorded Invoices accrued after closing
Communicate Results • Dashboard of risks and related responses (visual status of where key risks stand relative to risk tolerances) • Flowcharts of processes with key controls noted • Narratives of business objectives linked to operational risks and responses • List of key risks to be monitored or used • Management understanding of key business risk responsibility and communication of assignments
Monitor • Collect and display information • Perform analysis - Risks are being properly addressed - Controls are working to mitigate risks
Management Oversight & Periodic Review • Accountability for risks • Ownership • Updates - Changes in business objectives - Changes in systems - Changes in processes
Internal auditors can add value by: • Implementing a risk-based approach to planning and executing the internal audit process. • Ensuring that internal auditing’s resources are directed at those areas most important to the organization. • Challenging the basis of management’s risk assessments and evaluating the adequacy and effectiveness of risk treatment strategies.
Internal auditors can add value by: • Reviewing critical control systems and risk management processes. • Performing an effectiveness review of management's risk assessments and the internal controls. • Providing advice in the design and improvement of control systems and risk mitigation strategies.

Recommended

Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014Linda Locke Reputation Strategist
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesSlideTeam
 
Risk appetite
Risk appetite Risk appetite
Risk appetite Michel Rochette
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteTowers Perrin
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 

Recommended

Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014Linda Locke Reputation Strategist
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesSlideTeam
 
Risk appetite
Risk appetite Risk appetite
Risk appetite Michel Rochette
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteTowers Perrin
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteHassan Zaitoun
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Risk management
Risk managementRisk management
Risk managementRajuPrasad33
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for BankRahmat Mulyana
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 
GRC
GRCGRC
GRCMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementJorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
Advanced program management risk mitigation and management
Advanced program management risk mitigation and managementAdvanced program management risk mitigation and management
Advanced program management risk mitigation and managementMarcus Vannini
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Enterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEnterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEneni Oduwole
 
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfKey Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfPars Six Sigma Excellence
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Operational risk management (2)
Operational risk management (2)Operational risk management (2)
Operational risk management (2)Ujjwal 'Shanu'
 
COSO VS ERM -
COSO VS ERM - COSO VS ERM -
COSO VS ERM - Naresh Parandhaman
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
MANAJEMEN+PORTOFOLIO+OBLIGASI
MANAJEMEN+PORTOFOLIO+OBLIGASIMANAJEMEN+PORTOFOLIO+OBLIGASI
MANAJEMEN+PORTOFOLIO+OBLIGASIP Karlin Panggalo.SE.MM.Ak.CA.CFA.CCM
 
audit manajemen
audit manajemenaudit manajemen
audit manajemenP Karlin Panggalo.SE.MM.Ak.CA.CFA.CCM
 

More Related Content

What's hot

Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for BankRahmat Mulyana
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
 
Advanced program management risk mitigation and management
Advanced program management risk mitigation and managementAdvanced program management risk mitigation and management
Advanced program management risk mitigation and managementMarcus Vannini
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Enterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEnterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEneni Oduwole
 
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfKey Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfPars Six Sigma Excellence
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Operational risk management (2)
Operational risk management (2)Operational risk management (2)
Operational risk management (2)Ujjwal 'Shanu'
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 

What's hot (20)

Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Risk management
Risk managementRisk management
Risk management
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for Bank
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0
 
GRC
GRCGRC
GRC
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation Slides
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
Advanced program management risk mitigation and management
Advanced program management risk mitigation and managementAdvanced program management risk mitigation and management
Advanced program management risk mitigation and management
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
Enterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEnterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational Excellence
 
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfKey Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Operational risk management (2)
Operational risk management (2)Operational risk management (2)
Operational risk management (2)
 
COSO VS ERM -
COSO VS ERM - COSO VS ERM -
COSO VS ERM -
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls Framework
 

Viewers also liked

Peraturan Presiden tentang Percepatan Penyediaan Air Minum dan Sanitasi
Peraturan Presiden tentang Percepatan Penyediaan Air Minum dan SanitasiPeraturan Presiden tentang Percepatan Penyediaan Air Minum dan Sanitasi
Peraturan Presiden tentang Percepatan Penyediaan Air Minum dan SanitasiJoy Irman
 
Manlab pemantapan mutu
Manlab pemantapan mutuManlab pemantapan mutu
Manlab pemantapan mutuandiesta saman
 
Intisari 101 seni perang sun tzu
Intisari 101 seni perang sun tzuIntisari 101 seni perang sun tzu
Intisari 101 seni perang sun tzuHeru Subiyanto
 
