UNTU Microfinance in Zimbabwe leveraged risk management to support future growth. It formalized its risk management process by adopting the Risk Management Graduation Model, which involved identifying UNTU's tier level, assessing readiness, strategizing its graduation path, planning improvements, executing the strategy, and evaluating success. This allowed UNTU to systematically strengthen risk management, prioritize closing key gaps, and integrate risk management into core operations to manage risks and support strategic goals like increasing market share.
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
The document discusses a new paradigm called "Five Lines of Assurance" for internal audit and enterprise risk management. It was created to help organizations meet escalating expectations from regulators, credit agencies, institutional investors, and others regarding risk oversight and governance. The Five Lines of Assurance model focuses on an "Objectives Register" that prioritizes key strategic objectives and potential risks. It aims to integrate risk management and assurance functions, engage boards and management, and provide optimized assurance on whether residual risks are within the organization's risk appetite. The model is presented as helping organizations demonstrate effective risk oversight, integrate risk with strategic planning, and meet emerging governance standards.
This document provides a strategic risk management plan for Marriott Sprowston Manor Hotel. It identifies key risks facing the hotel, including financial risks from economic conditions, strategic risks from increased competition and reputation risks, and operational risks from technology issues and increasing costs. The plan develops an enterprise risk management framework using objectives, key concepts, and a process for implementation. It assigns roles and responsibilities and provides risk mitigation actions and a business continuity plan to manage risks and ensure the continuity of hotel operations.
IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses current trends and thinking in risk management and best practices.
The document discusses COSO's Enterprise Risk Management framework. It defines ERM and explains why it is important for managing risks and uncertainties to achieve organizational objectives. The framework establishes eight components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It provides guidance on implementing ERM.
The Strategy Network is an open network for strategy professionals that meets three times per year for knowledge sharing. More than 40 top South African companies have joined with no fees required. Attendance confirmation is sufficient. The document then provides details on strategic risk management processes including identifying risks to strategic objectives, assessing existing controls, determining risk ratings, and identifying treatments. It gives an example of linking a strategic objective to secure new business with potential related risks and controls.
This is a performance ladder or framework for Enterprise Risk Management. It can be used as an audit tool, a maturity model, a benchmarking tool or a model for creating a plan of action.
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
The document discusses a new paradigm called "Five Lines of Assurance" for internal audit and enterprise risk management. It was created to help organizations meet escalating expectations from regulators, credit agencies, institutional investors, and others regarding risk oversight and governance. The Five Lines of Assurance model focuses on an "Objectives Register" that prioritizes key strategic objectives and potential risks. It aims to integrate risk management and assurance functions, engage boards and management, and provide optimized assurance on whether residual risks are within the organization's risk appetite. The model is presented as helping organizations demonstrate effective risk oversight, integrate risk with strategic planning, and meet emerging governance standards.
This document provides a strategic risk management plan for Marriott Sprowston Manor Hotel. It identifies key risks facing the hotel, including financial risks from economic conditions, strategic risks from increased competition and reputation risks, and operational risks from technology issues and increasing costs. The plan develops an enterprise risk management framework using objectives, key concepts, and a process for implementation. It assigns roles and responsibilities and provides risk mitigation actions and a business continuity plan to manage risks and ensure the continuity of hotel operations.
IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses current trends and thinking in risk management and best practices.
The document discusses COSO's Enterprise Risk Management framework. It defines ERM and explains why it is important for managing risks and uncertainties to achieve organizational objectives. The framework establishes eight components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It provides guidance on implementing ERM.
The Strategy Network is an open network for strategy professionals that meets three times per year for knowledge sharing. More than 40 top South African companies have joined with no fees required. Attendance confirmation is sufficient. The document then provides details on strategic risk management processes including identifying risks to strategic objectives, assessing existing controls, determining risk ratings, and identifying treatments. It gives an example of linking a strategic objective to secure new business with potential related risks and controls.
This is a performance ladder or framework for Enterprise Risk Management. It can be used as an audit tool, a maturity model, a benchmarking tool or a model for creating a plan of action.
The document summarizes an internal auditor's workshop on using audits as a risk management tool. It includes the following:
- An overview of the risk management process including identifying risks, assessing and measuring risks, responding to risks, designing and testing controls, and continuously improving risk management.
- The three lines of defense in risk management - operational management owns risk management as the first line, risk management and compliance functions provide oversight as the second line, and internal audit provides independent assurance as the third line.
- Key aspects of the risk management process including governance, people, processes, and technology as well as identifying risks, assessing risks, developing risk response strategies, and monitoring risks.
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.
• The balanced scorecard and risk management approaches have evolved as silo processes over approximately 20 years – an approach that integrates both is a natural evolution.
• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
The document discusses project risk management from the perspective of a development institution. It provides definitions of risk, project, and project management. Project risk management involves planning, organizing, securing, and managing resources to control the effects of uncertainties on a project's objectives. The document outlines the roots of uncertainty in a project, types of risks, and the risk management process. It emphasizes that risk management should be integrated into an organization's culture and involve identifying, assessing, and prioritizing risks.
The document discusses key changes in revised Guidance Note 10 (GN10) relating to corporate governance of authorized insurers in Hong Kong, including establishing a mandatory Board-level Risk Committee separate from the Audit Committee. Setting up this Risk Committee is one of the major changes in GN10. The Risk Committee is responsible for overseeing risk management systems and the risk appetite framework. It will be important for insurers to define their risk appetite and establish proper risk management processes to support the Risk Committee's functions.
This document discusses enterprise risk management and contains activities and content related to risk management. It defines key risk management terms and concepts, outlines the risk management process, and discusses the benefits and relevance of risk management. It also addresses regulatory frameworks, legislative requirements, and key risks associated with ineffective risk management.
Margaret J. Millett, MSBC, MBCP, MBCI
Director of eBay, Inc. Enterprise Resiliency
1. What is Enterprise Risk Management (ERM)?
2. Why organizations should have an ERM Program
3.Competitive Imperative
4. Elements of an ERM Program
5. Connecting with Business Continuity Management (BCM)
6. Euro Zone Contingency Planning
7. Conclusion
The document outlines the objectives and components of Enterprise Risk Management (ERM) as defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). It identifies 4 objectives categories - internal environment, objective setting, event identification, and risk assessment. It also lists 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring. The framework is intended to help organizations effectively manage risk to increase the likelihood of achieving objectives.
This document provides an overview of key concepts in risk management. It discusses establishing context, identifying and evaluating risks, developing risk responses, and monitoring risks. Effective risk management involves documenting processes, communicating roles and responsibilities, and regularly reviewing risks and the risk management framework. While risk management aims to prevent problems, it can also help organizations identify opportunities by establishing an appropriate level of risk tolerance.
1. This document presents a Risk Management Standard published jointly by three major risk management organizations in the UK. It provides terminology, processes, organizational structures, and objectives for effective risk management.
2. The standard recognizes that risk management involves both upside opportunities and downside threats. It should be integrated into an organization's culture and strategy to help achieve objectives. The core components of the risk management process include risk identification, analysis, evaluation, and treatment.
3. External and internal factors can both drive key risks for an organization. Examples of risk categories include strategic, operational, financial, compliance and knowledge-based risks. Carrying out risk assessment and prioritizing risks is important for informed decision-making.
This document discusses enterprise risk management (ERM). It provides definitions of ERM, outlines its conceptual roots dating back to the 1970s-1990s, and describes what ERM is and how it can provide a framework for risk management. The document also discusses key aspects of ERM implementation including risk, uncertainty, risk attitudes, risk management processes and steps, and tools and techniques for risk assessment.
The document outlines the National Bank of Malawi's operational risk management framework. It discusses the operational risk policy, roles and responsibilities of the board, management, and risk division. It describes the bank's approach to identifying, assessing, monitoring, and controlling operational risk. The bank has adopted the Basic Indicator Approach to measure operational risk capital charge and has developed business continuity plans to prepare for disasters. The presentation also discusses operational risk incident management guidelines and roles in reporting and addressing incidents.
This document summarizes COSO's Enterprise Risk Management - Integrated Framework. It defines ERM as a process run by an organization's board and management to identify potential events, manage risk within the organization's risk appetite, and provide assurance around achieving objectives. The framework identifies 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It describes how organizations can implement ERM through risk assessments, determining risk appetite, identifying responses, and ongoing monitoring and oversight. Internal auditors can help by reviewing controls and risk processes and ensuring resources target key risk areas.
This document provides an overview of a training programme on strategic risk management. It includes an agenda that covers topics such as risk management principles, frameworks, governance, and specific business risks. The aims and objectives of the training are also outlined. Key aspects that will be taught include risk identification and assessment, risk analysis, risk culture, and implementing an effective risk management process. Various risk management models and frameworks are also highlighted such as the COSO enterprise risk management framework. The document provides information on the content to be delivered in the risk management training programme.
This document discusses enterprise risk management (ERM). It defines ERM as the process of planning, organizing, leading, and controlling organizational activities to minimize the effects of risk on capital and earnings. ERM includes financial, strategic, operational risks as well as accidental losses. The document outlines the importance of ERM, noting that it allows organizations to increase risk-taking capabilities to pursue opportunities while managing risks. It also discusses how ERM standardizes risk management procedures across projects. Finally, it provides an overview of the key steps in the ERM process, including establishing an ERM structure, assigning responsibilities, creating an enterprise risk map, decision-making through risk reporting, and shifting organizational culture to a more enterprise-wide view of
Operational risk is the risk of loss from inadequate or failed internal processes, people, and systems or from external events. This document provides a summary of operational risk, including:
1) It defines operational risk and provides examples such as business interruption, errors by employees, product failure, and IT systems failure.
2) Risks can be identified through various techniques like workshops and audits to assess processes. They are then assessed for impact and likelihood.
3) Operational risks are managed through techniques like risk acceptance, risk sharing, risk reduction, and risk avoidance such as purchasing insurance. Ongoing monitoring and review is important.
The document outlines a communications plan for a company undergoing an Oracle implementation. It includes:
1) Identifying stakeholders and analyzing their needs to develop tailored messaging to help stakeholders move through stages of change acceptance.
2) Guiding principles for communications, including using a variety of channels to deliver consistent, honest messages from leaders.
3) A communications approach including stakeholder analysis, key messages for each group, and vehicles like meetings, newsletters and surveys.
4) An overview of the communications plan framework for mapping out when and how to deliver tailored information to stakeholders throughout the implementation.
This was a presentation given by Lisa Shi, head of risk management at E C Harris Hong Kong, at the Royal Hong Kong Yacht club as one of the APM HK branch's monthly CPD events. Lisa gave her presentation to some 30 local members and guests.
What are you doing to manage and engage the people, groups and organizations who can impact, or are impacted, by your project or change initiative? View this short presentation to discover the impact effective stakeholder management can have on your project.
The document discusses risk management strategies for the construction of the Sydney Opera House. It identifies key risks that contributed to cost overruns and schedule delays such as an unrealistic initial cost estimate of $7 million, an incomplete design that lacked structural details, failure to control escalating costs, and pressure to accelerate the construction schedule. These risks led to a final cost of over $100 million, over 15 times the initial estimate, and completion 14 years late. The project was also impacted by political risks like deceptive cost disclosure and design changes.
The document summarizes an internal auditor's workshop on using audits as a risk management tool. It includes the following:
- An overview of the risk management process including identifying risks, assessing and measuring risks, responding to risks, designing and testing controls, and continuously improving risk management.
- The three lines of defense in risk management - operational management owns risk management as the first line, risk management and compliance functions provide oversight as the second line, and internal audit provides independent assurance as the third line.
- Key aspects of the risk management process including governance, people, processes, and technology as well as identifying risks, assessing risks, developing risk response strategies, and monitoring risks.
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.
• The balanced scorecard and risk management approaches have evolved as silo processes over approximately 20 years – an approach that integrates both is a natural evolution.
• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
The document discusses project risk management from the perspective of a development institution. It provides definitions of risk, project, and project management. Project risk management involves planning, organizing, securing, and managing resources to control the effects of uncertainties on a project's objectives. The document outlines the roots of uncertainty in a project, types of risks, and the risk management process. It emphasizes that risk management should be integrated into an organization's culture and involve identifying, assessing, and prioritizing risks.
The document discusses key changes in revised Guidance Note 10 (GN10) relating to corporate governance of authorized insurers in Hong Kong, including establishing a mandatory Board-level Risk Committee separate from the Audit Committee. Setting up this Risk Committee is one of the major changes in GN10. The Risk Committee is responsible for overseeing risk management systems and the risk appetite framework. It will be important for insurers to define their risk appetite and establish proper risk management processes to support the Risk Committee's functions.
This document discusses enterprise risk management and contains activities and content related to risk management. It defines key risk management terms and concepts, outlines the risk management process, and discusses the benefits and relevance of risk management. It also addresses regulatory frameworks, legislative requirements, and key risks associated with ineffective risk management.
Margaret J. Millett, MSBC, MBCP, MBCI
Director of eBay, Inc. Enterprise Resiliency
1. What is Enterprise Risk Management (ERM)?
2. Why organizations should have an ERM Program
3.Competitive Imperative
4. Elements of an ERM Program
5. Connecting with Business Continuity Management (BCM)
6. Euro Zone Contingency Planning
7. Conclusion
The document outlines the objectives and components of Enterprise Risk Management (ERM) as defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). It identifies 4 objectives categories - internal environment, objective setting, event identification, and risk assessment. It also lists 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring. The framework is intended to help organizations effectively manage risk to increase the likelihood of achieving objectives.
This document provides an overview of key concepts in risk management. It discusses establishing context, identifying and evaluating risks, developing risk responses, and monitoring risks. Effective risk management involves documenting processes, communicating roles and responsibilities, and regularly reviewing risks and the risk management framework. While risk management aims to prevent problems, it can also help organizations identify opportunities by establishing an appropriate level of risk tolerance.
1. This document presents a Risk Management Standard published jointly by three major risk management organizations in the UK. It provides terminology, processes, organizational structures, and objectives for effective risk management.
2. The standard recognizes that risk management involves both upside opportunities and downside threats. It should be integrated into an organization's culture and strategy to help achieve objectives. The core components of the risk management process include risk identification, analysis, evaluation, and treatment.
3. External and internal factors can both drive key risks for an organization. Examples of risk categories include strategic, operational, financial, compliance and knowledge-based risks. Carrying out risk assessment and prioritizing risks is important for informed decision-making.
This document discusses enterprise risk management (ERM). It provides definitions of ERM, outlines its conceptual roots dating back to the 1970s-1990s, and describes what ERM is and how it can provide a framework for risk management. The document also discusses key aspects of ERM implementation including risk, uncertainty, risk attitudes, risk management processes and steps, and tools and techniques for risk assessment.
The document outlines the National Bank of Malawi's operational risk management framework. It discusses the operational risk policy, roles and responsibilities of the board, management, and risk division. It describes the bank's approach to identifying, assessing, monitoring, and controlling operational risk. The bank has adopted the Basic Indicator Approach to measure operational risk capital charge and has developed business continuity plans to prepare for disasters. The presentation also discusses operational risk incident management guidelines and roles in reporting and addressing incidents.
This document summarizes COSO's Enterprise Risk Management - Integrated Framework. It defines ERM as a process run by an organization's board and management to identify potential events, manage risk within the organization's risk appetite, and provide assurance around achieving objectives. The framework identifies 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It describes how organizations can implement ERM through risk assessments, determining risk appetite, identifying responses, and ongoing monitoring and oversight. Internal auditors can help by reviewing controls and risk processes and ensuring resources target key risk areas.
This document provides an overview of a training programme on strategic risk management. It includes an agenda that covers topics such as risk management principles, frameworks, governance, and specific business risks. The aims and objectives of the training are also outlined. Key aspects that will be taught include risk identification and assessment, risk analysis, risk culture, and implementing an effective risk management process. Various risk management models and frameworks are also highlighted such as the COSO enterprise risk management framework. The document provides information on the content to be delivered in the risk management training programme.
This document discusses enterprise risk management (ERM). It defines ERM as the process of planning, organizing, leading, and controlling organizational activities to minimize the effects of risk on capital and earnings. ERM includes financial, strategic, operational risks as well as accidental losses. The document outlines the importance of ERM, noting that it allows organizations to increase risk-taking capabilities to pursue opportunities while managing risks. It also discusses how ERM standardizes risk management procedures across projects. Finally, it provides an overview of the key steps in the ERM process, including establishing an ERM structure, assigning responsibilities, creating an enterprise risk map, decision-making through risk reporting, and shifting organizational culture to a more enterprise-wide view of
Operational risk is the risk of loss from inadequate or failed internal processes, people, and systems or from external events. This document provides a summary of operational risk, including:
1) It defines operational risk and provides examples such as business interruption, errors by employees, product failure, and IT systems failure.
2) Risks can be identified through various techniques like workshops and audits to assess processes. They are then assessed for impact and likelihood.
3) Operational risks are managed through techniques like risk acceptance, risk sharing, risk reduction, and risk avoidance such as purchasing insurance. Ongoing monitoring and review is important.
The document outlines a communications plan for a company undergoing an Oracle implementation. It includes:
1) Identifying stakeholders and analyzing their needs to develop tailored messaging to help stakeholders move through stages of change acceptance.
2) Guiding principles for communications, including using a variety of channels to deliver consistent, honest messages from leaders.
3) A communications approach including stakeholder analysis, key messages for each group, and vehicles like meetings, newsletters and surveys.
4) An overview of the communications plan framework for mapping out when and how to deliver tailored information to stakeholders throughout the implementation.
This was a presentation given by Lisa Shi, head of risk management at E C Harris Hong Kong, at the Royal Hong Kong Yacht club as one of the APM HK branch's monthly CPD events. Lisa gave her presentation to some 30 local members and guests.
What are you doing to manage and engage the people, groups and organizations who can impact, or are impacted, by your project or change initiative? View this short presentation to discover the impact effective stakeholder management can have on your project.
The document discusses risk management strategies for the construction of the Sydney Opera House. It identifies key risks that contributed to cost overruns and schedule delays such as an unrealistic initial cost estimate of $7 million, an incomplete design that lacked structural details, failure to control escalating costs, and pressure to accelerate the construction schedule. These risks led to a final cost of over $100 million, over 15 times the initial estimate, and completion 14 years late. The project was also impacted by political risks like deceptive cost disclosure and design changes.
HSBC-IBA Case Competition 2016 Final RoundTeam Phoenix
This document outlines a business case competition for a telecommunications company looking to rebuild trust in the Canadian market. It identifies trust as the core issue and recommends a "3G strategy" of Gain, Grab, Grow to gain new customers and market share, grab opportunities in new business segments, and grow to become the dominant player by 2020. Key elements of the proposed action plan include investing in technology research, expanding rural infrastructure and retail/enterprise solutions, and conducting marketing campaigns to improve the brand perception. Progress will be monitored and evaluated by a governance board, with contingencies in place if goals are not met.
Digital Trends in 2017: Making Business Impact in a Changing WorldEdelman
Digital paid media is evolving to provide both the efficiency and accountability promised by programmatic advertising, as well as the transparency and impact of traditional media. This evolution will occur in a few key ways:
1) Traditional media companies will accelerate their digital transformation by expanding programmatic TV buying and forming partnerships between digital and linear players.
2) Brands will shift more investment to digital channels that provide targeting capabilities but can be easily verified, such as digital out of home, podcasting, and interactive event sponsorships.
3) Technology and standards will improve to address issues like viewability, fraud, and attribution in order to restore trust and optimize spending. Brands will demand more transparency from their partners.
We Are Social's comprehensive new Digital in 2016 report presents internet, social media, and mobile usage statistics and trends from all over the world. It contains more than 500 infographics, including global data snapshots, regional overviews, and in-depth profiles of the digital landscapes in 30 of the world's key economies. For a more insightful analysis of the numbers contained in this report, please visit http://bit.ly/DSM2016ES.
#Contract Risk Audit# By SN panigrahi,
Enterprise Risk Management (ERM),
Risk Audit,
Contract Risk Audit process.
Types of Audit,
Risks Need to be Analyzed
on Four Aspects : SQSC,
CONTRACT ADMINISTRATION
Risk management: Principles, methodologies and techniquesILRI
This document outlines a two-day risk management training for ILRI staff. Day one covers principles of risk management and methodologies and techniques. Day two focuses on identifying and assessing risks at ILRI, including group feedback sessions and discussing ILRI's risk management going forward. The document defines risk management and discusses establishing a risk management framework at the organizational level with key principles like establishing context, identifying risks, analyzing risks, treating risks, and monitoring and reviewing risks. It provides examples of enterprise, project and partnership risks to consider and discusses risk reporting requirements.
