SlideShare a Scribd company logo

General Employee Risk Management Course

D
davidcurriecia

This document provides an overview of general employee risk management. It begins by giving examples of why risk management is needed to avoid costly jury awards or fraudulent charges. It then defines risk as a measure of uncertainty about the outcome of events or decisions that can be positive opportunities or negative risks. The objectives are to help identify risks, create risk management process awareness, and increase risk management understanding. It outlines the flow of internal risk control procedures and gives an example of a procedural certification checklist. It describes the risk assessment process including risk identification, measurement, prioritization. It provides worksheets to identify activities, choose risk factors, and weight risks. Finally, it discusses how identified risks are managed through controls.

1 of 15
General Employee Risk Management Course By David Currie, CPA, CIA, CISA david.currie@earthlink.net Why is risk management needed?
Example A: Girl’s death costs Florida Power & Light $37 million jury award. Example B: Credit applicant uses brother’s social security number and $10,000 in fraudulent charges are incurred. I see Risk Management is the solution to the challenges of governing modern business!
How is Risk Defined? Risk:  is a measure of probability about the outcome of an event or decision.  is the uncertainty about the success of department processes.  can change over time Positive risks are known as Opportunities Negative risks are known as risks, or exposures.
Objectives: 1. To help you identify risks that could affect department business processes. 2. To create an awareness of the Risk Management Process. 3. To increase your understanding of how risk is managed.
Flow of Internal Risk Control Procedures 1. Your Department’s 3. Department’s 2. Risk assessment Business Processes: is performed to identified risks are  Strategies identify significant managed with  Tactics risks. controls.  Procedures  Activities Department Manager, ICO and employees work as team to identify risks. 6. Monitoring is 5. Each month your 4. Key Departmental needed by area Department Manager controls are recorded on a employees to certifies that departmental Procedural Certification help ensure controls are working or Checklist. significant risks submits action plans to are identified resolve any exceptions Assigned employees ensure these controls are and managed. identified. functioning or exceptions are reported.
Example of Procedural Certification Checklist J F M A M J J A S O N D Initial month(s) in which procedure is performed. A E A P A U U U E C O E N B R R Y N L G P T V C The Service Department handles account adjustments, maintenance, research and dispute processing for cardholders. On-Line Transactions 1. An on-line system summary of all monetary on-line adjustments and maintenance processed by all Customer Service Department employees is reviewed daily by an employee independent from the input function. a. A hard copy print is made of all entries over $XX to review for accuracy. All entries are initialed. 2. Any request for a PIN, replacement card or convenience balance transfer check received within XX days of an address change must come in writing. The signature is verified and the letter referred to Security. 3. Requests for credit line increases are completed per approved matrix. a. The department’s Help Desk performs and documents a random review.
Risk Assessment Process 2. Risk Assessment How is risk assessed? A. Identification B. Measurement C. Prioritization
2A. Risk Identification Approaches for risk identification. Identification of risks that could affect assets:  Physical: Disaster Planning  Financial: Credit limit adjustment and Monetary Transaction  Human Resources: Personnel and Salary Administration  Information and Intangible Assets: Customer Information and Reputation Identification of risks that could affect operations:  Laws and Regulations  Customer retention and customer care  Call routing/workflow integration  Technology Identification of risks that could involve frauds and/or disasters:  Account Takeover
2B. Risk Measurement Measuring risk is difficult because the size of the risk is hard to estimate. Methods to measure risk include the following: 1. Intuition- based on expertise and experience of managers and employees certain activities “feel” or appear more risky than others. 2. Using data to support observations. 3. Comparing the activity with similar activities with known risks.
2C. Risk Prioritization Risk Prioritization allows you to determine which risks are more important than other risks. Identified risks are assigned values such as: High Risk Medium Risk Low Risk
A Three Step Risk Assessment Process- First Phase Phase One: Identify activities to be considered. Activities consist of actions, plans, processes, and systems use in your operating area. Examples include:  All processes in your operating area.  Transaction systems processing  Policies, procedures and practices  Information systems (manual and computerized)  Laws and regulations
A Three Step Risk Assessment Process- Second and Third Phases Phase Two: Choose risk factors (criteria) which can help to identify the likelihood of an adverse consequence. Risk factors may include:  Computer controls and manual processes  Transaction volumes  Impact of customers  Degree of computerized information systems  Adequacy and effectiveness of internal control  Degree of technological changes Phase Three: Weight the risk factors as high risk, medium risk or low risk. The weight given to a risk factor is a matter of professional judgment.
Example of Risk Assessment Worksheet Activity:_____________________________Evaluated By:___________________________Date:_____________ Risk Factors Weighted: Rank in blank space as high, medium, low for each risk factor. 1. _____ Separation of duties - a measure of how the exposure to loss has been reduced by separating duties within critical activities. 2. _____ Accuracy of information - a measure of how the exposure to loss has been reduced by the accuracy of department information. 3. _____ Time and resources to meet objectives - a measure of the exposure to loss due to accuracy being sacrificed in favor of speed in executing transactions, because of meeting deadlines or unavailability of time. 4. _____ Operational stability - a measure of the exposure to loss due to changes within the area's structure, procedures, policies, etc. 5. _____ Complexity of operations - a measure of the exposure to loss due to the complexity involved in the task(s) performed; i.e., the amount of time, the number of steps, the degree of difficulty, training necessary to complete an assignment or process a transaction, etc. 6. _____ Liquidity of assets - a measure of the exposure to loss due to the degree to which data representing valuables can be converted into money/cash. 7. _____ Impact of adverse customer reaction - a measure of the exposure to loss resulting from customer dissatisfaction.
Your Department’s Identified Risks are Managed by Controls The Role of Controls Good Bad Controls Controls Manages Creates Controls Risk Inefficiencies Are you safeguarding the bank every day to minimize risk? What additional steps can you take in the future?
Questions? David Currie, CPA, CIA, CISA david.currie@earthlink.net

Recommended

Operational risks
Operational risksOperational risks
Operational risks
Rahmat Mulyana
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
Anand Subramaniam
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongBCM Institute
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Chiang Mai University School of Public Policy
 
Level 2
Level 2Level 2
Level 2
GWC GROUP
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
Continuity and Resilience
 

Recommended

Operational risks
Operational risksOperational risks
Operational risks
Rahmat Mulyana
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
Anand Subramaniam
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongBCM Institute
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Chiang Mai University School of Public Policy
 
Level 2
Level 2Level 2
Level 2
GWC GROUP
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
Continuity and Resilience
 
Operational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasOperational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvas
Treat Risk
 
Sym Sure Loan Portfolio
Sym Sure Loan PortfolioSym Sure Loan Portfolio
Sym Sure Loan Portfolio
jjfrec07
 
Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)
Enterprising Non-Profits
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL era
Treat Risk
 
Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...BCM Institute
 
Microsoft Risk Management
Microsoft Risk ManagementMicrosoft Risk Management
Microsoft Risk Management
Ulukman Mamytov
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for Bank
Rahmat Mulyana
 
Draft NPS Crisis Management Process
Draft NPS Crisis Management ProcessDraft NPS Crisis Management Process
Draft NPS Crisis Management Process
smalone18
 
Mc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions ServicesMc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions ServicesLinkedInLeo
 
Operation Risk Management 03
Operation Risk Management 03Operation Risk Management 03
Operation Risk Management 03
Institute of Mgt. and Information Science
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONFrackson Kathibula-Nyoni
 
Risk and Business Continuity Management
Risk and Business Continuity Management Risk and Business Continuity Management
Risk and Business Continuity Management
Continuity and Resilience
 
Delivering Business Value By Applying Agile Principles To Business Continuity...
Delivering Business Value By Applying Agile Principles To Business Continuity...Delivering Business Value By Applying Agile Principles To Business Continuity...
Delivering Business Value By Applying Agile Principles To Business Continuity...
Ken Collins
 
Managing and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's FirstManaging and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's First
BCM Institute
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reporting
ShivaLeela Choudary
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
Alfred Ouyang
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk Transformation
Andrew Smart
 
Risk Management Plan Analysis PowerPoint Presentation Slides
Risk Management Plan Analysis PowerPoint Presentation Slides Risk Management Plan Analysis PowerPoint Presentation Slides
Risk Management Plan Analysis PowerPoint Presentation Slides
SlideTeam
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.Miyelani Shibambo
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)
ishan parikh production
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
Ni
 
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore UniversityChapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Swaminath Sam
 

More Related Content

What's hot

Operational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasOperational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvas
Treat Risk
 
Sym Sure Loan Portfolio
Sym Sure Loan PortfolioSym Sure Loan Portfolio
Sym Sure Loan Portfolio
jjfrec07
 
Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)
Enterprising Non-Profits
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL era
Treat Risk
 
Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...BCM Institute
 
Microsoft Risk Management
Microsoft Risk ManagementMicrosoft Risk Management
Microsoft Risk Management
Ulukman Mamytov
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for Bank
Rahmat Mulyana
 
Draft NPS Crisis Management Process
Draft NPS Crisis Management ProcessDraft NPS Crisis Management Process
Draft NPS Crisis Management Process
smalone18
 
Mc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions ServicesMc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions ServicesLinkedInLeo
 
Operation Risk Management 03
Operation Risk Management 03Operation Risk Management 03
Operation Risk Management 03
Institute of Mgt. and Information Science
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONFrackson Kathibula-Nyoni
 
Risk and Business Continuity Management
Risk and Business Continuity Management Risk and Business Continuity Management
Risk and Business Continuity Management
Continuity and Resilience
 
Delivering Business Value By Applying Agile Principles To Business Continuity...
Delivering Business Value By Applying Agile Principles To Business Continuity...Delivering Business Value By Applying Agile Principles To Business Continuity...
Delivering Business Value By Applying Agile Principles To Business Continuity...
Ken Collins
 
Managing and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's FirstManaging and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's First
BCM Institute
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reporting
ShivaLeela Choudary
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
Alfred Ouyang
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk Transformation
Andrew Smart
 
Risk Management Plan Analysis PowerPoint Presentation Slides
Risk Management Plan Analysis PowerPoint Presentation Slides Risk Management Plan Analysis PowerPoint Presentation Slides
Risk Management Plan Analysis PowerPoint Presentation Slides
SlideTeam
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.Miyelani Shibambo
 

What's hot (19)

Operational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasOperational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvas
 
Sym Sure Loan Portfolio
Sym Sure Loan PortfolioSym Sure Loan Portfolio
Sym Sure Loan Portfolio
 
Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL era
 
Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...
 
Microsoft Risk Management
Microsoft Risk ManagementMicrosoft Risk Management
Microsoft Risk Management
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for Bank
 
Draft NPS Crisis Management Process
Draft NPS Crisis Management ProcessDraft NPS Crisis Management Process
Draft NPS Crisis Management Process
 
Mc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions ServicesMc Gladrey Financial Institutions Services
Mc Gladrey Financial Institutions Services
 
Operation Risk Management 03
Operation Risk Management 03Operation Risk Management 03
Operation Risk Management 03
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
 
Risk and Business Continuity Management
Risk and Business Continuity Management Risk and Business Continuity Management
Risk and Business Continuity Management
 
Delivering Business Value By Applying Agile Principles To Business Continuity...
Delivering Business Value By Applying Agile Principles To Business Continuity...Delivering Business Value By Applying Agile Principles To Business Continuity...
Delivering Business Value By Applying Agile Principles To Business Continuity...
 
Managing and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's FirstManaging and Implementing a National BCM Programme: A World's First
Managing and Implementing a National BCM Programme: A World's First
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reporting
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk Transformation
 
Risk Management Plan Analysis PowerPoint Presentation Slides
Risk Management Plan Analysis PowerPoint Presentation Slides Risk Management Plan Analysis PowerPoint Presentation Slides
Risk Management Plan Analysis PowerPoint Presentation Slides
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.
 

Similar to General Employee Risk Management Course

case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)
ishan parikh production
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
Ni
 
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore UniversityChapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Swaminath Sam
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
SathishKumar960827
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
ShivamSharma909
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
InfosecTrain
 
Level 2
Level 2Level 2
Level 2
GWC GROUP
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
AjjuSingh2
 
Icab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICABIcab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICAB
Sazzad Hossain, ITP, MBA, CSCA™
 
IA PRESENTATION-4.pptx
IA PRESENTATION-4.pptxIA PRESENTATION-4.pptx
IA PRESENTATION-4.pptx
axmedxasancali1
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
Jorge Sebastiao
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
RISK ANALYSIS Day 1.pptx
RISK ANALYSIS Day 1.pptxRISK ANALYSIS Day 1.pptx
RISK ANALYSIS Day 1.pptx
SAMUELWAGEMA
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management Workshop
Stacy Willis
 
Risk management in e banking
Risk management in e bankingRisk management in e banking
Risk management in e banking
Amer Mushtaq
 
Risk Management Methodologies in Construction Industries
Risk Management Methodologies in Construction IndustriesRisk Management Methodologies in Construction Industries
Risk Management Methodologies in Construction Industries
IRJET Journal
 
module_1.pptx
module_1.pptxmodule_1.pptx
module_1.pptx
ssuser432862
 
Construction project management & risk mitigation
Construction project management & risk mitigationConstruction project management & risk mitigation
Construction project management & risk mitigation
rajlaxmipardeshi
 

Similar to General Employee Risk Management Course (20)

case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
 
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore UniversityChapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
Level 2
Level 2Level 2
Level 2
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
Icab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICABIcab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICAB
 
IA PRESENTATION-4.pptx
IA PRESENTATION-4.pptxIA PRESENTATION-4.pptx
IA PRESENTATION-4.pptx
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
 
RISK ANALYSIS Day 1.pptx
RISK ANALYSIS Day 1.pptxRISK ANALYSIS Day 1.pptx
RISK ANALYSIS Day 1.pptx
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management Workshop
 
Risk management in e banking
Risk management in e bankingRisk management in e banking
Risk management in e banking
 
51_operational_risk
51_operational_risk51_operational_risk
51_operational_risk
 
Risk Management Methodologies in Construction Industries
Risk Management Methodologies in Construction IndustriesRisk Management Methodologies in Construction Industries
Risk Management Methodologies in Construction Industries
 
module_1.pptx
module_1.pptxmodule_1.pptx
module_1.pptx
 
Construction project management & risk mitigation
Construction project management & risk mitigationConstruction project management & risk mitigation
Construction project management & risk mitigation
 

General Employee Risk Management Course

  • 1. General Employee Risk Management Course By David Currie, CPA, CIA, CISA david.currie@earthlink.net Why is risk management needed?
  • 2. Example A: Girl’s death costs Florida Power & Light $37 million jury award. Example B: Credit applicant uses brother’s social security number and $10,000 in fraudulent charges are incurred. I see Risk Management is the solution to the challenges of governing modern business!
  • 3. How is Risk Defined? Risk:  is a measure of probability about the outcome of an event or decision.  is the uncertainty about the success of department processes.  can change over time Positive risks are known as Opportunities Negative risks are known as risks, or exposures.
  • 4. Objectives: 1. To help you identify risks that could affect department business processes. 2. To create an awareness of the Risk Management Process. 3. To increase your understanding of how risk is managed.
  • 5. Flow of Internal Risk Control Procedures 1. Your Department’s 3. Department’s 2. Risk assessment Business Processes: is performed to identified risks are  Strategies identify significant managed with  Tactics risks. controls.  Procedures  Activities Department Manager, ICO and employees work as team to identify risks. 6. Monitoring is 5. Each month your 4. Key Departmental needed by area Department Manager controls are recorded on a employees to certifies that departmental Procedural Certification help ensure controls are working or Checklist. significant risks submits action plans to are identified resolve any exceptions Assigned employees ensure these controls are and managed. identified. functioning or exceptions are reported.
  • 6. Example of Procedural Certification Checklist J F M A M J J A S O N D Initial month(s) in which procedure is performed. A E A P A U U U E C O E N B R R Y N L G P T V C The Service Department handles account adjustments, maintenance, research and dispute processing for cardholders. On-Line Transactions 1. An on-line system summary of all monetary on-line adjustments and maintenance processed by all Customer Service Department employees is reviewed daily by an employee independent from the input function. a. A hard copy print is made of all entries over $XX to review for accuracy. All entries are initialed. 2. Any request for a PIN, replacement card or convenience balance transfer check received within XX days of an address change must come in writing. The signature is verified and the letter referred to Security. 3. Requests for credit line increases are completed per approved matrix. a. The department’s Help Desk performs and documents a random review.
  • 7. Risk Assessment Process 2. Risk Assessment How is risk assessed? A. Identification B. Measurement C. Prioritization
  • 8. 2A. Risk Identification Approaches for risk identification. Identification of risks that could affect assets:  Physical: Disaster Planning  Financial: Credit limit adjustment and Monetary Transaction  Human Resources: Personnel and Salary Administration  Information and Intangible Assets: Customer Information and Reputation Identification of risks that could affect operations:  Laws and Regulations  Customer retention and customer care  Call routing/workflow integration  Technology Identification of risks that could involve frauds and/or disasters:  Account Takeover
  • 9. 2B. Risk Measurement Measuring risk is difficult because the size of the risk is hard to estimate. Methods to measure risk include the following: 1. Intuition- based on expertise and experience of managers and employees certain activities “feel” or appear more risky than others. 2. Using data to support observations. 3. Comparing the activity with similar activities with known risks.
  • 10. 2C. Risk Prioritization Risk Prioritization allows you to determine which risks are more important than other risks. Identified risks are assigned values such as: High Risk Medium Risk Low Risk
  • 11. A Three Step Risk Assessment Process- First Phase Phase One: Identify activities to be considered. Activities consist of actions, plans, processes, and systems use in your operating area. Examples include:  All processes in your operating area.  Transaction systems processing  Policies, procedures and practices  Information systems (manual and computerized)  Laws and regulations
  • 12. A Three Step Risk Assessment Process- Second and Third Phases Phase Two: Choose risk factors (criteria) which can help to identify the likelihood of an adverse consequence. Risk factors may include:  Computer controls and manual processes  Transaction volumes  Impact of customers  Degree of computerized information systems  Adequacy and effectiveness of internal control  Degree of technological changes Phase Three: Weight the risk factors as high risk, medium risk or low risk. The weight given to a risk factor is a matter of professional judgment.
  • 13. Example of Risk Assessment Worksheet Activity:_____________________________Evaluated By:___________________________Date:_____________ Risk Factors Weighted: Rank in blank space as high, medium, low for each risk factor. 1. _____ Separation of duties - a measure of how the exposure to loss has been reduced by separating duties within critical activities. 2. _____ Accuracy of information - a measure of how the exposure to loss has been reduced by the accuracy of department information. 3. _____ Time and resources to meet objectives - a measure of the exposure to loss due to accuracy being sacrificed in favor of speed in executing transactions, because of meeting deadlines or unavailability of time. 4. _____ Operational stability - a measure of the exposure to loss due to changes within the area's structure, procedures, policies, etc. 5. _____ Complexity of operations - a measure of the exposure to loss due to the complexity involved in the task(s) performed; i.e., the amount of time, the number of steps, the degree of difficulty, training necessary to complete an assignment or process a transaction, etc. 6. _____ Liquidity of assets - a measure of the exposure to loss due to the degree to which data representing valuables can be converted into money/cash. 7. _____ Impact of adverse customer reaction - a measure of the exposure to loss resulting from customer dissatisfaction.
  • 14. Your Department’s Identified Risks are Managed by Controls The Role of Controls Good Bad Controls Controls Manages Creates Controls Risk Inefficiencies Are you safeguarding the bank every day to minimize risk? What additional steps can you take in the future?
  • 15. Questions? David Currie, CPA, CIA, CISA david.currie@earthlink.net