Makalah akuntansi internasional kel. ii lingkungan audit di jepang dan beland...
Makalah akuntansi internasional kel. ii lingkungan audit di jepang dan beland...Makalah akuntansi internasional kel. ii lingkungan audit di jepang dan beland...
Makalah akuntansi internasional kel. ii lingkungan audit di jepang dan beland...Jiantari Marthen
 
Makalah akuntansi internasional tax planning australia ungkap strategi double...
Makalah akuntansi internasional tax planning australia ungkap strategi double...Makalah akuntansi internasional tax planning australia ungkap strategi double...
Makalah akuntansi internasional tax planning australia ungkap strategi double...Jiantari Marthen
 
Makalah akuntansi internasional kel. ii defisit ekspor impor indonesia china ...
Makalah akuntansi internasional kel. ii defisit ekspor impor indonesia china ...Makalah akuntansi internasional kel. ii defisit ekspor impor indonesia china ...
Makalah akuntansi internasional kel. ii defisit ekspor impor indonesia china ...Jiantari Marthen
 
Audit internal
Audit internalAudit internal
Audit internalpadlah1984
 
Makalah auditing ii pengauditan siklus produksi persediaan 2 (jiantari c 301 ...
Makalah auditing ii pengauditan siklus produksi persediaan 2 (jiantari c 301 ...Makalah auditing ii pengauditan siklus produksi persediaan 2 (jiantari c 301 ...
Makalah auditing ii pengauditan siklus produksi persediaan 2 (jiantari c 301 ...Jiantari Marthen
 
Audit pemasaran (bab 6), Audit Kinerja Manajemen
Audit pemasaran (bab 6), Audit Kinerja ManajemenAudit pemasaran (bab 6), Audit Kinerja Manajemen
Audit pemasaran (bab 6), Audit Kinerja ManajemenYunita Tri Andra Yani
 
1. administrasi, manajemen, dan pengendalian
1. administrasi, manajemen, dan pengendalian 1. administrasi, manajemen, dan pengendalian
1. administrasi, manajemen, dan pengendalian Agus Riyanto
 

Viewers also liked (20)

MANAJEMEN+PORTOFOLIO+OBLIGASI
MANAJEMEN+PORTOFOLIO+OBLIGASIMANAJEMEN+PORTOFOLIO+OBLIGASI
MANAJEMEN+PORTOFOLIO+OBLIGASI
 
audit manajemen
audit manajemenaudit manajemen
audit manajemen
 
perbandingan-antara-ifrs-dengan-psak-qv1
perbandingan-antara-ifrs-dengan-psak-qv1perbandingan-antara-ifrs-dengan-psak-qv1
perbandingan-antara-ifrs-dengan-psak-qv1
 
ORCA Overview
ORCA OverviewORCA Overview
ORCA Overview
 
Pertemuan 12 Loss Prevention and Fraud
Pertemuan 12 Loss Prevention and FraudPertemuan 12 Loss Prevention and Fraud
Pertemuan 12 Loss Prevention and Fraud
 
Peraturan Presiden tentang Percepatan Penyediaan Air Minum dan Sanitasi
Peraturan Presiden tentang Percepatan Penyediaan Air Minum dan SanitasiPeraturan Presiden tentang Percepatan Penyediaan Air Minum dan Sanitasi
Peraturan Presiden tentang Percepatan Penyediaan Air Minum dan Sanitasi
 
Pengantar manajemen
Pengantar manajemenPengantar manajemen
Pengantar manajemen
 
Manlab pemantapan mutu
Manlab pemantapan mutuManlab pemantapan mutu
Manlab pemantapan mutu
 
kayboard
kayboardkayboard
kayboard
 
Internal audit - Copy
Internal audit - CopyInternal audit - Copy
Internal audit - Copy
 
Intisari 101 seni perang sun tzu
Intisari 101 seni perang sun tzuIntisari 101 seni perang sun tzu
Intisari 101 seni perang sun tzu
 
Makalah akuntansi internasional kel. ii lingkungan audit di jepang dan beland...
Makalah akuntansi internasional kel. ii lingkungan audit di jepang dan beland...Makalah akuntansi internasional kel. ii lingkungan audit di jepang dan beland...
Makalah akuntansi internasional kel. ii lingkungan audit di jepang dan beland...
 
