SlideShare a Scribd company logo

Improve Your Risk Assessment Process in 4 Steps

Resolver Inc.
Resolver Inc.

This presentation will show you 4 steps you can take to improve the risk assessment process in your organization.

Software
1 of 30
Download to read offline
IMPROVE YOUR RISK ASSESSMENT PROCESS, DRIVE TRANSFORMATIVE RESULTS… …IN 4 EASY STEPS, TRULY FUTUREPROOF 2014
I’VE HAD THE PRIVILEGE OF LEADING RISK ASSESSMENT ACTIVITIES WITHIN MANY GREAT ORGANIZATIONS… …WITNESSING WHAT WORKS AND, SOMETIMES, WHAT DOESN’T • Lenovo • Hewlett-Packard • Verizon • EDS • Johnson Controls • BHP Billiton • Hong Kong MTR • Kodak • Gap • Caterpillar • General Motors • Lear • China - State-owned Assets Supervision & Administration Commission (SASAC) • Etc.
RISK ASSESSMENT - EY SURVEY RESULTS #1 “ADJUSTMENT” – IMPROVE THE RISK ASSESSMENT PROCESS 1 2
RISK ASSESSMENT WITHIN THE BROADER, AND DYNAMIC, CORPORATE GOVERNANCE CONTEXT 4 KEY DRIVERS & INFLUENCES Shareholder Expectations • Institutional • Individual Government • Regulation • Monitoring • Support Financial • Rating agencies • Listing standards • Bondholders Other Stakeholders • Employees • Suppliers • Customers • Trade unions • Special interest groups Other factors • Competition • Disruptive technology • Macroeconomic events BOARD & AUDIT COMMITTEE EXECUITVE MANAGEMENT Business Unit Finance & Accounting Legal Human Resources IT Supply Chain Capital Projects Key objectives, targets, KPIs, Balanced scorecard, risk appetite - Define - Communicate - Monitor & refine Maximum foreseeable impact, likelihood, control effectiveness - Drive appropriate, responsive action - Define and monitor KRIs Manual, automated, prevent/detect, mitigating Document - Test - Remediate - Transform - Monitor for exceptions Compliance management program - Track regulations - Update policies - Train & enable IDENTIFY & ASSESS KEY RISKS MONITOR & ENHANCE CONTROLS ENSURE COMPLIANCE ESTABLISH THE CORPORATE STRATEGY          EXAMPLE - Internal Controls over Financial Reporting (SOX) EXAMPLE - Foreign Corrupt Practices (FCPA) EXAMPLE - Payment Card Industry (PCI) ASSURANCE&MONITORING IT SYSTEMS & DATA REPORTING&COMMUNICATIONS
RISK ASSESSMENT AN IIA PERSPECTIVE • “Practice Advisory 2120-2 - Every organization will experience control breakdowns. Often times when controls fail or frauds occur, someone will ask: “Where were the internal auditors?” The internal audit activity could be a contributing factor due to: – Lack of an effective risk assessment process to identify key audit areas during the strategic risk assessment, as well as areas of high risk during the planning of individual audits – as a result, failure to do the right audits and/or time wasted on the wrong audits.”
RISK ASSESSMENT IF ONLY IT WERE SIMPLE 1. Identifying risks to achieving objectives requires – objectives. If a robust strategic planning process is absent, risk assessment may take on the role of surrogate. 2. Risk assessment is often relegated to “off-cycle” periods (after planning, budgeting and forecasting is complete) - wherein management is available but the results are significantly less relevant and/or impactful 3. Risk assessment output is unreliable due to insufficient information and/or requisite expertise, groupthink, dominant voice in the room, bias, anchoring, CYA behaviours, etc. 4. The process: 1. Promotes enterprise list management rather than enterprise risk management 2. Evokes unenthusiastic support from executive management: “I have a business to run”… “How long will this workshop last?” 3. Produces reports and heat maps that fail to drive appropriate, responsive action(s) 5. Other challenges?
RISK ASSESSMENT A TIME OF UNPRECEDENTED OPPORTUNITY 1. Boards are getting more progressive, proactive… and nervous 2. Management desires to reduce cost and increase value 3. Internal auditors desire to get more out of life 4. Simple shifts in your risk assessment approach have the potential to transform: – levels of executive and board engagement – value and relevance of outputs – internal audit’s stature in the organization – your relationship with the AC chair
4 SIMPLE STEPS 1. Get the timing right 2. Ensure that identified risks, are truly risks - and not simply stating the inverse of an objective, i.e. “Failure to…” 3. Review/enhance your risk assessment criteria – to better inform/drive responsive action 4. Produce simple, palatable risk reports - that align and integrate with the organization’s planning and performance management reports
#1 – GET THE TIMING RIGHT • Align and integrate with: – Planning, budgeting & forecasting cycles – Board and executive reporting – KPIs, key incentives 10 Planning Risk Assessment Budgeting Forecasting Planning Budgeting Forecasting Risk Assessment Typical Better practice
6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control. Risk Assessment #1 – GET THE TIMING RIGHT COSO 2013 UPDATE - PRINCIPLES OF EFFECTIVE INTERNAL CONTROL
#1 – GET THE TIMING RIGHT “ANCHOR” YOUR RISK ASSESSMENT 12 • Benefits • Risk are more readily identified • Greater ownership, relevance and value • Often described by interviewees as the “risks that matter” Strategic Objective 1 Strategic Objective 2 Strategic Objective 3 Key Risk 1 Key Risk 2 Key Risk 3 Key Risk 4 Key Risk 5 Key Risk 6 Core Operational Objective 1 Core Operational Objective 2 Core Operational Objective 3
#2 - ENSURE THAT IDENTIFIED RISKS - ARE TRULY RISKS “Risk is the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.” - Institute of Internal Auditors Note – when most people think risk, they think downside
#2 - ENSURE THAT IDENTIFIED RISKS - ARE TRULY RISKS 14 Rather, encourage respondents to identify the specific events that might trigger a failure Objective – Reach the moon safely, land on it, and then return to Earth. Risk – Failure to land on the Moon. Risk – Oxygen tank explosion “Failure to…” is not an option. And neither is, “Inability to…”
#2 - ENSURE THAT IDENTIFIED RISKS, ARE TRULY RISKS THEN, PERHAPS OFFER A DUAL-VIEW HEAT MAP IMPACT MANAGEMENT PREPAREDNESS MonitorRemediate (+) (-) Business Objectives / Initiatives Risks HighLow High High Formerly risks beginning with, “Failure to … Inability to …”
#3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA A TYPICAL HEAT MAP 1 2 3 4 IMPACT(residual) LIKELIHOOD Which risks should comprise the focus of: • Remediation • Internal audit • CSA • Etc? HighLow High
