Presentation given by Vincent Tophoff, IFAC Senior Technical Manager, on risk management and internal control at the Second International ISO 31000 Conference in Toronto, May 2013.
Enterprise Risk Management provides decision makers with a
realistic picture of likely
outcomes to their strategic initiatives by integrating risk into the cost benefit analysis of
all strategic investments.
Integrating Risk into your Balanced Scorecard Andrew Smart
Â
Pulling together into a single framework the two separate disciplines of strategy management and risk management, and how it is possible to integrate it with Balanced Scorecard. This presentation provides a practical guide for organizations to shape and execute sustainable strategies with full understanding of how much risk they are willing to accept in pursuit of strategic goals.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS - Firm-wide Risk Control & Methodology) voor het Zanders Risicomanagement Seminar 1 november 2012
Presentation given by Vincent Tophoff, IFAC Senior Technical Manager, on risk management and internal control at the Second International ISO 31000 Conference in Toronto, May 2013.
Enterprise Risk Management provides decision makers with a
realistic picture of likely
outcomes to their strategic initiatives by integrating risk into the cost benefit analysis of
all strategic investments.
Integrating Risk into your Balanced Scorecard Andrew Smart
Â
Pulling together into a single framework the two separate disciplines of strategy management and risk management, and how it is possible to integrate it with Balanced Scorecard. This presentation provides a practical guide for organizations to shape and execute sustainable strategies with full understanding of how much risk they are willing to accept in pursuit of strategic goals.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS - Firm-wide Risk Control & Methodology) voor het Zanders Risicomanagement Seminar 1 november 2012
5. Value and Resilience Through Risk Management
āļāļļāļāļāđāļēāđāļĨāļ°āļāļ§āļēāļĄāļĒāļ·āļāļŦāļĒāļļāđāļāļāđāļēāļāļāļēāļĢāļāļĢāļīāļŦāļēāļĢāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļ
20. Identify the
risks
and define
a framework
Evaluate the
risks
Assess risk
appetite
Identify
Suitable
responses
to risk
Gain
Assurance
About the
effectiveness
Embed and
review
āļ§āļāļāļĢāļāļēāļĢāļāļĢāļīāļāļēāļĢāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļāđāļāļīāļāļāļĨ
āļĒāļļāļāļ āđ
51. 5Ts of Risk Management
I K
R
S
1. Tolerate āļāļēāļĢāļĒāļāļĄāļĢāļąāļāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļ
2. Treat āļāļēāļĢāļĨāļ/āļāļ§āļāļāļļāļĄāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļ
3. Transfer āļāļēāļĢāļāļĢāļ°āļāļēāļĒ/āđāļāļāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļ
4. Terminate āļāļēāļĢāļŦāļĨāļĩāļāđāļĨāļĩāđāļĒāļāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļ
5. Take āļāļēāļĢāļāļ§āļĒāđāļāđāļāļĢāļ°āđāļĒāļāļāđ
54. āļĢāļđāļāđāļāļāļāļāļāļāļēāļĢāļāļ§āļāļāļļāļĄ āļĢāļēāļĒāļĨāļ°āđāļāļĩāļĒāļ
Directive :
āļāļēāļĢāļāļēāļŦāļāļāđāļŦāđāļāļēāļāļēāļĄāļŦāļĨāļąāļ āļāļāđāļāļāļāđ
āđāļĨāļ°āļāļĢāļ°āļāļ§āļāļāļēāļĢāļāļĩāđāļāļēāļŦāļāļāđāļ§āđ āđāļāļ·āđāļ
āļŦāļĨāļĩāļāđāļĨāļĩāđāļĒāļāļŠāļāļēāļāļāļēāļĢāļāļĩāđāļĄāļĩāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļ
āđāļāđāļ āļāļļāļāļāļēāļāļēāļāđāļāļāļĩāđāļāļąāļāļāļĢāļēāļĒ āļāļēāļĢ
āļāļķāļāļāļāļĢāļĄāļāđāļāļāļāļēāļāļēāļ
Designed to ensure that the particular
outcome is achieved. Typically associated
with health and safety. Wearing protective
clothing during performance of dangerous
tasks, or insisting on staff being trained
before starting a project. Also includes risk
sharing (e.g. insurance).
Preventive:
āļāļēāļĢāļāļ§āļāļāļļāļĄāļāļĩāđāļĄāļļāđāļāļĨāļāļāļĨāļāļĢāļ°āļāļāļāļąāļāđāļĄāđ
āļāļķāļāļāļĢāļ°āļŠāļāļāđāđāļŦāđāđāļŦāļĨāļ·āļāļāđāļāļĒāļāļĩāđāļŠāļļāļ āđāļāđāļ
āļāļēāļĢāđāļāđāļāđāļāđāļ āļāļēāļĢāļŠāļąāđāļāļāđāļēāļĒ āļāļēāļĢāđāļŦāđ
Designed to limit the possibility of an
undesirable outcome being realized. The
majority of controls fall into this category.
Separation of duty to prevent fraud is an
example.
āļ§āļīāļāļĩāļāļēāļĢāļāļ§āļāļāļļāļĄāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļāļāļēāļĄāļŦāļĨāļąāļāļāļēāļĢāļāļ§āļāļāļļāļĄ
āļ āļēāļĒāđāļ:āļāđāļāļ
55. āļĢāļđāļāđāļāļāļāļāļāļāļēāļĢāļāļ§āļāļāļļāļĄ āļĢāļēāļĒāļĨāļ°āđāļāļĩāļĒāļ
Detective:
āļāļēāļĢāļāļ§āļāļāļļāļĄāļāļĩāđāļĄāļļāđāļāļāđāļāļŦāļēāļ§āđāļē āļāļĨāļĨāļąāļāļāđāļāļĩāđāđāļĄāđāļāļķāļ
āļāļĢāļ°āļŠāļāļāđāļāļąāđāļ āđāļāļīāļāļāļķāđāļāļĄāļēāđāļāđāļāļĒāđāļēāļāđāļĢ āđāļāļ·āđāļāđāļāđāļ
āļāļāđāļĢāļĩāļĒāļāļŠāļēāļŦāļĢāļąāļāļāļāļēāļāļāđāļāđāļ āļāļēāļĢāļāļĢāļ§āļāļāļąāļ
āļŠāļīāļāļāđāļēāļāļāļāļĨāļąāļ āļāļēāļĢāļāļāļāļ§āļāļŦāļĨāļąāļāļāļēāļĢāļāļē
āļāđāļĒāļāļēāļĒāļāļēāļāļāļĒāđāļēāļāđāļāļāļāļīāļāļąāļāļī
Designed to identify occasions of
undesirable outcomes having been
realised. Their effect is after the event, so
they are only appropriate where it is
possible to accept the loss or damage
incurred. Examples include stock or asset
checks, reconciliations an post-
implementation reviews that identify
lessons learned from projects for future
application.
Corrective:
āļāļēāļĢāļāļ§āļāļāļļāļĄāļāļĩāđāļĄāļļāđāļāđāļāđāđāļāļāļĨāļĨāļąāļāļāđāļāļĩāđāđāļĄāđāļāļķāļ
āļāļĢāļ°āļŠāļāļāđ āļŦāļĢāļ·āļāļāļĢāļĢāđāļāļēāļāļĨāļāļĢāļ°āļāļāđāļŦāđāļāļļāđāļĨāļēāļĨāļ
āđāļāđāļ āļāļēāļĢāđāļāļĩāļĒāļāđāļāļ·āđāļāļāđāļ āđāļāļŠāļąāļāļāļēāđāļŦāđāļĄāļĩāļāļēāļĢ
āļāļāđāļāđāļŦāļēāļāļĄāļĩāļāļēāļĢāļāđāļēāļĒāđāļāļīāļāđāļāļīāļ
Designed to correct undesirable outcomes that
have been realised. They provide a route of
recourse to achieve some recovery against loss
or damage. An example of this would be design
of contract terms to allow recovery of
overpayment. Insurance can be regarded as a
form of corrective control.
