Enterprise Risk Management: Concepts & Issues



Similar documents
SAI GLOBAL LIMITED Risk Management Policy

RSA ARCHER OPERATIONAL RISK MANAGEMENT

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Successfully identifying, assessing and managing risks for stakeholders

Analyzing Risks in Healthcare. February 12, 2014

Subject ST9 Enterprise Risk Management Syllabus

How To Manage Risk

Strategic Risk Management for School Board Trustees

ISO 31000: ISO/IEC & ISO Guide 73: New Standards for the Management of Risk

Enterprise Risk Management: Taking the First Steps

May Wilfrid Laurier University Enterprise Risk Management Draft Final Report

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Introduction to TTC s Enterprise Risk Management (ERM) Program. TTC Audit and Risk Management Committee

Risk Assessment & Enterprise Risk Management

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

Eclipx Group Limited Risk Management Policy

Policy : Enterprise Risk Management Policy

Internal Auditing Guidelines

Table of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS

Risk Management Policy Adopted by:

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the

Enterprise-Wide Risk Assessment

Operational Risk Management in a Debt Management Office

Project Risk Management

How To Manage Risk At Atb Financial

Enterprise Risk Management: From Theory to Practice

Paisley Enterprise GRC Audit Profile. Linda Bergs

COMPARATIVE STUDY BETWEEN TRADITIONAL AND ENTERPRISE RISK MANAGEMENT A THEORETICAL APPROACH

Standards for the Professional Practice of Internal Auditing

Enterprise Risk Management Framework Strengthening our commitment to risk management

ENTERPRISE RISK MANAGEMENT POLICY

Integrated Risk Management:

ENTERPRISE RISK MANAGEMENT POLICY

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

Infrastructure Ontario Enterprise Risk Management Program. National Executive Forum Yellowknife, NWT May 2013

Introduction to Enterprise Risk Management at UVM DRAFT

A Risk-Based Audit Strategy November 2006 Internal Audit Department

Fundamentals of Risk Management Understanding, evaluating and implementing effective risk management

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Enterprise Risk Management

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

GAINING CONTROL: Building Your Existing Framework into an ERM Model

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Many components can make up the risk management capability; some of the key elements are discussed below:

Beyond risk identification Evolving provider ERM programs

Specialists in Strategic, Enterprise and Project Risk Management. Enterprise Risk Management. the effect of uncertainty on objectives.

Clarius Group Risk Management Policy and Framework

Adapting Risk Management Principles to the Public Sector Reforms

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

Victorian Government Risk Management Framework. March 2015

Audit of the Policy on Internal Control Implementation

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

IFAD Policy on Enterprise Risk Management

Effective Enterprise Risk Management with ErmsCo ERM Foundation

Enterprise Risk Management Handbook. June, 2010

How ERM programs evolve

How to Develop Successful Enterprise Risk and Vendor Management Programs

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Placing a Value on Enterprise Risk Management ADVISORY

Fraud Risk Management

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Improving Financial Performance, Governance and Compliance

treasury risk management

Change Management Office Benefits and Structure

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

P3M3 Portfolio Management Self-Assessment

A Risk Management Standard

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.

CONSULTATION PAPER Proposed Prudential Risk-based Supervisory Framework for Insurers

Committed to Exceptional Portfolio Management

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT

Enterprise Risk Management

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization?

Risk Based Internal Auditing & Enterprise Risk

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

RISK MANAGEMENT & ISO 9001:2015. Greg Hutchins PE CERM Quality + Engineering CERM Academy GregH@CERMAcademy.com 800.COMPETE or

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

2015 Report on the Current State of Enterprise Risk Oversight:

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

ISO and Risk Management

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

DRAFT RESEARCH SUPPORT BUILDING AND INFRASTRUCTURE MODERNIZATION RISK MANAGEMENT PLAN. April 2009 SLAC I

Risk Management Strategy EEA & Norway Grants Adopted by the Financial Mechanism Committee on 27 February 2013.

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

fs viewpoint

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

Risk Management at Chevron

PROCESS FOR RISK ASSESSMENT

Enterprise Risk Management VCU Process

Transcription:

Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1

The Basic Concept of Risk Management The active process of identifying risks, assessing risks and developing appropriate action plans. 2

Model for Understanding Risk and Control Risk - Control = Exposure (residual risk) - = Understand Objectives Understand Risks Manage Risks Acceptance or Action 3

Key Elements of Enterprise Risk Management Risk policy and guiding framework Review cycle that allows for formal reassessment of risks on a periodic basis Processes to provide reasonable assurance that risks are identified, reported and mitigated Active oversight by the audit committee and governing body of organization s risk management system 4

Principles of Effective Risk Management Manage what might happen Both hazard and opportunity Optimize rather than minimize Common language/common understanding Coherent set of concepts and formal tools A governance responsibility 5

Key Features of the New Risk Management Paradigm Old Paradigm: Fragmented Risk as a negative factor to be minimized Risk managed in organisational silos Role of specialists Ad hoc Narrowly focused Audit committee to police internal control New Paradigm: Integrated Risk as opportunity Risk managed in an integrated, enterprise-wide fashion Role of everyone Continuous/ Systematic Broadly focused Risk committee to ensure an effective risk management structure exists 6

Applications of Risk Management Strategic and business planning Setting priorities Allocating resources Implementation plans Business improvement Issues identification Assurance 7

Risk Management: Essential to Governance Effective governing bodies: Understand what constitutes reasonable information for good governance and obtain it Once informed, are prepared to act to ensure that the organization s objectives are met and that performance is satisfactory (from Six Principles of Effective Governance by the CCAF) 8

Risk is An Evolving Concept Opportunity Uncertainty Hazard Harness risk to your advantage and enhance shareholder value Risk arising from change Event driven risk * From Price Waterhouse Coopers 9

Framework of Risk Types Risks that result from: Risks that result from: The business that you are in (volatility of external factors) The direction that you plan on going Environmental Risk Strategic Risk Carrying out your objectives Obtaining, committing and using economic resources Operational Risk Financial Risk Organizational & Cultural Risk Systemic issues Culture and values Organizational capacity Commitment Learning and management systems Having to comply with laws, regulations, standards and policies Compliance Risk Relying on information Informational Risk 10

1. ESTABLISH THE CONTEXT Objectives Values Environment Risk Management Process 2. IDENTIFY RISKS What can go wrong? How can it happen? 3. ANALYZE RISKS Review existing controls. Determine the likelihood and impact of each major risk. 4. EVALUATE & PRIORITIZE RISKS Establish the level of risk. Decide on acceptance or action. Set action priorities. 6. MONITOR AND REVIEW 5. TAKE ACTION Identify treatment strategies. Prepare action plan. Implement action plan. 11

Risk Management Matrix Focused on risks that could impede the achievement of specified business objectives. Assists in mapping and prioritizing risks considering both the likelihood and the impact. Impact Assures that high priority, unacceptable exposures are treated May identify further areas for drill down(opportunity for internal audit) 7 6 B A 4 3 2 5 1 E 1 2 3 4 5 6 7 F G Likelihood D C Average 12

Building Risk Capabilities Capabilities are characteristic of individuals, not of the organization Process established and repeating; reliance on people is reduced Performance Enhancement Policies, processes and standards defined and formalized across the Ministry, including training programs and quality assurance Risks measured and managed quantitatively and aggregated on an enterprisewide basis and diligently followed up Organisation focused on continuous improvement of business risk management and sophisticated change management Initial Repeatable Defined Managed Optimizing Systematically Build and Improve Risk Management Capabilities *From the Software Engineering Institute: The Capability Maturity Model 13

Our Goal with ERM To provide leadership and support in the implementation of systematic, organizationwide risk management and control 14

Roles for Internal Audit Champion the adoption of risk management as an institutional process Assist the organization in establishing a risk management system Provide guidance and education on risk management standards, tools & techniques Ensure risk management policies and processes are integrated with the organization s system of assurance Provide services that allow audit committees and boards to objectively monitor their risk profile Provide assurance as to the state of risk and control 15

New Definition of Internal Auditing Internal auditing is an objective assurance and consulting activity Assists an organization in accomplishing its objectives by bringing a systematic and disciplined approach to enable and improve the effectiveness of the organisation's risk management, control and governance processes. 16

Challenges and Issues in Risk Management Adequate coverage of the organization Cultural readiness Creating a sustainable system Clarity of roles Organizational attention 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information