#3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA COMMON APPROACHES – AND RELATED CHALLENGES • Inherent risk - Too abstract - the notion of all controls failing, or not being present, is viewed by management as an irrelevant, academic exercise • Residual risk - Respondents tend to be overly generous and/or optimistic in their ratings
3 MAXIMUM FORESEEABLEIMPACT CONTROL EFFECTIVENESS (or, MANAGEMENT PREPAREDNESS) 1 MonitorRemediate 4 2 What is a plausible, worst-case scenario/impact? HighLow High Potential CSA- focus Potential IA-focus #3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA ALTERNATIVE, ACTION-FOCUSED APPROACH
#3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA AND ENSURE A THOROUGH, RELIABLE PROCESS Interviews Surveys Data Analytics Subject Matter Specialists External Research / Sector Risk Reports Risk description here - Causal factors • • Impacts • • Preventative / Detective Controls • • Mitigating Controls • • Improvement Opportunities • • Identify potential risks for discussion Select and profile key risks Procure • Voting hardware • AV equipment • Room Develop • Risk rating criteria • Communications to workshop participants Assess within a workshop setting
#3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA EMPLOY ANONYMOUS VOTING TECHNOLOGY, AS APPROPRIATE • Anonymous response reduces fear of reprisal and enhances candour • Enables areas of varied perception to be identified, explored and addressed • Highly efficient • Novelty enhances engagement • Enables remote participation Finally, the truth comes out Can’t believe it - but I’m actually enjoying this!
#3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA BETTER INFORM YOUR ASSURANCE AND REMEDIATION STRATEGY External audit Internal audit (in-house) Internal audit (co-source) Internal Control Function General Counsel’s Office Compliance Control Self Assessment Risk # 1 Monitor / Test Risk #2 Monitor / Test Monitor / Test Review / remediate Risk #3 GAP – NO COVERAGE Risk #4 Review / remediate Monitor / Test Risk #6 Monitor / Test Monitor / Test Risk #7 Monitor / Test Risk #8 Monitor / Test Review / remediate In-scope
#3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA ADD VALUE TO ALIGNED PROCESSES The risk assessment process An overview 5 Corporate strategy Shareholder value Capital projects Key initiatives Identify & Assess Risks • Strategic • Operational • Compliance / Legal • Financial DriveAppropriate, ResponsiveAction(s) • Assurance planning • Ongoing monitoring • Remediation planning • Further analyses • Update budgets • Continuous improvement • Etc. Performance targets Feedback & report Set Objectives
#3 – Enhance your risk assessment criteria Shifting sentiments, improving outcomes • Pessimistic • Apathetic • Naysayer • Optimistic • Engaged • Advocate Stakeholder sentiment LOW HIGH
#4 - PRODUCE SIMPLE, PALATABLE RISK REPORTS Characteristics of effective documentation • Simple, palatable & highly relevant • Common formats, measures • Providing timely information for decision making Strategic Planning & Objective Setting Budgeting & Forecasting Assurance Planning, Execution & Reporting Remediation Capital Projects & Key Initiatives Performance Management Systems & Reporting Risk Identification, Assessment & Management IT Strategy & Governance
#4 - PRODUCE SIMPLE, PALATABLE RISK REPORTS Objective Risk Rating(s) KPI and/or KRI Responsive Action Status or Planned Completion Date Outcome From planning documents From risk register From risk register Assurance or Remediation activity
IN SUMMARY ENHANCING THE RISK ASSESSMENT PROCESS & OUTCOMES 1. Thorough preparation 2. Timing the risk assessment to occur between strategic planning and budgeting cycles, as appropriate 3. Linkage to objectives – strategic, capital projects, etc. 4. Risk definitions that focus upon the risk events that could negatively impact achievement of objectives 5. Strong leadership support, e.g. a supportive “tone at the top” 6. Identification and exploration of the areas where perceptions of risk impact, likelihood and/or control effectiveness diverge 7. Input and support of relevant subject matter specialists; reliable data 8. Avoidance or reduction of group think and/or a dominant voice 9. Risk assessment criteria that effectively inform and drive responsive action 10. Simple, palatable risk reports aligned to and integrated with the organization’s planning and performance management reports – especially at the summary level 26
QUESTIONS
APPENDIX - FOR REFERENCE SAMPLE RATING CRITERIA – IMPACT Financial Operational Reputation People 5 Catastrophic • Financial loss >$X M • Loss of key systems for 5 days or more • Sustained, highly negative mentions in press • Multiple members of the leadership team exit the company • Event triggers significant, irrecoverable loss of employee morale 4 Very High • Financial loss $X to XM • Loss of key systems of 1 to 5 days • Highly negative mention(s) in press but largely recoverable within 6 months through proper crisis management • Loss of a senior leader; High turnover of experienced staff • Event triggers significant loss of employee morale but recoverable within 6 months • Generally-pervasive low morale 3 High • Financial loss $Xk to XM • Loss of key systems for 4 to 8 hours • Some negative press mentions but readily addressed and recoverable in 1 month or less • Turnover is generally higher than normal (>15%) across all areas of the company • Multiple pockets of low morale 2 Moderate • Financial loss $X - Xk • Loss of key systems for 1 to 4 hours • Generally positive press with a few isolated instances of minor negative mentions • Elevated turnover in some areas although non-critical • One or two pockets of low morale 1 Low • Financial loss <$Xk • Loss of key systems for less than 1 hour • Positive press with only a few minor recommendations for product improvement • Very isolated instances of staff dissatisfaction and/or instances of above average turnover
APPENDIX - FOR REFERENCE SAMPLE RATING CRITERIA – RECOMMENDED RESPONSE Recommended Response Urgent Perform Deep Dive Analysis Review and Enhance Enhance Monitor Rating Urgently conduct activities Perform a deep dive analysis to better understand what’s driving the risk Review & remediate current risk management activities and/or controls, as appropriate Enhance risk management activities and/or controls Monitor risk management activities and/or controls 5      4     3    2   1 
ANY QUESTIONS? 30 Brian Link brian.link@resolvergrc.com Mobile - 1 647 381 5515 Alternatively, contact me via

Recommended

Risk Assessment and Risk Assessment Matrix Presentation
Risk Assessment and Risk Assessment Matrix PresentationRisk Assessment and Risk Assessment Matrix Presentation
Risk Assessment and Risk Assessment Matrix PresentationUsama Saeed
 
Risk Management Lifecycle Process Powerpoint Presentation Slides
Risk Management Lifecycle Process Powerpoint Presentation SlidesRisk Management Lifecycle Process Powerpoint Presentation Slides
Risk Management Lifecycle Process Powerpoint Presentation SlidesSlideTeam
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability Resolver Inc.
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 
risk assessment
risk assessment risk assessment
risk assessmentSaid Al Jaafari
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteTowers Perrin
 
Risk assessment techniques a critical success factor
Risk assessment techniques a critical success factorRisk assessment techniques a critical success factor
Risk assessment techniques a critical success factorPECB
 
Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixRisk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixEtQ, Inc.
 

Recommended

Risk Assessment and Risk Assessment Matrix Presentation
Risk Assessment and Risk Assessment Matrix PresentationRisk Assessment and Risk Assessment Matrix Presentation
Risk Assessment and Risk Assessment Matrix PresentationUsama Saeed
 
Risk Management Lifecycle Process Powerpoint Presentation Slides
Risk Management Lifecycle Process Powerpoint Presentation SlidesRisk Management Lifecycle Process Powerpoint Presentation Slides
Risk Management Lifecycle Process Powerpoint Presentation SlidesSlideTeam
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability Resolver Inc.
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 
risk assessment
risk assessment risk assessment
risk assessmentSaid Al Jaafari
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteTowers Perrin
 
Risk assessment techniques a critical success factor
Risk assessment techniques a critical success factorRisk assessment techniques a critical success factor
Risk assessment techniques a critical success factorPECB
 
Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixRisk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixEtQ, Inc.
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk ManagementFAA Safety Team Central Florida
 
ISO 31000
ISO 31000ISO 31000
ISO 31000yeganehmajidi
 
RisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNT
RisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNTRisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNT
RisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNTSonu Sah
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Risk Management
Risk ManagementRisk Management
Risk ManagementStefan Csosz
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides SlideTeam
 
ISO 31000 Risk Management
ISO 31000 Risk ManagementISO 31000 Risk Management
ISO 31000 Risk ManagementRamiro Cid
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Risk Management Process in OH&S
Risk Management Process in OH&SRisk Management Process in OH&S
Risk Management Process in OH&SAhmed-Refat Refat
 
Risk management
Risk managementRisk management
Risk managementBabasab Patil
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101Wil Rickards
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A JourneyDebashis Gupta
 
Process Safety Management Fundamentals.pptx
Process Safety Management Fundamentals.pptxProcess Safety Management Fundamentals.pptx
Process Safety Management Fundamentals.pptxImtiazHussain312057
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
Risk assessment-training
Risk assessment-trainingRisk assessment-training
Risk assessment-trainingIshah Khaliq
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides SlideTeam
 
Root cause analysis
Root cause analysisRoot cause analysis
Root cause analysisRental Solutions and Services
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
 
Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...
Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...
Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...Project Controls Expo
 
Chapter 4 risk
Chapter 4 riskChapter 4 risk
Chapter 4 riskRione Drevale
 

More Related Content

What's hot

RisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNT
RisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNTRisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNT
RisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNTSonu Sah
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides SlideTeam
 
ISO 31000 Risk Management
ISO 31000 Risk ManagementISO 31000 Risk Management
ISO 31000 Risk ManagementRamiro Cid
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Risk Management Process in OH&S
Risk Management Process in OH&SRisk Management Process in OH&S
Risk Management Process in OH&SAhmed-Refat Refat
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101Wil Rickards
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A JourneyDebashis Gupta
 
Process Safety Management Fundamentals.pptx
Process Safety Management Fundamentals.pptxProcess Safety Management Fundamentals.pptx
Process Safety Management Fundamentals.pptxImtiazHussain312057
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
Risk assessment-training
Risk assessment-trainingRisk assessment-training
Risk assessment-trainingIshah Khaliq
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides SlideTeam
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
 

What's hot (20)

Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk Management
 
ISO 31000
ISO 31000ISO 31000
ISO 31000
 
RisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNT
RisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNTRisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNT
RisK, RiSk MaNaGeMeNt & EnterPRise RisK ManaGemeNT
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides
 
ISO 31000 Risk Management
ISO 31000 Risk ManagementISO 31000 Risk Management
ISO 31000 Risk Management
 
Risk identification
Risk identificationRisk identification
Risk identification
 
Risk Management Process in OH&S
Risk Management Process in OH&SRisk Management Process in OH&S
Risk Management Process in OH&S
 
Risk management
Risk managementRisk management
Risk management
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A Journey
 
Process Safety Management Fundamentals.pptx
Process Safety Management Fundamentals.pptxProcess Safety Management Fundamentals.pptx
Process Safety Management Fundamentals.pptx
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management Overview
 
Risk assessment-training
Risk assessment-trainingRisk assessment-training
Risk assessment-training
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides
 
Root cause analysis
Root cause analysisRoot cause analysis
Root cause analysis
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation Slides
 

Viewers also liked

Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...
Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...
Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...Project Controls Expo
 
Risk Assessment Clause 4
Risk Assessment Clause 4Risk Assessment Clause 4
Risk Assessment Clause 4Dipankar Ghosh
 
Jonas magnussen
Jonas magnussenJonas magnussen
Jonas magnussenjonasm87
 
Call 1-800-609-6899 Mozilla firefox-problems
Call 1-800-609-6899 Mozilla firefox-problemsCall 1-800-609-6899 Mozilla firefox-problems
Call 1-800-609-6899 Mozilla firefox-problemsDevier Smith
 
опис власного досвіду
опис власного досвідуопис власного досвіду
опис власного досвідуelisarius010309
 
Avis de l'autorité environnementale
Avis de l'autorité environnementaleAvis de l'autorité environnementale
Avis de l'autorité environnementaleMediaphoreGlobal
 
Исследование упоминаний автомобильных марок в интернет среде
Исследование упоминаний автомобильных марок в интернет средеИсследование упоминаний автомобильных марок в интернет среде
Исследование упоминаний автомобильных марок в интернет средеАлина Пиуба
 
Bab 1 TIK
Bab 1 TIK Bab 1 TIK
Bab 1 TIK aniuzta
 
2 слайд фото січ кольорова
2 слайд фото січ кольорова2 слайд фото січ кольорова
2 слайд фото січ кольороваelisarius010309
 
TIK bab 2 kelas 9
TIK bab 2 kelas 9TIK bab 2 kelas 9
TIK bab 2 kelas 9aniuzta
 
3 слайдфото січ чорно біла
3 слайдфото січ чорно біла3 слайдфото січ чорно біла
3 слайдфото січ чорно білаelisarius010309
 

Viewers also liked (20)

Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...
Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...
Project Controls Expo, 18th Nov 2014 - "Enterprise Project & Risk Analysis in...
 
Chapter 4 risk
Chapter 4 riskChapter 4 risk
Chapter 4 risk
 
Risk Assessment Clause 4
Risk Assessment Clause 4Risk Assessment Clause 4
Risk Assessment Clause 4
 
Jonas magnussen
Jonas magnussenJonas magnussen
Jonas magnussen
 
project
projectproject
project
 
Mother courage txxxxt
Mother courage txxxxtMother courage txxxxt
Mother courage txxxxt
 
Call 1-800-609-6899 Mozilla firefox-problems
Call 1-800-609-6899 Mozilla firefox-problemsCall 1-800-609-6899 Mozilla firefox-problems
Call 1-800-609-6899 Mozilla firefox-problems
 
Kannagi Resume
Kannagi ResumeKannagi Resume
Kannagi Resume
 
кава !!!!
кава !!!!кава !!!!
кава !!!!
 
Anil_Bailwal
Anil_BailwalAnil_Bailwal
Anil_Bailwal
 
опис власного досвіду
опис власного досвідуопис власного досвіду
опис власного досвіду
 
Avis de l'autorité environnementale
Avis de l'autorité environnementaleAvis de l'autorité environnementale
Avis de l'autorité environnementale
 
Исследование упоминаний автомобильных марок в интернет среде
Исследование упоминаний автомобильных марок в интернет средеИсследование упоминаний автомобильных марок в интернет среде
Исследование упоминаний автомобильных марок в интернет среде
 
Bab 1 TIK
Bab 1 TIK Bab 1 TIK
Bab 1 TIK
 
2 слайд фото січ кольорова
2 слайд фото січ кольорова2 слайд фото січ кольорова
2 слайд фото січ кольорова
 
9 1
9 19 1
9 1
 
Brenden Powell Resume
Brenden Powell ResumeBrenden Powell Resume
Brenden Powell Resume
 
TIK bab 2 kelas 9
TIK bab 2 kelas 9TIK bab 2 kelas 9
TIK bab 2 kelas 9
 
чай !!!!
чай !!!!чай !!!!
чай !!!!
 
3 слайдфото січ чорно біла
3 слайдфото січ чорно біла3 слайдфото січ чорно біла
3 слайдфото січ чорно біла
 

Similar to Improve Your Risk Assessment Process in 4 Steps

Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
 
2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption RiskDr Darren O'Connell AGIA
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
Security risk management
Security risk managementSecurity risk management
Security risk managementbrijesh singh
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to GoResolver Inc.
 
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.pptSiraj332397
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinRamaica Ona
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinAahil Malik
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinSukumar Reddy
 
IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop Ersoy AKSOY
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk managements. Akhlaque
 
Risk Management Toolkit
Risk Management ToolkitRisk Management Toolkit
Risk Management ToolkitPeterFranz6
 
Risk Management Process.ppt
Risk Management Process.pptRisk Management Process.ppt
Risk Management Process.pptUday Nayakwadi
 

Similar to Improve Your Risk Assessment Process in 4 Steps (20)

Risk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches WebinarRisk Assessments Best Practice and Practical Approaches Webinar
Risk Assessments Best Practice and Practical Approaches Webinar
 
2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to Go
 
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
 
Hoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO ConferenceHoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO Conference
 
RMP.ppt
RMP.pptRMP.ppt
RMP.ppt
 
RMP.ppt
RMP.pptRMP.ppt
RMP.ppt
 
RMP.ppt
RMP.pptRMP.ppt
RMP.ppt
 
Trustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing riskTrustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing risk
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Rmp
RmpRmp
Rmp
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk management
 
Risk Management Toolkit
Risk Management ToolkitRisk Management Toolkit
Risk Management Toolkit
 
Risk Management Process.ppt
Risk Management Process.pptRisk Management Process.ppt
Risk Management Process.ppt
 

More from Resolver Inc.

How to Prove the Value of Security Investments
How to Prove the Value of Security InvestmentsHow to Prove the Value of Security Investments
How to Prove the Value of Security InvestmentsResolver Inc.
 
ERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsResolver Inc.
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
 
Taking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityTaking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityResolver Inc.
 
Terrorism in a Corporate Setting
Terrorism in a Corporate SettingTerrorism in a Corporate Setting
Terrorism in a Corporate SettingResolver Inc.
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceResolver Inc.
 
An Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance ApplicationAn Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance ApplicationResolver Inc.
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeResolver Inc.
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementResolver Inc.
 
Modelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver CoreModelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver CoreResolver Inc.
 
How Resolver Uses Resolver
How Resolver Uses ResolverHow Resolver Uses Resolver
How Resolver Uses ResolverResolver Inc.
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 
A Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management StrategyA Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management StrategyResolver Inc.
 
An Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience ApplicationAn Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience ApplicationResolver Inc.
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
How to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceHow to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceResolver Inc.
 
An Intro to Resolver's Risk Application
An Intro to Resolver's Risk ApplicationAn Intro to Resolver's Risk Application
An Intro to Resolver's Risk ApplicationResolver Inc.
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data CleanResolver Inc.
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)Resolver Inc.
 

More from Resolver Inc. (20)

How to Prove the Value of Security Investments
How to Prove the Value of Security InvestmentsHow to Prove the Value of Security Investments
How to Prove the Value of Security Investments
 
ERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsERM Benchmarking Survey Results
ERM Benchmarking Survey Results
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability Management
 
Taking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityTaking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business Continuity
 
Terrorism in a Corporate Setting
Terrorism in a Corporate SettingTerrorism in a Corporate Setting
Terrorism in a Corporate Setting
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate Compliance
 
An Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance ApplicationAn Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance Application
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data Safe
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk Management
 
Modelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver CoreModelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver Core
 
How Resolver Uses Resolver
How Resolver Uses ResolverHow Resolver Uses Resolver
How Resolver Uses Resolver
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
 
A Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management StrategyA Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management Strategy
 
An Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience ApplicationAn Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience Application
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
 
How to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceHow to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business Resilience
 
An Intro to Resolver's Risk Application
An Intro to Resolver's Risk ApplicationAn Intro to Resolver's Risk Application
An Intro to Resolver's Risk Application
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data Clean
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)
 

Recently uploaded

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 

Recently uploaded (20)

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 

Improve Your Risk Assessment Process in 4 Steps

  • 1. IMPROVE YOUR RISK ASSESSMENT PROCESS, DRIVE TRANSFORMATIVE RESULTS… …IN 4 EASY STEPS, TRULY FUTUREPROOF 2014
  • 2. I’VE HAD THE PRIVILEGE OF LEADING RISK ASSESSMENT ACTIVITIES WITHIN MANY GREAT ORGANIZATIONS… …WITNESSING WHAT WORKS AND, SOMETIMES, WHAT DOESN’T • Lenovo • Hewlett-Packard • Verizon • EDS • Johnson Controls • BHP Billiton • Hong Kong MTR • Kodak • Gap • Caterpillar • General Motors • Lear • China - State-owned Assets Supervision & Administration Commission (SASAC) • Etc.
  • 3. RISK ASSESSMENT - EY SURVEY RESULTS #1 “ADJUSTMENT” – IMPROVE THE RISK ASSESSMENT PROCESS 1 2
  • 4. RISK ASSESSMENT WITHIN THE BROADER, AND DYNAMIC, CORPORATE GOVERNANCE CONTEXT 4 KEY DRIVERS & INFLUENCES Shareholder Expectations • Institutional • Individual Government • Regulation • Monitoring • Support Financial • Rating agencies • Listing standards • Bondholders Other Stakeholders • Employees • Suppliers • Customers • Trade unions • Special interest groups Other factors • Competition • Disruptive technology • Macroeconomic events BOARD & AUDIT COMMITTEE EXECUITVE MANAGEMENT Business Unit Finance & Accounting Legal Human Resources IT Supply Chain Capital Projects Key objectives, targets, KPIs, Balanced scorecard, risk appetite - Define - Communicate - Monitor & refine Maximum foreseeable impact, likelihood, control effectiveness - Drive appropriate, responsive action - Define and monitor KRIs Manual, automated, prevent/detect, mitigating Document - Test - Remediate - Transform - Monitor for exceptions Compliance management program - Track regulations - Update policies - Train & enable IDENTIFY & ASSESS KEY RISKS MONITOR & ENHANCE CONTROLS ENSURE COMPLIANCE ESTABLISH THE CORPORATE STRATEGY          EXAMPLE - Internal Controls over Financial Reporting (SOX) EXAMPLE - Foreign Corrupt Practices (FCPA) EXAMPLE - Payment Card Industry (PCI) ASSURANCE&MONITORING IT SYSTEMS & DATA REPORTING&COMMUNICATIONS
  • 5. RISK ASSESSMENT AN IIA PERSPECTIVE • “Practice Advisory 2120-2 - Every organization will experience control breakdowns. Often times when controls fail or frauds occur, someone will ask: “Where were the internal auditors?” The internal audit activity could be a contributing factor due to: – Lack of an effective risk assessment process to identify key audit areas during the strategic risk assessment, as well as areas of high risk during the planning of individual audits – as a result, failure to do the right audits and/or time wasted on the wrong audits.”
  • 6. RISK ASSESSMENT IF ONLY IT WERE SIMPLE 1. Identifying risks to achieving objectives requires – objectives. If a robust strategic planning process is absent, risk assessment may take on the role of surrogate. 2. Risk assessment is often relegated to “off-cycle” periods (after planning, budgeting and forecasting is complete) - wherein management is available but the results are significantly less relevant and/or impactful 3. Risk assessment output is unreliable due to insufficient information and/or requisite expertise, groupthink, dominant voice in the room, bias, anchoring, CYA behaviours, etc. 4. The process: 1. Promotes enterprise list management rather than enterprise risk management 2. Evokes unenthusiastic support from executive management: “I have a business to run”… “How long will this workshop last?” 3. Produces reports and heat maps that fail to drive appropriate, responsive action(s) 5. Other challenges?
  • 7.
  • 8. RISK ASSESSMENT A TIME OF UNPRECEDENTED OPPORTUNITY 1. Boards are getting more progressive, proactive… and nervous 2. Management desires to reduce cost and increase value 3. Internal auditors desire to get more out of life 4. Simple shifts in your risk assessment approach have the potential to transform: – levels of executive and board engagement – value and relevance of outputs – internal audit’s stature in the organization – your relationship with the AC chair
  • 9. 4 SIMPLE STEPS 1. Get the timing right 2. Ensure that identified risks, are truly risks - and not simply stating the inverse of an objective, i.e. “Failure to…” 3. Review/enhance your risk assessment criteria – to better inform/drive responsive action 4. Produce simple, palatable risk reports - that align and integrate with the organization’s planning and performance management reports
  • 10. #1 – GET THE TIMING RIGHT • Align and integrate with: – Planning, budgeting & forecasting cycles – Board and executive reporting – KPIs, key incentives 10 Planning Risk Assessment Budgeting Forecasting Planning Budgeting Forecasting Risk Assessment Typical Better practice
  • 11. 6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control. Risk Assessment #1 – GET THE TIMING RIGHT COSO 2013 UPDATE - PRINCIPLES OF EFFECTIVE INTERNAL CONTROL
  • 12. #1 – GET THE TIMING RIGHT “ANCHOR” YOUR RISK ASSESSMENT 12 • Benefits • Risk are more readily identified • Greater ownership, relevance and value • Often described by interviewees as the “risks that matter” Strategic Objective 1 Strategic Objective 2 Strategic Objective 3 Key Risk 1 Key Risk 2 Key Risk 3 Key Risk 4 Key Risk 5 Key Risk 6 Core Operational Objective 1 Core Operational Objective 2 Core Operational Objective 3
  • 13. #2 - ENSURE THAT IDENTIFIED RISKS - ARE TRULY RISKS “Risk is the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.” - Institute of Internal Auditors Note – when most people think risk, they think downside
  • 14. #2 - ENSURE THAT IDENTIFIED RISKS - ARE TRULY RISKS 14 Rather, encourage respondents to identify the specific events that might trigger a failure Objective – Reach the moon safely, land on it, and then return to Earth. Risk – Failure to land on the Moon. Risk – Oxygen tank explosion “Failure to…” is not an option. And neither is, “Inability to…”
  • 15. #2 - ENSURE THAT IDENTIFIED RISKS, ARE TRULY RISKS THEN, PERHAPS OFFER A DUAL-VIEW HEAT MAP IMPACT MANAGEMENT PREPAREDNESS MonitorRemediate (+) (-) Business Objectives / Initiatives Risks HighLow High High Formerly risks beginning with, “Failure to … Inability to …”
  • 16. #3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA A TYPICAL HEAT MAP 1 2 3 4 IMPACT(residual) LIKELIHOOD Which risks should comprise the focus of: • Remediation • Internal audit • CSA • Etc? HighLow High
