This document provides an agenda and overview of a workshop on ISO 31000 (Nov. 2009) for risk management. The agenda covers defining risk, adopting the ISO 31000 framework, an overview of the framework including principles and process, selling enterprise risk management to senior management, using risk appetite and risk matrices, integrating risk management practices, and next steps for implementation and measurement. The workshop aims to explain the key aspects of the new ISO 31000 standard and how to implement an effective risk management program based on this international standard.
Manage project risks on daily basis with the help of professionally designed content-ready Risk Management Procedure PowerPoint Presentation Slides. Ensure the project runs smoothly and the outcome is positive. Identity risks at an early stage and curb troublesome situation using risk management procedure PPT slideshow. Employ these risk management procedure PowerPoint templates to determine the likelihood of the risks. This deck comprises of slides such as types of risks, risk categories, identify the risk categories, stakeholders risk appetite, risk tolerance, risk management plan, risk register, risk identification, risk assessment, risk analysis, risk response plan, risk response matrix, risk control matrix, risk tracker, etc. These templates are completely customizable. You can customize each template as per your convenience. Edit color, text, icon, and font size as per your need. Add or delete content from slides if needed. Create an extensive risk management process using ready-to-made risk management procedure PowerPoint presentation deck. Directly answer all their doubts with our Risk Management Procedure Powerpoint Presentation Slides. You don't have to beat around the bush.
The document provides an overview of a risk management toolkit created by management consultants. The toolkit includes frameworks, tools, templates, tutorials, and best practices to help users define their risk management strategy and identify, assess, prioritize, mitigate and monitor risks. It outlines a 7-phase risk management approach. The summary highlights that the toolkit aims to provide a systematic approach to risk management and informed decision making.
Integrating Strategy and Risk ManagementAndrew Smart
"A Holistic Approach to Managing Risk amidst Global Uncertainty"
The RMA/Cass Business School
10–14 February 2013
Advanced Risk Management Programme
Organised by Andrew Smart & Nicholas Hawke
In today’s fast-moving, complex environment, risk executives must cultivate an understanding across all risks and businesses. Business problems are multifaceted, interrelated, and increasingly global. Executives must possess enhanced skills to identify and address a wide range of risks with an integrated approach and enterprise-wide perspective.
The RMA/Cass Advanced Risk Management Programme, led by the faculty at Cass, one of the UK’s top business schools, exposes participants to a rigorous, yet inspiring blend of theory, practice and cutting-edge research, instilling knowledge and skills applicable to the real world of global business. In addition to its focus on the known and quantifiable risks of credit, market, and operational, the programme concentrates on the unknowable and difficult to measure risks, including business, strategic, and reputation. Cass has excellent links to the City of London firms and institutions and is able to complement Cass faculty with guest faculty and senior level business practitioners, considered by their peers to be industry thought leaders
Areas of focus for The RMA/Cass Advanced Risk Management Programme include:
• Risk management as a strategic competitive strength
• An integrated approach to risk management
• Fostering a culture and climate that openly communicates risk
• A framework for rapidly responding to known risks and unraveling the complexities of the unknown
• A focus on risk informed by global perspectives.
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
This presentation slides is intended for the training-workshop lead as well as the participants.
Developed based on ISO 31000:2009 – Principles and Guidelines on Implementation, ISO/IEC 31010:2009 – Risk Assessment Techniques, ISO Guide 73:2009 – Vocabulary.
Plan Risk Responses is the process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks
The Strategy Network is an open network for strategy professionals that meets three times per year for knowledge sharing. More than 40 top South African companies have joined with no fees required. Attendance confirmation is sufficient. The document then provides details on strategic risk management processes including identifying risks to strategic objectives, assessing existing controls, determining risk ratings, and identifying treatments. It gives an example of linking a strategic objective to secure new business with potential related risks and controls.
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
The document discusses enterprise risk management (ERM). It provides an example ERM universe that includes strategic risks, physical assets risks, human factors risks, and financial risks. It also discusses some key aspects of effective ERM implementation, including establishing a risk governance framework, developing a risk management infrastructure, and following a risk management process of identifying, assessing, managing, and monitoring risks. The document is intended to share practices on ERM.
Risk Management Plan In Business PowerPoint Presentation Slides SlideTeam
There might be inherent risk that cannot be avoided and thus a Risk Management Plan in Business PowerPoint Presentation Slides becomes lifeline in such cases. The data compiled and saved in PPT layout not only helps to minimize or eliminate the risk associated but also helps to deal with it effectively at the time of its occurrence. To foresee any risk, a risk assessment matrix is a must and the same is supplied from our end in a structured and professional manner in the presentation template. Line and flow charts in PPT template acts as the oxygen to eliminate risks like strategic, compliance, financial, operational and reputational hazards. The core risk management steps have been addressed carefully in the presentation slide which includes identification, analyzing, evaluation, ranking, monitoring and reviewing of the same. As far as business risk is concerned, a lot of factors come to play like sales volume, input cost and much more, thus every slide in PPT presentation pays special attention to the same. Our Risk Management Plan In Business PowerPoint Presentation Slides ensure thoughts appear extremely balanced. You will display great composure.
Manage project risks on daily basis with the help of professionally designed content-ready Risk Management Procedure PowerPoint Presentation Slides. Ensure the project runs smoothly and the outcome is positive. Identity risks at an early stage and curb troublesome situation using risk management procedure PPT slideshow. Employ these risk management procedure PowerPoint templates to determine the likelihood of the risks. This deck comprises of slides such as types of risks, risk categories, identify the risk categories, stakeholders risk appetite, risk tolerance, risk management plan, risk register, risk identification, risk assessment, risk analysis, risk response plan, risk response matrix, risk control matrix, risk tracker, etc. These templates are completely customizable. You can customize each template as per your convenience. Edit color, text, icon, and font size as per your need. Add or delete content from slides if needed. Create an extensive risk management process using ready-to-made risk management procedure PowerPoint presentation deck. Directly answer all their doubts with our Risk Management Procedure Powerpoint Presentation Slides. You don't have to beat around the bush.
The document provides an overview of a risk management toolkit created by management consultants. The toolkit includes frameworks, tools, templates, tutorials, and best practices to help users define their risk management strategy and identify, assess, prioritize, mitigate and monitor risks. It outlines a 7-phase risk management approach. The summary highlights that the toolkit aims to provide a systematic approach to risk management and informed decision making.
Integrating Strategy and Risk ManagementAndrew Smart
"A Holistic Approach to Managing Risk amidst Global Uncertainty"
The RMA/Cass Business School
10–14 February 2013
Advanced Risk Management Programme
Organised by Andrew Smart & Nicholas Hawke
In today’s fast-moving, complex environment, risk executives must cultivate an understanding across all risks and businesses. Business problems are multifaceted, interrelated, and increasingly global. Executives must possess enhanced skills to identify and address a wide range of risks with an integrated approach and enterprise-wide perspective.
The RMA/Cass Advanced Risk Management Programme, led by the faculty at Cass, one of the UK’s top business schools, exposes participants to a rigorous, yet inspiring blend of theory, practice and cutting-edge research, instilling knowledge and skills applicable to the real world of global business. In addition to its focus on the known and quantifiable risks of credit, market, and operational, the programme concentrates on the unknowable and difficult to measure risks, including business, strategic, and reputation. Cass has excellent links to the City of London firms and institutions and is able to complement Cass faculty with guest faculty and senior level business practitioners, considered by their peers to be industry thought leaders
Areas of focus for The RMA/Cass Advanced Risk Management Programme include:
• Risk management as a strategic competitive strength
• An integrated approach to risk management
• Fostering a culture and climate that openly communicates risk
• A framework for rapidly responding to known risks and unraveling the complexities of the unknown
• A focus on risk informed by global perspectives.
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
This presentation slides is intended for the training-workshop lead as well as the participants.
Developed based on ISO 31000:2009 – Principles and Guidelines on Implementation, ISO/IEC 31010:2009 – Risk Assessment Techniques, ISO Guide 73:2009 – Vocabulary.
Plan Risk Responses is the process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks
The Strategy Network is an open network for strategy professionals that meets three times per year for knowledge sharing. More than 40 top South African companies have joined with no fees required. Attendance confirmation is sufficient. The document then provides details on strategic risk management processes including identifying risks to strategic objectives, assessing existing controls, determining risk ratings, and identifying treatments. It gives an example of linking a strategic objective to secure new business with potential related risks and controls.
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
The document discusses enterprise risk management (ERM). It provides an example ERM universe that includes strategic risks, physical assets risks, human factors risks, and financial risks. It also discusses some key aspects of effective ERM implementation, including establishing a risk governance framework, developing a risk management infrastructure, and following a risk management process of identifying, assessing, managing, and monitoring risks. The document is intended to share practices on ERM.
Risk Management Plan In Business PowerPoint Presentation Slides SlideTeam
There might be inherent risk that cannot be avoided and thus a Risk Management Plan in Business PowerPoint Presentation Slides becomes lifeline in such cases. The data compiled and saved in PPT layout not only helps to minimize or eliminate the risk associated but also helps to deal with it effectively at the time of its occurrence. To foresee any risk, a risk assessment matrix is a must and the same is supplied from our end in a structured and professional manner in the presentation template. Line and flow charts in PPT template acts as the oxygen to eliminate risks like strategic, compliance, financial, operational and reputational hazards. The core risk management steps have been addressed carefully in the presentation slide which includes identification, analyzing, evaluation, ranking, monitoring and reviewing of the same. As far as business risk is concerned, a lot of factors come to play like sales volume, input cost and much more, thus every slide in PPT presentation pays special attention to the same. Our Risk Management Plan In Business PowerPoint Presentation Slides ensure thoughts appear extremely balanced. You will display great composure.
This document outlines a risk and issue management process. It defines risks and issues, and describes objectives to identify and manage risks, provide a standard reporting format, and escalate risks and issues as needed. It provides guidance on roles and responsibilities, the risk/issue workflow including escalation procedures, and a process for quantitatively assessing impact and prioritizing risks and issues based on timing, financial impact, probability, and scope of impact. Project managers are responsible for identifying, logging and resolving risks and issues, while the PMO provides oversight and escalates significant risks and issues to higher governance levels.
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
The document outlines the risk management process and procedures for a company. It introduces risk management and identifies types of risk categories. It then describes the procedure for managing risks, which includes risk planning, identification, assessment, monitoring and tracking. Tools and practices for risk analysis are also covered, along with engaging stakeholders. The document closes with an overview of the risk management lifecycle.
The document discusses risk management for projects. It defines risk as an uncertain event that can positively or negatively impact project duration, cost, scope, or quality. The purposes of risk management are to identify, analyze, and respond to risks in order to increase the likelihood of positive events and decrease the likelihood of negative events. The key components of risk management are planning, identification, analysis, response planning, and monitoring and control. Risk management should be incorporated into the overall project plan.
The document discusses project risk management. It describes the processes of:
1. Planning risk management - Deciding how to approach and plan risk management activities.
2. Identifying risks - Determining risks that could affect the project.
3. Analyzing risks - Prioritizing risks and assessing their impact and probability.
4. Planning risk responses - Developing options to reduce threats and enhance opportunities.
5. Controlling risks - Implementing risk response plans and monitoring risks.
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
Video & Presentation: http://www.proformative.com/events/strategic-risk-management-cfo-getting-risk-management-right
Enterprise Risk Management should be simple. Unfortunately, companies are responding to regulators and business imperatives to improve their risk management practices, all the while aligning with business strategy and performance as well as capital allocation. Leading practitioners are seeking insight and value from risk management and are using risk management to focus audit and compliance activities. In fact independent research commissioned by SAP and others suggests many successful ERM initiatives still make little use of the increasingly sophisticated technology available. This session will summarize recent research by SAP and others on the state of ERM and will provide simple, practical strategies for how Finance can drive risk management practices that build success and add value.
Speakers:
Bob Tizio, GRC Officer-Americas, SAP America Inc.
Bruce McCuaig, Director, Solution Marketing for Governance Risk & Compliance, SAP
Presentation delivered at CFO Dimensions 2013 - http://www.cfodimensions.com
Track: Finance Technology | Session: 5
The document discusses the key aspects of project risk management according to the Project Management Body of Knowledge (PMBOK). It begins by mapping the risk management processes to the five process groups. It then provides details on each process, including inputs, tools and techniques, and outputs. The major processes covered are: plan risk management, identify risks, perform qualitative risk analysis, perform quantitative risk analysis, plan risk responses, and monitor and control risks. The goal of risk management is to increase the probability and impact of positive events and decrease the probability and impact of negative events on a project.
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
The webinar covers:
• The start of any Enterprise Risk Management Program
• The approach to developing a framework that will assist organizations to integrate RM into their enterprise-wide risk management systems
• The relationship between the foundations of the risk management framework and their objectives
Presenter:
This webinar was presented by M. Youssef K, an executive consultant & trainer with several qualifications. He is an accomplished expert with over 10 years’ experience in the field of risk management, project and program management, PRINCE 2, Agile, EVM, business process analysis and design, as well as operational and organizational excellence.
Link of the recorded session published on YouTube: https://youtu.be/9fO-JqENL0I
Risk Management Procedure And Guidelines PowerPoint Presentation Slides SlideTeam
Presenting this set of slides with name - Risk Management Procedure And Guidelines PowerPoint Presentation Slides. This deck consists of total of forty eight slides. It has PPT slides highlighting important topics of Risk Management Procedure And Guidelines PowerPoint Presentation Slides. This deck comprises of amazing visuals with thoroughly researched content. Each template is well crafted and designed by our PowerPoint experts. Our designers have included all the necessary PowerPoint layouts in this deck. From icons to graphs, this PPT deck has it all. The best part is that these templates are easily customizable. Just click the DOWNLOAD button shown below. Edit the colour, text, font size, add or delete the content as per the requirement. Download this deck now and engage your audience with this ready made presentation.
Summary:
Risk
Risk management
Risk Management process groups
Plan Risk Management
Identify Risks
Perform Qualitative Risk Analysis
Perform Quantitative Risk Analysis
Plan Responses
Control Risks
The document discusses ISO 31000, the international standard for risk management. It provides 3 key points:
1. ISO 31000 provides principles and guidelines for risk management. It seeks to define what risk management involves and how it should be implemented.
2. ISO 31000 describes a framework for implementing risk management rather than detailing how to design the supporting framework within an organization. An organization needs to describe its own risk architecture, strategy, and protocols.
3. ISO 31000's risk management principles should be an integral part of organizational processes, explicitly address uncertainty, and be capable of continual improvement. Mandate and commitment from top management are needed to successfully implement risk management.
Enterprise Risk Management provides decision makers with a
realistic picture of likely
outcomes to their strategic initiatives by integrating risk into the cost benefit analysis of
all strategic investments.
This document discusses how to manage risk taxonomies within the StratexPoint risk management software. It describes how StratexPoint can support both a regulatory risk taxonomy to ensure compliance, as well as a business risk taxonomy to help strategic decision making. The document provides examples of taxonomy levels and categories. It also provides an overview of the StratexPoint software's purpose and capabilities in integrating governance, risk, and compliance functions to enable organizations to monitor compliance, manage risk, and execute strategy.
The document discusses project risk management. It defines risk and differentiates between risk and issue. It describes key characteristics of project risks like known and unknown risks. It also explains the different processes involved in project risk management like risk identification, risk analysis, risk response planning, and risk monitoring and control. The last section provides details on the plan risk management process including its inputs, tools and techniques, and output.
This document provides an overview of risk assessment and management. It introduces risk management and identifies types and categories of risk. It then outlines the procedure for managing risk, including planning, identification, assessment, monitoring, and tracking. Tools and practices for risk analysis are presented, including impact analysis, probability analysis, risk mitigation strategies, and qualitative and quantitative analysis. Stakeholder engagement in risk appetite and tolerance is discussed.
1. The document discusses risk management standards and processes for construction project management. It outlines ISO 31000:2009 as the key risk management standard and describes the risk management process it establishes.
2. The risk management process involves establishing the context, identifying risks, analyzing and evaluating risks, treating risks, monitoring risks, and communicating about risks.
3. The document also discusses different risk management strategies like risk avoidance, reduction, sharing, and retaining and provides examples of each.
This document discusses project risk management. It defines risk management as actively managing risks on a project with the goal of being proactive rather than reactive. The key aspects of risk management covered are identifying risks, performing qualitative and quantitative risk analysis to rank risks, and planning risk responses to deal with risks if they occur. Tools for risk management include risk breakdown structures to organize risks, risk profiling to assess common risk areas, and maintaining a risk register to track identified risks and responses. Stakeholder involvement and clear documentation are important parts of establishing an effective risk management plan.
The document provides an overview of project risk management processes and techniques. It discusses qualitative and quantitative risk analysis methods, such as probability/impact matrices and decision trees. Response strategies like risk avoidance, mitigation, and acceptance are also covered. The document aims to equip project managers with tools and best practices for identifying, assessing, and responding to risks throughout the project life cycle.
1) The document discusses enterprise risk management concepts and frameworks. It outlines key risks faced in healthcare such as regulatory risks, operational risks, and reputational risks.
2) An effective risk management program can help organizations avoid surprises, improve governance, and ensure objectives are met without disruptions. The document provides examples of risk organization structures and processes for identification, assessment, and response.
3) Moving forward, the organization will validate risk registers, identify top 15 risks for rigorous management, and review mitigation progress of these risks in monthly leadership meetings. A risk polarization survey will also be conducted regularly.
This document discusses risk and risk management. It begins with an overview of risk categories and types of organizational risks. It then covers establishing the risk management process, which includes identifying risks, analyzing them, integrating risks, assessing and prioritizing risks, and treating risks. It emphasizes that risk management is an ongoing process that requires monitoring and review. It also discusses risk response options and implementing controls assurance through various lines of defense and independent assurance.
This document outlines a risk and issue management process. It defines risks and issues, and describes objectives to identify and manage risks, provide a standard reporting format, and escalate risks and issues as needed. It provides guidance on roles and responsibilities, the risk/issue workflow including escalation procedures, and a process for quantitatively assessing impact and prioritizing risks and issues based on timing, financial impact, probability, and scope of impact. Project managers are responsible for identifying, logging and resolving risks and issues, while the PMO provides oversight and escalates significant risks and issues to higher governance levels.
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
The document outlines the risk management process and procedures for a company. It introduces risk management and identifies types of risk categories. It then describes the procedure for managing risks, which includes risk planning, identification, assessment, monitoring and tracking. Tools and practices for risk analysis are also covered, along with engaging stakeholders. The document closes with an overview of the risk management lifecycle.
The document discusses risk management for projects. It defines risk as an uncertain event that can positively or negatively impact project duration, cost, scope, or quality. The purposes of risk management are to identify, analyze, and respond to risks in order to increase the likelihood of positive events and decrease the likelihood of negative events. The key components of risk management are planning, identification, analysis, response planning, and monitoring and control. Risk management should be incorporated into the overall project plan.
The document discusses project risk management. It describes the processes of:
1. Planning risk management - Deciding how to approach and plan risk management activities.
2. Identifying risks - Determining risks that could affect the project.
3. Analyzing risks - Prioritizing risks and assessing their impact and probability.
4. Planning risk responses - Developing options to reduce threats and enhance opportunities.
5. Controlling risks - Implementing risk response plans and monitoring risks.
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
Video & Presentation: http://www.proformative.com/events/strategic-risk-management-cfo-getting-risk-management-right
Enterprise Risk Management should be simple. Unfortunately, companies are responding to regulators and business imperatives to improve their risk management practices, all the while aligning with business strategy and performance as well as capital allocation. Leading practitioners are seeking insight and value from risk management and are using risk management to focus audit and compliance activities. In fact independent research commissioned by SAP and others suggests many successful ERM initiatives still make little use of the increasingly sophisticated technology available. This session will summarize recent research by SAP and others on the state of ERM and will provide simple, practical strategies for how Finance can drive risk management practices that build success and add value.
Speakers:
Bob Tizio, GRC Officer-Americas, SAP America Inc.
Bruce McCuaig, Director, Solution Marketing for Governance Risk & Compliance, SAP
Presentation delivered at CFO Dimensions 2013 - http://www.cfodimensions.com
Track: Finance Technology | Session: 5
The document discusses the key aspects of project risk management according to the Project Management Body of Knowledge (PMBOK). It begins by mapping the risk management processes to the five process groups. It then provides details on each process, including inputs, tools and techniques, and outputs. The major processes covered are: plan risk management, identify risks, perform qualitative risk analysis, perform quantitative risk analysis, plan risk responses, and monitor and control risks. The goal of risk management is to increase the probability and impact of positive events and decrease the probability and impact of negative events on a project.
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
The webinar covers:
• The start of any Enterprise Risk Management Program
• The approach to developing a framework that will assist organizations to integrate RM into their enterprise-wide risk management systems
• The relationship between the foundations of the risk management framework and their objectives
Presenter:
This webinar was presented by M. Youssef K, an executive consultant & trainer with several qualifications. He is an accomplished expert with over 10 years’ experience in the field of risk management, project and program management, PRINCE 2, Agile, EVM, business process analysis and design, as well as operational and organizational excellence.
Link of the recorded session published on YouTube: https://youtu.be/9fO-JqENL0I
Risk Management Procedure And Guidelines PowerPoint Presentation Slides SlideTeam
Presenting this set of slides with name - Risk Management Procedure And Guidelines PowerPoint Presentation Slides. This deck consists of total of forty eight slides. It has PPT slides highlighting important topics of Risk Management Procedure And Guidelines PowerPoint Presentation Slides. This deck comprises of amazing visuals with thoroughly researched content. Each template is well crafted and designed by our PowerPoint experts. Our designers have included all the necessary PowerPoint layouts in this deck. From icons to graphs, this PPT deck has it all. The best part is that these templates are easily customizable. Just click the DOWNLOAD button shown below. Edit the colour, text, font size, add or delete the content as per the requirement. Download this deck now and engage your audience with this ready made presentation.
Summary:
Risk
Risk management
Risk Management process groups
Plan Risk Management
Identify Risks
Perform Qualitative Risk Analysis
Perform Quantitative Risk Analysis
Plan Responses
Control Risks
The document discusses ISO 31000, the international standard for risk management. It provides 3 key points:
1. ISO 31000 provides principles and guidelines for risk management. It seeks to define what risk management involves and how it should be implemented.
2. ISO 31000 describes a framework for implementing risk management rather than detailing how to design the supporting framework within an organization. An organization needs to describe its own risk architecture, strategy, and protocols.
3. ISO 31000's risk management principles should be an integral part of organizational processes, explicitly address uncertainty, and be capable of continual improvement. Mandate and commitment from top management are needed to successfully implement risk management.
Enterprise Risk Management provides decision makers with a
realistic picture of likely
outcomes to their strategic initiatives by integrating risk into the cost benefit analysis of
all strategic investments.
This document discusses how to manage risk taxonomies within the StratexPoint risk management software. It describes how StratexPoint can support both a regulatory risk taxonomy to ensure compliance, as well as a business risk taxonomy to help strategic decision making. The document provides examples of taxonomy levels and categories. It also provides an overview of the StratexPoint software's purpose and capabilities in integrating governance, risk, and compliance functions to enable organizations to monitor compliance, manage risk, and execute strategy.
The document discusses project risk management. It defines risk and differentiates between risk and issue. It describes key characteristics of project risks like known and unknown risks. It also explains the different processes involved in project risk management like risk identification, risk analysis, risk response planning, and risk monitoring and control. The last section provides details on the plan risk management process including its inputs, tools and techniques, and output.
This document provides an overview of risk assessment and management. It introduces risk management and identifies types and categories of risk. It then outlines the procedure for managing risk, including planning, identification, assessment, monitoring, and tracking. Tools and practices for risk analysis are presented, including impact analysis, probability analysis, risk mitigation strategies, and qualitative and quantitative analysis. Stakeholder engagement in risk appetite and tolerance is discussed.
1. The document discusses risk management standards and processes for construction project management. It outlines ISO 31000:2009 as the key risk management standard and describes the risk management process it establishes.
2. The risk management process involves establishing the context, identifying risks, analyzing and evaluating risks, treating risks, monitoring risks, and communicating about risks.
3. The document also discusses different risk management strategies like risk avoidance, reduction, sharing, and retaining and provides examples of each.
This document discusses project risk management. It defines risk management as actively managing risks on a project with the goal of being proactive rather than reactive. The key aspects of risk management covered are identifying risks, performing qualitative and quantitative risk analysis to rank risks, and planning risk responses to deal with risks if they occur. Tools for risk management include risk breakdown structures to organize risks, risk profiling to assess common risk areas, and maintaining a risk register to track identified risks and responses. Stakeholder involvement and clear documentation are important parts of establishing an effective risk management plan.
The document provides an overview of project risk management processes and techniques. It discusses qualitative and quantitative risk analysis methods, such as probability/impact matrices and decision trees. Response strategies like risk avoidance, mitigation, and acceptance are also covered. The document aims to equip project managers with tools and best practices for identifying, assessing, and responding to risks throughout the project life cycle.
1) The document discusses enterprise risk management concepts and frameworks. It outlines key risks faced in healthcare such as regulatory risks, operational risks, and reputational risks.
2) An effective risk management program can help organizations avoid surprises, improve governance, and ensure objectives are met without disruptions. The document provides examples of risk organization structures and processes for identification, assessment, and response.
3) Moving forward, the organization will validate risk registers, identify top 15 risks for rigorous management, and review mitigation progress of these risks in monthly leadership meetings. A risk polarization survey will also be conducted regularly.
This document discusses risk and risk management. It begins with an overview of risk categories and types of organizational risks. It then covers establishing the risk management process, which includes identifying risks, analyzing them, integrating risks, assessing and prioritizing risks, and treating risks. It emphasizes that risk management is an ongoing process that requires monitoring and review. It also discusses risk response options and implementing controls assurance through various lines of defense and independent assurance.
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
Understanding your organization’s risks is the first step in developing an effective anti-corruption compliance program. But for many businesses, identifying and understanding their risks is a complex process, involving research, analysis and cooperation from all levels of the organization. Since every company needs a robust compliance program, an effective risk analysis is crucial. The consequences of getting this step wrong can be astronomical.
Join anti-corruption experts Marc Tassé and Patrice Poitevin, as they outline the steps and tools necessary to create a risk profile for your organization.
The webinar will cover:
Tools to help determine areas of risk
Factors to evaluate
The importance of due diligence once risks are identified
Continuous evaluation of your compliance program
How to achieve accountability and transparency
This document discusses enterprise risk management (ERM) frameworks and best practices. It provides an overview of why ERM is important for organizations to deal with potential future uncertainties and support value creation. The document outlines the key components of the COSO ERM framework, including establishing risk management objectives, identifying risks, assessing risks, responding to risks, control activities, information/communication, and monitoring. It also discusses how to implement an effective ERM process through organizational design, risk assessments, determining risk appetite, identifying risk responses, and communication/oversight.
The document provides information about a webinar on ISO 31000:2018 Risk Management. It includes details such as the event date and time, speaker introduction, and session topics. The speaker, Sanjay Gore, will discuss ISO 31000:2018 including the risk management framework, principles, concepts and terms, and the risk assessment process. The webinar will cover the edifice, scope, and key components of ISO 31000:2018 including risk criteria, treatment options, and tools/techniques for risk assessment. Attendees are invited to provide feedback in the chat box.
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
The document discusses a new paradigm called "Five Lines of Assurance" for internal audit and enterprise risk management. It was created to help organizations meet escalating expectations from regulators, credit agencies, institutional investors, and others regarding risk oversight and governance. The Five Lines of Assurance model focuses on an "Objectives Register" that prioritizes key strategic objectives and potential risks. It aims to integrate risk management and assurance functions, engage boards and management, and provide optimized assurance on whether residual risks are within the organization's risk appetite. The model is presented as helping organizations demonstrate effective risk oversight, integrate risk with strategic planning, and meet emerging governance standards.
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
This document provides a summary of a workshop on ISO 31000, the international risk management standard. It discusses key components of ISO 31000, including what a risk register is, accountability, the risk management process, and the risk management framework. The workshop aims to help participants understand ISO 31000 by examining these components and rating their organization against them. Participants will learn what ISO 31000 covers and how to evaluate their risk management practices based on the standard.
Practical approach to Risk Based Internal AuditManoj Agarwal
The document provides an overview of risk based internal auditing. It discusses key concepts like the definition of risk, COSO ERM framework, three lines of defense model, definition of internal audit, and risk based internal audit approach. The approach involves identifying the audit universe and processes, risk identification and assessment, risk scoring and heat mapping, developing the risk based internal audit plan, and executing the plan. Various tools for risk based auditing like the audit tracker, audit report templates, and resources are also outlined.
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
The document discusses ISO 31000 risk management standard and how it can help organizations. It provides an overview of the standard's contents including its principles, framework, and process. It describes what risk management is and how to position it in an organization. Examples are given of where risk management should be considered, such as for organizations, projects, information security, and more. The conclusion stresses that risk management is important and organizations should consider what types of risk assessments are relevant to their objectives.
Risk seminar - john crawley & emer mc anenyИван Вали-Пур
This document provides an overview of risk management concepts including:
- Definitions of risk and risk management from various standards and frameworks.
- The ISO 31000 risk management framework and process which includes establishing context, risk identification, analysis, evaluation and treatment.
- Key aspects of enterprise risk management, governance, compliance and their relationship to each other under the umbrella of GRC (governance, risk, compliance).
- Attributes of effective risk management including being proportionate, aligned, comprehensive, embedded and dynamic.
Risk Management Presentation to Doyle Property Clubmarcpreston
Effective risk management for Contractors , Specialist trades, Property Developers and Homeowners.
Spending 80% of the effort to avoid problem arising rather than 80% effort sorting them after the event.
The document outlines Peter Moore's presentation on creating value through enterprise risk management. It discusses barriers to success like poor frameworks and engagement. It also covers risk management frameworks, focusing on simplicity and intuitiveness. Other sections explain risk appetite and tolerance, integrating risk management into business processes, and using key risk indicators to monitor risks. The goal is to establish a clear risk framework that creates value by better informing decision-making and resource allocation.
With growing risk complexities in business environment and volatile markets, there is an imperative need for attaining quality standards in critical functions, processes & framework. Fortunately with the advent of a new International Standard, ISO 31000:2009, Risk Management – Principles and guidelines, will help organizations of all types and sizes to manage risk effectively. ISO 31000 provides principles, framework and a process for managing any form of risk in a transparent, systematic and credible manner within any scope or context.
In continuation of our fast growing presence and business trajectory, we’re pleased to commence our ISO 31000 Risk Management Training Services in addition to our existing bouquet of Risk advisory , Consulting, Training & Human Capital Services to corporates across India currently being serviced through our multi location delivery centres in major metros with total presence in 11 Indian cities network already.
Key aspects of ISO 31000 standards Training Program:
- The standard recommends that organizations develop, implement and continuously improve a risk management framework as an integral component of their management system.
- It’s a practical document that seeks to assist organizations in developing their own approach to the management of risk.
- By implementing ISO 31000, organizations can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management.
Please find enclosed our Company brief introduction and services brochure for your kind consideration and give us a chance to be your preferred risk knowledge partners.
This document provides information about RiskPro, a risk management consulting firm with offices in India. It discusses RiskPro's services and experience in risk management. Some key points:
- RiskPro provides integrated risk management consulting services to mid-large sized companies in India. It aims to be the preferred provider of governance, risk and compliance solutions.
- RiskPro has over 200 years of cumulative experience in risk management. It offers a hybrid delivery model and can take on large, complex projects.
- RiskPro's services include advisory services for various risks like credit, market, operational and Basel II/III risks. It also provides services related to information security, governance, operational risk and other risks.
-
This document provides information about RiskPro, a risk management consulting firm with offices in India. It discusses RiskPro's services and experience in risk management. RiskPro aims to provide integrated risk management solutions to mid-large sized companies in India. It has over 200 years of cumulative experience among its professionals and offers services across various risk domains including operational, credit, market and other risks. The document also provides an overview of ISO 31000, the international risk management standard.
This document discusses COSO's Enterprise Risk Management framework. It defines ERM as a process designed to identify potential events that may affect an entity and manage risks within its risk appetite. The framework consists of 8 components: internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It is designed to help an organization achieve its objectives and create value for stakeholders. Internal auditors play an important role in monitoring and evaluating the effectiveness of an organization's ERM.
This presentation provides a comprehensive plan for implementing an enterprise risk management program. It covers the costs/benefits of an ERM program, the critical knowledge, skills and abilities of a Chief Risk Officer, a risk taxonomy for insurance firms, a hypothetical organizational structure for an electric utility, a sample risk register, and other useful information.
This document summarizes COSO's Enterprise Risk Management - Integrated Framework. It defines ERM as a process run by an organization's board and management to identify potential events, manage risk within the organization's risk appetite, and provide assurance around achieving objectives. The framework identifies 8 components of ERM - internal environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring. It describes how organizations can implement ERM through risk assessments, determining risk appetite, identifying responses, and ongoing monitoring and oversight. Internal auditors can help by reviewing controls and risk processes and ensuring resources target key risk areas.
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...Diana Rendina
Librarians are leading the way in creating future-ready citizens – now we need to update our spaces to match. In this session, attendees will get inspiration for transforming their library spaces. You’ll learn how to survey students and patrons, create a focus group, and use design thinking to brainstorm ideas for your space. We’ll discuss budget friendly ways to change your space as well as how to find funding. No matter where you’re at, you’ll find ideas for reimagining your space in this session.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Iso 31000 presentation
1. ORMIS April 21, Toronto, ISO 1
ISO 31000 (Nov. 2009)
What is it? What’s new?
How to Implement?
Please interrupt, thank you
John Shortreed
ORIMS Workshop
Wednesday, April 21, 2010
Arts & Letters Club, 14 Elm Street, Toronto, Ontario
2. ORMIS April 21, Toronto, ISO 2
Proposed AGENDA – OK?
• Risk is “effect of uncertainty on objectives”
• Discussion of Adopt 31000 - PHB Bilton and KISS
• Overview of 31000; introduction, scope, principles,
framework, process
• How to “sell” ERM to senior management?
• The role of risk appetite risk tolerance and the ubiquitous
risk matrix/map/profile to deal with existing silos
• How will ERM help improve existing risk management?
• Next steps? How to measure success?
• Monitor, communications and consultation, and risk
ownership.
• Role of CRO? (Ans- Minimal)
• What did we learn today?
3. ORMIS April 21, Toronto, ISO 3
Risk - “effect of uncertainty on objectives” (ISO 31000)
• NOTE 1 An effect is a deviation from the expected — positive
and/or negative. (wrt achieving objectives)
• NOTE 2 Objectives can have different aspects (such as
financial, health and safety, and environmental goals) and can
apply at different levels (such as strategic, organization-wide,
project, product and process).
• NOTE 3 Risk is often characterized (i.e. named, e.g. credit risk) by
reference to potential events (2.17) and consequences (2.18),
or a combination of these.
• NOTE 4 Risk is often expressed in terms of a combination of
the consequences of an event (including changes in
circumstances) and the associated likelihood (2.19) of
occurrence.
4. ORMIS April 21, Toronto, ISO 4
There are two ways a risk can have an effect on objectives.
1. the effect of a risk when and if it should occur, or
2. the very existence of a risk whether it happens or not.
(2.) is the acceptance, or not, of being in risky situations - a friend of mine says he
can not sleep at night if his money is invested in stocks, even knowing they
provide better returns. So he invests in government bonds. It is the
uncertainty that he can not stand. Related to risk appetite.
(1.) is the traditional risk and where risk management seeks to increase the good
and decrease the bad consequences (as translated into objectives)
The "uncertainty" or ambiguity, is the essence of risk, and can be part of:
a. the risk identification (source, associated event(s) & consequence(s) )
b. the event effect or consequence as estimated by analysis methods
c. the probability itself (in addition to uncertainty of identification (a), event (b),
and effect (d)) [probability of a probability drives mathematicians mad]
d. the objectives themselves and the link between consequences and
objectives (either measurement or how objectives reflect values or how
attitudes might bias selection and metrics of objectives)
Discussion from last week
5. ORMIS April 21, Toronto, ISO 5
(Aside) ISO Definitions are nested – rigorous substitution rule
(2.18) Consequence - outcome of an event (2.17)
affecting objectives
and since Event - occurrence or change of a particular set of
circumstances, then
(2.18) Consequence - outcome of an occurrence or
change of a particular set of circumstances affecting
objectives
(2.26 )control - measure that is modifying risk (2.1)
(2.26 )control - measure that is modifying effect of
uncertainty on objectives
Try residual risk (2.27) – insert risk treatment, control (?) and risk
6. ORMIS April 21, Toronto, ISO 6
Discussion of “YES Adopt 31000 “- PHB Bilton and KISS
• survey question – which framework is right?)
• Answer - ISO 31000 should be adopted
immediately and that existing COSO, PMI, and
other frameworks and processes integrated with
31000 in the short term and in the longer term
modified to better reflect, not so much 31000, as
the “ERM risk framework” in the organization.
• The rational is that ISO incorporates these other
approaches [with gaps], is principle and performance based
and is simple enough and flexible enough to be used by
any organization.
7. ORMIS April 21, Toronto, ISO 7
The COSO ERM
Framework
only negative risk!
(a common problem)
Entity objectives can be viewed in the context of
four categories:
• Strategic
• Operations
• Reporting
• Compliance
8. ORMIS April 21, Toronto, ISO 8
BHP Billiton RISK MANAGEMENT POLICY
Risk is inherent in our business. The identification and management
of risk is central to delivering on the Corporate Objective.
• By understanding and managing risk we provide greater certainty and
confidence for our shareholders, employees, customers and suppliers,
and for the communities in which we operate.
• Successful risk management can be a source of competitive
advantage.
• Risks faced by the Group shall be managed on an enterprise-wide
basis.
• Risk Management will be embedded into our critical business activities,
functions and processes. Risk understanding and our tolerance for risk
will be key considerations in our decision making.
• Risk issues will be identified, analysed and ranked in a consistent
manner. Common systems and methodologies will be used. (cont.)
9. ORMIS April 21, Toronto, ISO 9
•Risk controls will be designed and implemented to reasonably assure the
achievement of our Corporate Objective. The effectiveness of these controls
will be systematically reviewed and, where necessary, improved.
•Risk management performance will be monitored, reviewed and reported.
Oversight of the effectiveness of our risk management processes will provide
assurance to executive management, the Board and shareholders.
•The effective management of risk is vital to the continued growth and
success of our Group.
• signed Chip Goodyear
•Chief Executive Officer (see web site for all the BHP good stuff)
Done by 3 people (lead Grant Purdy) in 4 years
for all 200,000 employees, with 80,000 risk owners identified
Over 12,000 risk assessments on file (open), and then
Risk management department eliminated.
IT CAN BE DONE – Keep It Sweet and Simple
Senior Management leads the charge
10. Commit and Mandate
•Policy Statement
•Standards
•Guidelines
•RM Plan and RM Process
•Assurance Plan
Communicate & Train
•Stakeholder analysis
•Training needs analysis
•Communication strategy
•Training strategy
•Roles and Reporting
Structure & Accountability
•Board RM Committee
•Executive RM Group
•RM Working Group
•Facilitator for Risk Management
•RM Champions
•Risk and Control Owners
Review & Improve
•Control assurance
•RM Plan progress
•RM Maturity Evaluation
•RM KPIs
•Benchmarking
•Governance reporting
Framework Continuous
Improvement Cycle
Management Information System
-Risk Registers -Treatment Plans
-Assurance Plan -Reporting templates
Framework Implementation
Establish context
Identify risks
Analyse risks
Evaluate risks
Treat risks
Communicateandconsult
Monitorandreview
Risk assessment
Process for Managing Risk
Framework
Implementation
FrameworkContinuous
ImprovementCycle
11. ORMIS April 21, Toronto, ISO 11
4.2
Mandate
and
commitment
4.4
Implementing
risk
management
4.3
Design of
framework
for managing risk
4.6
Continual
improvement
of the
framework
4.5
Monitoring
and review
of the
framework
Framework for
managing risk
(Clause 4)
a) Creates value
b) Integral part of
organizational processes
c) Part of decision making
d) Explicitly addresses
uncertainty
e) Systematic, structured
and timely
f) Based on the best
available information
g) Tailored
h) Takes human and
cultural factors into
account
i) Transparent and inclusive
j) Dynamic, iterative and
responsive to change
k) Facilitates continual
improvement and
enhancement of the
organization
Principles for
managing risk
(Clause 3)
Process for managing
risk
(Clause 5)
ISO Overview
3 main clauses
plus terminology from
ISO Guide 73
12. ORMIS April 21, Toronto, ISO 12
How to “sell” ERM to senior management? Up to Organization not you
When implemented and maintained in accordance with this International
Standard, the management of risk enables an organization to, for example:
• increase the likelihood of achieving objectives;
• encourage proactive management;
• be aware of the need to identify and treat risk throughout the organization;
• improve the identification of opportunities and threats;
• comply with relevant legal and regulatory requirements and international norms;
• improve mandatory and voluntary reporting;
• improve governance;
• improve stakeholder confidence and trust;
• establish a reliable basis for decision making and planning;
• improve controls;
• effectively allocate and use resources for risk treatment;
• improve operational effectiveness and efficiency;
• enhance health and safety performance, as well as environmental protection;
• improve loss prevention and incident management;
• minimize losses;
• improve organizational learning; and
• improve organizational resilience.
13. ORMIS April 21, Toronto, ISO 13
The role of risk appetite & risk attitude
“amount and type of risk that an organization is willing to
pursue or retain”
“organization's approach to assess and eventually
pursue, retain, take or turn away from risk “
• Vague term that is still evolving, can be bottom up (from typical
decisions) or top down from basics of survival and comfort of board
and senior management
• In conceptual terms
– Identify all risks (events and consequences ) [high level]
– Estimate plausible worst case and best case scenarios – may be
expressed as a risk profile
– Examine the robustness of the organization wrt plausible cases
– Balance opportunities and threats against the organization’s
capabilities/resources and select a risk appetite or risk attitude –
how risk adverse?
14. ORMIS April 21, Toronto, ISO 14
Risk Tolerance is the practical step between
risk appetite and risk criteria (risk evaluation)
(also deals with silos)
• for specific consequence categories
(reputation, credit, compliance, country, etc.)
• for predetermined categories of likelihood
• find equivalent effects on objectives
• done by senior management (workshops)
• using risk matrix results as a check and
perhaps involving voting, delphi, etc.