Enterprise risk management (ERM) is a process that helps organizations identify, assess, and manage risks to achieving their objectives. It involves identifying risks across strategic, operational, reporting and compliance categories and developing a portfolio view of risks from a business unit and entity level. The ERM process also includes establishing risk management philosophies, setting risk appetites, identifying and assessing risks, developing risk responses, monitoring risks, and oversight from management.
Practical approach to Risk Based Internal AuditManoj Agarwal
The document provides an overview of risk based internal auditing. It discusses key concepts like the definition of risk, COSO ERM framework, three lines of defense model, definition of internal audit, and risk based internal audit approach. The approach involves identifying the audit universe and processes, risk identification and assessment, risk scoring and heat mapping, developing the risk based internal audit plan, and executing the plan. Various tools for risk based auditing like the audit tracker, audit report templates, and resources are also outlined.
Ronke Fagbemi has over 30 years of experience in risk management, regulatory compliance, and operations in the banking industry. She is currently the Head of Operational Risk and Compliance at Ecobank Nigeria Ltd. She has a strong background developing and implementing operational risk management frameworks, monitoring key risk indicators, conducting risk assessments, and ensuring regulatory compliance. She also has experience overseeing compliance programs, monitoring compliance activities, developing compliance policies and procedures, and providing compliance training.
The environment that enabled this situation to occur likely had weaknesses in some of the basic elements that help prevent corruption:
- Governance principles were likely weak - rules, monitoring and compliance may have been lax, allowing more discretion.
- Operational controls were probably not tight - goals may have been unclear, systems loose, process controls weak, information integrity and accountability lacking.
- Institutional basics may have been absent or weak - hierarchy and supervision unclear, management not based on written processes, staff possibly not well trained or working part-time/casually.
Societal foundations like democracy, free press, rule of law and property rights that help prevent corruption may have been nascent or absent in Revolutionary-era France.
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
Understanding your organization’s risks is the first step in developing an effective anti-corruption compliance program. But for many businesses, identifying and understanding their risks is a complex process, involving research, analysis and cooperation from all levels of the organization. Since every company needs a robust compliance program, an effective risk analysis is crucial. The consequences of getting this step wrong can be astronomical.
Join anti-corruption experts Marc Tassé and Patrice Poitevin, as they outline the steps and tools necessary to create a risk profile for your organization.
The webinar will cover:
Tools to help determine areas of risk
Factors to evaluate
The importance of due diligence once risks are identified
Continuous evaluation of your compliance program
How to achieve accountability and transparency
This white paper explains the concepts, legal requirements, strategies, and global framework for the implementation of risk management. It also deals with fraud and reputation risk management and how the negative reputation of an entity may harm the operations and profitability.
This white paper may be useful in performing the advisory role in Risk Management and Risk Governance.
“Today’s fast-paced business environment encounters a complex and ever-changing risk landscape that may negatively impact organizational value. The only way to respond to it is by having a dynamic and holistic perspective of the risk management approach to ensure business continuity.”
– Jack Zahran, President, Pinkerton
This document outlines 8 key drivers of effective enterprise risk management: 1) having a clear risk management strategy, 2) properly assigning risk ownership, 3) ensuring all roles have the proper competencies, 4) applying risk management to strategic decision making, 5) establishing processes for day-to-day operations, 6) ongoing monitoring, 7) periodic internal audits, and 8) establishing a strong risk culture with proper board oversight. Effective risk management requires addressing all these aspects and aligning them with the organization's objectives.
The document proposes a 360 Degree Risk Management Model to help organizations holistically manage risks. The model comprises people, processes, tools, and governance to 1) identify risks early, 2) mitigate negative risks, and 3) leverage learnings from risks to enhance competencies. Key aspects of the model include a corporate risk database, risk analytics dashboards, and knowledge sharing programs. The document argues the model can help organizations gain competitive advantages and improve outcomes by taking a more holistic view of risks.
The document discusses strategic risk and opportunity management. It provides information on:
- The importance of identifying, assessing, and responding to risks and opportunities to ensure objectives are achieved.
- Categories of risks including corporate, service, and project risks.
- A framework for risk management that includes identification, analysis, response, monitoring and reporting of risks.
- The objectives of embedding risk management into planning and decision making processes.
The document discusses a risk management software system called the Governance Portal. It provides an integrated solution that enables leading risk practices, including risk assessment, loss event tracking, key indicator monitoring, and action plan management. The system helps align risk assessment with corporate goals. It supports a forward-looking assessment of multiple risk inputs to provide comprehensive reporting and focus on high-risk areas. Several companies are highlighted that use the system successfully for tasks like internal control review and risk management.
Internal Audit And Internal Control Presentation Leo WachiraJenard Wachira
Internal auditing and internal controls are important functions for oversight and governance. Internal auditing provides independent assurance to help an organization accomplish its objectives. It evaluates risk management, controls, and governance processes. Internal controls consist of control environment, risk assessment, information and communication, monitoring, and control activities. The purpose is to help an organization achieve its goals. Common weaknesses include human error, deliberate circumvention, management override, and cost considerations.
