SlideShare uma empresa Scribd logo

Creating Value Through Enterprise Risk Management

Transferir como PPTX, PDF
Risk Management Institution of Australasia
Risk Management Institution of Australasia

Presented by Peter Moore Risk Point

Liderança e gerenciamento
1 de 34
NATIONAL CONFERENCE & EXHIBITION 2014 Creating Value Through Enterprise Risk Management Presented by Peter Moore Risk Point Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners
Overview • Barriers to success in creating value • Risk management frameworks • Risk appetite and risk tolerance • Integrating risk management • Summary and close
1. Barriers to Success in Creating Value • Barriers to success in creating value: • Poor/ incorrect use of language • Poorly designed frameworks • Poor risk assessment techniques • Risk versus fact analysis • Lack of engagement and commitment within the enterprise • Over complexity in design of risk management frameworks and systems • Focus on process outcomes rather than decision support and resource allocation
2. Risk Management Frameworks • Keep it simple unless complexity is required due to the nature or size of the organisation • Take into consideration how the framework integrates risk management into the business • Make it intuitive so it “looks like the business”
Risk Area Framework • Provides focus on the organisation, what it does and how it does it • Internal processes and externalities (internal and external context) Area of Business Service Delivery Financial Human Resources Sales – Marketing/ Business Development IT/ Technological Commercial/ Legal Occupational Health & Safety Compliance Management Political/ Economic Competition
Risk Area Framework • If more detailed structure required, sub areas or categories may be appropriate Area of Business Financial Payroll Debtors/ creditors Treasury Human Resources Recruitment Remuneration/ retention Training and management IT/ Technological IT assets Information assets Information security
Risk Types - Compliance/ Business Strategic/ Operational • Creates distinction between compliance risks and business risks which integrates into risk appetite and risk tolerance and corporate governance • Provides clarity on strategic risks (involving board) and operational risks which integrate into management processes and business planning • Allows risks to be considered in context and increases clarity in analysis Risk Type Compliance Business Risk Type Strategic Operational
Align the Framework to the Business • What business are we in? • What is it that we do? • What are our objectives and what are we trying to achieve? • From a risk management perspective these questions provide alignment with the business and provide one of the keys to integrating risk management and creating value
Risk Identification Techniques • Risk identification techniques and risk statements • Root cause analysis technique1 Risk Cause Root Cause 1.IEC/ISO 31010:2009 Risk management – Risk assessment techniques
Risk Identification Techniques • Risk identification techniques and risk statements • Root cause analysis technique1 Risk Cause Root Cause 1,IEC/ISO 31010:2009 Risk management – Risk assessment techniques Business Objectives
Risk Identification Techniques • Risk identification techniques and risk statements • Cause-and-effect analysis technique2 • Not statements of fact Cause Risk Effect 2. IEC/ISO 31010:2009 Risk management – Risk assessment techniques
Discussion
3. Risk Appetite and Risk Tolerance • Clarity is required on use of language • Definitions are not included in AS/NZS ISO 31000 (need to refer to ISO Guide 73) • Context needs to be applied • Failure to follow above will lead to confusion • Allows appropriate decisions to be made with regard to risk
Risk Appetite and Risk Tolerance Risk appetite “Amount and type of risk that an organization is willing to pursue or retain”3 Risk tolerance “Organization’s or stakeholder’s readiness to bear the risk after treatment in order to achieve its objectives” 4 3,4. ISO Guide 73 Risk management - Vocabulary
Risk Appetite – ASX Corporate Governance Principles Principle 1: Lay solid foundations for management and oversight Recommendation 1.1 – Commentary “Usually the board of a listed entity will be responsible for: • Ensuring that the entity has in place an appropriate risk management framework and setting the risk appetite within which board expects management to operate”5 5. Corporate Governance Principles and Recommendations. 3rd Edition ASX Corporate Governance Council, 2014
Risk Appetite – ASX Corporate Governance Principles Principle 7: Recognise and manage risk Commentary “The board of a listed entity is ultimately responsible for deciding the nature and extent of the risks it is prepared to take to meet its objectives. To enable the board to do this, the entity must have an appropriate framework to identify and manage risk on an ongoing basis. It is the role of management to design and implement that framework and to ensure that the entity operates within the risk appetite set by the board. It is the role of the board to the risk appetite for the entity,…..”6 6. Corporate Governance Principles and Recommendations. 3rd Edition ASX Corporate Governance Council, 2014
Risk Appetite – Commonwealth Risk Management Policy Element One – Establishing a risk management policy “13.1 An entity must establish and maintain an entity specific risk management policy that: a…. b. defines the entity’s risk appetite and risk tolerance”7 7. Commonwealth Risk Management Policy. Australian Government Department of Finance., 2014
Risk Appetite – Commonwealth Risk Management Policy Element Three – Defining responsibility for managing risk “15.1 Within the risk management policy, the accountable authority of an entity must define the responsibility for managing risk by: a. defining who is responsible for determining an entity’s appetite and tolerance for risk”8 8. Commonwealth Risk Management Policy. Australian Government Department of Finance., 2014
Setting Risk Tolerance • Thresholds for tolerability are established for compliance risk (non negotiable, must manage to defined levels) • Policy settings can be used to establish tolerance levels for compliance risk (e.g., risk level “Low” score no greater than 4) RISK MATRIX Likelihood Consequence 1 Insignificant 2 Minor 3 Moderate 4 Major 5 Severe 5 Almost Certain M H H VH VH 4 Likely M M H H VH 3 Possible L M H H H 2 Unlikely L L M M H 1 Rare L L M M H
Setting Risk Appetite • Must be established in accordance with preparedness to take commercial, or business risks in order to achieve objectives • Is different in different parts of the business (e.g. “High” score 9/ High score 16) • Provides a feedback loop to strategy setting (are we likely to achieve the positive outcomes and returns for the potential adverse threats in pursuing the strategy?) RISK MATRIX Likelihood Consequence 1 Insignificant 2 Minor 3 Moderate 4 Major 5 Severe 5 Almost Certain M H H VH VH 4 Likely M M H H VH 3 Possible L M H H H 2 Unlikely L L M M H 1 Rare L L M M H Business process or function A Business process or function B
Setting Risk Appetite and Risk Tolerance
Discussion
4. Integrating Risk Management • Draws upon a sound risk management framework • Incorporates risk appetite and risk tolerance settings • Links risk management to strategic planning • Links risk management to corporate governance • Techniques for determining what risk management and risk treatment activities (to manage risks to acceptable levels) are part of the job • A mechanism for making risk management “part of the business” • Accountabilities and responsibilities defined • Establishing Key Risk Indicators (KRI’s)
Risk Management Task Integration • A method of determining which risk management activities (e.g., development of risk treatment plans) are part of the job • Assists in determining what’s important, what’s urgent and what’s not • Assists in resource allocation and decision making • Creates value through better decision making and better business outcomes
Accountability • Accountabilities need to be assigned for: • Risks • Control development and assurance • Risk treatment actions and plans • Reporting on risk management activities
Key Risk Indicators (KRI’S) • Identify what aspect of the business needs to be measured and monitored • Develop sources of data around activities which influence or impact risks and risk levels • Develop metrics for measurement • Assign ownership (as critical as risk ownership) • Measure movements in KRI’s • Take action where KRI’s move beyond tolerable levels
Key Risk Indicators (KRI’S) • Leading indicators • A predictive indicator which provides insights into the likelihood of a risk materialising: • Reduced business opportunity pipeline/ sales conversion ratio • Lagging indicators • An outcome indicator which provides insight into the frequency and impact of a risk materialising: • Lower sales to date from budget • Note: These indicators would be used to assist reviewing a business risk such as, “failure to meet sales targets resulting in impact on revenue objectives”.
KRI Monitoring – Qualitative Assessment RAGAR Model8 Score Baseline Time Out of tolerance – take action Borderline – may require investigation Within tolerance- no action required 8. Adapted from Smart, A., and Creelman, J., Risk-Based Performance Management, 2013
Discussion
Summary and Close • Learnings • New developments • Next steps
NATIONAL CONFERENCE & EXHIBITION 2014 Thank you. Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners

Recomendados

Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
Risk Management Institution of Australasia
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
Transcendent Group
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Resolver Inc.
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?
CML Group
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
Ten Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCTen Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRC
Bill Graham CP.APMP
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
Frederic Girardeau-Montaut
 

Recomendados

Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
Risk Management Institution of Australasia
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
Transcendent Group
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Resolver Inc.
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?
CML Group
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
Ten Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCTen Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRC
Bill Graham CP.APMP
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
Frederic Girardeau-Montaut
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
Unified11
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
EC-Council
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
SALIH AHMED ISLAM
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
Colleen Beck-Domanico
 
GRC
GRCGRC
GRC
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
Max Neira Schliemann
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
Maxime CARPENTIER
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
Magdalena Matell
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party Risk
The Business Council of Mongolia
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution training
veritama
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
Azure Group
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
Hernan Huwyler, MBA CPA
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in Oversight
NICSA
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
HR Globe Consulting
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
Rishabh Software
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practices
SALIH AHMED ISLAM
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
Humberto Bruno Pontes Silva
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
Kate Tomlinson
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
 
Coso erm
Coso ermCoso erm
Coso erm
luisrobles_cl
 

Mais conteúdo relacionado

Mais procurados

Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution training
veritama
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
Azure Group
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
HR Globe Consulting
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
Rishabh Software
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
Kate Tomlinson
 

Mais procurados (20)

Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
 
GRC
GRCGRC
GRC
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party Risk
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution training
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in Oversight
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practices
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
 

Semelhante a Creating Value Through Enterprise Risk Management

Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - compliance
Neeraj Verma
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 

Semelhante a Creating Value Through Enterprise Risk Management (20)

Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
 
Coso erm
Coso ermCoso erm
Coso erm
 
Coso erm
Coso ermCoso erm
Coso erm
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSO
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Risk Management Toolkit
Risk Management ToolkitRisk Management Toolkit
Risk Management Toolkit
 
Hoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO ConferenceHoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO Conference
 
COSO_ERM.ppt
COSO_ERM.pptCOSO_ERM.ppt
COSO_ERM.ppt
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Trustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing riskTrustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing risk
 
Value creation through optimising risk
Value creation through optimising riskValue creation through optimising risk
Value creation through optimising risk
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - compliance
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
Erm tm 10
Erm tm 10Erm tm 10
Erm tm 10
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 

Mais de Risk Management Institution of Australasia

Mais de Risk Management Institution of Australasia (20)

How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
 
Adversity Leadership - Strengthening Resilience
Adversity Leadership - Strengthening ResilienceAdversity Leadership - Strengthening Resilience
Adversity Leadership - Strengthening Resilience
 
A Black Swan in the Gulf of Mexico?
A Black Swan in the Gulf of Mexico?A Black Swan in the Gulf of Mexico?
A Black Swan in the Gulf of Mexico?
 
Probity is a pool with no shallow end
Probity is a pool with no shallow endProbity is a pool with no shallow end
Probity is a pool with no shallow end
 
Business resilience and recovery – exercising the framework
Business resilience and recovery – exercising the frameworkBusiness resilience and recovery – exercising the framework
Business resilience and recovery – exercising the framework
 
Risk financing in a project based environment
Risk financing in a project based environmentRisk financing in a project based environment
Risk financing in a project based environment
 
Risk Governance, Culture and CPS 220
Risk Governance, Culture and CPS 220Risk Governance, Culture and CPS 220
Risk Governance, Culture and CPS 220
 
Don’t let a crisis get in the way of a good news story
Don’t let a crisis get in the way of a good news storyDon’t let a crisis get in the way of a good news story
Don’t let a crisis get in the way of a good news story
 
Managing Risk – Victoria’s Emergency Management Reform Agenda
Managing Risk – Victoria’s Emergency Management Reform AgendaManaging Risk – Victoria’s Emergency Management Reform Agenda
Managing Risk – Victoria’s Emergency Management Reform Agenda
 
Embedding Risk in Everything we do
Embedding Risk in Everything we doEmbedding Risk in Everything we do
Embedding Risk in Everything we do
 
Challenges for Risk Management
Challenges for Risk Management Challenges for Risk Management
Challenges for Risk Management
 
Vulnerable Customers
Vulnerable CustomersVulnerable Customers
Vulnerable Customers
 
Designing and implementing an integrated Corporate Governance Framework
Designing and implementing an integrated Corporate Governance FrameworkDesigning and implementing an integrated Corporate Governance Framework
Designing and implementing an integrated Corporate Governance Framework
 
Geoff hoad
Geoff hoadGeoff hoad
Geoff hoad
 
Ethics in decision making and risk taking
Ethics in decision making and risk takingEthics in decision making and risk taking
Ethics in decision making and risk taking
 
Transforming under performing workers compensation schemes
Transforming under performing workers compensation schemesTransforming under performing workers compensation schemes
Transforming under performing workers compensation schemes
 
Optimising Risk Financing in Major Capital Projects
Optimising Risk Financing in Major Capital ProjectsOptimising Risk Financing in Major Capital Projects
Optimising Risk Financing in Major Capital Projects
 
Traversing the obstacles presented in complex claims- Lessons learnt
Traversing the obstacles presented in complex claims- Lessons learntTraversing the obstacles presented in complex claims- Lessons learnt
Traversing the obstacles presented in complex claims- Lessons learnt
 
Emerging Issues for a Workers’ Compensation Manager
Emerging Issues for a Workers’ Compensation ManagerEmerging Issues for a Workers’ Compensation Manager
Emerging Issues for a Workers’ Compensation Manager
 
Aerial Firefighting A Strategic Perspective - David Pearce
Aerial Firefighting A Strategic Perspective - David PearceAerial Firefighting A Strategic Perspective - David Pearce
Aerial Firefighting A Strategic Perspective - David Pearce
 

Último

Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
alinstan901
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Riyadh +966572737505 get cytotec
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
dollysharma2066
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
Nimot Muili
 

Último (15)

Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 
Intro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptxIntro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptx
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptx
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdf
 
Strategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal AnalsysisStrategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal Analsysis
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field Artillery
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
 

Creating Value Through Enterprise Risk Management

  • 1. NATIONAL CONFERENCE & EXHIBITION 2014 Creating Value Through Enterprise Risk Management Presented by Peter Moore Risk Point Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners
  • 2. Overview • Barriers to success in creating value • Risk management frameworks • Risk appetite and risk tolerance • Integrating risk management • Summary and close
  • 3. 1. Barriers to Success in Creating Value • Barriers to success in creating value: • Poor/ incorrect use of language • Poorly designed frameworks • Poor risk assessment techniques • Risk versus fact analysis • Lack of engagement and commitment within the enterprise • Over complexity in design of risk management frameworks and systems • Focus on process outcomes rather than decision support and resource allocation
  • 4. 2. Risk Management Frameworks • Keep it simple unless complexity is required due to the nature or size of the organisation • Take into consideration how the framework integrates risk management into the business • Make it intuitive so it “looks like the business”
  • 5. Risk Area Framework • Provides focus on the organisation, what it does and how it does it • Internal processes and externalities (internal and external context) Area of Business Service Delivery Financial Human Resources Sales – Marketing/ Business Development IT/ Technological Commercial/ Legal Occupational Health & Safety Compliance Management Political/ Economic Competition
  • 6. Risk Area Framework • If more detailed structure required, sub areas or categories may be appropriate Area of Business Financial Payroll Debtors/ creditors Treasury Human Resources Recruitment Remuneration/ retention Training and management IT/ Technological IT assets Information assets Information security
  • 7. Risk Types - Compliance/ Business Strategic/ Operational • Creates distinction between compliance risks and business risks which integrates into risk appetite and risk tolerance and corporate governance • Provides clarity on strategic risks (involving board) and operational risks which integrate into management processes and business planning • Allows risks to be considered in context and increases clarity in analysis Risk Type Compliance Business Risk Type Strategic Operational
  • 8. Align the Framework to the Business • What business are we in? • What is it that we do? • What are our objectives and what are we trying to achieve? • From a risk management perspective these questions provide alignment with the business and provide one of the keys to integrating risk management and creating value
  • 9. Risk Identification Techniques • Risk identification techniques and risk statements • Root cause analysis technique1 Risk Cause Root Cause 1.IEC/ISO 31010:2009 Risk management – Risk assessment techniques
  • 10. Risk Identification Techniques • Risk identification techniques and risk statements • Root cause analysis technique1 Risk Cause Root Cause 1,IEC/ISO 31010:2009 Risk management – Risk assessment techniques Business Objectives
  • 11. Risk Identification Techniques • Risk identification techniques and risk statements • Cause-and-effect analysis technique2 • Not statements of fact Cause Risk Effect 2. IEC/ISO 31010:2009 Risk management – Risk assessment techniques
  • 13. 3. Risk Appetite and Risk Tolerance • Clarity is required on use of language • Definitions are not included in AS/NZS ISO 31000 (need to refer to ISO Guide 73) • Context needs to be applied • Failure to follow above will lead to confusion • Allows appropriate decisions to be made with regard to risk
  • 14. Risk Appetite and Risk Tolerance Risk appetite “Amount and type of risk that an organization is willing to pursue or retain”3 Risk tolerance “Organization’s or stakeholder’s readiness to bear the risk after treatment in order to achieve its objectives” 4 3,4. ISO Guide 73 Risk management - Vocabulary
  • 15. Risk Appetite – ASX Corporate Governance Principles Principle 1: Lay solid foundations for management and oversight Recommendation 1.1 – Commentary “Usually the board of a listed entity will be responsible for: • Ensuring that the entity has in place an appropriate risk management framework and setting the risk appetite within which board expects management to operate”5 5. Corporate Governance Principles and Recommendations. 3rd Edition ASX Corporate Governance Council, 2014
  • 16. Risk Appetite – ASX Corporate Governance Principles Principle 7: Recognise and manage risk Commentary “The board of a listed entity is ultimately responsible for deciding the nature and extent of the risks it is prepared to take to meet its objectives. To enable the board to do this, the entity must have an appropriate framework to identify and manage risk on an ongoing basis. It is the role of management to design and implement that framework and to ensure that the entity operates within the risk appetite set by the board. It is the role of the board to the risk appetite for the entity,…..”6 6. Corporate Governance Principles and Recommendations. 3rd Edition ASX Corporate Governance Council, 2014
  • 17. Risk Appetite – Commonwealth Risk Management Policy Element One – Establishing a risk management policy “13.1 An entity must establish and maintain an entity specific risk management policy that: a…. b. defines the entity’s risk appetite and risk tolerance”7 7. Commonwealth Risk Management Policy. Australian Government Department of Finance., 2014
  • 18. Risk Appetite – Commonwealth Risk Management Policy Element Three – Defining responsibility for managing risk “15.1 Within the risk management policy, the accountable authority of an entity must define the responsibility for managing risk by: a. defining who is responsible for determining an entity’s appetite and tolerance for risk”8 8. Commonwealth Risk Management Policy. Australian Government Department of Finance., 2014
  • 19. Setting Risk Tolerance • Thresholds for tolerability are established for compliance risk (non negotiable, must manage to defined levels) • Policy settings can be used to establish tolerance levels for compliance risk (e.g., risk level “Low” score no greater than 4) RISK MATRIX Likelihood Consequence 1 Insignificant 2 Minor 3 Moderate 4 Major 5 Severe 5 Almost Certain M H H VH VH 4 Likely M M H H VH 3 Possible L M H H H 2 Unlikely L L M M H 1 Rare L L M M H
  • 20. Setting Risk Appetite • Must be established in accordance with preparedness to take commercial, or business risks in order to achieve objectives • Is different in different parts of the business (e.g. “High” score 9/ High score 16) • Provides a feedback loop to strategy setting (are we likely to achieve the positive outcomes and returns for the potential adverse threats in pursuing the strategy?) RISK MATRIX Likelihood Consequence 1 Insignificant 2 Minor 3 Moderate 4 Major 5 Severe 5 Almost Certain M H H VH VH 4 Likely M M H H VH 3 Possible L M H H H 2 Unlikely L L M M H 1 Rare L L M M H Business process or function A Business process or function B
  • 21. Setting Risk Appetite and Risk Tolerance
  • 22.
  • 24. 4. Integrating Risk Management • Draws upon a sound risk management framework • Incorporates risk appetite and risk tolerance settings • Links risk management to strategic planning • Links risk management to corporate governance • Techniques for determining what risk management and risk treatment activities (to manage risks to acceptable levels) are part of the job • A mechanism for making risk management “part of the business” • Accountabilities and responsibilities defined • Establishing Key Risk Indicators (KRI’s)
  • 25. Risk Management Task Integration • A method of determining which risk management activities (e.g., development of risk treatment plans) are part of the job • Assists in determining what’s important, what’s urgent and what’s not • Assists in resource allocation and decision making • Creates value through better decision making and better business outcomes
  • 26.
  • 27.
  • 28. Accountability • Accountabilities need to be assigned for: • Risks • Control development and assurance • Risk treatment actions and plans • Reporting on risk management activities
  • 29. Key Risk Indicators (KRI’S) • Identify what aspect of the business needs to be measured and monitored • Develop sources of data around activities which influence or impact risks and risk levels • Develop metrics for measurement • Assign ownership (as critical as risk ownership) • Measure movements in KRI’s • Take action where KRI’s move beyond tolerable levels
  • 30. Key Risk Indicators (KRI’S) • Leading indicators • A predictive indicator which provides insights into the likelihood of a risk materialising: • Reduced business opportunity pipeline/ sales conversion ratio • Lagging indicators • An outcome indicator which provides insight into the frequency and impact of a risk materialising: • Lower sales to date from budget • Note: These indicators would be used to assist reviewing a business risk such as, “failure to meet sales targets resulting in impact on revenue objectives”.
  • 31. KRI Monitoring – Qualitative Assessment RAGAR Model8 Score Baseline Time Out of tolerance – take action Borderline – may require investigation Within tolerance- no action required 8. Adapted from Smart, A., and Creelman, J., Risk-Based Performance Management, 2013
  • 33. Summary and Close • Learnings • New developments • Next steps
  • 34. NATIONAL CONFERENCE & EXHIBITION 2014 Thank you. Platinum Sponsor Silver Sponsor Bronze Sponsor Risk Manager of the Year Award Sponsor Conference and Exhibition Partners