ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Similar documents
Practical aspects of determining and applying a risk appetite for SMEs

RISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

M_o_R (2011) Foundation EN exam prep questions

Risk Evaluation, Treatment and Reporting

LCS International, Inc. PMP Review. Chapter 6 Risk Planning. Presented by David J. Lanners, MBA, PMP

SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY

Kidsafe NSW Risk Management Plan. August 2014

Business Auditing - Enterprise Risk Management. October, 2018

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

4.1 Risk Assessment and Treatment Assessing Security Risks

Business Continuity Management and ERM

Applying COSO s Enterprise Risk Management Integrated Framework

Operational Risk Management

INTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

1st Capacity Building Seminar on Enterprise Risk Management

Risk Management Framework

GOV : Enterprise Risk Management Policy

Procedure: Risk management

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

INSE 6230 Total Quality Project Management

Energize Your Enterprise Risk Management

Enterprise Risk Management (ERM)

USF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment

Principal risks and uncertainties

What Is Enterprise Risk Management?

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Enterprise Risk Management Balancing Risks & Identifying Opportunities WEBINAR

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Global Enterprise Risk Management in Insurance

Enterprise Risk Management

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

CORPORATE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017

Risk Management Policy. Apollo Hospitals. Risk Management Policy

Risk category Category description Risk appetite

Enterprise Risk Management Integrated Framework

What does the WEF Global Risks Report have to do with my Risk Management program? GRM016 Speakers:

Every project is risky, meaning there is a chance things won t turn out exactly as planned.

Project Risk Management. Prof. Dr. Daning Hu Department of Informatics University of Zurich

Enterprise Risk Management Program

Senior Director, Fire Life Safety & Risk Management

Fundamentals of Project Risk Management

Risk Management Policy and Framework

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

RISK MANAGEMENT POLICY October 2015

Break the Risk Paradigms - Overhauling Your Risk Program

HUBTOWN LIMITED REVISED RISK MANAGEMENT POLICY. (Effective from December 1, 2015)

Understanding Enterprise Risk Management: An Overview

Project Risk Management

S L tr lo a y t d egy s Cyber -Attack

MUSTER AG RISK MANAGEMENT

HSC Business Services Organisation Board

Approved by: Diocesan Council 17 December 2015

Section Defining Risk Management. 11. Principles of Risk Management

Enterprise Risk Management (ERM) Module 3.0 (CERA/FSA)

Risk Management Policy and Procedures.

ENTERPRISE RISK MANAGEMENT Framework

GENERAL RISK CONTROL AND MANAGEMENT POLICY

Key ERM Components. November 2007

Project Management Certificate Program

Perpetual s Risk Management Framework

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Information Technology Project Management, Sixth Edition

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

Risk Management Policy Adopted by:

ERM and ORSA are they the same? Focus on Active Risk Management

Risk Management Policy

Product Recall Risk Assessment By Tony Munns. Product recall is a key area of risk for today s company. With greater focus

For the PMP Exam using PMBOK Guide 5 th Edition. PMI, PMP, PMBOK Guide are registered trade marks of Project Management Institute, Inc.

RISK MANAGEMENT FRAMEWORK

Managing Olympic Risks. Dr Will Jennings University of Southampton

Risks and uncertainties facing the business

Risk Management at ANZ

Delivering Clarity to Credit Unions Through Expertise and Experience

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

RISK MANAGEMENT FRAMEWORK OVERVIEW

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

Topic RISK MANAGEMENT Procedure Category Risk Management Updated 07/2011

How we manage risk. Risk philosophy. Risk policy. Risk framework

Risk Management Strategy

Insurance Contracts for 831(b) Enterprise Risk Captives Policies and Pooling Agreements

Leveraging an organization s current risk management to create a sustainable ERM program. Thursday, January 15, 2015

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

Risk Management Policy

A Practical Framework for Assessing Emerging Risks

Enterprise Risk Management

Enterprise Risk Management (ERM) & Compliance

Georgia Banking School

RISK MANAGEMENT FRAMEWORK

Susan Schmidt Bies: Enterprise perspectives in financial institution supervision

Building a Box Around Murphy s s Law. If anything can go wrong, it will.