The document provides information about Spire Advisors Pvt Ltd, a risk management firm. It discusses Spire's risk management solutions which include risk-based internal audits, compliance audits, internal financial controls, IT audits, and standard operating procedures. It then goes into further detail about Spire's approach to risk-based internal audits, compliance audits, and internal financial controls. The document emphasizes the importance of these risk management processes and Spire's role in providing professional services around them.
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
The webinar covers:
• The start of any Enterprise Risk Management Program
• The approach to developing a framework that will assist organizations to integrate RM into their enterprise-wide risk management systems
• The relationship between the foundations of the risk management framework and their objectives
Presenter:
This webinar was presented by M. Youssef K, an executive consultant & trainer with several qualifications. He is an accomplished expert with over 10 years’ experience in the field of risk management, project and program management, PRINCE 2, Agile, EVM, business process analysis and design, as well as operational and organizational excellence.
Link of the recorded session published on YouTube: https://youtu.be/9fO-JqENL0I
You will construct a manual for your company that defines the Risk M.pdfthangarajarivukadal
You will construct a manual for your company that defines the Risk Management Policy for all
future projects. For this, you can adopt the perspective of either a: - Option 1: o For Profit
Company that develops new products, and each product might be considered a project. For this
you will adopt the perspective of a Project Management Office (PMO) and you are developing
the manual that is used by all Project Managers (PM) who will be conducted a risk assessment
for all future projects. - Option 2: o City or town that has many projects in development or
underway, such as park operations, traffic operations, public works, etc… For this you will adopt
the perspective of a risk manager for a production facility or city/town, and you are drafting
policy for risk assessments of worker safety Whether you select Option 1 or Option 2, you will
draft the manual using the tools and materials that we have reviewed in Weeks 1 through 4 of
this class. The manual should be in a form such that a reasonably educated and informed
individual is able to pick the manual up, and have enough guidance for implementing the policy.
If you think about some of the documents we have reviewed thus far, they are a mix of policy,
guidance and specific methodologies. Your manual should follow the same general form: - What
is the general purpose of the manual - What is the interaction between policy and implementation
- What specific method are employed to assess the risk so that it can be managed It is expected
that - you will select two or more (but certainly not all) of the methods from the ISO and USCG
documents as the official method used to assess risk within your organization. - Offer guidance
as to when some specific method should be employed. Notice that this format follows the USCG
Risk-based Decision Making (RBDM) wherein they offer substantive guidance as to which
method should be used for which situation. This is compared to the ISO document which offers
generalities as to risk management policy, but offer limited guidance as to when to use specific
methods. Therefore, the project is NOT expected to be 27 pages of text (for example), but it IS
expected to be more than 5. Maybe 10? It all depends on what is necessary to get the job done. -
It is up to you, the student, to determine what is required based on your understanding of the
material thus far, and to draft a manual that is robust enough that you would feel comfortable
submitting to your supervisor if that supervisor asked for a risk management manual to be
drafted. The basic question is: what do you think this manual would look like? - What is you
organizational process for answering the 5 questions for any new project that is being considered
- There should be enough procedure and guidance information that the user is able to open the
document and leverage it towards a robust risk assessment that can be applied to the 90%
situation - Submit this as a ‘professional’ manual that you might find in the risk ma.
The audit concluded that Finance Canada has developed an adequate Corporate Risk Profile and established an Integrated Risk Management function in line with guidelines. Some elements of the communication strategy from the Corporate Risk Profile have not been fully implemented. The Department has identified key risks but could improve awareness of risk management practices among staff through better communication.
Similar to Case Study - Leveraging Risk Management for Future Growth - Published Final Copy (20)
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
1. CaseStudy
April 2016
Kevin Fryatt
Leveraging Risk Management for
Future Growth: A Business Case of
UNTU Microfinance in Zimbabwe
Growth
Risk ManagementStrategy
Accountability
Zimbabwe
Leadership
Benefits
Confidence
Shocks
AppetiteDelinquency
Formalize
Identify
Measure
Prioritize
Monitor
Manage
Assess
Strategize
Plan
Execute
Evaluate
RMGM
RIM
Appropriate
TripleJump
Liquidity risk
Marketshare
Best practices
Independence
Comprehensive
Improvement
Uncertainty
UNTU Microfinance
UNTU
Financial institutions are continuously looking for investments that will sustainably
setting itself apart from its competitors and positioning itself to create long-term
in Zimbabwe and how it improved its risk management through adopting the Risk
Management Graduation Model.
2. 1
1. Figures as of September 2015.
Introduction
and other organizations of its kind, the
or UNTU, is faced with a variety of risks
it must manage in order to continually
create economic and social value for its
stakeholders. One risk posing a constant
threat in Zimbabwe is liquidity risk, which
is due to a shortage of liquidity in the
local market, lack of foreign investment
in the country, and ongoing delinquency
challenges. Under these conditions, the
engaged in salary and agricultural lending
to consider diversifying their loan books.
Despite the challenges faced in Zimbabwe,
UNTU has persevered and become one of
country.
Since its founding in 2009, UNTU has been
able to take advantage of low penetration
rates in the informal sector and grow its loan
services to clients through six branches
with a focus on providing individual loans
1
Building
of operation, UNTU plans to leverage its
success toward increased growth and
with growth comes the need to develop a
formal system that can decentralize and
integrate risk management, as well as
evaluate and manage the risk inherent to
growth.
Role of Risk Management
The role of the risk management function
for UNTU is to identify, measure, prioritize,
monitor, and manage all risks faced by
the business. However, UNTU’s lean
organizational structure in its early stages of
growth, along with its largely undocumented
and informal risk management process,
have meant relying heavily on the technical
A fully established risk management function
will have all “three lines of defense”: the
business line operations, risk management
function, and internal audit. However, for
UNTU, as is the case with many smaller
UNTU develops, the functions of risk taker
the full realization of an independent risk
management function. This will allow UNTU
to identify, measure, prioritize, monitor,
and actively manage all risks faced by the
business within the company’s board-
approved risk management framework.
management function formally and in a way
that makes it central to the core functioning
of the business, it can realize several
risk management function.
3. 2
2. A risk management framework must always be comprehensive in nature so as to consider the full array of risks to which a
needs aligned with future growth plans.
Risk Management Graduation Model for MFIs,
available at http://www.riminitiative.org/graduation-model/#toggle-id-5.
Developing UNTU’s Risk
Management Framework:
Leading by Example
UNTU’s goal in developing a formal risk
management framework was to create
a scalable set of policies, limits, and risk
management and monitoring tools for
executing a risk management process that
is thorough and continuous.
framework, UNTU considered the following
important factors:
1. Compliance with or adaptability to Reserve
Bank of Zimbabwe guidelines
2. Comprehensiveness2
3. Scalability3
4. Appropriateness4
Faced with the common challenge of limited
engaged in a step-by-step, institutional
process of improving risk management
which allowed it to not only tailor its risk
management framework to its institutional
needs, but also ensure that its framework
was in line with international best practices.
5
because it wanted a risk management
framework that would help UNTU identify
areas of excellence as well as areas of
improvement and be benchmarked against
global best practices. UNTU followed
management outlined in the chart on pages
3 and 4. This process is recommended
bottom-line mission regardless of
organizational size, legal status, or number
of years in existence. Shown next are the
detailed steps of this process and insights
into UNTU’s experience with implementing it.
4. 3 4
Institutional Risk Management Improvement Process6
Internal Staffing, External Expertise,
Financing, Strategy Alignment
IDENTIFY
Determine institutional
tier level
ASSESS
Determine institutional
readiness and adherence
to Risk Management
Graduation Model
guidelines
PLAN
Determine tactical
work plan for risk
management
improvement
strategy
EXECUTE
Implement risk
management
improvement
strategy
EVALUATE
Evaluate risk management
improvement strategy
success
STRATEGIZE
Determine institutional
Risk Management
Graduation Path
Evaluation Methods and Measures of Success
Success Factors
Using RMGM adherence level as a quantifiable and
measurable goal
Management Risk Committee Coordinator reviewing
progress of risk management improvement
Reassessing RMGM adherence prior to next strategic
planning exercise, engaging Internal Audit for
independence
Key Stakeholders Involved
Board of Directors
Chief Executive Officer
Internal Auditor
Management Risk Committee
•
•
•
•
•
•
•
Project Management, Availability,
and Accountability
Success Factors
Ensuring clear responsibility and ownership through a
newly formed Management Risk Committee.
Ensuring buy-in with Board of Directors, senior
management, and staff.
Board Credit Committee assuming role of oversight to
Management Risk Committee.
Key Stakeholders Involved
Board of Directors
Chief Executive Officer
Management Risk Committee
Key Stakeholders Involved
Board of Directors (review only)
Chief Executive Officer
Credit Manager
Managers
(representing all key departments)
Internal Audit
Success Factors
Priority given to internal human resources in order
to develop ownership in the process
All stakeholders involved in reviewing the
Graduation Path to develop internal buy-in
Management Risk Committee formed to ensure a
clear plan for implementation, communication, and
monitoring of Graduation Path implementation
Internal Audit reviewed and approved the
Graduation Path to ensure alignment with their
own recommendations
6. For more information, please visit http://www.riminitiative.org/improvement-process/
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Assessment Tool
Success Factors
Objective assessment carried out, comparing written
policies and procedures, interviewee responses, and
practical observations
Information cross-checked with multiple departments
to assess accuracy
External auditors’ input provided history and
objective opinion
Designated staff assigned to coordinate assessment
CEO provided with frequent progress reports and
highlights
Key Stakeholders Involved
Board of Directors
Chief Executive Officer
Credit Manager
Managers
(representing all key departments)
Internal and External Audit
Branch staff
Clients
•
•
•
•
•
•
•
•
•
•
•
•
Graduation Path
Success Factors
Graduation Path workshop and strategic planning
workshop occurred concurrently
UNTU focused on quick wins
UNTU prioritized risk management improvement
goals which facilitated the achievement of other goals
Key Stakeholders Involved
Board of Directors (review only)
Chief Executive Officer
Credit Manager
Managers
(representing all key departments)
•
•
•
•
•
•
•
Risk Management Graduation Model
Success Factors
UNTU was forward-looking and aligned its tier level
with its future strategic goals of scale and growth.
