SlideShare a Scribd company logo

ERM ppt.pptx

Download as PPTX, PDF
C
CindyMaeHermoso

ERM

Business
1 of 29
8 Drivers of Effective Enterprise Risk Management
1. Risk management strategy –Before adopting leading risk management concepts for risk identification, analysis, mitigation, monitoring and reporting, the organization should first decide on its risk management priorities, objectives, approach and risk governance structure based on its business model, size and complexity. –A risk management strategy should also include an assessment of the required roles and competencies of the risk management, compliance and internal control-related functions, whether in-house or outsourced, their positions and reporting lines within the organization structure.
2. Risk ownership –Risk ownership is often assigned to a person responsible for executing the risk responses. This is not an appropriate allocation of accountability. The head of the risk management function — whose role should only be to communicate, coordinate and administer the organization's risk management policies and activities, and ensure identification and mitigation of material risks by the appropriate risk owners.
–Risk ownership is often mistaken as the person responsible for the actual management of risks, with the rest of the management team just doing “form filling” to meet the Board’s requirements. The right risk owner should instead be the individual ultimately accountable for ensuring that the risk is managed appropriately and adjusting the risk response within the desirable risk appetite and tolerance of his risk domain. Another critical point to note is that the risk owner should not be the same person responsible for monitoring the effectiveness of the risk response.
3. Risk management competency –With regard to risk management, persons within an organisation can be classified into four groups: those in charge of risk governance, those responsible for managing risk, those assigned the task of executing risk responses, and those monitoring and reporting the effectiveness of risk responses. They need to have appropriate skill sets, experience and training to understand as well as perform their roles and responsibilities effectively. The organisation should also consider where and when external professional advice may be required.
4. Decision- making Risk management –efforts tend to focus on post- decision implementation risks and overlook risks inherent in strategic choices. As many corporate failures are due to strategic missteps, risk management should be applied to the decision- making process by understanding the risks associated with each strategic choice before making the selection.
–Risk management personnel should therefore be consulted at the early stage of strategic planning. For the selected strategic choice, an appropriate risk appetite should be established to ensure alignment of views between the management and the Board, and to limit exposure within the organisation’s financial capability.
5. Day-to-day operations –A risk management system should include the establishment of an appropriate organisational reporting structure and processes to ensure effective and efficient execution of business plans. These should also include training and communication of policies and procedures for key processes, segregation of duties to provide checks and balances and prevent manipulation, suitable delegation of authority, the business plan and operating budget, key performance indicators, key risk indicators and key control indicators.
6. Ongoing monitoring –Depending on the business model, size and complexity of the organisation and the relevant regulatory requirements, effective second-line defence functions should be established to provide ongoing monitoring of actual performance against agreed metrics and timely reporting to risk owners and those in charge of governance. This will ensure that business operations stay within the established risk appetite and risk tolerance.
Examples of second-line defence functions include Financial Controllership (also generally known as Financial Planning and Analysis or “FP&A”), Quality Assurance, Risk Management, Legal and Regulatory Compliance, Health and Safety, and Environmental Compliance. No individual should be assigned a role to monitor performance within his or her domain of responsibility. And to ensure the integrity of the monitoring functions, the head of these functions must have direct access or a reporting line to a relevant Board member or Board Committee.
7. Periodic monitoring –An internal audit function with adequate resources and appropriate skills and experience should be established to perform periodic monitoring to ensure compliance with policies and procedures. To ensure the integrity of the internal audit function, the chief internal auditor must have direct access or a reporting line to the Audit Committee.
–Collaboration between the internal audit function and risk management function is critical. The internal audit function must understand all key risk areas, not just financial exposure, and review them at regular intervals. On the other hand, the risk management function should ensure that corrective actions taken by the management are adequate to address the internal audit findings.
8. Culture and Board oversight –Finally and most importantly, effective risk management can only be achieved with an appropriate risk culture. The Board should establish policies and guidelines to build a strong control environment within the organisation and set the right tone at the top.
–The Board should set an appropriate risk appetite for material risks and take responsibility for risk governance by establishing an appropriate committee structure to supervise the management in the identification and mitigation of material strategic, operational, compliance and financial risks.
Sufficient emphasis should be placed on effective management of risks in assessing the management’s performance. For some organisations, it may be necessary to set up specialised Board Committees to deal with certain key risks that require more specific focus, expertise and experience. For material risks, the Board should ensure that there are robust ongoing and periodic monitoring functions in place to provide accurate and timely reporting to relevant committees and the Board. The Board should also act firmly and promptly on reported deficiencies, non-compliance and deviations.
Conclusion –Effective risk management is not about and should not stop at submission of the risk register to the Board. Organizations should review and build on the strengths of these eight drivers so that they may be well equipped to manage the various risks and remain resilient in the face of any adversity.
Technology’s Role in Enterprise Risk Management
The new COSO ERM framework document, Enterprise Risk Management—Integrating With Strategy and Performance,1 is expected to have a level of global influence similar to Internal Control–Integrated Framework.2 The ERM framework is designed to provide reasonable expectation that an entity that adopts it understands and manages all kinds of risk associated with business strategy and performance objectives. It provides a strong foundation for integrating the management of all types of risk. Technology innovation is acknowledged as a key enabler for strategy decision support and an example of a strategic business objective. Technology risk is one of many examples of enterprise risk the document uses to illustrate the ERM framework.
Framework Synergies
–Like COBIT 5, the COSO ERM framework is principles-based and emphasizes that strategic plans to support the mission and vision of an organization must be supported with governance elements, performance measurement and internal control. It describes how risk managers in all professions weigh the probability that activities prompted by a given strategy may result in foreseeable future events that impact an entity’s mission. Also like COBIT 5, the COSO ERM framework advocates continuous process improvement that relies heavily on governance structures to assist in framing decisions.
–Where technology risk management is aligned with corporate risk management organizations conducting ERM activities at the board level, technology strategic plans may be expected to be in lockstep with the enterprise’s mission, vision and core principles. The COSO ERM and COBIT 5 frameworks represent a body of knowledge shared across a large community of practitioners that may be utilized to create that alignment. Technology and cybersecurity risk and audit professionals should be conversant with both frameworks, and be familiar with the integration touchpoints between them.
Key Takeaways –Effective technology risk management requires that the ERM framework encompass technology. –As technology risk management professionals are specialists in risk related to information integrity and availability, they play a special role in ERM. The processes they use to identify, assess, quantify and monitor technology risk apply not just to risk in the technology or cybersecurity category, but should be designed to support the integrity of information used by risk managers in other risk domains.
Key Takeaways –Technology professionals are uniquely positioned to identify issues related to risk aggregation strategies, and to support ERM activities with information life cycle process and quality control objectives. –Where both COSO ERM and COBIT 5 are explicitly used by an organization, both enterprise risk and technology professionals should be educated on how they are compatible and why they should be used together and not separately.

Recommended

Erm whitepaper (2)
Erm whitepaper (2)Erm whitepaper (2)
Erm whitepaper (2)MayankGarg200
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfabdo badr
 
Role and responsibility of risk manager
Role and responsibility of risk managerRole and responsibility of risk manager
Role and responsibility of risk managerShimon Yelinek
 
Risk management
Risk managementRisk management
Risk managementLepipi
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management ProgramAlicia Edwards
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
Audit, control and enterprise wide risk management
Audit, control and enterprise wide risk managementAudit, control and enterprise wide risk management
Audit, control and enterprise wide risk managementpeterObakozuwa
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk managementhallowedblasphe76
 

Recommended

Erm whitepaper (2)
Erm whitepaper (2)Erm whitepaper (2)
Erm whitepaper (2)MayankGarg200
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfabdo badr
 
Role and responsibility of risk manager
Role and responsibility of risk managerRole and responsibility of risk manager
Role and responsibility of risk managerShimon Yelinek
 
Risk management
Risk managementRisk management
Risk managementLepipi
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management ProgramAlicia Edwards
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
Audit, control and enterprise wide risk management
Audit, control and enterprise wide risk managementAudit, control and enterprise wide risk management
Audit, control and enterprise wide risk managementpeterObakozuwa
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk managementhallowedblasphe76
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakYashavanth Nayak
 
insurance-busines.pdf
insurance-busines.pdfinsurance-busines.pdf
insurance-busines.pdfyebegashet
 
Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...
Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...
Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...Dayana Mastura FCCA CA
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
Erm talking points
Erm talking pointsErm talking points
Erm talking pointsEnterpriseGRC Solutions, Inc.
 
COSO ERM
COSO ERMCOSO ERM
COSO ERMSophia Abigayle
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
 
A to Z of Risk Management
A to Z of Risk ManagementA to Z of Risk Management
A to Z of Risk ManagementMark Conway
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Internal Control COSO
Internal Control COSOInternal Control COSO
Internal Control COSOJesús Gándara
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORENaresh Parandhaman
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White PaperShadowlit Ndou Sidija
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationDavid Fernandes
 
Internal Controls Topic 2.ppt
Internal Controls Topic 2.pptInternal Controls Topic 2.ppt
Internal Controls Topic 2.pptyahyamuthamia
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementComplianceOnline
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 

More Related Content

Similar to ERM ppt.pptx

Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakYashavanth Nayak
 
insurance-busines.pdf
insurance-busines.pdfinsurance-busines.pdf
insurance-busines.pdfyebegashet
 
Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...
Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...
Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...Dayana Mastura FCCA CA
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
 
A to Z of Risk Management
A to Z of Risk ManagementA to Z of Risk Management
A to Z of Risk ManagementMark Conway
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White PaperShadowlit Ndou Sidija
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationDavid Fernandes
 
Internal Controls Topic 2.ppt
Internal Controls Topic 2.pptInternal Controls Topic 2.ppt
Internal Controls Topic 2.pptyahyamuthamia
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementComplianceOnline
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 

Similar to ERM ppt.pptx (20)

Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G Nayak
 
insurance-busines.pdf
insurance-busines.pdfinsurance-busines.pdf
insurance-busines.pdf
 
Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...
Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...
Malaysian Code of Corporate Governance 2017 (MCCG2017): Principle B - Effecti...
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
 
A to Z of Risk Management
A to Z of Risk ManagementA to Z of Risk Management
A to Z of Risk Management
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Internal Control COSO
Internal Control COSOInternal Control COSO
Internal Control COSO
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White Paper
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital Presentation
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
 
Internal Controls Topic 2.ppt
Internal Controls Topic 2.pptInternal Controls Topic 2.ppt
Internal Controls Topic 2.ppt
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital Presentation
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital Presentation
 

Recently uploaded

2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...lizamodels9
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 

Recently uploaded (20)

2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 

ERM ppt.pptx

  • 1. 8 Drivers of Effective Enterprise Risk Management
  • 2.
  • 3. 1. Risk management strategy –Before adopting leading risk management concepts for risk identification, analysis, mitigation, monitoring and reporting, the organization should first decide on its risk management priorities, objectives, approach and risk governance structure based on its business model, size and complexity. –A risk management strategy should also include an assessment of the required roles and competencies of the risk management, compliance and internal control-related functions, whether in-house or outsourced, their positions and reporting lines within the organization structure.
  • 4. 2. Risk ownership –Risk ownership is often assigned to a person responsible for executing the risk responses. This is not an appropriate allocation of accountability. The head of the risk management function — whose role should only be to communicate, coordinate and administer the organization's risk management policies and activities, and ensure identification and mitigation of material risks by the appropriate risk owners.
  • 5. –Risk ownership is often mistaken as the person responsible for the actual management of risks, with the rest of the management team just doing “form filling” to meet the Board’s requirements. The right risk owner should instead be the individual ultimately accountable for ensuring that the risk is managed appropriately and adjusting the risk response within the desirable risk appetite and tolerance of his risk domain. Another critical point to note is that the risk owner should not be the same person responsible for monitoring the effectiveness of the risk response.
  • 6. 3. Risk management competency –With regard to risk management, persons within an organisation can be classified into four groups: those in charge of risk governance, those responsible for managing risk, those assigned the task of executing risk responses, and those monitoring and reporting the effectiveness of risk responses. They need to have appropriate skill sets, experience and training to understand as well as perform their roles and responsibilities effectively. The organisation should also consider where and when external professional advice may be required.
  • 7. 4. Decision- making Risk management –efforts tend to focus on post- decision implementation risks and overlook risks inherent in strategic choices. As many corporate failures are due to strategic missteps, risk management should be applied to the decision- making process by understanding the risks associated with each strategic choice before making the selection.
  • 8. –Risk management personnel should therefore be consulted at the early stage of strategic planning. For the selected strategic choice, an appropriate risk appetite should be established to ensure alignment of views between the management and the Board, and to limit exposure within the organisation’s financial capability.
  • 9. 5. Day-to-day operations –A risk management system should include the establishment of an appropriate organisational reporting structure and processes to ensure effective and efficient execution of business plans. These should also include training and communication of policies and procedures for key processes, segregation of duties to provide checks and balances and prevent manipulation, suitable delegation of authority, the business plan and operating budget, key performance indicators, key risk indicators and key control indicators.
  • 10. 6. Ongoing monitoring –Depending on the business model, size and complexity of the organisation and the relevant regulatory requirements, effective second-line defence functions should be established to provide ongoing monitoring of actual performance against agreed metrics and timely reporting to risk owners and those in charge of governance. This will ensure that business operations stay within the established risk appetite and risk tolerance.
  • 11. Examples of second-line defence functions include Financial Controllership (also generally known as Financial Planning and Analysis or “FP&A”), Quality Assurance, Risk Management, Legal and Regulatory Compliance, Health and Safety, and Environmental Compliance. No individual should be assigned a role to monitor performance within his or her domain of responsibility. And to ensure the integrity of the monitoring functions, the head of these functions must have direct access or a reporting line to a relevant Board member or Board Committee.
  • 12. 7. Periodic monitoring –An internal audit function with adequate resources and appropriate skills and experience should be established to perform periodic monitoring to ensure compliance with policies and procedures. To ensure the integrity of the internal audit function, the chief internal auditor must have direct access or a reporting line to the Audit Committee.
  • 13. –Collaboration between the internal audit function and risk management function is critical. The internal audit function must understand all key risk areas, not just financial exposure, and review them at regular intervals. On the other hand, the risk management function should ensure that corrective actions taken by the management are adequate to address the internal audit findings.
  • 14. 8. Culture and Board oversight –Finally and most importantly, effective risk management can only be achieved with an appropriate risk culture. The Board should establish policies and guidelines to build a strong control environment within the organisation and set the right tone at the top.
  • 15. –The Board should set an appropriate risk appetite for material risks and take responsibility for risk governance by establishing an appropriate committee structure to supervise the management in the identification and mitigation of material strategic, operational, compliance and financial risks.
  • 16. Sufficient emphasis should be placed on effective management of risks in assessing the management’s performance. For some organisations, it may be necessary to set up specialised Board Committees to deal with certain key risks that require more specific focus, expertise and experience. For material risks, the Board should ensure that there are robust ongoing and periodic monitoring functions in place to provide accurate and timely reporting to relevant committees and the Board. The Board should also act firmly and promptly on reported deficiencies, non-compliance and deviations.
  • 17. Conclusion –Effective risk management is not about and should not stop at submission of the risk register to the Board. Organizations should review and build on the strengths of these eight drivers so that they may be well equipped to manage the various risks and remain resilient in the face of any adversity.
  • 19. The new COSO ERM framework document, Enterprise Risk Management—Integrating With Strategy and Performance,1 is expected to have a level of global influence similar to Internal Control–Integrated Framework.2 The ERM framework is designed to provide reasonable expectation that an entity that adopts it understands and manages all kinds of risk associated with business strategy and performance objectives. It provides a strong foundation for integrating the management of all types of risk. Technology innovation is acknowledged as a key enabler for strategy decision support and an example of a strategic business objective. Technology risk is one of many examples of enterprise risk the document uses to illustrate the ERM framework.
  • 21. –Like COBIT 5, the COSO ERM framework is principles-based and emphasizes that strategic plans to support the mission and vision of an organization must be supported with governance elements, performance measurement and internal control. It describes how risk managers in all professions weigh the probability that activities prompted by a given strategy may result in foreseeable future events that impact an entity’s mission. Also like COBIT 5, the COSO ERM framework advocates continuous process improvement that relies heavily on governance structures to assist in framing decisions.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27. –Where technology risk management is aligned with corporate risk management organizations conducting ERM activities at the board level, technology strategic plans may be expected to be in lockstep with the enterprise’s mission, vision and core principles. The COSO ERM and COBIT 5 frameworks represent a body of knowledge shared across a large community of practitioners that may be utilized to create that alignment. Technology and cybersecurity risk and audit professionals should be conversant with both frameworks, and be familiar with the integration touchpoints between them.
  • 28. Key Takeaways –Effective technology risk management requires that the ERM framework encompass technology. –As technology risk management professionals are specialists in risk related to information integrity and availability, they play a special role in ERM. The processes they use to identify, assess, quantify and monitor technology risk apply not just to risk in the technology or cybersecurity category, but should be designed to support the integrity of information used by risk managers in other risk domains.
  • 29. Key Takeaways –Technology professionals are uniquely positioned to identify issues related to risk aggregation strategies, and to support ERM activities with information life cycle process and quality control objectives. –Where both COSO ERM and COBIT 5 are explicitly used by an organization, both enterprise risk and technology professionals should be educated on how they are compatible and why they should be used together and not separately.