Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Erm tm 10

417 views

Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

Erm tm 10

  1. 1. ENTERPRISE RISK MANAGEMENT ISO 31000 - 2009 MOHAMAD HASSAN AK., MAFIS, QIA, CRMP, CRMA
  2. 2. ERM - ISO 31000
  3. 3. GETTING STARTED Obtain Mandate & Commitment Building Start ERM Implementation a Framework IA Role in getting started Design Framework Implement, Monitor, & Improve System
  4. 4. Building a Framework a set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing, and continually improving risk management throughout the organization
  5. 5. Building a Framework Obtain ERM Mandate and Commitment Design Framework Continuously Improve ERM System Implement ERM System Monitor & Review ERM System
  6. 6. Obtain ERM Mandate & Commitment Define & endorse the risk management policy Ensure organization’s culture and RM policy aligned Align RM object. with organization object. & strategies Determine RM performance align with performance indicators organization Assign accountabilities & responsibilities at appropriate levels within organization Ensure necessary resources are allocated to risk management Ensure legal and regulatory compliance Communicate benefits of risk management to shareholders Ensure framework for managing risk continues to remain appropriate
  7. 7. Some Considerations Why are we choosing implement ERM at this time? Where do we start? What outcome do we expect? What does success look like? What is our scope for implementation? How will we roll ERM out enterprisewide?
  8. 8. Design ERM Framework Understand the organization, its business, & context for ERM Frameworks Designing Determine organizational positioning of ERM Develop risk management policy Assign accountability and authority Allocate resources Establish internal & external reporting mechanisms Link ERM to performance appraisal process
  9. 9. Understanding organization, business, & context ERM • External Factors: – Social and cultural, political, legal, regulatory, financial, technological, economic, natural, & competitive environment (international, national, regional, or local). – Key driver and trends affecting the objectives of the organization. – Relationship with, and perception and values of, external stakeholders.
  10. 10. Understanding organization, business, & context ERM • Internal Factors: – Governance, organizational structure, roles, & responsibilities. – Policies, objectives, and strategies in place to achieve them. – Capabilities & knowledge (capital, time, people, processes, systems, and technologies). – Information systems, information flows, & decision making process. – Relationship with, and perceptions and values of, internal stakeholders. – Organizational cultures. – Standards, guidelines, and models adopted.
  11. 11. Determine organizational positioning of ERM • No single best practices • Challenges in perception: – ERM reports too low; therefore no have senior management full commitment. – ERM focuses primarily on financial reporting risks and excludes other important areas of risk. • Establish a risk committee • Key considerations: – Reporting line should be high enough – Sufficient span of responsibility to oversee ERM activities – Report directly to the board
  12. 12. Develop Risk Management Policy • Important elements include in policy: – Overall rationale and objectives for, and commitment to, implementing an effective ERM System. – Governance responsibilities, include tone and attitude board. – Application/scope across the organization – Framework used that provide support ERM approach – Authority and responsibilities for overseeing and executing ERM System – Commitment of Resources – Key terms and definitions – Limit and risk tolerance levels – Risk management performance measures and metrics – Expectations & practices to periodically review and update.
  13. 13. Implement, Monitor, & Improve ERM System Implement Monitor Improve
  14. 14. INTERNAL AUDIT’S ROLE IN GETTING STARTED Lead ERM Implementation Play Prominent Role • More experience, skill, & organizational perspective. • Understand value ERM & push to get implementation. • Steps to avoid impairment objectivity: (1) well-understood situation & agreed, (2) involve appropriate member of management as much as possible, (3) formal plan should be developed, & (4) hired outside resource for assurance • Implementing ERM; knowledge of a good ERM system looks like. • Conducting risk assessment; identifying, analyzing, & evaluating risks. • Considering risk treatment options. • Designing risk management activities. • Determining next steps to make ERM sustainable.
  15. 15. INTERNAL AUDIT’S ROLE IN GETTING STARTED Provide Consulting Support Provide Assurance Implementation • Advisory services of ERM • Facilitation of ERM Workshops • Instructional Services • Coaching management risk management process • Championing establishment of ERM • Giving assurance of risk management process • Giving assurance that risks correctly evaluated • Review management of Keys Risks • Evaluating reporting of key risks • Evaluating risk management process

×