Chap 1- Intro to Risk Management

7/27/2019 Chap 1- Intro to Risk Management

1/19

UNDERSTANDING YOUR ORGANIZATION

CHAP 1:

INTRODUTION TO RISK MANAGEMENT


2/19

RISK MANAGEMENT


3/19

A scenario Life is full of uncertainty

You have made an appointment with your

acquaintances to go out for dinner next week.

Question:What could happen so that you are not able to meet

with your friends?

What do you need to do to ensure that you are able to

meet with them?

What could go wrong" that would prevent a company

from achieving our business objectives = Risk


4/19

Overview of Risk Management

What is risk?

One of the first hurdles in thinking about risk is theplethora of definitions and meanings of the term risk.Risk is one of those terms seen a dozen times in the

daily newspaperwith a dozen different meanings andinterpretations.

Depend on who you asked: Did know about risk - IT Expert, Environmentalist,

Banker, Safety expert and so fort will give differentinterpretation about risk definition

Dont know about risk will assume thoseinterpretation come from different world

But, these different worlds make up parts of the sameuniverse the risk management universe


5/19

Definition of Risk

The possibility of an event occurring that will have animpact on the achievement of objectives. Risk ismeasured in terms ofimpact and likelihood. (ISPPIA)

Risk is the chance of something happening or nothappening that will have an influence upon theachievement of business objectives. (Turnbull)

Risks are uncertainties about events and/or their

outcomes which, if they occur, would have a materialaffect on the goals and objectives of the organizationeither negatively (threats/ downside) or positively(opportunities/upside).


6/19

Definition of Risk

Risks arise from uncertainties, are inherent, and ariseat any time.

Inherent and Residual Risk

Inherent risk is the underlying risk before any controls

are applied to mitigate the risk Residual risk is the risk remaining after management

takes action to reduce the impact and likelihood of anadverse event, including control activities inresponding to risk

It is important that managers get out of an onlydownside risk mentality. Risk is not only bad thingshappening, but also good things not happening.Companies are now seeing opportunities from focusingon risk and control, rather than purely focusing on

controls.


7/19

Risk Element

Risk arises out of uncertainty. If you are deciding on a course ofaction, your need to manage risk arises out of this uncertaintyand therefore the three elements of risk you need to considerare:

Likelihood : the likelihood indicates the chance of

occurrence (the likelihood of something happening which youmay ormay not want to happen).

Severity/Impact : the severity of the consequence indicatesthe gravity of damage

Scenario : a risk scenario is the sequence of events leadingfrom the cause to the consequence.

risk scenarios describe undesirable situations, causes describe single events or circumstances activating

dormant problems,

consequences describe the +/-ve effects on the enterpriseresources

cause

causeevent event

consequence

consequence


8/19

Definition of Risk Management

Risk is everywhere, anytime and derives directlyfrom unpredictability.

Risk management is a proactive and an on-going process involving the identification,assessment, control, monitoring and reporting ofrisk exposures.

Risk management consists of a systematicprocess of assessing and then deal ing w ithrisk.


9/19

Risk Management Framework/Model


10/19

Risk Management Framework/Process


11/19

Definition of Risk Management

Risk management is an iterative process consisting of steps,which when taken in sequence, enable continual improvementin decision-making. It is the logical and systematic method ofidentifying, analyzing, evaluating, treating, monitoring andcommunicating risks associated with any activity, function or

process in a way that will enable organizations to minimizelosses and maximize opportunities. (Australian/New ZealandStandard on Risk Management AS/NZS 4360)

Risk management provides us with a framework for dealingwith and reacting to such uncertainty and structured systemsfor identifying and analyzing potential risks, and devising andimplementing responses appropriate to their impact. Theresponses generally draw on strategies of risk prevention, risktransfer, impact mitigation or risk acceptance


12/19

Definition of ERM

Enterprise risk management is a process, affected

by an entity's board of directors, management,

and other personnel, applied in a strategy setting

across the enterprise. The process is designed toidentify potential events that may affect the entity,

manage risks to be within its risk appetite, and

provide reasonable assurance regarding the

achievement of entity objectives.( COSO ERM)


13/19

Risk Management Assumptions

All entities exist to add value to stakeholders

All entities face uncertainty

Value is created, preserved, or eroded by

management decisions

ERM is an enabler of the management process

Interrelated to governance

Interrelated to performance management


14/19

ERM Framework


15/19

Benefits of Risk Management

Aligns risk appetite and strategy

Links growth, risk, and return

Enhances risk response decisions

Minimizes operational surprises and losses


16/19

Benefits of Risk Management

key stakeholders, such as the board and seniormanagement. are in a position to confidently make

informed decisions relating to the trade-off of risk andreward;

daily business decisions at the departmental/divisionallevel are made within the context of the organization

tolerance towards risk; the risks relating to the value of the organizations

intangible assets, such as its customer base, suppliers,intellectual and knowledge capital, process and systems,are acknowledged and optimized as fully as its physical

and financial assets;

Effective risk management helps build an organization that

exhibits the following key features:


17/19

Categories of Risk

Strategic

Operational

Financial

Compliance


18/19

Standards

Performance Standard 2110 - Risk Management

The internal audit activity should (must) assist the

organization by identifying and evaluating significant

exposures to risk and contributing to the improvement

of risk managementand control systems

Performance Standard 2110.A1 - Assurance

The internal audit activity should (must) monitor andevaluate the effectiveness of the organization's risk

management system


19/19

Implication & Action Plan

Implications

Risk management is a critical business process

and must be in the auditable universe

Risk management is linked to strategy, vision,and values and interdependent on governance

Chap 1- Intro to Risk Management

Documents

Transcript of Chap 1- Intro to Risk Management