SlideShare a Scribd company logo

Creating Value Through Enterprise Risk Management

Download as PPTX, PDF
Risk Management Institution of Australasia
Risk Management Institution of Australasia

Presented by Peter Moore Risk Point

Leadership & Management
1 of 34
NATIONAL CONFERENCE & EXHIBITION 2014 Creating Value Through Enterprise Risk Management Presented by Peter Moore Risk Point Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners
Overview • Barriers to success in creating value • Risk management frameworks • Risk appetite and risk tolerance • Integrating risk management • Summary and close
1. Barriers to Success in Creating Value • Barriers to success in creating value: • Poor/ incorrect use of language • Poorly designed frameworks • Poor risk assessment techniques • Risk versus fact analysis • Lack of engagement and commitment within the enterprise • Over complexity in design of risk management frameworks and systems • Focus on process outcomes rather than decision support and resource allocation
2. Risk Management Frameworks • Keep it simple unless complexity is required due to the nature or size of the organisation • Take into consideration how the framework integrates risk management into the business • Make it intuitive so it “looks like the business”
Risk Area Framework • Provides focus on the organisation, what it does and how it does it • Internal processes and externalities (internal and external context) Area of Business Service Delivery Financial Human Resources Sales – Marketing/ Business Development IT/ Technological Commercial/ Legal Occupational Health & Safety Compliance Management Political/ Economic Competition
Risk Area Framework • If more detailed structure required, sub areas or categories may be appropriate Area of Business Financial Payroll Debtors/ creditors Treasury Human Resources Recruitment Remuneration/ retention Training and management IT/ Technological IT assets Information assets Information security
Risk Types - Compliance/ Business Strategic/ Operational • Creates distinction between compliance risks and business risks which integrates into risk appetite and risk tolerance and corporate governance • Provides clarity on strategic risks (involving board) and operational risks which integrate into management processes and business planning • Allows risks to be considered in context and increases clarity in analysis Risk Type Compliance Business Risk Type Strategic Operational
Align the Framework to the Business • What business are we in? • What is it that we do? • What are our objectives and what are we trying to achieve? • From a risk management perspective these questions provide alignment with the business and provide one of the keys to integrating risk management and creating value
Risk Identification Techniques • Risk identification techniques and risk statements • Root cause analysis technique1 Risk Cause Root Cause 1.IEC/ISO 31010:2009 Risk management – Risk assessment techniques
Risk Identification Techniques • Risk identification techniques and risk statements • Root cause analysis technique1 Risk Cause Root Cause 1,IEC/ISO 31010:2009 Risk management – Risk assessment techniques Business Objectives
Risk Identification Techniques • Risk identification techniques and risk statements • Cause-and-effect analysis technique2 • Not statements of fact Cause Risk Effect 2. IEC/ISO 31010:2009 Risk management – Risk assessment techniques
Discussion
3. Risk Appetite and Risk Tolerance • Clarity is required on use of language • Definitions are not included in AS/NZS ISO 31000 (need to refer to ISO Guide 73) • Context needs to be applied • Failure to follow above will lead to confusion • Allows appropriate decisions to be made with regard to risk
Risk Appetite and Risk Tolerance Risk appetite “Amount and type of risk that an organization is willing to pursue or retain”3 Risk tolerance “Organization’s or stakeholder’s readiness to bear the risk after treatment in order to achieve its objectives” 4 3,4. ISO Guide 73 Risk management - Vocabulary
Risk Appetite – ASX Corporate Governance Principles Principle 1: Lay solid foundations for management and oversight Recommendation 1.1 – Commentary “Usually the board of a listed entity will be responsible for: • Ensuring that the entity has in place an appropriate risk management framework and setting the risk appetite within which board expects management to operate”5 5. Corporate Governance Principles and Recommendations. 3rd Edition ASX Corporate Governance Council, 2014
Risk Appetite – ASX Corporate Governance Principles Principle 7: Recognise and manage risk Commentary “The board of a listed entity is ultimately responsible for deciding the nature and extent of the risks it is prepared to take to meet its objectives. To enable the board to do this, the entity must have an appropriate framework to identify and manage risk on an ongoing basis. It is the role of management to design and implement that framework and to ensure that the entity operates within the risk appetite set by the board. It is the role of the board to the risk appetite for the entity,…..”6 6. Corporate Governance Principles and Recommendations. 3rd Edition ASX Corporate Governance Council, 2014
Risk Appetite – Commonwealth Risk Management Policy Element One – Establishing a risk management policy “13.1 An entity must establish and maintain an entity specific risk management policy that: a…. b. defines the entity’s risk appetite and risk tolerance”7 7. Commonwealth Risk Management Policy. Australian Government Department of Finance., 2014
Risk Appetite – Commonwealth Risk Management Policy Element Three – Defining responsibility for managing risk “15.1 Within the risk management policy, the accountable authority of an entity must define the responsibility for managing risk by: a. defining who is responsible for determining an entity’s appetite and tolerance for risk”8 8. Commonwealth Risk Management Policy. Australian Government Department of Finance., 2014
Setting Risk Tolerance • Thresholds for tolerability are established for compliance risk (non negotiable, must manage to defined levels) • Policy settings can be used to establish tolerance levels for compliance risk (e.g., risk level “Low” score no greater than 4) RISK MATRIX Likelihood Consequence 1 Insignificant 2 Minor 3 Moderate 4 Major 5 Severe 5 Almost Certain M H H VH VH 4 Likely M M H H VH 3 Possible L M H H H 2 Unlikely L L M M H 1 Rare L L M M H
Setting Risk Appetite • Must be established in accordance with preparedness to take commercial, or business risks in order to achieve objectives • Is different in different parts of the business (e.g. “High” score 9/ High score 16) • Provides a feedback loop to strategy setting (are we likely to achieve the positive outcomes and returns for the potential adverse threats in pursuing the strategy?) RISK MATRIX Likelihood Consequence 1 Insignificant 2 Minor 3 Moderate 4 Major 5 Severe 5 Almost Certain M H H VH VH 4 Likely M M H H VH 3 Possible L M H H H 2 Unlikely L L M M H 1 Rare L L M M H Business process or function A Business process or function B
Setting Risk Appetite and Risk Tolerance
Discussion
4. Integrating Risk Management • Draws upon a sound risk management framework • Incorporates risk appetite and risk tolerance settings • Links risk management to strategic planning • Links risk management to corporate governance • Techniques for determining what risk management and risk treatment activities (to manage risks to acceptable levels) are part of the job • A mechanism for making risk management “part of the business” • Accountabilities and responsibilities defined • Establishing Key Risk Indicators (KRI’s)
Risk Management Task Integration • A method of determining which risk management activities (e.g., development of risk treatment plans) are part of the job • Assists in determining what’s important, what’s urgent and what’s not • Assists in resource allocation and decision making • Creates value through better decision making and better business outcomes
Accountability • Accountabilities need to be assigned for: • Risks • Control development and assurance • Risk treatment actions and plans • Reporting on risk management activities
Key Risk Indicators (KRI’S) • Identify what aspect of the business needs to be measured and monitored • Develop sources of data around activities which influence or impact risks and risk levels • Develop metrics for measurement • Assign ownership (as critical as risk ownership) • Measure movements in KRI’s • Take action where KRI’s move beyond tolerable levels
Key Risk Indicators (KRI’S) • Leading indicators • A predictive indicator which provides insights into the likelihood of a risk materialising: • Reduced business opportunity pipeline/ sales conversion ratio • Lagging indicators • An outcome indicator which provides insight into the frequency and impact of a risk materialising: • Lower sales to date from budget • Note: These indicators would be used to assist reviewing a business risk such as, “failure to meet sales targets resulting in impact on revenue objectives”.
KRI Monitoring – Qualitative Assessment RAGAR Model8 Score Baseline Time Out of tolerance – take action Borderline – may require investigation Within tolerance- no action required 8. Adapted from Smart, A., and Creelman, J., Risk-Based Performance Management, 2013
Discussion
Summary and Close • Learnings • New developments • Next steps
NATIONAL CONFERENCE & EXHIBITION 2014 Thank you. Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners

Recommended

Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Management Institution of Australasia
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?CML Group
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Ten Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCTen Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCBill Graham CP.APMP
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 

Recommended

Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Management Institution of Australasia
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?CML Group
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Ten Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCTen Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCBill Graham CP.APMP
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.Unified11
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsColleen Beck-Domanico
 
GRC
GRCGRC
GRCMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Maxime CARPENTIER
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party RiskThe Business Council of Mongolia
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingveritama
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightNICSA
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practicesSALIH AHMED ISLAM
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Humberto Bruno Pontes Silva
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsKate Tomlinson
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationDavid Fernandes
 
Coso erm
Coso ermCoso erm
Coso ermluisrobles_cl
 

More Related Content

What's hot

Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.Unified11
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsColleen Beck-Domanico
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Maxime CARPENTIER
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingveritama
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightNICSA
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practicesSALIH AHMED ISLAM
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsKate Tomlinson
 

What's hot (20)

Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
 
GRC
GRCGRC
GRC
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party Risk
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution training
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in Oversight
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practices
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
 

Similar to Creating Value Through Enterprise Risk Management

Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationDavid Fernandes
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSODina Pramudianti
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideCenapSerdarolu
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Risk Management Toolkit
Risk Management ToolkitRisk Management Toolkit
Risk Management ToolkitPeterFranz6
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Value creation through optimising risk
Value creation through optimising riskValue creation through optimising risk
Value creation through optimising riskDavid Berkelmans
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - complianceNeeraj Verma
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 

Similar to Creating Value Through Enterprise Risk Management (20)

Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
 
Coso erm
Coso ermCoso erm
Coso erm
 
Coso erm
Coso ermCoso erm
Coso erm
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSO
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Risk Management Toolkit
Risk Management ToolkitRisk Management Toolkit
Risk Management Toolkit
 
Hoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO ConferenceHoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO Conference
 
COSO_ERM.ppt
COSO_ERM.pptCOSO_ERM.ppt
COSO_ERM.ppt
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Trustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing riskTrustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing risk
 
Value creation through optimising risk
Value creation through optimising riskValue creation through optimising risk
Value creation through optimising risk
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - compliance
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
Erm tm 10
Erm tm 10Erm tm 10
Erm tm 10
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 

More from Risk Management Institution of Australasia

How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...Risk Management Institution of Australasia
 

More from Risk Management Institution of Australasia (20)

How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
 
Adversity Leadership - Strengthening Resilience
Adversity Leadership - Strengthening ResilienceAdversity Leadership - Strengthening Resilience
Adversity Leadership - Strengthening Resilience
 
A Black Swan in the Gulf of Mexico?
A Black Swan in the Gulf of Mexico?A Black Swan in the Gulf of Mexico?
A Black Swan in the Gulf of Mexico?
 
Probity is a pool with no shallow end
Probity is a pool with no shallow endProbity is a pool with no shallow end
Probity is a pool with no shallow end
 
Business resilience and recovery – exercising the framework
Business resilience and recovery – exercising the frameworkBusiness resilience and recovery – exercising the framework
Business resilience and recovery – exercising the framework
 
Risk financing in a project based environment
Risk financing in a project based environmentRisk financing in a project based environment
Risk financing in a project based environment
 
Risk Governance, Culture and CPS 220
Risk Governance, Culture and CPS 220Risk Governance, Culture and CPS 220
Risk Governance, Culture and CPS 220
 
Don’t let a crisis get in the way of a good news story
Don’t let a crisis get in the way of a good news storyDon’t let a crisis get in the way of a good news story
Don’t let a crisis get in the way of a good news story
 
Managing Risk – Victoria’s Emergency Management Reform Agenda
Managing Risk – Victoria’s Emergency Management Reform AgendaManaging Risk – Victoria’s Emergency Management Reform Agenda
Managing Risk – Victoria’s Emergency Management Reform Agenda
 
Embedding Risk in Everything we do
Embedding Risk in Everything we doEmbedding Risk in Everything we do
Embedding Risk in Everything we do
 
Challenges for Risk Management
Challenges for Risk Management Challenges for Risk Management
Challenges for Risk Management
 
Vulnerable Customers
Vulnerable CustomersVulnerable Customers
Vulnerable Customers
 
Designing and implementing an integrated Corporate Governance Framework
Designing and implementing an integrated Corporate Governance FrameworkDesigning and implementing an integrated Corporate Governance Framework
Designing and implementing an integrated Corporate Governance Framework
 
Geoff hoad
Geoff hoadGeoff hoad
Geoff hoad
 
Ethics in decision making and risk taking
Ethics in decision making and risk takingEthics in decision making and risk taking
Ethics in decision making and risk taking
 
Transforming under performing workers compensation schemes
Transforming under performing workers compensation schemesTransforming under performing workers compensation schemes
Transforming under performing workers compensation schemes
 
Optimising Risk Financing in Major Capital Projects
Optimising Risk Financing in Major Capital ProjectsOptimising Risk Financing in Major Capital Projects
Optimising Risk Financing in Major Capital Projects
 
Traversing the obstacles presented in complex claims- Lessons learnt
Traversing the obstacles presented in complex claims- Lessons learntTraversing the obstacles presented in complex claims- Lessons learnt
Traversing the obstacles presented in complex claims- Lessons learnt
 
Emerging Issues for a Workers’ Compensation Manager
Emerging Issues for a Workers’ Compensation ManagerEmerging Issues for a Workers’ Compensation Manager
Emerging Issues for a Workers’ Compensation Manager
 
Aerial Firefighting A Strategic Perspective - David Pearce
Aerial Firefighting A Strategic Perspective - David PearceAerial Firefighting A Strategic Perspective - David Pearce
Aerial Firefighting A Strategic Perspective - David Pearce
 

Recently uploaded

Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentationmintusiprd
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sectorthomas851723
 
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingSimplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingCIToolkit
 
self respect is very important in this crual word where everyone in just thin...
self respect is very important in this crual word where everyone in just thin...self respect is very important in this crual word where everyone in just thin...
self respect is very important in this crual word where everyone in just thin...afaqsaeed463
 
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...AgileNetwork
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insightWayne Abrahams
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)jennyeacort
 
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证jdkhjh
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineeringthomas851723
 
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixUnlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixCIToolkit
 
Farmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan ManchFarmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan ManchRashtriya Kisan Manch
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Reviewthomas851723
 
Measuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield MetricsMeasuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield MetricsCIToolkit
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Nehwal
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentationcraig524401
 

Recently uploaded (17)

Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentation
 
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Servicesauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sector
 
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingSimplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
 
self respect is very important in this crual word where everyone in just thin...
self respect is very important in this crual word where everyone in just thin...self respect is very important in this crual word where everyone in just thin...
self respect is very important in this crual word where everyone in just thin...
 
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insight
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
 
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
 
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineering
 
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixUnlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
 
Farmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan ManchFarmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan Manch
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Review
 
Measuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield MetricsMeasuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield Metrics
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentation
 

Creating Value Through Enterprise Risk Management

  • 1. NATIONAL CONFERENCE & EXHIBITION 2014 Creating Value Through Enterprise Risk Management Presented by Peter Moore Risk Point Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners
  • 2. Overview • Barriers to success in creating value • Risk management frameworks • Risk appetite and risk tolerance • Integrating risk management • Summary and close
  • 3. 1. Barriers to Success in Creating Value • Barriers to success in creating value: • Poor/ incorrect use of language • Poorly designed frameworks • Poor risk assessment techniques • Risk versus fact analysis • Lack of engagement and commitment within the enterprise • Over complexity in design of risk management frameworks and systems • Focus on process outcomes rather than decision support and resource allocation
  • 4. 2. Risk Management Frameworks • Keep it simple unless complexity is required due to the nature or size of the organisation • Take into consideration how the framework integrates risk management into the business • Make it intuitive so it “looks like the business”
  • 5. Risk Area Framework • Provides focus on the organisation, what it does and how it does it • Internal processes and externalities (internal and external context) Area of Business Service Delivery Financial Human Resources Sales – Marketing/ Business Development IT/ Technological Commercial/ Legal Occupational Health & Safety Compliance Management Political/ Economic Competition
  • 6. Risk Area Framework • If more detailed structure required, sub areas or categories may be appropriate Area of Business Financial Payroll Debtors/ creditors Treasury Human Resources Recruitment Remuneration/ retention Training and management IT/ Technological IT assets Information assets Information security
  • 7. Risk Types - Compliance/ Business Strategic/ Operational • Creates distinction between compliance risks and business risks which integrates into risk appetite and risk tolerance and corporate governance • Provides clarity on strategic risks (involving board) and operational risks which integrate into management processes and business planning • Allows risks to be considered in context and increases clarity in analysis Risk Type Compliance Business Risk Type Strategic Operational
  • 8. Align the Framework to the Business • What business are we in? • What is it that we do? • What are our objectives and what are we trying to achieve? • From a risk management perspective these questions provide alignment with the business and provide one of the keys to integrating risk management and creating value
  • 9. Risk Identification Techniques • Risk identification techniques and risk statements • Root cause analysis technique1 Risk Cause Root Cause 1.IEC/ISO 31010:2009 Risk management – Risk assessment techniques
  • 10. Risk Identification Techniques • Risk identification techniques and risk statements • Root cause analysis technique1 Risk Cause Root Cause 1,IEC/ISO 31010:2009 Risk management – Risk assessment techniques Business Objectives
  • 11. Risk Identification Techniques • Risk identification techniques and risk statements • Cause-and-effect analysis technique2 • Not statements of fact Cause Risk Effect 2. IEC/ISO 31010:2009 Risk management – Risk assessment techniques
  • 13. 3. Risk Appetite and Risk Tolerance • Clarity is required on use of language • Definitions are not included in AS/NZS ISO 31000 (need to refer to ISO Guide 73) • Context needs to be applied • Failure to follow above will lead to confusion • Allows appropriate decisions to be made with regard to risk
  • 14. Risk Appetite and Risk Tolerance Risk appetite “Amount and type of risk that an organization is willing to pursue or retain”3 Risk tolerance “Organization’s or stakeholder’s readiness to bear the risk after treatment in order to achieve its objectives” 4 3,4. ISO Guide 73 Risk management - Vocabulary
  • 15. Risk Appetite – ASX Corporate Governance Principles Principle 1: Lay solid foundations for management and oversight Recommendation 1.1 – Commentary “Usually the board of a listed entity will be responsible for: • Ensuring that the entity has in place an appropriate risk management framework and setting the risk appetite within which board expects management to operate”5 5. Corporate Governance Principles and Recommendations. 3rd Edition ASX Corporate Governance Council, 2014
  • 16. Risk Appetite – ASX Corporate Governance Principles Principle 7: Recognise and manage risk Commentary “The board of a listed entity is ultimately responsible for deciding the nature and extent of the risks it is prepared to take to meet its objectives. To enable the board to do this, the entity must have an appropriate framework to identify and manage risk on an ongoing basis. It is the role of management to design and implement that framework and to ensure that the entity operates within the risk appetite set by the board. It is the role of the board to the risk appetite for the entity,…..”6 6. Corporate Governance Principles and Recommendations. 3rd Edition ASX Corporate Governance Council, 2014
