Emerging risks and assurance

transcript

Rock art (C.Zwick)

Emerging risks and assuranceAugust 2012 Greg Saunders

www.environment.gov.au

Today’s presentation

Risk management and assurance; Moving from a risk to an issue; Visibility and emerging risk; Innovation and opportunity; Integration and your three lines of defence; GRC functions, keeping them relevant; and Questions

Risk management and assurance Risk management plan approved and endorsed by

board or executive. (Plan updated annually);

Consider key risks and emerging risks in the process;

Assurance processes clearly defined;

A clear understanding of expectations - CEO directive;

Risk management roles clearly defined;

Clear KPI’s in duty statements and are measurable; and

Validation of risk management process.

Moving from a risk to an issue When can you move a risk from a risk register;

Are controls able to be enhanced to minimise risk;

High and severe risk can be managed – business as usual;

Refresh your risk register with ability to move well controlled risks to BAU;

Ensure some form of ongoing oversight of control effectiveness; and

Always remember that risk is about uncertainty.

Visibility

Integrated data capture or not; Complexity of organisation; Maturity of risk management program; Understanding of risk terminology Relativity of risk registers; and Integration of risk registers to identify key

risks.

Emerging risk

In isolation how is low and medium level risk managed;

What are the thresholds for escalation for an organisation;

How do you integrate emerging risk as a key risk consideration;

Who should be the “risk owner” of emerging risk; and

How do you treat emerging risk.

Innovation and opportunity Constant review of your RM program provides

endless opportunity;

Refresh your methodology – new idea’s and new approaches;

Empower emerging leaders to own risk;

Question the value of reporting formats – what do decision makers really want; and

Never lose sight of what is risk – use it to reinforce and maintain relevance.

Governance Risk and Compliance

They should not exist in isolation;

Are integral to a successful control framework;

All have a key role to play in successful organisations;

Components are not more important than each other;

Focus may change dependent on organisational concerns; and

Well executed, provide the foundation for the three lines of defence.

Your 3 lines of defence

rd –

1st Business Operations:

2nd Oversight Functions:

3rd Independent Assurance

An established risk and control environment

Strategic management, policy and procedure, functional oversight

Provide independent challenge and assurance

First LevelBusiness Operations

Second LevelOversight Functions

Third LevelInternal Audit, External Audit, Other Assurance Providers

Integration and your 3 lines of defence

How well established is your risk and control environment?;

Is there clear direction from a strategic and operational perspective to ensure a clear basis for functional oversight?;

Independent challenge is good –ensure that you take advantage of and use audit functions in a business improvement capacity;

Look at your governance arrangements – strategic direction comes from executive, policy / procedure should clearly reflect an operational slant and challenge and assurance keeps it all relative.

Emerging trends in managing risk

Clearly defining how you measure the effectiveness the risk management function.

Risk assurance – your program is in place and appears to be working – who is validating?

Technology – single platform to manage whole of enterprise risk.

Using risk failure to identify business improvement processes.

Some lessons Inclusive and informative policy for GRC functions;

Have in place frameworks which provides for input at all levels of an organisation;

Listen to all staff– they are the barometer;

Dictionary of risk language with clear and simple explanation;

Hold the program accountable and establish a clear and logical governance structure; and

Simplicity is the key to clear understanding of risk management.

Questions

Greg Saunders

greg.saunders@environment.gov.au02627425410407401508

Emerging risks and assurance

Documents