Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
ENTERPRISE RISK MANAGEMENT
ISO 31000 - 2009

MOHAMAD HASSAN AK., MAFIS, QIA, CRMP, CRMA
ERM - ISO 31000
DETERMINE RISK CRITERIA
• What make an ERM implementation unique to
each organization
• Influenced by business objectives ...
Governance Risk Criteria
Risk
Capacity

Risk
Attitude

Risk
Appetite

Risk
Tolerance
Risk Capacity
• Board and senior management must understand both individual
outcomes and aggregated outcomes from multiple...
Risk Attitude
• Organization’s approach to assess and eventually pursue, retain, take,
or turn away from risk.
• An organi...
Risk Appetite
• Amount of risk, on broad level, an entity is willing to accept in pursuing
of value (COSO ERM)
• Element o...
Risk Tolerance
• Readiness to bear the risk after risk treatment in order to achieve
objectives.
• Risk-taking boundaries ...
Assessment Risk Criteria
• A measure of the size of potential risk

Impact

outcomes, should event occur.
• Impact types i...
Inherent Criteria

Capability
Criteria

consequence

Other Risk
Assessment
Criteria

Readiness &
Preparedness

Significanc...
Upcoming SlideShare
Loading in …5
×

Erm tm 11

324 views

Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

Erm tm 11

  1. 1. ENTERPRISE RISK MANAGEMENT ISO 31000 - 2009 MOHAMAD HASSAN AK., MAFIS, QIA, CRMP, CRMA
  2. 2. ERM - ISO 31000
  3. 3. DETERMINE RISK CRITERIA • What make an ERM implementation unique to each organization • Influenced by business objectives as well as external & internal context. • By definition: ”terms of reference against which the significance of risk is evaluated”. • Type of risk criteria: – Governance risk criteria – Assessment risk criteria
  4. 4. Governance Risk Criteria Risk Capacity Risk Attitude Risk Appetite Risk Tolerance
  5. 5. Risk Capacity • Board and senior management must understand both individual outcomes and aggregated outcomes from multiple events that could cause organization to cease operations. • Not only responsible determining business objectives, but also ensuring organization survives. Inadequate capital Inadequate cash flow Violations of laws & regulations Damage to reputation
  6. 6. Risk Attitude • Organization’s approach to assess and eventually pursue, retain, take, or turn away from risk. • An organization’s risk attitude is essentially its cultural mindset with regard to risk. • Risk attitude must be instilled overtime Risk Averse Risk Embracing RISK ATTITUDE SPECTRUM
  7. 7. Risk Appetite • Amount of risk, on broad level, an entity is willing to accept in pursuing of value (COSO ERM) • Element of risk appetite in shaping definition:  Risk appetite is an integral part of strategic planning  Not all risk outcomes are easily measurable; qualitative (type) and quantitative (amount)  Appetite may reflect the desire to pursue positive outcomes as well as to minimize negative outcomes  An organization must accept some level of risk to be successful • Examples of risk appetite statements:  Invest at least 15 percent of revenues  Maintain a debt/equity ratio 1.5 or less  Put no more than 50 percent capital at risk  Not build key manufacturing plants in areas prone to floods or earthquakes
  8. 8. Risk Tolerance • Readiness to bear the risk after risk treatment in order to achieve objectives. • Risk-taking boundaries within which managers and employees are expected to perform in pursuing of the organization’s strategic, operations, reporting, and compliance objectives. • Examples:  Annual operating results should be not be less than 90 percent of budget  Customer satisfaction rating should meet or exceed 95 percent.
  9. 9. Assessment Risk Criteria • A measure of the size of potential risk Impact outcomes, should event occur. • Impact types include, but not limited to, financial reputational, legal, environmental, and safety outcomes. • Reflects an estimate of the possibility that Likelihood risk events will occur are result in the assessed risk outcomes
  10. 10. Inherent Criteria Capability Criteria consequence Other Risk Assessment Criteria Readiness & Preparedness Significance Agility Severity Resilience Frequency Controllability Velocity Monitorability Volatility Maturity Interdependency Degree of Confidence

×