First Informal Consultation on ERM Policy. 24 th July 2018

Now THAT YOUR ORGANIZATION'S INITIAL WORK

Integrating Environmental, Social, and Governance Risks into Enterprise Risk Management. 7 May 2018

PS 152 Corporate Risk Management Policy

360 Degrees of Enterprise Risk Management

EFFECTIVE TECHNIQUES IN RISK MANAGEMENT. Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011

Transcription:

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

ENTERPRISE RISK MANAGEMENT (ERM) ERM Definition The Conceptual Frameworks: CAS and COSO Risk Categories Implementing ERM Why ERM? ERM Maturity Model Key Factors for ERM Success

ERM Definition

ERM Definition ERM is the discipline by which an organization in any industry assesses; controls; exploits; finances; and monitors risks from all sources for the purpose of increasing the organization short- and long-term value to its stakeholders. (Casualty Actuarial Society, Overview of Risk Management P. 10) 4

ERM Definition ERM is a process, affected by an entity s board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity goals. (COSO, ERM-Integrated Framework, P. 8) 5

The Conceptual Frameworks for ERM

Conceptual Frameworks Casualty Actuarial Society (CAS) Framework Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework 7

CAS Framework Hazards Financial Risk Operational Risk Strategic Risk 8

COSO Framework 9

Merging CAS and COSO Models Hazards Information Risk Financial Risk Operational Risk Compliance Risk Strategic Risk 10

Risk Categories

Hazards Fire Tornadoes Storms Hurricanes Earthquakes Terrorism Injuries to Employees and Third Parties 12

Financial Risk Adverse movement in exchange rates Adverse movement in interest rates Adverse movement in price and costs Credit Risk Liquidity Risk Bankruptcy Risk 13

Operational Risk Employee fraud Labor relations Production breakdowns Supply chain problems Problems in distribution Product quality issues Physical safety and security 14

Strategic Risk Fluctuations in demand Competitors entry / rivalry Increase in intensity of competition Technological advances Social changes having an adverse impact on the business Economic cycles Adverse legislation 15

Information Risk Incorrect information leading to incorrect decision making Unavailability of required information Unauthorized access to confidential information by competitors Malicious attacks Cyber Crime Loss of Claims / lawsuits by the parties whom confidential information is disclosed 16

Compliance Risk Penalties and fines Reputation losses Claims by third parties Lawsuits Lack of understanding the law Inability to comply with a law or standard Losing patents / legal rights 17

Implementing ERM Step 1: Establish Context

The Conceptual Framework Hazards Information Risk Financial Risk Operational Risk Compliance Risk Strategic Risk 19

Establish Context Define the relationship of organization with its external and internal environment Perform SWOT Analysis Identify stakeholders Understand organization s objectives and strategies Identify Key Performance Indicators (KPIs) Identify relevant key risk categories Identify existing risk management practices Determine the Risk Appetite of management 20

SWOT Analysis Positive Risk Negative Risk Internal Strengths Weaknesses External Opportunities Threats 21

SWOT Analysis An example 22

Stakeholders Analysis Shareholders Potential Investors Management Employees Creditors / Bankers Government General Public Requirements of all stakeholder groups with respect to risk management 23

Key Performance Indicators Return on Capital Employed Net Profit of each division Customer Satisfaction Index % of Sales Returns Current Ratio Financial and Operating Leverage HR Training Hours 24

Implementing ERM Step 2: Identify Risk

The Conceptual Framework Hazards Information Risk Financial Risk Operational Risk Compliance Risk Strategic Risk 26

How to identify risks? Perform brainstorming sessions Perform risk surveys Conduct risk workshops Review and discuss internal audit reports Review and discuss reports of other assurance groups e.g. health & safety, quality assurance, security management etc. 27

Developing the Risk Universe 28

Developing the Risk Universe 29

Developing the Risk Register 30

Implementing ERM Step 3: Analyze / Quantify Risks

The Conceptual Framework Hazards Information Risk Financial Risk Operational Risk Compliance Risk Strategic Risk 32

Risk Measurement Overall Risk = Likelihood x Magnitude High Magnitude Low Likelihood High Low Extreme High Moderate Low 33

Risk Analysis Tools Qualitative Risk Analysis Fault Tree Analysis Probability Distribution (for Likelihood) Maximum Loss Estimation (for Magnitude) Risk and Control Matrix 34

Qualitative Risk Analysis 35

Fault Tree Analysis Fire breaks out Leakage of flammable fluid Ignition source is near fluid Spark exists Someone smokes 36

Probability Distribution 40% 35% 30% 25% 20% 15% 10% 5% 0% 10M 15M 20M 25M Probability Loss 37

Maximum Loss Estimation Risk Maximum Possible Impact Estimated Loss in $ million Earthquake Sensitive information hacked Terrorist attack Competitor launched new product Entire factory will be destroyed Lawsuits, advantage gained by competitors Some facilities will be damaged Market share will be lost by 30% 45,000 15,300 5,000 3,000 38

Risk & Control Matrix 39

Implementing ERM Step 4: Integrate Risks

The Conceptual Framework Hazards Information Risk Financial Risk Operational Risk Compliance Risk Strategic Risk 41

Integrate Risks Consolidate all identified risks Consolidate the likelihood and overall impact of each risk on Key Performance Indicators (KPIs) Align risks with business objectives 42

Implementing ERM Step 5: Assess / Prioritize Risks

The Conceptual Framework Hazards Information Risk Financial Risk Operational Risk Compliance Risk Strategic Risk 44

Risk Prioritization 1 2 3 4 45

Risk Prioritization High Contingency Planning 7 Focus on strategic risk management tools EXTREME Magnitude Overall Report Risk Rating Moderate HIGH MODERATE 5 8 2 3 4 9 6 Build internal controls LOW Low Monitor/ Systematic Controls 1 MODERATE Containment Strategies Low Moderate High Likelihood 46

Implementing ERM Step 6: Treat / Exploit Risks

The Conceptual Framework Hazards Information Risk Financial Risk Operational Risk Compliance Risk Strategic Risk 48

Risk Treatment Strategies Risk Avoidance Overall Risk or Inherent Risk Reduced Risk Risk Transfer Further Reduced Risk Risk Mitigation Residual or Accepted Risk 49

Risk Treatment Tools Risk Avoidance: Quit the activity which results in exposure to risks e.g. avoid dealing in cash or foreign currency Risk Transfer: Insurance, Factoring Risk Mitigation: Internal control, Hedging, Credit Management, Business Continuity Planning etc. Risk Acceptance: Exploit the risk to get benefit 50

The Complete Risk Register 51

Implementing ERM Step 7: Monitor & Review Risks

The Conceptual Framework Hazards Information Risk Financial Risk Operational Risk Compliance Risk Strategic Risk 53

Risk Monitoring Tools Key Risk Indicators (KRIs) Risk Governance, Policies & Procedures Establishing the Risk Management Department Risk Register Risk Reporting Internal Audit 54

Develop Key Risk Indicators (KRIs) Market share Number of direct competitors Loss caused by frauds during the period Total exposure to foreign exchange risk Number of significant internal control weaknesses reported % of price fluctuation Bad debts written off Avoidable losses during the period 55

ERM: Other Issues Why ERM? ERM Maturity Model Key Factors for Success of ERM

Why ERM????? Reduced losses Enhanced business processes Improved reputation Enhanced control over the business Reduced penalties Secured information Effective use of technology Fewer surprises Effective decision making Improved corporate governance 57

ERM Maturity Model 58

ERM Maturity Model 59

Key Factors for ERM Success Agreed risk strategy: The audit committee and management must provide guidance on the appropriate strategy and approach to risk management aligned to the organisational structure. Clear governance framework: The audit committee will usually delegate day-to-day governance through an oversight structure that includes a Chief Risk Officer. Efficient risk management processes: The organisation needs firm procedures for assessing and continuously monitoring risks on an enterprise wide basis. Appropriate technology: Effective systems providing access to information about risk identification, assessment and solutions to support the risk management process. Co-ordination of risk management functions: Integrated risk functions embedded within the business to leverage expertise across the entire organisation. The right culture and capability: Everyone in organization must be attuned to the risk culture and performance measurements must be risk based. 60

Thank you

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback