1. (Company Name)Enterprise
Risk Management Seminar
Facilitated by
Jabulani Mbengo
(Head Internal Audit)
Date: 12 April 2014

2. SEMINAR OBJECTIVES
• Understand the concept of Enterprise Risk Management
• Appreciate the benefits of Effective Risk Management
• Understand pressures for adopting Effective Risk
Management
• Identify appropriate structure for Effective Risk
Management
• Profile potential risks facing the Company
• Understanding current controls in place
• Propose additional responses to mitigate identified risks

3. INTRODUCTION
AIG, once
considered “too big
to fail” had to be
bailed out by the US
government (Why –
because they did
not identify and
manage product
and strategic risks)
The disappearance
of Flight MH370 of
Malasia, who could
have thought a
plane can disappear
with trace?
The Westgate
terrorist saga in
Kenya in 2013
(Security risk)

4. DEFINITION OF ENTERPRISE RISK MANAGEMENT
“… a process, effected by an entity's board of directors,
management and other personnel, applied in strategy setting
and across the enterprise, designed to identify potential
events that may affect the entity, and manage risks to be
within its risk appetite, to provide reasonable assurance
regarding the achievement of entity objectives.” COSO
Identify potential Events
that may affect the
company
Manage risks within the
company’s risk appetite
Provide reasonable
assurance of how risks are
being managed

5. Benefits of ERM
 Greater likelihood of achieving company objectives;
 Consolidated reporting of disparate risks at board level;
 Improved understanding of the key risks and their wider
implications;
 Identification and sharing of cross business risks;
 Greater management focus on the issues that really matter;
 Fewer surprises or crises;
 More focus internally on doing the right things in the right
way;
 Increased likelihood of change initiatives being achieved;
 Capability to take on greater risk for greater reward
 More informed risk-taking and decision-making.

6. PRESSURES FOR EFFECTIVE RISK MANAGEMENT IN ORGANISATIONS

7. RISKS FACING ORGANIZATIONS

8. WHY INSURANCE COMPANY BECOME INSOLVENT? (This is USA statistics)

9. THE ACTIVITIES INCLUDED IN ERM
 Articulating and communicating the objectives of the organisation;
 Determining the risk appetite of the organisation;
 Establishing an appropriate internal environment, including a risk
management framework;
 Identifying potential threats to the achievement of the objectives;
 Assessing the risk i.e. the impact and likelihood of the threat occurring;
 Selecting and implementing responses to the risks;
 Undertaking control and other response activities;
 Communicating information on risks in a consistent manner at all levels in
the organisation;
 Centrally monitoring and coordinating the risk management processes and
the outcomes, and
 Providing assurance on the effectiveness with which risks are managed.

10. EFFECTIVE STRUCTURE OF ERM
Board
Chief Executive
Officer/ Managing
Director/General
Manager
Management Risk
Committee
Chief Risk
Officer/ERM
Champion
Board Risk
Committee

11. INTERNAL AUDIT ROLES IN RISK MANAGEMENT

12. WHAT IS RISK ASSESSMENT?
A risk assessment is simply a
careful examination of what, in
your work, could go wrong to
cause harm to people, and the
organization, so that you can
weigh up whether you have
taken enough precautions or
should do more to prevent harm
A risk assessment is an
important step in protecting
your workers and your
business, as well as
complying with the law. It
helps you focus on the risks
that really matter in your
workplace – the ones with
the potential to cause real
harm

13. OUR TASK TODAY
We need to be able to complete the
following Total Risk Profiling table- terms
are described in the following slides
Risk
No
Vulnerabi
lity
Trigg
er
Consequen
ces
Severity Probability/Likeli
hood
Current Controls
/Management
actions to
Improve

14. EXPLAINING TERMS IN THE TOTAL RISK PROFILING
TABLE
Terms
Vulnerability
This is the ‘what’, and the
‘where’
This column describes the
inherent potential
vulnerability in the
enterprise being analyzed
We need to identify all
risks that can negatively
impact on FICO
Trigger:
The ‘how’ or the ‘why’
Describes the failure or
initiating that triggers
an unintended release
of the threat or
development of the
weakness described in
the ‘vulnerability’
column
Consequences
The ‘how bad’ or the
‘how big’
This column describes
the nature and
magnitude of the
consequences which
result from the
unintended release of
the threat or
development of the
weakness described in
the vulnerability and
trigger columns

15. EXPLAINING TERMS IN THE TOTAL RISK PROFILING
TABLE….
SEVERITY LEVEL DEFINITION
I Catastrophic Threatens viability of the business
II Critical Serious damage to financial condition,
reputation or ability to meet business
objectives
III Significant Limits ability to operate within
budgets and achieve business
development and financial targets
IV Marginal Minor impact

16. EXPLAINING TERMS IN THE TOTAL RISK PROFILING
TABLE….
PROBABILITY LEVEL DEFINITION
A Very High It will happen soon Often experienced or
likely to occur frequently
B High It will happen sooner or
later
Several times experienced
or occurring
C Occasional It can happen sooner or
later
Sometimes experienced
or occurring
D Low It is expected to happen
one day
Maybe experienced or
occurring
E Very Low It is not expected but
can happen
Unlikely to be
experienced or to occur
F Almost
impossible
Theoretically possible Theoretically impossible

17. KEY FOCUS AREAS
Strategic Risk
Insurance
Risk
Operational
Risk
Credit and
Investment
Risk
Financial Risk