  • 17. Risk Appetite – Commonwealth Risk Management Policy Element One – Establishing a risk management policy “13.1 An entity must establish and maintain an entity specific risk management policy that: a…. b. defines the entity’s risk appetite and risk tolerance”7 7. Commonwealth Risk Management Policy. Australian Government Department of Finance., 2014
  • 18. Risk Appetite – Commonwealth Risk Management Policy Element Three – Defining responsibility for managing risk “15.1 Within the risk management policy, the accountable authority of an entity must define the responsibility for managing risk by: a. defining who is responsible for determining an entity’s appetite and tolerance for risk”8 8. Commonwealth Risk Management Policy. Australian Government Department of Finance., 2014
  • 19. Setting Risk Tolerance • Thresholds for tolerability are established for compliance risk (non negotiable, must manage to defined levels) • Policy settings can be used to establish tolerance levels for compliance risk (e.g., risk level “Low” score no greater than 4) RISK MATRIX Likelihood Consequence 1 Insignificant 2 Minor 3 Moderate 4 Major 5 Severe 5 Almost Certain M H H VH VH 4 Likely M M H H VH 3 Possible L M H H H 2 Unlikely L L M M H 1 Rare L L M M H
  • 20. Setting Risk Appetite • Must be established in accordance with preparedness to take commercial, or business risks in order to achieve objectives • Is different in different parts of the business (e.g. “High” score 9/ High score 16) • Provides a feedback loop to strategy setting (are we likely to achieve the positive outcomes and returns for the potential adverse threats in pursuing the strategy?) RISK MATRIX Likelihood Consequence 1 Insignificant 2 Minor 3 Moderate 4 Major 5 Severe 5 Almost Certain M H H VH VH 4 Likely M M H H VH 3 Possible L M H H H 2 Unlikely L L M M H 1 Rare L L M M H Business process or function A Business process or function B
  • 21. Setting Risk Appetite and Risk Tolerance
  • 22.
  • 24. 4. Integrating Risk Management • Draws upon a sound risk management framework • Incorporates risk appetite and risk tolerance settings • Links risk management to strategic planning • Links risk management to corporate governance • Techniques for determining what risk management and risk treatment activities (to manage risks to acceptable levels) are part of the job • A mechanism for making risk management “part of the business” • Accountabilities and responsibilities defined • Establishing Key Risk Indicators (KRI’s)
  • 25. Risk Management Task Integration • A method of determining which risk management activities (e.g., development of risk treatment plans) are part of the job • Assists in determining what’s important, what’s urgent and what’s not • Assists in resource allocation and decision making • Creates value through better decision making and better business outcomes
  • 26.
  • 27.
  • 28. Accountability • Accountabilities need to be assigned for: • Risks • Control development and assurance • Risk treatment actions and plans • Reporting on risk management activities
  • 29. Key Risk Indicators (KRI’S) • Identify what aspect of the business needs to be measured and monitored • Develop sources of data around activities which influence or impact risks and risk levels • Develop metrics for measurement • Assign ownership (as critical as risk ownership) • Measure movements in KRI’s • Take action where KRI’s move beyond tolerable levels
  • 30. Key Risk Indicators (KRI’S) • Leading indicators • A predictive indicator which provides insights into the likelihood of a risk materialising: • Reduced business opportunity pipeline/ sales conversion ratio • Lagging indicators • An outcome indicator which provides insight into the frequency and impact of a risk materialising: • Lower sales to date from budget • Note: These indicators would be used to assist reviewing a business risk such as, “failure to meet sales targets resulting in impact on revenue objectives”.
  • 31. KRI Monitoring – Qualitative Assessment RAGAR Model8 Score Baseline Time Out of tolerance – take action Borderline – may require investigation Within tolerance- no action required 8. Adapted from Smart, A., and Creelman, J., Risk-Based Performance Management, 2013
  • 33. Summary and Close • Learnings • New developments • Next steps
  • 34. NATIONAL CONFERENCE & EXHIBITION 2014 Thank you. Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners