RISK MANAGEMENT The change we wish to see - IIA
Transcript of RISK MANAGEMENT The change we wish to see - IIA
![Page 1: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/1.jpg)
RISK MANAGEMENT
The change we wish to see
Emmanuel Johannes CIA,ISO 31000 Lead
Trainer, CFE
![Page 2: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/2.jpg)
About Trainer
• Position: CEO of Kepler Associates and Former President of IIA
• Education: BSc Electronics, BSc Accounting, MBA, FCCA, ACPA-PP
• Certifications: CIA, CFSA, CGAP, CCSA, CFE, ISO 31000 CT, CRMA
• Work experience: UCC, PwC, Stanchart, KCB Bank, Kepler Associates
• Other positions: Audit Committee , Member of Advisory Council of ACFE
Global
• ISO 31000 Lead Trainer
• CFE Authorized Trainer
• IIA Certified Trainer
![Page 3: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/3.jpg)
Outline
• The current state of risk management
• Importance of risk management
• Implication to internal auditors
![Page 4: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/4.jpg)
4
Basic Concepts
![Page 5: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/5.jpg)
Current State of Risk Management
![Page 6: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/6.jpg)
Current State of Risk Management
• Most ERM Programs are built on “Governance” or “Compliance” models
• Value: “Did we do it? Good.”
• Measures are rarely in meaningful terms
• Not a KEY role in performance management, planning, budgeting and strategy formation
• Limited in scope and focus
• Not a “day-to-day” part of decision making
• Not based on or tied to a standard or tight framework
![Page 7: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/7.jpg)
Current State of Risk Management
.
7
Risk
compliance
reporting
regulations
insurance
Controls
audit
![Page 8: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/8.jpg)
Benefits of Risk Management
![Page 9: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/9.jpg)
Benefits of Risk Management
The only alternative to risk management is crisis management --- and crisis management is much more expensive, time consuming and embarrassing.
JAMES LAM, Enterprise Risk Management, Wiley Finance © 2003
Without good risk management practices, government cannot manage
its resources effectively. Risk management means more than
preparing for the worst; it also means taking advantage of opportunities
to improve services or lower costs.
Sheila Fraser, Auditor General of Canada
![Page 10: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/10.jpg)
10
![Page 11: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/11.jpg)
Benefits of Risk Management
• Allows intelligent “informed” risk-taking.
• Focuses efforts –helps prioritize. Top 10 list. Or top 3. Or…
• Is proactive…. not reactive – Prepare for risks before they happen.
Identify risks and develop appropriate risk mitigating strategies.
• Improve outcomes – achievement of objectives (corporate, clinical,
etc)
• Really comes to down to simple good management
• Enables accountability, transparency and responsibility
• And maybe even mean survival
![Page 12: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/12.jpg)
![Page 13: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/13.jpg)
Reasons for closing
• Blames Brexit
• Rental costs
• Rise in minimum wages
“Expert say the growth of takeaway apps,
and a saturation of food chains on Britain
high streets…” Daily mail UK home 21 May 2019
![Page 14: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/14.jpg)
14
Effect of uncertainty on
objectives…
Risk
![Page 15: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/15.jpg)
.
“May you live in an interesting time- The
Future”
15
![Page 16: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/16.jpg)
![Page 17: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/17.jpg)
ISO 31000:2018
20
![Page 18: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/18.jpg)
18
Back at the office
• Why is the organization interested in RM? What
are they hoping will be achieved with its
implementation?
• Who is doing what? Roles & responsibilities must
be clearly defined. Make sure Leadership supports
RM and uses RM results to make decisions.
Everyone is a risk manager.
![Page 19: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/19.jpg)
Back at the Office
• How will it be implemented? What is your framework? What is
the common language? How will risks be measured and
reported?
• Where will you start? Choices could be where you can most
easily succeed or where it is needed the most or where interest
is high.
• When will it be implemented? It is a journey not a destination;
3-5 years for complete roll-out; how often will risks be assessed;
when will mitigation plans be implemented and monitored; when
will risks be reported.
![Page 20: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/20.jpg)
20
Ask questions and develop your approach
• Do we understand our major risks? Do we know what
is causing our risks to increase, decrease or stay the
same?
• Have we assessed the likelihood and impact of our
risks?
• Have we identified the sources and causes of our
risks?
![Page 21: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/21.jpg)
21
Ask questions and develop your approach
• Are we taking too much risk? Or not enough risk?
• Are the right people taking the right risks at the right
time?
• What’s our culture? Are we risk adverse or are we
risk-takers? Or are we somewhere in between?
![Page 22: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/22.jpg)
22
Ask questions and develop your approach
• How well are we managing our risks?
• Are we trying to prevent the downside risks from
happening? Or are we trying to simply recover from them?
• Who is accountable for these risks?
• How do we talk about risk? Do we have a common
language across branches, across divisions, across the
ministry
![Page 23: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/23.jpg)
Five considerations for Internal Audit
• Strategic planning and alignment.
• Risk assessments
• Analytics and dashboards
• Training and recruitment
• The power of internal audit automation.
![Page 24: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/24.jpg)
Mission of Internal Auditing
“To enhance and protect organizational
value by providing risk-based and
objective assurance, advice and insight.”
![Page 25: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/25.jpg)
25
Keep it simple
![Page 26: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/26.jpg)
![Page 27: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/27.jpg)
![Page 28: RISK MANAGEMENT The change we wish to see - IIA](https://reader034.fdocuments.net/reader034/viewer/2022052113/62888438dcf1de061c13d2d1/html5/thumbnails/28.jpg)
Case Based Learning:
Advanced Fraud Risk
Assessment Techniques from
Internal Auditor's Eye