15. ORMIS April 21, Toronto, ISO 15
Likelihood Scale for Tolerance (Simple Rating Scale)
(Hydro 1 Harvard Business School case study 9-109-001)
1. Remote 5% probability that the event will occur in the next 36
months
2. Unlikely 25% probability that the event will occur in the next 36
months
3. Even Odds 50% probability that the event will occur in the next
36 months
4. Very Likely 75% probability that the event will occur in the next
36 months
5. Virtually Certain 95% probability that the event will occur in the
next 36 months
16. ORMIS April 21, Toronto, ISO 16
Hydro 1 Risk Tolerances for 3 Silos (Fraser, 2009)
Business
Objective
Conse-
quence
5
Worst Case
4
Severe
3
Major
2
Moderate
1
Minor
Financial Net income
(shortfall)
>$150
million
$75-
$150
million
$25-
$75
million
$5-$25
million
<$5
million
Reputa
tion
Negative
Media-
Opinion
Leaders and
Public
Internation
al
Everyone
National
Most
Provin
cial
Several
Local Letters
To Govt
& Hydro
System
reliability
Outages
Customers,
or # MW for
7days, or
Fail NERC
>100,000
>1000
YES
40-100k
400-1000
Some
10-40k
100-400
Warning
1-10k
10-100
Near many
<1,000
<10
Near few
17. ORMIS April 21, Toronto, ISO 17
Standard sort of Risk Matrix
be careful, extremely careful, with risk matrices
works well at the understanding/communications level, BUT
Very Likely
(>.45)
Likely
(.45 - .19)
Medium
(.19 - .05)
Unlikely
(.05 - .011)
Remote
(< .011)
Minor
Moderate
Major
Severe
Catastrophic
Likelihood
Consequences
High
Medium
Low
Risk levels plotted
in structured
Workshop with
Experts, voting, Delphi…
18. ORMIS April 21, Toronto, ISO 18
Example of use of Risk Matrix
to set priorities
What might be wrong with this?
1. Refurbish 3. IT Upgrade
Medium
High
Low
KPI - Tx/Dx Reliability
Consequences
>10
5-10
1-5
.2-1
<0.2
Likelihood
No Impact
Medium
High
Low
KPI - Unsupplied Energy
Likelihood
VL
L
M
UL
VU
L
Consequences
Cata
Severe
Major
Mod
Minor
Medium
High
Low
KPI - SFI
Likelihood
VL
L
M
UL
VU
L
Consequences
Cata
Severe
Major
Mod
Minor
Medium
High
Low
KPI - Unavailability
Likelihood
VL
L
M
UL
VU
L
Consequences
Cata
Severe
Major
Mod
Minor
Medium
High
Low
KPI - Worst Served Cust.
Likelihood
VL
L
M
UL
VU
L
Consequences
Cata
Severe
Major
Mod
Minor
No Impact
2. Vegetation Mgmt
Medium
High
Low
KPI - Dx SAIDI
Likelihood
Consequences
Cata.
Severe
Major
Mod
Minor
Medium
High
Low
KPI - Dx SAIFI
Likelihood
Consequences
Cata.
Severe
Major
Mod
Minor
19. ORMIS April 21, Toronto, ISO 19
Basic and overarching in 31000 – Integration
ISO 31000 “recommends that ;
organizations develop, implement and
continuously improve a framework whose
purpose is to integrate the process for
managing risk (RMP) into the organization's
overall governance, strategy and planning,
management, reporting processes, policies,
values and culture.”
How will ERM help improve existing risk management?
20. ORMIS April 21, Toronto, ISO 20
Overarching in 31000 – Integration
(continued)
4.3.4 Integration into organizational processes
•Risk management (RM) should be embedded in all the
organization's practices and processes in a way that it is
relevant, effective and efficient.
•The risk management process should become part of,
and not separate from, those organizational processes
•When you make any decision/choice then part, and only
a part, of the decision process is the Risk Management
Process (RMP)
21. ORMIS April 21, Toronto, ISO 21
Overarching in 31000 – Integration (continued)
“2.7 risk owner - person or entity with the
accountability and authority to manage a risk ”
•Every risk (effect of uncertainty on objectives) is
owned
•Risk owners are listed in risk register
•Ownership has its privileges – get to monitor:
risk, risk controls (may be responsibility of others), cost
of controls, effectiveness of controls, value of RMP
(risk management process); and continuously improve all
•your annual evaluation includes how well you
manage your owned risks (part of the standard!)
22. ORMIS April 21, Toronto, ISO 22
Ironically, 48.7% of respondents describe
the sophistication of their risk oversight
processes as immature to minimally
mature. Forty-seven percent do not have
their business functions establishing or
updating assessments of risk exposures
on any formal basis. Almost 70% noted
that management does not report the
entity’s top risk exposures to the board of
directors. These trends are relatively
unchanged from those noted in the 2009
report. (NCU ERM center 2010 report)
23. ORMIS April 21, Toronto, ISO 23
“risk management framework –
set of components that provide the foundations and
organizational arrangements for designing, implementing,
monitoring, reviewing and continually improving risk
management throughout the organization
NOTE 1 The foundations include the policy, objectives,
mandate and commitment to manage risk
NOTE 2 The organizational arrangements include plans,
relationships, accountabilities, resources, processes and
activities
NOTE 3 The risk management framework is embedded
within the organization's overall strategic and operational
policies and practices “ (ISO 31000)
24. ORMIS April 21, Toronto, ISO 24
7 components to the ERM Framework
1. Mandate and commitment to
the framework (step 1)
a. Agreement in principle to proceed
b. Gap analysis
c. Context for framework
d. Design of framework
e. Implementation plan
2. Risk management policy
a. Policies for the framework, its
processes and procedures
b. Policies for risk management
decisions;
– i. Risk Appetite
– ii. Risk Criteria
– iii. Internal Risk Reporting
3. Integration into the
Organization
4. Risk Management Process
5. Communications and
Reporting
6. Accountability
• a. Risk ownership and risk register
• b. Managers’ performance evaluation
7. Monitoring, Review and
Continuous improvement
a. Responsibility for maintaining and
improving framework
b. Risk Maturity and continuous
improvement of framework
25. Commit and Mandate
•Policy Statement
•Standards
•Guidelines
•RM Plan and RM Process
•Assurance Plan
Communicate & Train
•Stakeholder analysis
•Training needs analysis
•Communication strategy
•Training strategy
•Roles and Reporting
Structure & Accountability
•Board RM Committee
•Executive RM Group
•RM Working Group
•Facilitator for Risk Management
•RM Champions
•Risk and Control Owners
Review & Improve
•Control assurance
•RM Plan progress
•RM Maturity Evaluation
•RM KPIs
•Benchmarking
•Governance reporting
Framework Continuous
Improvement Cycle
Management Information System
-Risk Registers -Treatment Plans
-Assurance Plan -Reporting templates
Framework Implementation
Establish context
Identify risks
Analyse risks
Evaluate risks
Treat risks
Communicateandconsult
Monitorandreview
Risk assessment
Process for Managing Risk
Framework
Implementation
FrameworkContinuous
ImprovementCycle
26. ORMIS April 21, Toronto, ISO 26
The risk management process
Establish the context
Identify risks
Analyse risks
Evaluate risks
Treat risks
Communicateandconsult
Monitorandreview
Used by every manager for every decision
27. ORMIS April 21, Toronto, ISO 27
Risk Assessment
• Identify the risks
• Analyze the risks (Note: when numerical estimates
of likelihood, consequences not available then
subjective risk matrix methods may be used)
• Evaluate the risks against Risk Criteria
• Result of Evaluation is to (or not to) Accept Risk-
”informed decision to take a particular risk”
• Not Acceptable, go to Risk Treatment
28. ORMIS April 21, Toronto, ISO 28
Risk Treatment- “process to modify risk”
“NOTE 1 Risk treatment can involve:
— avoiding the risk
—increasing risk in order to pursue an opportunity;
— removing the risk source
— changing the likelihood
— changing the consequences
— sharing the risk with another party or parties [including risk
financing]
— retaining the risk by informed decision
NOTE 3 Risk treatment can create new risks or modify existing
risks.”
Risk Treatment is often a cycle of: Control options, Assessment of
Residual Risk, Accept?, Treat risk?, Control options,
Assessment…
29. ORMIS April 21, Toronto, ISO 29
“communication and consultation”
“continual and iterative processes that an organization
conducts to provide, share or obtain information, and
to engage in dialogue with stakeholders regarding
the management of risk
• NOTE 1 The information can relate to the existence, nature,
form, likelihood, significance, evaluation, acceptability,
treatment aspects
• NOTE 2 Consultation is a two-way process of informed
communication between an organization and its stakeholders on
an issue prior to making a decision or determining a direction on
that issue. Consultation is:
– a process which impacts on a decision through influence
rather than power; and
– an input to decision making, not joint decision making. “
30. ORMIS April 21, Toronto, ISO 30
Example risk register for a specific Strategic Objective – illustration only
Courtesy of the Food Company
•High
Risk
ProfileObjective xx “Ready-to-Heat”
Action Plan
Accelerate innovation
Conduct competitor analysis
session
Increase of aggressive competition
from Rice Master and Fast Rice
Aggressive year for growth target
for the segment & brand
Achieve new product growth
targets
Control ActivitiesRisks (uncertainties re Obj)
•JoeOwner
•yesPriorityAggressively grow and build the ready-to-heat business by expanding the
product line (15% NSV growth & maintain shares above 30%) and
broaden the availability of the product.
1. Identify initiatives and their associated
descriptions with measurable objectives
2. Prioritize order of
the key initiatives
based on their
contribution to
achieving the overall
financial and strategic
objectives within the
OP
4. List of risks that could hinder the ability to
meet the initiative’s objectives
5. List of planned activities that will modify the
risks – match the treatment strategies to risk
through the reference numbers
6. Management Team evaluates the probability
of success in achieving this initiative’s overall
objectives
3. Document the
individual in charge of
the given initiative
7. Document the
immediate next steps
for effective initiative
execution
1
2
3
1,2,3
1
Jane to develop 2-3 innovation
schemes within 2 months
Joe to do market analysis
32. ORMIS April 21, Toronto, ISO 32
Companies that are considered "strong" demonstrate an enterprise-
wide view of risks, but are still focused on loss control. These
companies have control processes for major risks, thus giving them
advantages due to lower expected losses in adverse times, as such
companies can consistently identify, measure, and manage risk
exposures and losses in predetermined tolerance guidelines. Strong
ERM firms are unlikely to experience unexpected losses outside of
tolerance levels. Risk and risk management are usually important
considerations in such firms' corporate judgment.
Companies that are considered "excellent" possess all of the
characteristics of those scored "strong" and will also demonstrate
risk/reward optimization. Such companies have very well-developed
capabilities to consistently identify, measure, and manage risk
exposures and losses in predetermined tolerance guidelines. Risk and
risk management are always important considerations in such firms'
corporate judgment. It is highly unlikely that these firms will experience
losses outside of their risk tolerance.
How to measure success? – Risk Maturity?
Standard and Poor’s ERM perspective (still too negative)
33. ORMIS April 21, Toronto, ISO 33
Risk Maturity Score – Fraser Valley Health
Level of ERM Maturity
Elements of ERM 1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimized
Organization Philosophy &
Culture
Leadership Commitment
RM Capabilities
RM Process
Monitoring & Review
Reporting & Control
Integration with other
Management Systems
34. ORMIS April 21, Toronto, ISO 34
Organization Philosophy & Culture
Level of
Maturity
1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimized
1. Risk
management
culture
The focus is
primarily on
responding to crises
and tends to be
reactive rather than
proactive.
People tend to be risk
averse. Risks are
identified primarily
at operational and
project levels. RM
concepts are
intuitively
understood and
practised on ad hoc
basis. A cautious
approach is taken to
RM overall.
RM is done
proactively to
anticipate risks and
develop mitigation
plans. Emerging risks
are considered. Focus
is on opportunities,
not just risk
avoidance. Risk
implications are
considered in all
major decisions.
Risks are consistently
managed. Staff are
encouraged to be
innovative. The
organization fosters a
culture of continuous
learning and
participation. Staff
are highly committed
to organization
success.
RM is done at every
level in the
organization, and is
strongly integrated
with management
practices. Individual
and organization
expectations for RM
are synchronized.
2. Roles and
responsibilities
for managing risk
Roles and
responsibilities are
not documented and
are unclear. No
individual
accountability for
managing risk. RM is
viewed as a
department rather
than a process.
Responsibilities for
managing risk have
been established (job
descriptions, terms of
reference, etc.), but
are not understood or
consistently
followed. Risk is
managed intuitively,
on an ad hoc basis.
Roles and
responsibilities for
RM are clear, well
communicated and
understood
throughout the
organization.
RM is embedded in
individual behaviour.
Individuals are
empowered to
manage risks.
Responsibility for
RM is an integral
part of goal setting
and performance
planning.
Individual
accountability for
RM is firmly
embedded in
organization culture.
Roles and
responsibilities for
RM is aligned with
overall organization
accountability
framework.
35. ORMIS April 21, Toronto, ISO 35
Organization Philosophy & Culture cont’d
Level of
Maturity
1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimized
3. Linkage to
ethics and values
No ethics policy or
guidelines in place.
Policy statements are
issued on ad hoc
basis. No clear
statements of shared
values or principles,
or attention to legal
or political
considerations.
Organization has an
ethics and values
statement. RM
philosophy is
reflected in written
code of ethics and
values. Philosophy is
attuned to legal and
political
considerations.
Policies are
communicated across
the organization but
applied
inconsistently.
Ethics and values
principles and
legal/political
considerations are
well understood by
staff, and applied
consistently
throughout the
organization. RM
approach is closely
aligned with ethics
and values.
Ethics and values
help managers take a
balanced approach to
RM, and reconcile
competing external
forces. Ethics and
values surveys
consider risk, and are
carried out regularly.
Improvements are
made.
Ethics, values and
sensitivity to
legal/political
considerations are
consistently reflected
in organization
practices and RM
approach.
Atmosphere of
mutual trust exists at
all levels of
organization. Few
infractions or
incidents occur.
4. Valuing risk
management
behaviour
High level of
scepticism exists
within organization.
Mixed messages are
given to staff. RM is
not considered in
assessing and
rewarding
performance. Staff
contribution to
managing risk is not
recognized or valued.
People are consulted
and given
opportunity to
participate in RM.
Staff contribution to
managing risk is
recognized on ad hoc
basis. Performance in
managing risks is
considered in
recognition and
rewards programs.
The working
environment supports
a proactive approach
to managing risks.
Information on risk is
shared openly.
Strong sense of
teamwork exists
across the
organization.
Recognition and
rewards programs
encourage staff to
manage risks and
take advantage of
opportunities.
Management is
committed to
continuous RM
learning. Sanctions in
place for knowingly
ignoring risks. Staff
development is a
major organization
priority.
Staff encouraged and
recognized for
identifying risks and
opportunities, and for
identifying risks not
being appropriately
managed. Staff
continuously cited
for their exemplary
behaviour. Value of
human capital in the
organization is
measured.
36. ORMIS April 21, Toronto, ISO 36
Leadership Commitment to Risk Management
Level of
Maturity
1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimized
5. Leadership RM is the concern of
managers, and is
dealt with on an ad
hoc basis. RM
concepts are ill
defined and not well
understood. No
leadership
engagement.
RM initiatives are
supported by senior
management on ad
hoc basis. Risks are
managed by
operational
managers. No Board
engagement.
Senior management
regularly engaged in
formal RM process.
Minimal Board
engagement.
Senior management
oversee and
champion the
organization’s RM
framework, and lead
by example. Some
Board engagement.
Board and senior
management
commitment for RM
clearly articulated,
and strongly
embedded at all
levels of the
organization.
6. Risk
management
framework &
policy
The organization has
no formal RM
framework or policy.
Some RM policies
for specific areas
have been formally
documented to
address specific
risks.
Organization RM
framework in place.
Organization RM
framework and
policy. These are
well communicated
and followed.
Board approved RM
framework and
policy are well
communicated,
followed and
compliance is
monitored.
7. Roles and
responsibilities of
senior
management
Unclear roles and
responsibilities for
RM. The audit
function is seen as
responsible for
identifying risks.
Specialists are
responsible for
managing risks.
Managers identify
and respond to risks
on an ad hoc basis.
Senior management
assume responsibility
for RM practices.
Collectively, they
identify and assess
key organization
risks, and develop
mitigation plans.
Senior management
roles and
responsibilities for
RM are well
documented in
accountability
agreements or
governance
documents. They are
consistently applied
and monitored.
Senior management
promote and support
research into RM
best practice to
ensure evidence-
based approach.
They are seen as
leaders and
innovators for
implementing state of
the art RM concepts.
37. ORMIS April 21, Toronto, ISO 37
Risk Management Capabilities
Level of
Maturity
1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimized
8. Risk
management
competencies
RM is not perceived
to be a formal
competency. RM
concepts are not well
understood.
RM competencies
have been identified,
and skills gap
established by some
managers. Little or
no formal training
has been done.
Training in RM is
high priority. Skills
gap is being
addressed. Training
is being sourced.
There is “cross-
fertilization” between
specialists and
managers.
RM competency
development is
integral part of
individual learning
plans, and
organization
development
programs. Staff at all
levels are being
trained, and skills
gaps addressed.
Ongoing
commitment to
ensure continuous
renewal of RM
competencies. The
organization is well
known and respected
for its RM training
program.
9. Risk
management
techniques
Limited RM tools
and techniques are
available.
Managers tend to use
their own individual
approach for risk
analysis. Available
RM techniques have
limited focus in
specialised areas
(e.g., finance,
OH&S, IT project
management).
Managers have
access to various RM
techniques that
integrate financial
and non-financial
information for risk
analysis. Tools are
used with specialist
support.
Wide range of RM
tools/techniques
available to all staff
who understand how
to use them, as well
as their benefits and
limitations.
Knowledge transfer
occurs between
specialists and
managers.
RM tools and
techniques are
integrated with other
management decision
support tools. Strong
interface with IS.
Periodic review and
update of tools and
techniques.
10. Specialist
support
No specialist support
for RM.
Specialists are used
by management to
carry out basic risk
analysis on an ad hoc
basis.
Specialists are known
throughout the
organisation and
often called upon by
managers to provide
RM analysis and
advice on specific
issues.
The expert advisory
role of specialists is
valued by all levels
of management.
Specialist support
viewed as a key
enabler in initiating
change.
Specialists advise on
broad range of issues,
on an integrated
basis, through multi-
disciplinary teams.
Externally
recognized.
38. ORMIS April 21, Toronto, ISO 38
Risk Management Process
Level of
Maturity
1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimized
11. Risk
identification &
assessment
No formal process to
identify and assess
risks.
Risks are identified
for specific areas,
and assessed by
managers on an ad
hoc basis. No formal
process in place. No
attempt to aggregate
risks across the
organization.
Formal risk
assessment process
and tools available to
managers. Tools are
used with specialist
support. Risks are
identified across the
organisation to
provide aggregate
view.
Formal process and
tools available to
managers who
understand their
benefits/limitations,
and know how to
apply them. More
sophisticated tools
available with
specialist support.
Risk categories
provide aggregate
view for better
understanding.
Risk assessment
process and tools are
integrated with other
management decision
support tools. Strong
interface with
organization
management
information systems.
12. Risk
tolerance
Risk tolerance is not
defined.
Risk tolerance is not
defined. Specific risk
levels are accepted or
rejected intuitively.
Risk tolerance is
somewhat defined for
the organization and
used by management.
Common
understanding and
application of
specific risk
tolerance levels.
Risk tolerance levels
established at all
levels of the
organization guide
decision making.
13. Risk
documentation
No formal risk
documentation is
done.
No formal process in
place. Risks
documentation that
does occur is ad hoc
and inconsistent.
Formal
documentation of
risks in some areas –
i.e., risk register, RM
plans.
Formal
documentation of
risks at all levels of
the organisation.
Risk registers and
RM plans are
regularly monitored
and updated.
Formal
documentation of
risk (risk register,
RM plans) is an
integral part of
planning and
decision making –
and a requirement of
the Board.
39. ORMIS April 21, Toronto, ISO 39
Monitoring & Review
Level of
Maturity
1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimized
14. Performance
measurement
No formal
performance
measurement system
in place.
Performance
measurement at
departmental level
involves monitoring
of risks. Some risk
indicators have been
developed but not
consistently applied.
Organization-wide
performance
measurement system
includes monitoring
of risk indicators.
Risk indicators are
interpreted in relation
to other corporate
performance
measures. Regular
monitoring and
review by Executive.
Strategic and
operational risk
indicators and
performance
measures are closely
linked. Regular
monitoring and
review by Executive
and the Board.
15. Review of the
risk management
practices
No measurement
framework in place
to assess RM
practices.
Evaluation of RM
practices occurs in
specific areas. This is
typically done by
internal audit.
Performance
indicators to assess
progress in
implementing
organization RM
framework, and the
effectiveness of RM
practices have been
developed.
Information is
regularly collected to
monitor outcomes
achieved as a result
of RM framework
and practices.
Benchmarks
established against
which to assess
progress.
Performance against
indicators is
measured, and results
tracked over time.
Action taken to
improve. RM
performance
indicators and
benchmarks are
regularly reviewed
and updated.
40. ORMIS April 21, Toronto, ISO 40
Reporting & Control
Level of
Maturity
1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimized
16. Risk
management
plans
No formal RM plans
exist.
Formal RM plans in
place to address and
report on specific
risks. However, RM
plans are not
developed on a
consistent basis
throughout the
organization.
RM is discussed as a
part of the strategic
and business
planning processes.
Plans include an
overview of key risks
and mitigation.
Organization-wide
RM plan in place that
includes
comprehensive
analysis of
organization risks
and mitigation. Plan
is regularly reported
against, reviewed
and updated by
senior management.
Organization RM
plan is viewed as
integral to
organization success.
The plan is regularly
reviewed and
updated by senior
management, and
reported to the
Board.
17. Controls Existing controls are
not linked to
corporate objectives
or risk appetites. No
criteria in place to
evaluate controls
effectiveness.
Controls are used on
an ad hoc basis to
respond to new risks.
Limited cost/ benefit
analysis of controls.
Controls
effectiveness is not
monitored on a
regular basis.
Controls reflect
corporate objectives
and risk appetites.
Cost/ benefit analysis
of controls is
regularly conducted.
Controls compliance
and effectiveness is
monitored at high
level.
Risk significance, as
well as the cost/
benefit of mitigation
options is considered
prior to
implementing
controls. Compliance
with, and
effectiveness of,
controls is regularly
monitored and
reported throughout
the organization.
The organization’s
control environment
is integrally linked to
objectives, risk
appetites and RM
strategies. Controls
compliance and
effectiveness is
regularly monitored
and reported against,
and improvements
made as required.
41. ORMIS April 21, Toronto, ISO 41
Integration with Other Management SystemsLevel of
Maturity
1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimized
18. Linkage with
strategic and
operational
planning
RM is not linked
with organization
planning processes.
Risks are considered
in development of
business and
operational plans on
ad hoc and
inconsistent basis.
Formal consideration
of risks is integral
part of strategic and
operational planning.
Formal RM process
integral to strategic
and operational
planning. Risks are
prioritized, and
cost/benefit of
mitigation options
are assessed.
RM process is fully
embedded in
organization
planning at all levels.
A variety of
modelling techniques
used to quantify
risks.
19. Linkage to
management
information
system
Limited management
information to
support RM.
Management
information exists to
varying degrees to
support RM at
departmental level.
Management
information exists for
organisation as a
whole but with
limited “drill-down”
capability.
Organization-wide
performance
management system
in place. Information
is used on ongoing
basis to support RM.
Sophisticated
decision support
tools available on-
line to support RM at
all levels of the
organization.
20. Linkage to
internal
communication
and feedback on
risks
No formal internal
communication
channels for risk
issues.
Ad hoc
communication on
risk issues at
departmental level.
Managers tend to
work independently
with some
interaction.
Communication on
risk issues follows
normal reporting
channels. Some
sharing of
information across
the organization.
Risk information is
shared across the
organization. A pro-
active effort made to
communicate
information on RM
best practices and
lessons learned.
RM best practices
and lessons learned
are regularly
communicated to the
organization via
newsletter, web page,
orientation, etc.
21. Linkage to
communication
with external
stakeholders
No formal
communication with
external stakeholders
on risk issues.
Communication with
stakeholders is ad
hoc. Risk information
is communicated on
a “need to know”
basis.
Formal process to
communication with
stakeholders on risk
issues.
Regular reporting to
stakeholders on
performance and
risks. Stakeholder
feedback obtained
and considered in
risk mitigation.
Careful consideration
of stakeholder
interests in risk
mitigation. The
organization is
widely respected by
stakeholders.
42. ORMIS April 21, Toronto, ISO 42
Roles in ERM – One scheme
Legitimate Internal Audit
roles with safeguards
Core Internal Audit roles
Roles Internal Audit should
not undertake
Giving assurance that the control systems are effective
Giving assurance that risks are correctly evaluated
Evaluating Risk Management processes
Evaluating reporting of material risks
Reviewing
the
m
anagem
ent of m
aterial
risks
Giving
advice
on
identifying
&
evaluating
risks
ChampioningestablishmentofERM
Facilitatingriskworkshops
CentralcoordinatingpointforERM
Monitoringrisksacrossthebusiness
Holisticreportingonrisks
FacilitatingManagement’sresponsetorisks
OperatingtheERMframework
DevelopingRM
strategyforBoardapproval
Im
posing
risk m
anagem
ent processes
Setting
the
risk
appetite
Assurance by management on
controls and
risks
Taking decisions on risk responses
Managing risks on Management’s behalf
Accountability for risks and controls
Giving assurance on the Risk Management processes
Internal Audit roles
CRO or Risk Management Department
Roles for Management
At all levels of organization
43. ORMIS April 21, Toronto, ISO 43
Are we done yet? Agenda Covered? Questions?
• Risk is “effect of uncertainty on objectives”
• Discussion of Adopt 31000 - PHB Bilton and KISS
• Overview of 31000; introduction, scope, principles,
framework, process
• How to “sell” ERM to senior management?
• The role of risk appetite risk tolerance and the ubiquitous
risk matrix/map/profile to deal with existing silos
• How will ERM help improve existing risk management?
• Next steps? How to measure success?
• Monitor, communications and consultation, and risk
ownership.
• Role of CRO? (Ans- Minimal)
• What did we learn today?
44. ORMIS April 21, Toronto, ISO 44
Opportunities
Threats
Risks: +ve
and -ve
Strategic Risk Management Process
Decision to “Take a Risk” or not
Detailed (RMP) Risk
Management ProcessRisk Control(s)
Residual Risk
Actual Risk ???
Risk Financing
Anatomy of Risk
Objectives