Initially identified as Tier 3, UNTU chose to be
assessed and build out risk management structures
according to a higher tier category - Tier 2.
Key Stakeholders Involved
Board of Directors
Chief Executive Officer
Management Team
(Senior and Middle)
• •
•
•
5. 5
Step 1: Identify – Determine
Institutional Tier Level7
Developing a risk management function
appropriate to UNTU’s institutional tier level
ensures that UNTU allocates resources
to systems and structures which are
best suited to its stage of organizational
development. UNTU proactively chose
is currently in transition from Tier 3 to Tier
the years to come the activities it carries
out regarding its organizational readiness
and development of its risk management
capacity align with its goal of becoming a
Tier 2 institution.
Step 2: Assess – Determine
Institutional Readiness and
Adherence
management rests on having solid
organizational foundations in place,
including governance and strategy,
risk culture, and internal control and
a management information system.8
UNTU’s on-site assessment of its
institutional readiness was conducted
its organizational foundations, risk
management categories, and ability to
manage and monitor its financial and
House is depicted in Figure 1.
UNTU and its partner Triple Jump Advisory
Services hired an external consultant to
lead it through this assessment. All of
UNTU’s key business documents were
reviewed along with its policies and
with board members, an external auditor,
senior management, department heads,
branches. Through this assessment,
the consultant aimed to determine the
adequacy of UNTU’s policies, procedures,
and risk management structures, as
well as the adequacy of its current risk
management and monitoring tools.
The assessment was able to identify
foundational areas to strengthen with
relatively minimal investment, allowing
UNTU to focus more time and resources
on developing the formal risk management
function. The results of the assessment are
provided in Figure 2.
Risk Management Graduation Model for
MFIs.
Risk Management
Graduation Model for MFIs.
Figure 1 – Risk Management House
6. 6
Step 3: Strategize – Determine
Institutional Risk Management
Graduation Path
plan through which UNTU can proactively
address key risk management gaps vis-à-vis
Figure 3, enabled them to prioritize the closing
of key risk management gaps, such as a
as part of its strategic and operational plans.
funding sources, UNTU assigned immediate
priority to address critical gaps in credit,
risk while recruiting a CFO to assume that
duty. The new CFO has subsequently
assumed this duty.
Step 4: Plan – Determine Tactical
Work Plan for Risk Management
Improvement Strategy
focus its improvement of credit risk
management on activities in which
they could leverage internal personnel,
40%
20%
0%
60%
80%
100%
Management
Management
Floor: StrategicRoof: Financial and
Full Tier 2
Adherence
2016 2017 2018 2020 and Beyond
Financial &
Social Goals
Strategic Risk
Financial Risk
Credit Risk
7. 7
thereby building ownership of its risk
management function. This aligned
with the strategic focus on growing
market share while managing risk of the
institution’s largest asset, the loan book.
identified areas that will need sourcing of
external support.
To build the sense of ownership
over risk management that UNTU
desires, the Board Credit Committee’s
recommendations to management have
enhances the board’s involvement in risk
management decisions and maximizes
the follow-up to bridge the prioritized
and strategic gaps.
Step 5: Execute – Implement
Risk Management Improvement
Strategy
For effective execution of its risk
management improvement strategy,
UNTU must ensure that the board,
senior management, and staff exhibit the
necessary buy-in to ensure accountability
in the implementation process and
subsequent risk management function.
The risk management improvement
process at UNTU will be managed and
Risk Committee. This committee is
composed of key department heads
one year. This group will operate during
UNTU’s transition from risk management
through the “first and third lines of
risk management through the newly built,
separate “second line of defense,” the
risk management department itself. As a
plays a key role in risk management.
The committee’s sole purpose is to
manage the development of UNTU’s risk
management function by managing and
Additionally, UNTU has developed a risk
dashboard and matrix which integrates
Committee’s reports, which will chart
included in the Board Credit Committee’s
before reporting the outcome to the Board
Audit Committee.
Step 6: Evaluate – Evaluate the
Success of Risk Management
Improvement Strategy
and implementation will require a clear
definition of what success looks like.
implementation success through a number
of key metrics, including:
• Whether risk metrics are being analyzed,
reported, and monitored at appropriate
8. 8
with annual strategic planning, and
against yearly goals.
As a market leader in risk management
risk management framework through the
stakeholders that yields a shared
conceptual understanding of the
risk management process using a
comprehensive framework.
gaps using world-class benchmarks
that also takes into account future
issues arising from institutional growth.
• Developing an action plan which
management of key risks and greater
• Having the ability to measure progress
using a robust framework which can
communicate specifically how the
institution has attained company-
wide goals.
management improvement process and
us to critically think through the key risk
management issues, using best-in-class
9. www.riminitiative.org
info@riminitiative.org
1 (202) 684-9371
1050 17th Street NW
Suite 550
Washington, DC 20036
Founding Members Contributing Members
Risk management Initiative in Microfinance (RIM) is a collaboration
of organizations with a vested interest in raising the standards of risk
management in the microfinance industry.
About the Author
Special Thanks
Additional Information
For more information:
• UNTU: visit www.untu-capital.com.
• Triple Jump Advisory Services: visit or contact
• : visit www.riminitiative.org or contact Kevin Fryatt,