ก ก Tools and Techniques for Enterprise Risk Management (ERM)
|
|
- Suzan Smith
- 6 years ago
- Views:
Transcription
1 ก ก Tools and Techniques for Enterprise Risk Management (ERM) COSO ERM ISO ERM :45 12: , 302, 307 ก ก
2 COSO Internal Control ERM Integrated Framework Application Technique ISO Guide 73 ( Terminology ) ISO Principle and Guideline -Principle -Framework -Process ISO Risk Assessment Technique ERM Framework Comparison Conclusion
3 History of COSO s ERM Financial Collapse Financial Frauds Poor Internal/ External Audit Sponsored by The American Institute of Certified Public Accountants The Institute of Internal Auditors The Financial Executive Institute The American Accounting Association The Institute of Management Accountants The Committee of Sponsoring Organization of the Treadway Commission The Treadway Commission Report The Internal Control-Integrated Framework The Enterprise Risk Management - Integrated Framework Co with Price/ Waterhouse
4 COSO VS. ISO COSO ISO Internal Control 1992 Guide ERM Integrated Framework 1994 ISO Application Technique 2004 ISO COSO Internal Control Framework Operations Compliances Monitoring Information & Communications Control Activities Financial Reporting Risk Assessment Control Environment Entities or Activities
5 From COSO Internal Control to ERM Framework COSO ERM Framework Risk Management Objectives Strategic Operations Reporting Compliance Risk Components Entity & Unit Level Component
6 COSO Definition of Risk Riskis the possibility that an event will occur and adversely affect the achievement of objectives. Opportunityis the possibility that an event will occur and positively affect the achievement of objectives. COSO Definition of ERM A process, ongoing and flowing through an entity Effected by people at every level of an organization Applied in strategy setting Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk Designed to identify potential events affecting the entity and manage risk within its risk appetite Able to provide reasonable assurance to an entity s management and board Geared to the achievement of objectives in one or more separate but overlapping categories it is a means to an end, not an end in itself
7 COSO Definition of ERM Value is maximized when management sets strategy and objectives to strike an optimal balance between COSO ERM Encompasses Aligning risk appetite and strategy Enhancing risk response decisions Reducing operational surprises and losses Identifying and managing cross-enterprise risks Providing integrated responses to multiple risks Seizing opportunities
8 COSO Achievement of Objectives COSO enterprise risk management framework is geared to achieving an entity s objectives in four categories: Strategic high-level goals, aligned with and supporting its mission Operations effective and efficient use of its resources Reporting reliability of reporting Compliance compliance with applicable laws and regulations. COSO Components of ERM Internal Environment The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. Objective Setting Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity s mission and are consistent with its risk appetite. Event Identification Internal and external events affecting achievement of an entity s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management s strategy or objective-setting processes.
9 COSO Components of ERM Risk Assessment Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis. Risk Response Management selects risk responses avoiding, accepting, reducing, or sharing risk developing a set of actions to align risks with the entity s risk tolerances and risk appetite. Control Activities Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. Information and Communication Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Monitoring The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both. Event Identification Event Categories External Factors Internal Factors
10 Event Identification Event Categories External Factors Internal Factors COSO Approach to Identify Risk Events SWOT Analysis Scenario Analysis Using Technology Value Chain Analysis
11 Risk Assessment Techniques Risk Assessment Analysis Chart Significant R-6 R-1 R-4 I III R-3 R-2 R-5 II IV Likelihood
12 Risk Appetite Map Impact Low Medium High Within Risk Appetite Exceeding Risk Appetite Low Medium High Likelihood Risk Response and Control Risk Response Risk Control
13 Key Points in COSO ERM Comments on COSO 1/ 1. The COSO process starts with the internal environment, not the external ones and this fails to reflect the influence that the business environment, regulatory conditions, and external stakeholders have on the risks an organization faces, its organizational culture, and how they influence its risk appetite and risk treatment priorities. 2. Stakeholders, particularly external ones, are not mentioned and stakeholders objectives and their influence on decisions about the significance of levels and types of risk are omitted. 3. COSO ERM says that risks are described as events, and events are described and illustrated by examples of sudden, acute occurrences. There is no appreciation of the slow changes in circumstance and situation that give rise to some of the most critical risks. 4. COSO measures risk in terms of the probability of an event and its typical consequences. However, we will not always get the typical consequences every time an event occurs.
14 Comments on COSO 2/ 5. Throughout the document, the term risk likelihood is used, but risk does not have a likelihood. Likelihood is one of the attributes used to measure the level of risk. 6. While there are some concessions to what are called opportunities, in COSO ERM risks are mostly about losses and risk treatment (response) is about reducing the likelihood and severity of losses. The COSO document is not mature enough to explain that risk is just the effect of uncertainty in what you set out to achieve and that outcomes can be beneficial. 7. The COSO is the whole thinking about risk responses, control activities and monitoring most confusing and confused and most people who read and try to use the code do as well. 8. The problems with the concept of inherent risk are well-known and the COSO document does not explain why you need to use this artificial, theoretical state where no controls exist, to justify tolerating the present level of risk or doing something more to modify it. Comments on COSO 3/ 9. The whole area of risk appetite and what COSO ERM calls risk tolerance is handled in a mechanistic and naive way. The thought that before you even do a risk assessment, a board can identify the material risks and tell you how much they are prepared to tolerate puts them on a par with the Gods. 10. The greatest sin is that the COSO document confuses and mixes up the framework (the organizational structures, policies, and arrangements put in place to promote, integrate and improve the management of risk) with the process used for risk management, particularly that used for risk assessment, risk treatment and monitor and review. Grant Purdy
15 6. ISO November,2009
16 Risk Effect of uncertainty on objectives Event Consequence Likelihood Uncertainty Probability Frequency Level of risk Risk source Hazard Vulnerability Risk management coordinated activities to direct and control and organization with regard to risk Risk management policy External context Internal context Risk profile Risk management framework Risk management plan Risk appetite Risk attitude Risk owner Risk management audit Exposure Resilience Risk evaluation process of comparing the results of analysis against risk criteria to determine whether the level of risk is acceptable or tolerable (part of risk management process) Risk criteria Risk tolerance Risk aversion Risk matrix Risk aggregation Stakeholder those people and organizations who can affect, be affected, or perceive themselves to be affected by a decision or activity Communication and Consultation Risk perception Risk reporting Risk management process systematic application of management policies,procedures and practices to the tasks of communicating, consultation,establishing the context,identifying, analyzing, evaluating, treating, monitoring and reviewing risk Risk assessment Risk identification Risk analyzing Monitoring Review Risk register Risk treatment process of developing, selecting, and implementing measures to modify risk ( part of risk management process ) Control Risk sharing Risk financing Risk retention Risk acceptance Risk avoidance Residual risk Risk mitigation COSO ISO Riskis the possibility that an event will occur and adversely affect the achievement of objectives. Risk is Effect of uncertainty on objectives. ISO Targe t COSO
17 Principle Framework Process Creates and protects value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured and timely. Based on the best available information. Tailored Takes human & cultural factors into account Transparent & inclusive Dynamic, iterative & responsive to change Facilitates continual improvement & enhancement of the organization
18 Mandate & Commitment Design of Framework for Managing Risk Continual Improvement of Framework Implement Risk Management Monitor & Review of the Framework Communication and consultation Establish the context Risk assessment Risk identification Risk analysis Monitoring and Review Risk evaluation Risk treatment
19 Commit & mandate Policy statement Risk management plan Assurance plan Standards Procedures/Guidelines Strategic process Tactical process Communicate & train Communication and Reporting plan Training strategy RM Network Strategic process Strategic process Measure & review Control assurance RM plan progress Governance reporting Benchmarking Performance criteria RM information system Risk registers Treatment plan Assurance plan Reporting template Strategic process Allocate & organize Risk & audit committee Exec RM committee RM working group Manager, RM RM champion Risk & control owners Principal benefits of risk assessment technique include Understanding the risk and its potential impact upon objectives Providing information for decision makers Contributing to the understanding of risks, in order to assistin selection of treatment options Identifying the important contributors to risks and weak linksin systems and organizations Comparing of risks in alternative systems, technologies or approaches Communicating risks and uncertainties Assisting with establishing priorities Contributing towards incident prevention based upon post-incident investigation Selecting different forms of risk treatment Meeting regulatory requirements Providing information that will help evaluate whether the riskshould be accepted when compared with pre-defined criteria Assessing risks for end-of-life disposal.
20 Risk identification; Risk analysis consequence analysis; Risk analysis qualitative, semi-quantitative or quantitative probability estimation; Risk analysis assessing the effectiveness of any existing controls; Risk analysis estimation the level of risk; Risk evaluation. Applicability of Tools Used for Risk Assessment
21 Applicability of Tools Used for Risk Assessment How to Select Risk Assessment Technique Complexity of the problem and the methods needed to analyze it The nature and degree of uncertainty of the risk assessment based on the amount of information available and what is required to satisfy objectives, The extent of resources required in terms of time and level of expertise, data needs or cost, Whether the method can provide a quantitative output.
22 What makes ISO Different from COSO Criteria and Associated Measures in ISO First, the Risk Management Framework must be continually improved using the well known quality improvement cycle of Design, Implement, Monitor and Review, and Improve, also know as Plan-Do-Check-Act cycle. Second, the framework must be comprehensive with accountability for all risks - everyone in the organization will be able to tell,what risks they own, what controls they are responsible for, and the current status of those controls, trends and current status of the risks, and the expected effects on the objectives concerned. Third, all decision making in the organization has explicit consideration of risk, as evidenced by documentation of decisions. This expectation of evidence is embedded in the framework. Fourth, continuous communications and reporting that is highly visible covers internal and external stakeholders as appropriate and talks about performance indicators for risk management is part of the framework. Fifth, risk management is a core element of the organization s management processes including governance. Risk management is regarded as essential by the organization s culture.
23 Comparison between COSO and ISO * Dr. Roland Franz Erben Risk Management Standards * Both standards exclude business continuity/crisis management but ISO mentions this topic in ISO22399 COSO or ISO 31000,Which One is Suitable for You?
24 Design Your Tailored-made ERM Framework Mandate & Commitment May be better? Design of Framework for managing Risk Strategic Finance Marketing Operation Implement Risk Management Risk Effect of uncertainty on objectives Continual Improvement of Framework ISO Terminology, Principle and ISO Monitor & Review of the Framework
Enterprise Risk Management Integrated Framework
ISACA S IT Audit, Information Security & Risk Insights Africa 2014, Alisa Hotel Enterprise Risk Management Integrated Framework Tony Bediako May 20, 2014 Today s organizations are concerned about: Risk
More informationMEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework
MEMORANDUM To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 Re: ERM Policy and Framework Executive Summary Attached are the draft Enterprise Risk Management
More informationMaster Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards
Master Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards A framework for the integration of risk management into the project and construction industry, following
More informationEnergize Your Enterprise Risk Management
Energize Your Enterprise Risk Management Presented By Mark Caiazzo, CISA, CISM, CRISC Tammy Michaud, CPA May 15, 2017 Reviewed: Agenda Enterprise Risk Management Defined Benefits of ERM Key Components
More informationRisk Management Policy
Risk Management Policy Contents Executive summary... 3 Aim & introduction... 3 Definitions... 3 Consequence... 3 Event... 3 Likelihood... 3 Risk... 4 Risk Appetite... 4 Risk Management... 4 Risk Management
More informationApplying COSO s Enterprise Risk Management Integrated Framework
Applying COSO s Enterprise Risk Management Integrated Framework COSO COSO stands for the Committee Of Sponsoring Organizations of the Treadway Commission. The sponsoring organizations are: Institute of
More informationBERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework
BERGRIVIER MUNICIPALITY Risk Management Risk Appetite Framework APRIL 2018 1 Document review and approval Revision history Version Author Date reviewed 1 2 3 4 5 This document has been reviewed by Version
More informationENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK
ANNEXURE A ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK CONTENTS 1. Enterprise Risk Management Policy Commitment 3 2. Introduction 4 3. Reporting requirements 5 3.1 Internal reporting processes for risk
More informationBusiness Auditing - Enterprise Risk Management. October, 2018
Business Auditing - Enterprise Risk Management October, 2018 Contents The present document is aimed to: 1 Give an overview of the Risk Management framework 2 Illustrate an ERM model Page 2 What is a risk?
More informationRisk Management Framework
Risk Management Framework Anglican Church, Diocese of Perth November 2015 Final ( Table of Contents Introduction... 1 Risk Management Policy... 2 Purpose... 2 Policy... 2 Definitions (from AS/NZS ISO 31000:2009)...
More informationApplying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004
Applying COSO s Enterprise Risk Management Integrated Framework September 29, 2004 Today s organizations are concerned about: Risk Management Governance Control Assurance (and Consulting) ERM Defined:
More informationPractical aspects of determining and applying a risk appetite for SMEs
Practical aspects of determining and applying a risk appetite for SMEs By Tim Timchur acis, Director, ActivePro Consulting Pty Ltd Important to determine appetite for risk before determining what risk
More informationRisk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI
Risk Management: Principles, Methodologies and Techniques Peter Getugi Internal Audit Manager ILRI NAIROBI 22 JUNE, 2010 Session Objectives What is Risk Management? Why is Risk Management importance rising?
More informationThirty-Second Board Meeting Risk Management Policy
Thirty-Second Board Meeting Risk Management Policy 00 Month 2014 Location, Country Page 1 Board Decision THE RISK MANAGEMENT POLICY Purpose: 1. This document, Risk Management Policy (), presents: i) a
More informationEconomic Capital 4.14 Solvency II and Basel II and III Regulatory Standards 4.19 NAIC Own Risk and Solvency Assessment (ORSA) 4.23 Summary 4.
xi Contents Assignment 1 Introduction to Risk Management 1.1 The Risk Management Environment 1.3 Benefits of Risk Management 1.9 Risk Classifications 1.15 Enterprise Risk Management 1.21 Enterprise Risk
More informationSection Defining Risk Management. 11. Principles of Risk Management
Section 2 10. Defining Risk Management Enterprise risk management is the process, affected by an entity's board of directors, management and other personnel, applied in strategy setting and across the
More informationDelivering Clarity to Credit Unions Through Expertise and Experience
Jeff Owen, The Rochdale Group September 2012 Delivering Clarity to Credit Unions Through Expertise and Experience Enterprise Risk Management Lending Execution and Risk Management Merger Strategy and Realization
More informationUNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy
UNITED NATIONS JOINT STAFF PENSION FUND Enterprise-wide Risk Management Policy 15 April 2016 Page 1 Table of Contents Page Preface I. Introduction 3 II. Definition 4 III. UNSJFP Enterprise-wide Risk Management
More informationThe ISO standard on risk management
The ISO 31 000 standard on risk management Eric Marsden well thy appetite, lest Sin Surprise thee, and her black attendant Death. Govern John Milton, Paradise Lost The ISO
More informationENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals
Purpose This Enterprise Risk Management Policy (the ERM policy) provides the framework for managing risks across ( RGHC or the Company ). It contains the policies to guide employees, management and the
More informationENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework
ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework ENTERPRISE RISK MANAGEMENT (ERM) ERM Definition The Conceptual Frameworks: CAS and COSO Risk Categories Implementing ERM Why ERM? ERM Maturity
More informationThere are many definitions of risk and risk management.
Definition of risk There are many definitions of risk and risk management. The definition set out in ISO Guide 73 is that risk is the effect of uncertainty on objectives. In order to assist with the application
More informationCompanion Policy CP to National Instrument Certification of Disclosure in Issuers Annual and Interim Filings.
This is an unofficial consolidation of Companion Policy 52-109CP Certification of Disclosure in Issuers Annual and Interim Filings reflecting amendments made effective January 1, 2011 in connection with
More informationCITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY
CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY Effective Date 1 July 2015 TABLE OF CONTENTS 1. POLICY STATEMENT... 3 2. POLICY CONTEXT... 4 3. PURPOSE... 5 4. POLICY SCOPE AND APPLICATION... 6 5. RISK
More informationCOMPANION POLICY CP TO NATIONAL INSTRUMENT CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL AND INTERIM FILINGS TABLE OF CONTENTS
COMPANION POLICY 52-109CP TO NATIONAL INSTRUMENT 52-109 CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL AND INTERIM FILINGS PART 1 GENERAL 1.1 Introduction and purpose 1.2 Application to non-corporate entities
More informationExecutive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B
Executive Board Annual Session Rome, 25 28 May 2015 POLICY ISSUES Agenda item 5 For approval ENTERPRISE RISK MANAGEMENT POLICY E Distribution: GENERAL WFP/EB.A/2015/5-B 10 April 2015 ORIGINAL: ENGLISH
More informationM_o_R (2011) Foundation EN exam prep questions
M_o_R (2011) Foundation EN exam prep questions 1. It is a responsibility of Senior Team: a) Ensures that appropriate governance and internal controls are in place b) Monitors and acts on escalated risks
More informationUnderstanding Enterprise Risk Management: An Overview
Understanding Enterprise Risk Management: An Overview 05/2016 What is Risk? An uncertain event It exists in the future Has a cause and effect Impacts objectives Its effect may be positive and/or negative
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationBest Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]
Best Practices in ENTERPRISE RISK MANAGEMENT [ Managing Risks Holistically ] INTRODUCTIONS MODERATOR: Bob Lipps, JD, CPA PANELISTS: Ron Wilcox Abel Pomar Karen Gordon, Esq. THE EVOLUTION OF RISK Traditional
More informationENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.
1. Purpose: 1.1. Pedernales Electric Cooperative ( PEC ) is committed to delivering low-cost, reliable and safe energy solutions for the benefit of our members. In order to improve the likelihood of achieving
More informationRisk Evaluation, Treatment and Reporting
Chapter 8 Risk Evaluation, Treatment and Reporting In the previous chapter we looked at how risks are identified, described and estimated using a likelihood and consequences matrix. This is an essential
More information1st Capacity Building Seminar on Enterprise Risk Management
1st Capacity Building Seminar on Enterprise Risk Management Hotel Sea Princess, Mumbai 10 th August 2018 ERM as a Business Enabler N K V Roop Kumar, EVP, Chief of Risk, Info & Cyber Security Management,
More information1. Define risk. Which are the various types of risk?
1. Define risk. Which are the various types of risk? Risk, is an integral part of the economic scenario, and can be termed as a potential event that can have opportunities that benefit or a hazard to an
More informationRisk Management at the Deutsche Bundesbank March 2011
Risk Management at the Deutsche Bundesbank March 2011 (C) Deutsche Bundesbank - Division Organisation 1 Agenda Definition of risk management [3] Factors of influence to review the RM set up [4] The Framework
More informationApproved by: Diocesan Council 17 December 2015
DIOCESAN COUNCIL POLICY 39 Risk Management Approved by: Diocesan Council 17 December 2015 1 PREAMBLE The Perth Diocesan Trustees under the authority of the Diocesan Trustees Statute 1952 have the responsibility
More informationAn Overview of the Enterprise Risk Management Process
An Overview of the Enterprise Risk Management Process Laureen Regan, Ph.D. Fox School of Business and Management Temple University What is Enterprise Risk Management? Risk Management is "the culture, processes
More informationProcedures for Management of Risk
Procedures for Management of Policy Sponsor: Name of Parent Policy: Policy Contact: Procedure Contact: Vice President Finance and Administration Enterprise Management Policy Vice President Finance and
More informationProduct Recall Risk Assessment By Tony Munns. Product recall is a key area of risk for today s company. With greater focus
Product Recall Risk Assessment By Tony Munns Product recall is a key area of risk for today s company. With greater focus on, and understanding of the impact of products and their raw materials on individuals,
More informationHow Internal Audit Can Help Promote Effective ERM
How Internal Audit Can Help Promote Effective ERM Alan N. Siegfried, MBA, CPA, CIA, CISA, CBA, CRMA, CFSA, CCSA, CITP, CGMA, CSP June 18, 2014 Alan Siegfried Professional Bio Principal and Managing Director,
More information0470_022817_03_chap01.fm Page 11 Wednesday, September 8, :29 PM. Part I The basics of project risk management
0470_022817_03_chap01.fm Page 11 Wednesday, September 8, 2004 3:29 PM Part I The basics of project risk management 0470_022817_03_chap01.fm Page 12 Wednesday, September 8, 2004 3:29 PM 0470_022817_03_chap01.fm
More informationCORPORATE RISK MANAGEMENT POLICY
11/8/2017 INFORMAÇÃO INTERNA ÍNDICE 1 PURPOSE... 3 2 SCOPE... 3 3 REFERENCES... 3 4 CONCEPTS... 4 5 GUIDELINES... 6 6 RESPONSABILITIES... 8 7 CONTROL INFORMATION... 14 2 INFORMAÇÃO INTERNA 1 PURPOSE The
More informationGOV : Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management GOV-080-005: Enterprise Risk Management Policy Draft Date: November 2006; January 2012 Revised
More informationRisk Management Policy
Risk Management Policy 1 Document configuration control Policy Title Author/Job Title Policy Version Version 1.0 Status Reference and guidance Consultation Forum Risk Management Policy Jonathan Sutton
More informationRISK MANAGEMENT FRAMEWORK
RISK MANAGEMENT FRAMEWORK 1. INTRODUCTION (Company) acknowledges that risk is inherent in its business. The Company s risk management framework is an important tool to guide the organisation towards achieving
More informationRisk Management Relevance to PAS 55 (ISO 55000) Deciding on processes to implement risk management
Risk Management Relevance to PAS 55 (ISO 55000) Deciding on processes to implement risk management Jeff Hollingdale DQS South Africa jeffh@dqs.co.za PAS 55 Risk Management The guideline states: (4.4.7);
More informationRisk Management in Italy: State of the art and perspectives. PMI Rome Italy Chapter
Risk Management in Italy: State of the art and perspectives Marco Giorgino, Full Professor of Global Risk Management, Politecnico di Milano PMI Rome Italy Chapter November, 5 th 2009 Agenda 2» What is
More informationEnterprise Risk Management Sources. Universe. Tolerance. Appetite
Sources. Universe. Tolerance. Appetite Presentation Made at the ICPAK ERM Conference Wednesday, 20 th March 2013 Hilton Hotel, Nairobi Kenya Jona Owitti, CISA (jona.owitti@yahoo.com) Membership Director
More informationLCS International, Inc. PMP Review. Chapter 6 Risk Planning. Presented by David J. Lanners, MBA, PMP
PMP Review Chapter 6 Risk Planning Presented by David J. Lanners, MBA, PMP These slides are intended to be used only in settings where each viewer has an original copy of the Sybex PMP Study Guide book.
More informationRisk Management Procedure
Risk Management Procedure 2017 Number: Date Written: Authorised by: Review Date: Version 4.0 15 December 2016 Bernie Wilson 30 December 2018 Contents Amendment and Review... 2 Document Control / Amendments...
More informationKidsafe NSW Risk Management Plan. August 2014
Kidsafe NSW Risk Management Plan August 2014 Document Control Document Approval Name & Position Signature Date Document Version Control Version Status Date Prepared By Comments Document Reviewers Name
More informationRISK MANAGEMENT POLICY Dublin & Dun Laoghaire ETB May 2016
RISK MANAGEMENT POLICY Dublin & Dun Laoghaire ETB May 2016 Contents 1. Policy statement 2 2. Purpose 2 3. Scope 2 4. Legislation, codes of practice, standards and guidance 2 5. Objectives 2 6. Definitions
More informationWest Coast District Municipality. Risk Management Policy
West Coast District Municipality Risk Management Policy TABLE OF CONTENTS Page No. RISK MANAGEMENT POLICY 5 1. OVERVIEW 6 1.1. Policy Objective 6 1.2. Policy Statement 6 1.3. Risk Management Approach 6
More informationAPPENDIX 1. Transport for the North. Risk Management Strategy
APPENDIX 1 Transport for the North Risk Management Strategy Document Details Document Reference: Version: 1.4 Issue Date: 21 st March 2017 Review Date: 27 TH March 2017 Document Author: Haddy Njie TfN
More informationAn Introductory Presentation for ECU Staff
Risk Management at ECU An Introductory Presentation for ECU Staff Phillip Draber Manager, Risk and Assurance Outcomes By the end of this session you should: Be able to complete and document risk management
More information7/25/2013. Presented by: Erike Young, MPPA, CSP, ARM. Chapter 2. Root Cause Analysis
Presented by: Erike Young, MPPA, CSP, ARM 1 Chapter 2 Root Cause Analysis 1 Introduction to Root Cause Analysis Root Cause The event or circumstance that directly leads to an occurrence Root Cause Analysis
More informationINTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R
INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R Operational Risk Management Today Companies are struggling to obtain a holistic view of risk and
More informationUniversity Risk Management Policy
Preamble University Risk Management Policy Approving Authority: Board of Governors Original Approval Date: June 7, 2007 Date of Most Recent Review/Revision: October 20, 2017 Responsible Officer: Vice-President
More informationERM Benchmark Survey Report A report on PACICC's third ERM benchmarking survey
Property and Casualty Insurance Compensation Corporation Société d indemnisation en matière d assurances IARD ERM Benchmark Survey Report A report on PACICC's third ERM benchmarking survey August 2015
More informationCERTIFICATION AND INTERNAL CONTROL REGIME FOR CROWN CORPORATIONS
Internal Management Oversight: CERTIFICATION AND INTERNAL CONTROL REGIME FOR CROWN CORPORATIONS Crown Corporation Guidance This document is intended as advice or guidance and as a source of considerations
More informationPrince2 Foundation.exam.160q
Prince2 Foundation.exam.160q Number: Prince2 Foundation Passing Score: 800 Time Limit: 120 min PRINCE2 Foundation PRINCE2 Foundation written Exam Sections 1. Volume A 2. Volume B Exam A QUESTION 1 Which
More informationPresented by. Kristina Narvaez. President of ERM Strategies, LLC
Presented by Kristina Narvaez President of ERM Strategies, LLC www.erm-strategies.com Three Case Studies University of California s Enterprise Risk Management Information System (ERMIS ) State of Washington
More informationAN INTRODUCTION TO RISK CONSIDERATION
AN INTRODUCTION TO RISK CONSIDERATION Introduction This cookbook aims at recalling basic concepts and providing simple tools and possibilities of applying the "considering of risks and opportunities" in
More informationRISK MANAGEMENT STANDARDS FOR P5M
Journal of Engineering Science and Technology Vol. 13, No. 1 (2018) 011-034 School of Engineering, Taylor s University RISK MANAGEMENT STANDARDS FOR P5M PETR ŘEHÁČEK Department of Systems Engineering,
More informationDRAFT SAINT LUCIA NATIONAL STANDARD DNS/ISO 31000: 2009 RISK MANAGEMENT PRINCIPLES AND GUIDELINES (ISO 31000: 2009, IDT) Stage 40 Enquiry Stage
DRAFT SAINT LUCIA NATIONAL STANDARD DNS/ISO 31000: 2009 RISK MANAGEMENT PRINCIPLES AND GUIDELINES (ISO 31000: 2009, IDT) Stage 40 Enquiry Stage DECEMBER 2017 Copyright SLBS Saint Lucia Bureau of Standards,
More informationRisk Management Policy Adopted by:
Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009
More informationPolicy No. Contact Brian Orpin Version 3.0 Issue Date 28/11/2014 Telephone Review Date IA Date 09/08/2013
Information Governance Management of Risk Policy Policy No. Contact Brian Orpin Version 3.0 Email Brian.orpin@nhs.net Issue Date 28/11/2014 Telephone 0131 314 5360 Review Date IA Date 09/08/2013 Change
More informationAFERM Best Practices: Guideposts, Risk Registers and a Maturity Model
AFERM Best Practices: Guideposts, Risk Registers and a Maturity Model G.Edward DeSeve, Senior Advisor September, 2014 Oliver Wyman Introduction Guide Posts- As governments design ERM programs, they must
More informationThe Evolution of Risk Management and The Risk Management Process
The Evolution of Risk Management and The Risk Management Process The Evolution of Analytical Risk-Management Tools 1938 Bond Duration 1952 Markowitz mean-variance framework 1963 Sharpe s capital asset
More informationRISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA
RISK MANAGEMENT 11.1 Plan Risk Management: The process of DEFINING HOW to conduct risk management activities for a project. In Plan Risk Management, the remaining FIVE risk management processes are PLANNED
More informationENTERPRISE RISK MANAGEMENT Framework
STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework January 2018 Ce document est également disponible en français. Notice This document is intended as a reference tool
More informationRisk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small
Risk Management Seminar June 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Defining Risk Risk reflects the chance that the actual event may be different than the planned / expected
More informationD7 Risk Management Policy
D7 Risk Management Policy Purpose and scope The aim of Kelda s policy is to establish and embed effective risk management in normal business process and culture. This will improve Kelda s ability to predict
More informationPRINCIPLES FOR RISK MANAGEMENT IN NORGES BANK INVESTMENT MANAGEMENT LAID DOWN BY THE EXECUTIVE BOARD 10 JUNE 2009, LAST AMENDED 21 NOVEMBER 2018
PRINCIPLES FOR RISK MANAGEMENT IN NORGES BANK INVESTMENT MANAGEMENT LAID DOWN BY THE EXECUTIVE BOARD 10 JUNE 2009, LAST AMENDED 21 NOVEMBER 2018 1. Purpose and objective These principles represent our
More informationEnterprise Risk Management
Enterprise Risk Management Dave Heller Vice President and Chief Compliance Officer Qwest Risk Management September 21, 2004 Acknowledgement The information contained within the first half of this presentation
More informationRisk Management Plan for the <Project Name> Prepared by: Title: Address: Phone: Last revised:
for the Prepared by: Title: Address: Phone: E-mail: Last revised: Document Information Project Name: Prepared By: Title: Reviewed By: Document Version No: Document Version Date: Review Date:
More informationPRESENTATION TO CLASS 2 CREDIT UNIONS, BY DIRECTORS GLOBAL & BY BPS RESOLVER
1 YOU CAN T MANAGE WHAT YOU CAN T MEASURE Increasingly, boards and senior executives are looking to develop metrics or indicators to help to better monitor potential future shifts in risk conditions or
More informationRisk Management Policy
DYNAMIC ARCHISTRUCTURES LIMITED Risk Management Policy DYNAMIC ARCHISTRUCTURES LIMITED Regd. Address: 409, Swaika Centre, 4A Pollock Street, Kolkata - 700001 (West Bengal) CONTENTS Sr. Particulars Page
More informationDraft Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: November 2017
Draft Guideline Subject: Category: Sound Business and Financial Practices Date: November 2017 I. Purpose and Scope of the Guideline This guideline communicates OSFI s expectations with respect to corporate
More informationCertified Enterprise Risk Professional (CERP) Test Content Outline
Certified Enterprise Risk Professional (CERP) Test Content Outline SECTION 1: RISK GOVERNANCE Domain 1: Board and Senior Management Oversight (8%) Task 1: Provide relevant, timely, and accurate information
More informationRISK ASSESSMENT IN SHIP OPERATIONS
RISK ASSESSMENT IN SHIP OPERATIONS Background How we define Risk? Risk include any possible change of undesirable, adverse consequences to human life, health, property, or the environment. the threat or
More informationRisk Management Plan PURPOSE: SCOPE:
Management Plan Authority Source: Vice-Chancellor Approval Date: 16/05/2018 Publication Date: 17/05/2018 Review Date: 17/05/2021 Effective Date: 16/05/2018 Custodian: General Counsel and University Secretary
More informationThe Country Risk Manager as Chief Risk Officer for the Government. Swiss Re, 3 June 2014
The Country Risk Manager as Chief Risk Officer for the Government Swiss Re, 3 June 2014 Agenda Risk management fundamentals across private and public sectors Swiss Re's risk management process as an example
More informationRISK MANAGEMENT POLICY October 2015
RISK MANAGEMENT POLICY October 2015 1. INTRODUCTION 1.1 The primary objective of risk management is to ensure that the risks facing the business are appropriately managed. 1.2 Paringa Resources Limited
More informationRisk Management. Webinar - July 2017
Risk Management Webinar - July 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Adapted and Facilitated by: Professor Enslin J. van Rooyen Risk Management - June 2017 2 Defining Risk
More informationINTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS GUIDELINE. Nepal Rastra Bank Bank Supervision Department. August 2012 (updated July 2013)
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS GUIDELINE Nepal Rastra Bank Bank Supervision Department August 2012 (updated July 2013) Table of Contents Page No. 1. Introduction 1 2. Internal Capital Adequacy
More informationPRINCE2-PRINCE2-Foundation.150q
PRINCE2-PRINCE2-Foundation.150q Number: PRINCE2-Foundation Passing Score: 800 Time Limit: 120 min File Version: 6.0 Exam PRINCE2-Foundation Version: 6.0 Exam A QUESTION 1 What process ensures focus on
More informationRisk Management Policy. Apollo Hospitals. Risk Management Policy
Apollo Hospitals Risk Management Policy Table of Contents 1. Introduction...1 2. Risk Management Policy...2 2.1 Applicability... 2 2.2 Risk Management Objectives... 2 2.3 Definitions... 2 2.3.1 Risk...
More informationEFFECTIVE TECHNIQUES IN RISK MANAGEMENT. Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011
EFFECTIVE TECHNIQUES IN RISK MANAGEMENT Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011 Effective Techniques in Risk Management Risk Management Overview Exercise #1 Break Risk IT Exercise #2 Break Risk
More informationENTERPRISE RISK MANAGEMENT (ERM) POLICY
ENTERPRISE RISK MANAGEMENT (ERM) POLICY November 2014 TABLE OF CONTENTS I. INTRODUCTION.... 3 A. Purpose... 3 B. Scope. 3 C. Enterprise Risk Management Vision 3 D. ERM Goals and Objectives. 4 II. RISK
More informationFIRMA Nashville Tennessee April 21, 2015
FIRMA Nashville Tennessee April 21, 2015 Brian J. Pinkerton T. Kevin Whalen Enterprise risk management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization
More informationThe Importance Of Risk Management In An Organizations
The Importance Of Risk Management In An Organizations Azhar Susanto, Meiryani Abstract: Risk management is a structured approach/methodology for managing uncertainty related to threats; a series of human
More informationPRINCE2. Number: PRINCE2 Passing Score: 800 Time Limit: 120 min File Version:
PRINCE2 Number: PRINCE2 Passing Score: 800 Time Limit: 120 min File Version: 1.0 Exam M QUESTION 1 Identify the missing word(s) from the following sentence. A project is a temporary organization that is
More informationProject Risk Management. Prof. Dr. Daning Hu Department of Informatics University of Zurich
Project Risk Management Prof. Dr. Daning Hu Department of Informatics University of Zurich Learning Objectives Understand what risk is and the importance of good project risk management Discuss the elements
More informationUSF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment
USF System Compliance & Ethics Program Risk Assessment Process Enterprise-Wide Risk Assessment Risk Assessment Process Risk Assessment: A disciplined, documented, and ongoing process of identifying and
More informationLONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY
LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY JANUARY 2013 1 Version Control Reference Comments Approval date 05 09 12 19 11 12 10 01 13 2 FOREWORD Welcome to the Council s Risk Management Strategy.
More informationRisk Management: Assessing and Controlling Risk
Risk Management: Assessing and Controlling Risk Introduction Competitive Disadvantage To keep up with the competition, organizations must design and create a safe environment in which business processes
More informationEnterprise Risk Management. Contents are subject to change. For the latest updates visit
Enterprise Risk Page 1 of 10 Why Attend Enterprise Risk known as (ERM) has evolved considerably since the seventies. From simply 'buying' insurance, it has now grown in importance to become a prime function
More informationOperational Risk Management
Operational Risk Management An Iceberg but Icebergs can melt DMF Stakeholders Forum Berlin, May 2013 Mike Williams mike.williams@mj-w.net Operational risk is: The risk of loss (financial or nonfinancial)
More informationPRINCIPLES FOR RISK MANAGEMENT IN NORGES BANK INVESTMENT MANAGEMENT
PRINCIPLES FOR RISK MANAGEMENT IN NORGES BANK INVESTMENT MANAGEMENT LAID DOWN BY THE EXECUTIVE BOARD 10 JUNE 2009 LAST AMENDED 18 MARCH 2015 1. PURPOSE AND OBJECTIVES The Executive Board recognises that
More information