1. Risk Management Keynotes for
Risk Manager & Internal Audit
Risk management
Business Principles Approach
Attributes of enhanced
risk management
Roles of Internal Audit
2. Hello, Bosses & Risk Managers
• This simple slide
presentation is a reminder
special delivery to you for
your own reading interest
• The contents are partial
summary of Risk
Management ISO 31000
• More information are
available on request
• From Henry h l Lim
personal research library
3. Risk management
Business Principles Approach
1. Create value
2. An integral part of organisational processes
3. Part of decision making
4. Explicitly address uncertainty
5. Be systematic and structured
6. Be based on the best available information
4. Risk management
Business Principles Approach
7. Be tailored
8. Take into account human factors
9. Be transparent and inclusive
10. Be dynamic, iterative and responsive to
change
11. Be capable of continual improvement and
enhancement
5. Attributes of enhanced
risk management
1. A pronounced emphasis on continuous
improvement in risk management through
the setting of organisational performance
goals, measurement, review and the
subsequent modification of processes, systems,
resources and capability/skills.
2. Comprehensive, fully defined and fully accepted
accountability for risks, controls and treatment
tasks.
6. Attributes of enhanced
risk management
3. Comprehensive, fully defined and fully
accepted accountability for risks, controls and
treatment tasks.
4. Named individuals fully accept, are
appropriately skilled and have adequate
resources to check controls, monitor risks,
improve controls and communicate effectively
about risks and their management to interested
parties.
7. Attributes of enhanced
risk management
5. All decision making within the organisation,
whatever the level of importance and
significance, involves the explicit
consideration of risks and the application of
the risk management process to some
appropriate degree.
8. Attributes of enhanced
risk management
6. Continual communications and highly visible,
comprehensive and frequent reporting of risk
management performance to all “interested
parties” as part of their accepted governance
processes.
9. Attributes of enhanced
risk management
7. Risk management is always viewed as a core
organisational process where risks are
regarded in terms of sources of uncertainty
that can be treated to maximize the chance of
gain while minimizing the chance of loss.
10. Attributes of enhanced
risk management
8. Critically, effective risk management is
regarded by senior managers as essential for
the achievement of the organisation’s
objectives. The organisation’s governance
structure and process are founded on the risk
management process.
11. Roles of Internal Audit
• Core Internal Audit roles
• Legitimate Internal Audit
roles with safeguards
• Roles Internal Audit
should not undertake
12. Core Internal Audit roles
1. Giving assurance that the control systems are
effective
2. Giving assurance that risks are correctly
evaluated
3. Evaluating Risk Management processes
4. Evaluating reporting of material risks
5. Reviewing the management of material risks
6. Giving assurance on the Risk Management
processes
13. Legitimate Internal Audit roles with safeguards
7. Giving advice on identifying & evaluating risks
8. Championing establishment of ERM
9. Facilitating risk workshops
10. Central coordinating point for ERM
11. Monitoring risks across the business
12. Holistic reporting on risks
13. Facilitating Management’s response to risks
14. Operating the ERM framework
15. Developing RM strategy for Board approval
14. Roles Internal Audit should not undertake
16. Imposing risk management processes
17. Setting the risk appetite
18. Assurance by management on controls and
risks
19. Taking decisions on risk responses
20. Managing risks on Management’s behalf
21. Accountability for risks and controls