Makalah akuntansi internasional tax planning australia ungkap strategi double...
Makalah akuntansi internasional tax planning australia ungkap strategi double...Makalah akuntansi internasional tax planning australia ungkap strategi double...
Makalah akuntansi internasional tax planning australia ungkap strategi double...
 
Makalah akuntansi internasional kel. ii defisit ekspor impor indonesia china ...
Makalah akuntansi internasional kel. ii defisit ekspor impor indonesia china ...Makalah akuntansi internasional kel. ii defisit ekspor impor indonesia china ...
Makalah akuntansi internasional kel. ii defisit ekspor impor indonesia china ...
 
Langkah audit manajemen
Langkah audit manajemenLangkah audit manajemen
Langkah audit manajemen
 
Audit internal
Audit internalAudit internal
Audit internal
 
Makalah auditing ii pengauditan siklus produksi persediaan 2 (jiantari c 301 ...
Makalah auditing ii pengauditan siklus produksi persediaan 2 (jiantari c 301 ...Makalah auditing ii pengauditan siklus produksi persediaan 2 (jiantari c 301 ...
Makalah auditing ii pengauditan siklus produksi persediaan 2 (jiantari c 301 ...
 
Audit pemasaran (bab 6), Audit Kinerja Manajemen
Audit pemasaran (bab 6), Audit Kinerja ManajemenAudit pemasaran (bab 6), Audit Kinerja Manajemen
Audit pemasaran (bab 6), Audit Kinerja Manajemen
 
4.audit sdm
4.audit sdm4.audit sdm
4.audit sdm
 
1. administrasi, manajemen, dan pengendalian
1. administrasi, manajemen, dan pengendalian 1. administrasi, manajemen, dan pengendalian
1. administrasi, manajemen, dan pengendalian
 

Similar to Presentation_20110802213554

Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSODina Pramudianti
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationDavid Fernandes
 
Kaneshiro Slides and enterprise ris managent
Kaneshiro Slides and enterprise ris managentKaneshiro Slides and enterprise ris managent
Kaneshiro Slides and enterprise ris managentavinashchauhan70462
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - complianceNeeraj Verma
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL eraTreat Risk
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingNathan Ives
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
Evaluation and control in strategic management
Evaluation and control in strategic managementEvaluation and control in strategic management
Evaluation and control in strategic managementMeenakshi1994
 
Process Level Auditing Presentation
Process Level Auditing PresentationProcess Level Auditing Presentation
Process Level Auditing PresentationVernon Benjamin
 

Similar to Presentation_20110802213554 (20)

Coso erm
Coso ermCoso erm
Coso erm
 
Coso erm
Coso ermCoso erm
Coso erm
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSO
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
COSO_ERM.ppt
COSO_ERM.pptCOSO_ERM.ppt
COSO_ERM.ppt
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
 
Hoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO ConferenceHoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO Conference
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
 
2. Risk Management.pptx
2. Risk Management.pptx2. Risk Management.pptx
2. Risk Management.pptx
 
Kaneshiro Slides and enterprise ris managent
Kaneshiro Slides and enterprise ris managentKaneshiro Slides and enterprise ris managent
Kaneshiro Slides and enterprise ris managent
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - compliance
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL era
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance Mapping
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Evaluation and control in strategic management
Evaluation and control in strategic managementEvaluation and control in strategic management
Evaluation and control in strategic management
 
Process Level Auditing Presentation
Process Level Auditing PresentationProcess Level Auditing Presentation
Process Level Auditing Presentation
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 

Presentation_20110802213554

  • 1. Operational Risk Management Framework And Control Self Assessment
  • 2. • Definition(s) of Risk Management & Risk • Impact(s) of Risk • Enterprise Risk Management • ERM Frameworks • DHS Risk Management Framework • NIST Risk Assessment Framework • STF Risk Assessment Framework Overview
  • 3. • Risk management is a scientific approach to dealing with pure risks by anticipating possible accidental losses and designing and implementing procedures that minimize the occurrence of loss or the financial impact of the losses that do occur. (Fundamentals of Risk and Insurance, Vaughan and Vaughan) • Meaning: Risk as uncertainty concerning the occurrence of a loss. Definition of Risk Management
  • 4. Risk = Vulnerability x Threat x Impact *Probability • Vulnerability = An error or a weakness in the design, implementation, or operation of a system. • Threat = An adversary that is motivated to exploit a system vulnerability and is capable of doing so • Impact = the likelihood that a vulnerability will be exploited or that a threat may become harmful. • *Probability = likelihood already factored into impact. Risk Equation
  • 5. Types of Risk • Strategic – Goals of the Organization • Operational – Processes that Achieve Goals • Financial – Safeguarding Assets • Compliance – Laws and Regulations • Reputational – Public Image
  • 6. Responses to Risk Severity Frequency High Transfer Avoid Low Accept Accept/Transfer Low High
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. The Vision of Operational Risk Management In 12 to 18 months, your goal should be to create a report for each department and group that summarizes all relevant information that gets combined into a rating for operational risk.
  • 20. Pillars of Operational Risk Management LossesLosses Senior ManagementSenior Management CSACSA IssuesIssues IndicatorsIndicators Qualitative/Quantitative AnalysesQualitative/Quantitative Analyses Common Operational Risk Classification SchemeCommon Operational Risk Classification Scheme
  • 22. Control Self Assessment Control-Self Assessment Definition Control-Self Assessment Objectives Enterprise wide Control Self Assessment Framework  Balanced Scorecard  CSA Methodology  Results Corporate Governance CSA Rollout - Project Time Line Appendix - Delivered Solution 1. Risk Map 2. Excel Based Worksheets 3. HTML Interface 4. Excel Based OutlineOutline
  • 23. Control Self Assessment Control-Self Assessment is a risk management tool used by business managers to transparently assess risk and control strengths and weaknesses against a Control Framework. The “self” assessment refers to the involvement of management and staff in the assessment process. DefinitionDefinition
  • 24. Control Self Assessment Communication  To ensure better communication of CEO’s objectives and strategies to all business lines  To ensure business line managers communicate their risks and controls more effectively Education  To ensure business line managers have a better comprehension of effective risk control  To ensure business line managers have a better comprehension of risk management Proactive Management  To ensure business line managers align their objectives and strategies with the CEO's objectives and strategies  To ensure business line managers assume greater responsibility and accountability for their risks and controls  To ensure business line managers monitor their risk effectively and timely  To ensure business line managers utilize and allocate their resources effectively ObjectivesObjectives
  • 25. Enterprise-wide CSA Framework To foster a proactive management framework which is pervasive throughout a firm GoalGoal
  • 27. Step 1: Objective Setting Balanced Scorecard * A tool that translates a firm’s mission and strategy into a comprehensive set of performance measures that provides the framework for a strategic measurement and management system Objectives Ensures linkage between the objective of senior management and the businesses Increased focus on the appropriateness of the objectives Reinforced as the central “top down” articulation of goals Provides a framework within which the oversight functions, risk management and the business lines operate
  • 28. Step 2: CSA Methodology ORCA Framework Objectives Risk Assessment of Key Processes Controls Action Plans The ORCA framework components fit logically together to form a comprehensive relationship between firm-wide objectives, processes and risks, and controls. This relationship may be viewed as the core of a firm’s internal control.
  • 29. Step 2: CSA Methodology ORCA Framework To find equilibrium, the business managers must carefully assess the risks inherent within their key processes and apply controls that will work at a reasonable cost.
  • 30. Step 2: CSA Methodology ORCA Framework
  • 31. Step 2: CSA Methodology Key Indicators Metrics to measure the effectiveness of controls in the mitigating or managing risks  TO measure operational problems  TO monitor the quality of the services provided  TO provide early warning for problems  TO aid in the containment of losses  TO determine trends  TO set limits for risk or escalation criteria  TO facilitate everyday decisions.
  • 32. Step 3: Results Qualitative Bottom-up feedback to executive management to ascertain how successfully the organization accomplished its strategic vision Identification of the interdepartmental and thematic risks within the firm QuantitativeQuantitative CSA Metric Score Inherent & Residual Risks Model CSA Scenario Engine
  • 34. Step 3: Results Inherent and Residual risk models provide a sense of the potential monetary impact before and after the implementation of controls. CSA scenario engine may shed insight on how the department’s or firm’s control environment may evolve – for better or worse.
  • 35. Corporate Governance Furthermore, the framework readily lends itself to Sarbanes-Oxley and BIS II compliance The enterprise-wide CSA framework presented here is a key component of a robust corporate governance structure. It enables the organization to inform executive management of the current state of the firm’s risk environment on an ongoing basis The expected benefits of a strong corporate governance structure are:
  • 36. Summary The presented enterprise-wide control self-assessment framework: Provides flexibility and dynamism to evolve with the changing firm Allows a firm to manage risks from both the “top-down” and “bottom-up” perspectives Is an integral component of a strong corporate governance structure
  • 37. CSA Rollout - Project Time Line  Design and Development (Prototype) Meet with Business Lines Gather Key business processes Establish Create Data Model Create Database Create user interface Load master tables data into database Create procedure guide Deliverables: CSA beta version software, User guide  Analysis Define Op Risk components ⇒ Firm wide objectives ⇒ Risk map Define CSA components ⇒ Objectives and key processes ⇒ Risks ⇒ Control Methods ⇒ Action Plans ⇒ Key Risk Indicators Refine Timeline and estimates Deliverables: Business requirements, User presentation  Implementation Rollout Control Self Assessment Software Data Gathering of Business Units CSA Support business units performing CSA Deliverables: Cutover Plan, CSA application  Planning Project Scope ⇒ Define CSA scope ⇒ Evaluate current firm wide objectives ⇒ Identify key business areas and processes ⇒ Obtain Sr. Management support Project Planning ⇒ Create project timeline ⇒ Allocate resources Deliverables: Project Plan, Road map  Close-out Review user feedback Establish cyclical review requirements Update CSA reporting package MarchFebruary Planning Analysis April May June NovemberOctoberAugust SeptemberJuly Closeout Implementation June Design December January Development
  • 38. Internal Control A strong system of internal control is essential to effective enterprise risk management.
  • 39. Relationship to Internal Control — Integrated Framework • Expands and elaborates on elements of internal control as set out in COSO’s “control framework.” • Includes objective setting as a separate component. Objectives are a “prerequisite” for internal control. • Expands the control framework’s “Financial Reporting” and “Risk Assessment.”
  • 40. ERM Roles & Responsibilities • Management • The board of directors • Risk officers • Internal auditors
  • 41. Internal Auditors • Play an important role in monitoring ERM, but do NOT have primary responsibility for its implementation or maintenance. • Assist management and the board or audit committee in the process by: - Monitoring - Evaluating - Examining - Reporting - Recommending improvements
  • 42. Standards • 2010.A1 – The internal audit activity’s plan of engagements should be based on a risk assessment, undertaken at least annually. • 2120.A1 – Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization’s governance, operations, and information systems. • 2210.A1 – When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment.
  • 43. Example: Risk Model • Environmental Risks – Capital Availability – Regulatory, Political, and Legal – Financial Markets and Shareholder Relations • Process Risks – Operations Risk – Empowerment Risk – Information Processing / Technology Risk – Integrity Risk – Financial Risk • Information for Decision Making – Operational Risk – Financial Risk – Strategic Risk
  • 44. Risk Analysis Control It Share or Transfer It Diversify or Avoid It Risk Management Process Level Activity Level Entity Level Risk Monitoring Identification Measurement Prioritization Risk Assessment
  • 45. Example: Call Center Risk Assessment Low High High I M P A C T PROBABILITY High Risk Medium Risk Medium Risk Low Risk • Loss of phones • Loss of computers • Credit risk • Customer has a long wait • Customer can’t get through • Customer can’t get answers • Entry errors • Equipment obsolescence • Repeat calls for same problem • Fraud • Lost transactions • Employee morale
  • 46. Example: Accounts Payable Process Control Risk Control Objective Activity Completeness Material Accrual of transaction open liabilities not recorded Invoices accrued after closing
  • 47. Communicate Results • Dashboard of risks and related responses (visual status of where key risks stand relative to risk tolerances) • Flowcharts of processes with key controls noted • Narratives of business objectives linked to operational risks and responses • List of key risks to be monitored or used • Management understanding of key business risk responsibility and communication of assignments
  • 48. Monitor • Collect and display information • Perform analysis - Risks are being properly addressed - Controls are working to mitigate risks
  • 49. Management Oversight & Periodic Review • Accountability for risks • Ownership • Updates - Changes in business objectives - Changes in systems - Changes in processes
  • 50. Internal auditors can add value by: • Implementing a risk-based approach to planning and executing the internal audit process. • Ensuring that internal auditing’s resources are directed at those areas most important to the organization. • Challenging the basis of management’s risk assessments and evaluating the adequacy and effectiveness of risk treatment strategies.
  • 51. Internal auditors can add value by: • Reviewing critical control systems and risk management processes. • Performing an effectiveness review of management's risk assessments and the internal controls. • Providing advice in the design and improvement of control systems and risk mitigation strategies.