Risk Management Solution for NPO Achieving Mission with Best in Governance Disclaimer While utmost care has been taken to ensure content accuracy at the time of writing, no person should rely on the contents in this presentation without first obtaining advice from a qualified professional. These presentation slides are issued on the terms and understanding that (1) the author is not responsible for the results of any actions taken on the basis of information in these slides, nor for any error in or omission from these slides; and (2) the author expressly disclaims all and any liability and responsibility to any person, whether a reader of these slides or not, in respect of anything, and of the consequences of anything, done, or Business omitted to be Advisors done by any to such Growing person Businesses reliance, whether wholly or partially, upon the whole or any part of the contents of these slides. Information contained herein is proprietary to RSM Risk Advisory Pte Ltd and no part should be reproduced without prior permission and due acknowledgement.
Risk Management Solution for NPO Why a need for a NPO solution? Practical yet effective solution based on limited resources of NPO Provide a robust framework & transfer of skill to enable continuous updating & monitoring of risks by NPO Kickoff Risk Awareness Workshop for Board and Management to promote an open governance & risk awareness culture Engagement and ownership of risks by the management team, & build capability to actively manage risks Identify gaps in governance practice Identify gaps in internal control & risk management Provide Board with assurance on internal control & risk management 2
What is Risk? The possibility that an event will occur and adversely affects the achievement of objectives 3
Who is responsible for Risk Management? Board Audit Finance Investment Programs Risk Volunteers HR Fundraising Nominating Governance PR Building Management Staff Volunteers 4
Code of Governance for Charities and IPC Financial Management & Controls 6.1 Operational Controls 6.1.1 There should be policy to seek the Board s approval for any loan made by the charity or donations to external parties 6.1.2 The charity should ensure that internal control systems are in place with documented procedures approved by the Board for financial matters in key areas, including: Procurement procedures and controls; Receipting, payment procedures and controls; and System for the delegation of authority and limits of approval 6.1.3 The Board should ensure that reviews are conducted from time to time on the charity s controls, processes, key programmes and events (e.g. fundraising) 5
Corporate Governance Code Principle 11 Risk Management & Internal Controls The Board is responsible for the governance of risk The Board should determine the nature & extent of the significant risks which the Board is willing to take in achieving the company s objectives The Board should ensure that Management maintains a sound system of risk management & internal controls Conclusion: The Board is responsible for the governance of risk 6
How does the Board get the assurance? 7
The 3 Lines of Defence Source: IIA, Leveraging COSO across the three lines of defense 8
The 3 Lines of Defence for NPO Boards The responsibilities of each line of defence: 1st: Own and manage risk and control (Front line) 2nd: Monitor risk and control (independent risk, control and compliance functions) 3rd: Provide independent assurance to the Board and Senior Management (Internal Audit) For NPO: Paid executives as the first line of defense own & manage risks An effective committee structure act as second line of defense by ensuring that controls implemented by first line are appropriate & adequate, and monitoring performance and KPIs Internal audit provides the independent assessment 9
RISK MANAGEMENT SOLUTION FOR NPO Engagement & Ownership by the Management team 10
Risk Management Solution for NPO Mission & Vision Corporate Strategic Objectives Risk Management Board & Risk Risk Appetite Risk Tolerance Risk Management Framework Instruction Management Reporting Summary Risk Report Policy Structure Roles & Responsibilities Risk Awareness Workshop Risk Reports Objectives Appetite & Tolerance Risk registers Mitigations Risk Management Process Identification Evaluation Analysis Treatment Functional Units Sub-Objectives Risk Appetite Risk Tolerance RSM to provide draft RSM to facilitate workshops 11
Advantages of our Solution We provide the complete risk management framework including the risk organization structure, policy, process & templates to enable continuous reporting & monitoring by the NPO Clarity of roles & responsibilities for Board, Risk, Audit, Management Risk (MRC), Chief Risk Coordinator, & Internal Auditor Kickoff Risk Awareness Workshop for Board and Management to promote an open governance & risk awareness culture Through risk workshops facilitated by our senior risk professionals, we train the MRC to perform self updating of respective risk registers in the future Clarity of ownership & responsibility for the Risk Register Clarity of objectives, related risk appetite & tolerance limits Facilitates setting of KPIs Assessing the adequacy of current controls, improving or implementing new controls Improved communication & coordination Improve effectiveness of the Internal Audit function 12
Principles Driving the Approach (1 of 2) The risk management framework is developed based on ISO 31000 Principles & Guidelines COSO ERM Integrated Framework 13
Principles Driving the Approach (2 of 2) Assess the adequacy of Board assurance framework based on 14
Detailed Steps of Our Engagement Step 2 Define strategic objectives Articulate risk appetite statements Set related risk tolerance limits Step 1 Form the Management Risk Kickoff Risk Awareness Workshop Adopt the Risk Management Policy & Risk Organization Structure, Roles & Responsibilities Step 4 Prepare risk registers Prepare summary report for Risk & Board Step 3 Identify risks Analyze & evaluate risks Control & mitigate risks Assign responsibility & timeline 15
CONTACT US This seminar may be photographed for archival purposes. The photos may also be used for the firm's website, social media platforms, newsletters and other marketing collaterals. Please highlight to the event organiser and speaker before the session starts should you wish to be excluded from the photos. RSM Risk Advisory 8 Wilkie Road, #03-08, Wilkie Edge, Singapore 228095 T +65 6533 7600 F +65 6538 7600 info@rsmsingapore.sg www.rsmsingapore.sg SOVANN GIANG, Senior Director Email: sovanngiang@rsmsingapore.sg Phone: (65) 6594 7892 Mobile: (65) 9638 3211 DENNIS LEE, Director Email: dennislee@rsmsingapore.sg Phone: (65) 6594 7627 Mobile: (65) 9100 6941 16