  • 17. #3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA COMMON APPROACHES – AND RELATED CHALLENGES • Inherent risk - Too abstract - the notion of all controls failing, or not being present, is viewed by management as an irrelevant, academic exercise • Residual risk - Respondents tend to be overly generous and/or optimistic in their ratings
  • 18. 3 MAXIMUM FORESEEABLEIMPACT CONTROL EFFECTIVENESS (or, MANAGEMENT PREPAREDNESS) 1 MonitorRemediate 4 2 What is a plausible, worst-case scenario/impact? HighLow High Potential CSA- focus Potential IA-focus #3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA ALTERNATIVE, ACTION-FOCUSED APPROACH
  • 19. #3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA AND ENSURE A THOROUGH, RELIABLE PROCESS Interviews Surveys Data Analytics Subject Matter Specialists External Research / Sector Risk Reports Risk description here - Causal factors • • Impacts • • Preventative / Detective Controls • • Mitigating Controls • • Improvement Opportunities • • Identify potential risks for discussion Select and profile key risks Procure • Voting hardware • AV equipment • Room Develop • Risk rating criteria • Communications to workshop participants Assess within a workshop setting
  • 20. #3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA EMPLOY ANONYMOUS VOTING TECHNOLOGY, AS APPROPRIATE • Anonymous response reduces fear of reprisal and enhances candour • Enables areas of varied perception to be identified, explored and addressed • Highly efficient • Novelty enhances engagement • Enables remote participation Finally, the truth comes out Can’t believe it - but I’m actually enjoying this!
  • 21. #3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA BETTER INFORM YOUR ASSURANCE AND REMEDIATION STRATEGY External audit Internal audit (in-house) Internal audit (co-source) Internal Control Function General Counsel’s Office Compliance Control Self Assessment Risk # 1 Monitor / Test Risk #2 Monitor / Test Monitor / Test Review / remediate Risk #3 GAP – NO COVERAGE Risk #4 Review / remediate Monitor / Test Risk #6 Monitor / Test Monitor / Test Risk #7 Monitor / Test Risk #8 Monitor / Test Review / remediate In-scope
  • 22. #3 – ENHANCE YOUR RISK ASSESSMENT CRITERIA ADD VALUE TO ALIGNED PROCESSES The risk assessment process An overview 5 Corporate strategy Shareholder value Capital projects Key initiatives Identify & Assess Risks • Strategic • Operational • Compliance / Legal • Financial DriveAppropriate, ResponsiveAction(s) • Assurance planning • Ongoing monitoring • Remediation planning • Further analyses • Update budgets • Continuous improvement • Etc. Performance targets Feedback & report Set Objectives
  • 23. #3 – Enhance your risk assessment criteria Shifting sentiments, improving outcomes • Pessimistic • Apathetic • Naysayer • Optimistic • Engaged • Advocate Stakeholder sentiment LOW HIGH
  • 24. #4 - PRODUCE SIMPLE, PALATABLE RISK REPORTS Characteristics of effective documentation • Simple, palatable & highly relevant • Common formats, measures • Providing timely information for decision making Strategic Planning & Objective Setting Budgeting & Forecasting Assurance Planning, Execution & Reporting Remediation Capital Projects & Key Initiatives Performance Management Systems & Reporting Risk Identification, Assessment & Management IT Strategy & Governance
  • 25. #4 - PRODUCE SIMPLE, PALATABLE RISK REPORTS Objective Risk Rating(s) KPI and/or KRI Responsive Action Status or Planned Completion Date Outcome From planning documents From risk register From risk register Assurance or Remediation activity
  • 26. IN SUMMARY ENHANCING THE RISK ASSESSMENT PROCESS & OUTCOMES 1. Thorough preparation 2. Timing the risk assessment to occur between strategic planning and budgeting cycles, as appropriate 3. Linkage to objectives – strategic, capital projects, etc. 4. Risk definitions that focus upon the risk events that could negatively impact achievement of objectives 5. Strong leadership support, e.g. a supportive “tone at the top” 6. Identification and exploration of the areas where perceptions of risk impact, likelihood and/or control effectiveness diverge 7. Input and support of relevant subject matter specialists; reliable data 8. Avoidance or reduction of group think and/or a dominant voice 9. Risk assessment criteria that effectively inform and drive responsive action 10. Simple, palatable risk reports aligned to and integrated with the organization’s planning and performance management reports – especially at the summary level 26
  • 28. APPENDIX - FOR REFERENCE SAMPLE RATING CRITERIA – IMPACT Financial Operational Reputation People 5 Catastrophic • Financial loss >$X M • Loss of key systems for 5 days or more • Sustained, highly negative mentions in press • Multiple members of the leadership team exit the company • Event triggers significant, irrecoverable loss of employee morale 4 Very High • Financial loss $X to XM • Loss of key systems of 1 to 5 days • Highly negative mention(s) in press but largely recoverable within 6 months through proper crisis management • Loss of a senior leader; High turnover of experienced staff • Event triggers significant loss of employee morale but recoverable within 6 months • Generally-pervasive low morale 3 High • Financial loss $Xk to XM • Loss of key systems for 4 to 8 hours • Some negative press mentions but readily addressed and recoverable in 1 month or less • Turnover is generally higher than normal (>15%) across all areas of the company • Multiple pockets of low morale 2 Moderate • Financial loss $X - Xk • Loss of key systems for 1 to 4 hours • Generally positive press with a few isolated instances of minor negative mentions • Elevated turnover in some areas although non-critical • One or two pockets of low morale 1 Low • Financial loss <$Xk • Loss of key systems for less than 1 hour • Positive press with only a few minor recommendations for product improvement • Very isolated instances of staff dissatisfaction and/or instances of above average turnover
  • 29. APPENDIX - FOR REFERENCE SAMPLE RATING CRITERIA – RECOMMENDED RESPONSE Recommended Response Urgent Perform Deep Dive Analysis Review and Enhance Enhance Monitor Rating Urgently conduct activities Perform a deep dive analysis to better understand what’s driving the risk Review & remediate current risk management activities and/or controls, as appropriate Enhance risk management activities and/or controls Monitor risk management activities and/or controls 5      4     3    2   1 
  • 30. ANY QUESTIONS? 30 Brian Link brian.link@resolvergrc.com Mobile - 1 647 381 5515 Alternatively, contact me via