Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

Similar documents
Applying COSO s Enterprise Risk Management Integrated Framework

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

Enterprise Risk Management Integrated Framework

Energize Your Enterprise Risk Management

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

GOV : Enterprise Risk Management Policy

CORPORATE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017

Thirty-Second Board Meeting Risk Management Policy

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

ENTERPRISE RISK MANAGEMENT Framework

Risk Management at the Deutsche Bundesbank March 2011

Risk Management. Webinar - July 2017

Subject SP9 Enterprise Risk Management Specialist Principles Syllabus

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

Journey of a Compliance Officer in ERM Implementation. SCCE Regional Conference September 8, Introduction

Risk Management Policy

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Fraud Risk Management

RISK MANAGEMENT FRAMEWORK

Risk Management Relevance to PAS 55 (ISO 55000) Deciding on processes to implement risk management

Risk Management at Central Bank of Nepal

Risk management policy

Policy Number: 040 Risk Management August 2018

Practical aspects of determining and applying a risk appetite for SMEs

Section Defining Risk Management. 11. Principles of Risk Management

SCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda

Risk Management Plan for the <Project Name> Prepared by: Title: Address: Phone: Last revised:

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

RISK MANAGEMENT FRAMEWORK

USF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment

1. Define risk. Which are the various types of risk?

Procedures for Management of Risk

Boston Chapter AGA 2018 Regional Professional Development Conference. Brandeis University Professor Erich Schumann May 2018

The Importance Of Risk Management In An Organizations

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

0470_022817_03_chap01.fm Page 11 Wednesday, September 8, :29 PM. Part I The basics of project risk management

Kidsafe NSW Risk Management Plan. August 2014

Enterprise Risk Management Program

RISK MANAGEMENT FRAMEWORK

Enterprise Risk Management

West Coast District Municipality. Risk Management Policy

Perpetual s Risk Management Framework

Identifying and taking opportunities to improve performance as well as taking action to avoid or reduce the chances of something going wrong

Risk Management Plan PURPOSE: SCOPE:

Master Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards

Risk Management Framework

ENTERPRISE RISK MANAGEMENT (ERM) POLICY

Presentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,IIK 6 th JULY 2017

SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

HSC Business Services Organisation Board

Escorts Limited. Risk Management Policy

Risk Evaluation, Treatment and Reporting

ERM Implementation and the Own Risk and Solvency Assessment (ORSA)

INTERNAL AUDIT PLAN OF ACTIVITIES

HUBTOWN LIMITED REVISED RISK MANAGEMENT POLICY. (Effective from December 1, 2015)

PRESENTATION TO CLASS 2 CREDIT UNIONS, BY DIRECTORS GLOBAL & BY BPS RESOLVER

ENTERPRISE RISK AND STRATEGIC DECISION MAKING: COMPLEX INTER-RELATIONSHIPS

Certified Enterprise Risk Professional (CERP) Test Content Outline

RISK MANAGEMENT FRAMEWORK OVERVIEW

RISK MANAGEMENT FRAMEWORK

Policy for Risk Management

ERM Benchmark Survey Report A report on PACICC's third ERM benchmarking survey

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

Understanding Enterprise Risk Management: An Overview

HONG LEONG INVESTMENT BANK BERHAD Company no: P (Incorporated in Malaysia)

Summary Enterprise Risk Management Framework

Project Risk Management

The Evolution of Risk Management and The Risk Management Process

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Subject ST9 Enterprise Risk Management Syllabus

Auditor s Letter. Timothy M. O Brien, CPA Denver Auditor Annual Audit Plan

Enterprise Risk Management Focusing on the Right Risks

Enterprise Risk Management Sources. Universe. Tolerance. Appetite

SETSOTO LOCAL MUNICIPALITY

DRAFT 3/18/14 Financial Analysis Handbook 2014 Annual/2015 Quarterly

Navigating the New Normal Enterprise Risk Management After e-risk Identification and Assessment

RISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

Risk Management Strategy

RISK MANAGEMENT POLICY AND STRATEGY

Risk Management Framework

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Delivering Clarity to Credit Unions Through Expertise and Experience

Risk Assessment Mitigation Phase Risk Mitigation Plan Lessons Learned (RAMP B) November 30, 2016

Solvency Assessment and Management: Stress Testing Task Group Discussion Document 96 (v 3) General Stress Testing Guidance for Insurance Companies

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Merrill Lynch Equity S.àr.l. Pillar 3 Disclosures. As at December 31, 2012

360 Degrees of Enterprise Risk Management

Overview of ERM Assessment Viewpoints (June 2016) Overview

Enterprise Risk Management

Procedure: Risk management

Approved by: Diocesan Council 17 December 2015

BERGRIVIER MUNICIPALITY

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

JAY BHARAT MARUTI LIMITED

Transcription:

Risk Management: Principles, Methodologies and Techniques Peter Getugi Internal Audit Manager ILRI NAIROBI 22 JUNE, 2010

Session Objectives What is Risk Management? Why is Risk Management importance rising? The ERM Framework Best Practices in RM Risk Management in ILRI 2

Risk Management: Not such a new subject... First Definition: The process of analysing exposure to risk and how best to handle the exposure 3

Second Definition RISK MANAGEMENT: A process applied across the enterprise designed to identify potential events that may affect the entity: positive as well as negative manage risks (and opportunities) to be within its risk appetite provide reasonable assurance regarding the achievement of the entity s objectives 4

A Center s achievement of its vision and mission is influenced by: RESEARCH STRATEGY AND PROJECT PORTFOLIO PEOPLE EXTERNAL ENVIRONMENT PHYSICAL INFRASTRUCTURE INTERNAL PROCESSES INTELLECTUAL AND GERMPLASM ASSETS TECHNOLOGY FINANCE These factors present the Centre with both opportunities and risks. 5

The opportunities and risks facing a Centre can be be classified as those affecting: OPERATIONAL EFFECTIVENESS SAFETY AND SECURITY FINANCIAL INTEGRITY AND COMPLIANCE EFFICIENCY LEGAL COMPLIANCE 6

Definitions Organizations pursue opportunities to achieve their objectives. Risks are those occurrences that will have an adverse impact on the organization s objectives, resulting from inadequate or failed systems or processes, mistakes or external events 7

How to Identify Risks: Brainstorming Interviews Self assessment Risk questionnaires Facilitated workshops 8

Why the attention on more formalized risk management? Makes good business sense Fulfills stakeholder expectations for high standards of governance Meets donor requirements for assurance Helps avoid surprises! 9

Why the attention on more formalized risk management? Increased competition for scarce resources Increased external scrutiny from government, donors, the public regulatory institutions, Journalists, Board Increased level of litigations 10

How to use an ERM (Enterprise Risk Management) framework to identify and manage risks. 11

The ERM Framework Entity objectives can be viewed in the context of four categories: Strategic Operations Reporting Compliance 12

The ERM Framework ERM considers activities at all levels of the organization: Entity-level Division or subsidiary Business unit processes 13

The ERM Framework The eight components of the framework are interrelated 14

1. Internal Environment Establishes a philosophy regarding risk management. It recognizes that unexpected as well as expected events may occur. Establishes the entity s risk culture. Considers all other aspects of how the organization s actions may affect its risk culture. Tone at the top. 15

2. Objective Setting Is applied when management considers risks strategy in the setting of objectives. Forms the risk appetite of the entity a highlevel view of how much risk management and the board are willing to accept. Risk tolerance, the acceptable level of variation around objectives, is aligned with risk appetite. 16

3. Event Identification Differentiates risks and opportunities. Events that may have a negative impact represent risks. Events that may have a positive impact represent natural offsets (opportunities), which management channels back to strategy setting. 17

4. Event Identification Involves identifying those incidents, occurring internally or externally, that could affect strategy and achievement of objectives. Addresses how internal and external factors combine and interact to influence the risk profile. 18

5. Risk Assessment Allows an entity to understand the extent to which potential events might impact objectives. Assesses risks from two perspectives: - Likelihood - Impact Is used to assess risks and is normally also used to measure the related objectives. 19

6. Risk Assessment Employs a combination of both qualitative and quantitative risk assessment methodologies. Relates time horizons to objective horizons. Assesses risk on both an inherent and a residual basis. 20

7. Risk Response Identifies and evaluates possible responses to risk. Evaluates options in relation to entity s risk appetite, cost vs. benefit of potential risk responses, and degree to which a response will reduce impact and/or likelihood. Selects and executes response based on evaluation of the portfolio of risks and responses. 21

8. Control Activities Policies and procedures that help ensure that the risk responses, as well as other entity directives, are carried out. Occur throughout the organization, at all levels and in all functions. Include application and general information technology controls. 22

11. Internal Control A strong system of internal control is essential to effective enterprise risk management (ERM). 23

Impact vs. Probability High Medium Risk High Risk I M P A C T Share Low Risk Mitigate & Control Medium Risk Accept Control Low PROBABILITY High

Example: Call Center Risk Assessment High Medium Risk High Risk I M P A C T Loss of phones Loss of computers Low Risk Credit risk Customer has a long wait Customer can t get through Customer can t get answers Medium Risk Fraud Lost transactions Employee morale Entry errors Equipment obsolescence Repeat calls for same problem Low PROBABILITY High

9. Information & Communication Management identifies, captures, and communicates pertinent information in a form and timeframe that enables people to carry out their responsibilities. Communication occurs in a broader sense, flowing down, across, and up the organization. 26

10. Monitoring Effectiveness of the other ERM components is monitored through: Ongoing monitoring activities. Separate evaluations. A combination of the two. 27

Risk Appetite Amount of risk exposure or potential adverse impact an organization is willing to accept/retain. Think of organizations recently with high risk Appetite, and high risk tolerance. BP? CoE (new constitutional process?) FIFA? 28

What is your risk appetite? 29

Best practices and action steps There are several best practices and action steps management can take to improve their strategic risk assessments such as: Ascertain your risk appetite Define risk broadly incorporating many types of risk; Recognize the downsides as well as the opportunities of risk; 30

Best practices and action steps Develop a culture of evaluating and identifying risks at multiple levels so critical risks filter up to top decision makers Examine the total cost of risk, including financial and non-financial costs; Board and Management should collaborate and work together 31

Best practices and action steps Develop a disciplined process to consider risk in strategic discussions; Designate an owner of the risk identification process; Require Managers to prioritize risks based on likelihood and impact 32

Best practices and action steps Identify and monitor risks that could interfere with strategic goals; Require annual written reports on each highpriority risk being monitored; Reassess priority risks at the board level at least once a year as circumstances change; 33

Best practices and action steps Look for risks that are being omitted Move risk identification deeper into the institution to employees most likely to first see risks; Benchmark your risk practices with other institutions; and Repeat the process as risk management is a continuous process, not a one-time endeavor. 34

Case Study: Enterprise Risks WHAT COULD BRING THE BUSINESS TO A GRINDING HALT: IN DAYS? IN WEEKS? IN MONTHS? IN 5 YEARS? CAN WE PREVENT IT? HOW PREPARED ARE WE TO RECOVER? 35

Discuss: Top Risks in ILRI 36

Other risks to consider? 37

Case Study: Identifying ILRI Risks CENTER PARTNERS DONORS 38

Common ILRI Objectives Effectiveness: Protection and effective use of germplasm collections Integrity and security of information Continued operations in the event of significant natural, political, social and other disruptions 39

Common ILRI Objectives Efficiency and Economy: Efficient and economical use of funds Protection of Center physical property Protection of Center data and intellectual property rights/protection against third party restrictions on use 40

Common ILRI Objectives Financial Integrity and Compliance: Adequate funds to meet medium term plans and short term obligations Compliance with financial obligations to staff Compliance with external financial reporting obligations 41

Common ILRI Objectives Legal and other Compliance: Compliance with host country agreements Compliance with donor agreements Compliance with partnerships and other third party legal obligations 42

Common ILRI Objectives Safety and Security: Safe working environment for staff and visitors Safe staff travel Avoid environmental damage from Center operations Center premises secure against unauthorized intrusion 43

Typical ILRI Risks Effectiveness Relevance of Center research mission Risk Poor quality of research activities Mismatch of skills with business needs Inability to attract or retain appropriate staff 44

Typical ILRI Risks Financial integrity and compliance Adequate funds to meet medium-term plans and short-term obligations Risk Inadequate reserves for medium-term liquidity Significant foreign exchange losses Misappropriation or misuse of Center cash funds 45

Typical ILRI Risks Legal and other Compliance Compliance with host country agreements and donor agreements Risk Non-compliance with host country requirements Loss of host country privileges and immunities Non compliance with donor agreements 46

Typical ILRI Risks Safety and Security Safe and secure working environment for staff and visitors Risk Staff downtime due to preventable or treatable medical conditions Staff exposed to dangerous travel conditions Damage or theft of Center property by intruders 47

Where to from here? REPORTING TO THE BOARD PUBLIC REPORTING INTERNALIZING THE PROCESS 48

Thank you! 49

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback