Post on 14-Apr-2018
transcript
7/27/2019 Chap 1- Intro to Risk Management
1/19
UNDERSTANDING YOUR ORGANIZATION
CHAP 1:
INTRODUTION TO RISK MANAGEMENT
7/27/2019 Chap 1- Intro to Risk Management
2/19
RISK MANAGEMENT
7/27/2019 Chap 1- Intro to Risk Management
3/19
A scenario Life is full of uncertainty
You have made an appointment with your
acquaintances to go out for dinner next week.
Question:What could happen so that you are not able to meet
with your friends?
What do you need to do to ensure that you are able to
meet with them?
What could go wrong" that would prevent a company
from achieving our business objectives = Risk
7/27/2019 Chap 1- Intro to Risk Management
4/19
Overview of Risk Management
What is risk?
One of the first hurdles in thinking about risk is theplethora of definitions and meanings of the term risk.Risk is one of those terms seen a dozen times in the
daily newspaperwith a dozen different meanings andinterpretations.
Depend on who you asked: Did know about risk - IT Expert, Environmentalist,
Banker, Safety expert and so fort will give differentinterpretation about risk definition
Dont know about risk will assume thoseinterpretation come from different world
But, these different worlds make up parts of the sameuniverse the risk management universe
7/27/2019 Chap 1- Intro to Risk Management
5/19
Definition of Risk
The possibility of an event occurring that will have animpact on the achievement of objectives. Risk ismeasured in terms ofimpact and likelihood. (ISPPIA)
Risk is the chance of something happening or nothappening that will have an influence upon theachievement of business objectives. (Turnbull)
Risks are uncertainties about events and/or their
outcomes which, if they occur, would have a materialaffect on the goals and objectives of the organizationeither negatively (threats/ downside) or positively(opportunities/upside).
7/27/2019 Chap 1- Intro to Risk Management
6/19
Definition of Risk
Risks arise from uncertainties, are inherent, and ariseat any time.
Inherent and Residual Risk
Inherent risk is the underlying risk before any controls
are applied to mitigate the risk Residual risk is the risk remaining after management
takes action to reduce the impact and likelihood of anadverse event, including control activities inresponding to risk
It is important that managers get out of an onlydownside risk mentality. Risk is not only bad thingshappening, but also good things not happening.Companies are now seeing opportunities from focusingon risk and control, rather than purely focusing on
controls.
7/27/2019 Chap 1- Intro to Risk Management
7/19
Risk Element
Risk arises out of uncertainty. If you are deciding on a course ofaction, your need to manage risk arises out of this uncertaintyand therefore the three elements of risk you need to considerare:
Likelihood : the likelihood indicates the chance of
occurrence (the likelihood of something happening which youmay ormay not want to happen).
Severity/Impact : the severity of the consequence indicatesthe gravity of damage
Scenario : a risk scenario is the sequence of events leadingfrom the cause to the consequence.
risk scenarios describe undesirable situations, causes describe single events or circumstances activating
dormant problems,
consequences describe the +/-ve effects on the enterpriseresources
cause
causeevent event
consequence
consequence
7/27/2019 Chap 1- Intro to Risk Management
8/19
Definition of Risk Management
Risk is everywhere, anytime and derives directlyfrom unpredictability.
Risk management is a proactive and an on-going process involving the identification,assessment, control, monitoring and reporting ofrisk exposures.
Risk management consists of a systematicprocess of assessing and then deal ing w ithrisk.
7/27/2019 Chap 1- Intro to Risk Management
9/19
Risk Management Framework/Model
7/27/2019 Chap 1- Intro to Risk Management
10/19
Risk Management Framework/Process
7/27/2019 Chap 1- Intro to Risk Management
11/19
Definition of Risk Management
Risk management is an iterative process consisting of steps,which when taken in sequence, enable continual improvementin decision-making. It is the logical and systematic method ofidentifying, analyzing, evaluating, treating, monitoring andcommunicating risks associated with any activity, function or
process in a way that will enable organizations to minimizelosses and maximize opportunities. (Australian/New ZealandStandard on Risk Management AS/NZS 4360)
Risk management provides us with a framework for dealingwith and reacting to such uncertainty and structured systemsfor identifying and analyzing potential risks, and devising andimplementing responses appropriate to their impact. Theresponses generally draw on strategies of risk prevention, risktransfer, impact mitigation or risk acceptance
7/27/2019 Chap 1- Intro to Risk Management
12/19
Definition of ERM
Enterprise risk management is a process, affected
by an entity's board of directors, management,
and other personnel, applied in a strategy setting
across the enterprise. The process is designed toidentify potential events that may affect the entity,
manage risks to be within its risk appetite, and
provide reasonable assurance regarding the
achievement of entity objectives.( COSO ERM)
7/27/2019 Chap 1- Intro to Risk Management
13/19
Risk Management Assumptions
All entities exist to add value to stakeholders
All entities face uncertainty
Value is created, preserved, or eroded by
management decisions
ERM is an enabler of the management process
Interrelated to governance
Interrelated to performance management
7/27/2019 Chap 1- Intro to Risk Management
14/19
ERM Framework
7/27/2019 Chap 1- Intro to Risk Management
15/19
Benefits of Risk Management
Aligns risk appetite and strategy
Links growth, risk, and return
Enhances risk response decisions
Minimizes operational surprises and losses
7/27/2019 Chap 1- Intro to Risk Management
16/19
Benefits of Risk Management
key stakeholders, such as the board and seniormanagement. are in a position to confidently make
informed decisions relating to the trade-off of risk andreward;
daily business decisions at the departmental/divisionallevel are made within the context of the organization
tolerance towards risk; the risks relating to the value of the organizations
intangible assets, such as its customer base, suppliers,intellectual and knowledge capital, process and systems,are acknowledged and optimized as fully as its physical
and financial assets;
Effective risk management helps build an organization that
exhibits the following key features:
7/27/2019 Chap 1- Intro to Risk Management
17/19
Categories of Risk
Strategic
Operational
Financial
Compliance
7/27/2019 Chap 1- Intro to Risk Management
18/19
Standards
Performance Standard 2110 - Risk Management
The internal audit activity should (must) assist the
organization by identifying and evaluating significant
exposures to risk and contributing to the improvement
of risk managementand control systems
Performance Standard 2110.A1 - Assurance
The internal audit activity should (must) monitor andevaluate the effectiveness of the organization's risk
management system
7/27/2019 Chap 1- Intro to Risk Management
19/19
Implication & Action Plan
Implications
Risk management is a critical business process
and must be in the auditable universe
Risk management is linked to strategy, vision,and values and interdependent on governance