āļ§āļīāļāļĩāļāļēāļĢāļāļ§āļāļāļļāļĄāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļāļāļēāļĄāļŦāļĨāļąāļāļāļēāļĢāļāļ§āļāļāļļāļĄ
āļ āļēāļĒāđāļ:āļŦāļĨāļąāļ
64. āļŠāļĩ āļŠāļāļēāļāļ°
āļŠāļĩāļāļēāļ§ āđāļāđāļāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļāļāļķāđāļāļĒāļąāļāđāļĄāđāļŠāļēāļĄāļēāļĢāļāļāļēāđāļāļīāļāļāļēāļĢāļāļĢāļīāļŦāļēāļĢāļāļąāļāļāļēāļĢ āļāļāļāļ§āđāļēāļāļ°āļĄāļĩāļāļ§āļēāļĄāļāļĢāđāļāļĄāļŦāļĢāļ·āļāļāļķāļ
āļāļēāļŦāļāļāļĢāļ°āļĒāļ°āđāļ§āļĨāļēāļāļĩāđāđāļŦāļĄāļēāļ°āļŠāļĄ āļāļąāļāļāļąāđāļ āļāļķāļāļĒāļąāļāđāļĄāđāļŠāļēāļĄāļēāļĢāļāļĢāļēāļĒāļāļēāļāļāļ§āļēāļĄāļāļ·āļāļŦāļāđāļēāđāļāđ
āļŠāļĩāđāļāļ āļĒāļąāļāđāļĄāđāļĄāļĩāļāļ§āļēāļĄāļāļ·āļāļŦāļāđāļēāđāļāļāļēāļĢāļāļēāđāļāļīāļāļāļēāļĢ
āļŠāļĩāđāļŦāļĨāļ·āļāļ āļĄāļĩāļāļ§āļēāļĄāļāļ·āļāļŦāļāđāļēāđāļāļāļēāļĢāļāļēāđāļāļīāļāļāļēāļĢāļāļēāļĄāđāļāļāļāļĢāļīāļŦāļēāļĢāļāļąāļāļāļēāļĢāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļ āđāļāđāļĒāļąāļāđāļĄāđāļĄāļĩāļŦāļĨāļąāļāļāļēāļ
āļāļąāļāđāļāļāļ§āđāļē āļāļēāļāļēāļĄāđāļāļāđāļĨāđāļ§āđāļāđāļāļĨāđāļāļāļēāļĢāļĨāļāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļāļŦāļĢāļ·āļāđāļĄāđāđāļāļĩāļĒāļāđāļ
āļŠāļĩāđāļāļĩāļĒāļ§ āļĄāļĩāļāļ§āļēāļĄāļāļ·āļāļŦāļāđāļēāđāļāļāļēāļĢāļāļēāđāļāļīāļāļāļēāļĢāļāļĩ āļŠāļāļāļāļĨāđāļāļāļāļąāļāļāļąāđāļāļāļāļāļāđāļēāļāđāļāļāļāđāļāļĢāļāļāļēāļĢ āđāļĨāļ°āļĄāļĩ
āļŦāļĨāļąāļāļāļēāļāđāļŠāļāļāļāļĨāļāļēāļĢāļāļĢāļīāļŦāļēāļĢāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļ
āļŠāļĩāļāđāļēāđāļāļīāļ āļŠāļēāļĄāļēāļĢāļāļāļāļīāļāļąāļāļīāļāļēāļĄāđāļāļāđāļāđāļāļĒāđāļēāļāļāļĢāļ°āļŠāļāļāļ§āļēāļĄāļŠāļēāđāļĢāđāļ āđāļĨāļ°āđāļāđāļāļĨāļāļēāļĄāļāļĩāđāļāļąāđāļāđāļāđ āļēāļŦāļĄāļēāļĒāđāļāļāļēāļĢ
āļĨāļāļāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļāļāļļāļāļāļĢāļ°āļāļēāļĢ
Unacceptable risk
Acceptable risk
Risk
tolerance
line
VH
H
M
L
VL
VL L M H VH
āļāļĨāđāļĢāļ°āļāļ Impact
Likelihood
āđāļāļāļēāļŠāļāļ°āđāļāļī
āļ
āļāļ§āļēāļĄāđāļŠāļĩ
āđ
āļĒāļ
65. OBJECTIVE â TO Travel from A to B in time for an important meeting
RISK
Inherent
assessment
CONTROLS
IN PLACE
Residual
assessment
ACTION
PLANNED
TARGET
DATE
owner
Impact Likelihood Impact Likelihood
Missing a
train
makes me
late for
the
important
meeting
High High Catch train
one earlier
than I
actually need
High Low No further
action
planned
M.Y.
Self
Severe
weather
prevents
the train
from
running
High Low Cannot
control
High Low Telephone
conferencin
g facility to
be installed
as a
contingency
August A.N.
Other
Engineerin
g works
make the
train late
High Medium Check for
engineering
Works and
arrange
flexibility
with
People I am
meeting
Medium Low No further
action
Planned
M.Y.
Self
āļāļąāļ§āļāļĒāđāļēāļāļāļāļāļāļēāļĢāļāļąāļāļāļēāđāļāļāļŠāļēāļĢāļĢāļēāļĒāļāļēāļāļāļēāļĢāļāļĢāļ°āđāļĄāļīāļāđāļĨāļ°
āļāļēāļĢāļāļĢāļīāļŦāļēāļĢāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļ