Upload
jabulani-mbengo
View
138
Download
0
Embed Size (px)
Citation preview
(Company Name)Enterprise Risk Management Seminar
Facilitated by
Jabulani Mbengo(Head Internal Audit)
Date: 12 April 2014
SEMINAR OBJECTIVES
• Understand the concept of Enterprise Risk Management• Appreciate the benefits of Effective Risk Management
• Understand pressures for adopting Effective Risk Management
• Identify appropriate structure for Effective Risk Management
• Profile potential risks facing the Company• Understanding current controls in place • Propose additional responses to mitigate identified risks
INTRODUCTION
AIG, once considered “too big to fail” had to
be bailed out by the US government (Why
– because they did not identify and manage product and strategic
risks)
The disappearance of Flight MH370 of
Malasia, who could have thought a plane
can disappear with trace?
The Westgate terrorist saga in Kenya in 2013
(Security risk)
DEFINITION OF ENTERPRISE RISK MANAGEMENT
“… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting
and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” COSO
Identify potential Events that may affect the
company
Manage risks within the company’s risk appetite
Provide reasonable assurance of how risks are
being managed
Benefits of ERM
Greater likelihood of achieving company objectives; Consolidated reporting of disparate risks at board level; Improved understanding of the key risks and their wider
implications; Identification and sharing of cross business risks; Greater management focus on the issues that really matter; Fewer surprises or crises; More focus internally on doing the right things in the right
way; Increased likelihood of change initiatives being achieved; Capability to take on greater risk for greater reward More informed risk-taking and decision-making.
PRESSURES FOR EFFECTIVE RISK MANAGEMENT IN ORGANISATIONS
RISKS FACING ORGANIZATIONS
WHY INSURANCE COMPANY BECOME INSOLVENT? (This is USA statistics)
THE ACTIVITIES INCLUDED IN ERM
Articulating and communicating the objectives of the organisation; Determining the risk appetite of the organisation; Establishing an appropriate internal environment, including a risk
management framework; Identifying potential threats to the achievement of the objectives; Assessing the risk i.e. the impact and likelihood of the threat occurring; Selecting and implementing responses to the risks; Undertaking control and other response activities; Communicating information on risks in a consistent manner at all levels in
the organisation; Centrally monitoring and coordinating the risk management processes
and the outcomes, and Providing assurance on the effectiveness with which risks are managed.
EFFECTIVE STRUCTURE OF ERM
Board
Chief Executive Officer/ Managing Director/General
Manager
Management Risk Committee
Chief Risk Officer/ERM
Champion
Board Risk Committee
INTERNAL AUDIT ROLES IN RISK MANAGEMENT
WHAT IS RISK ASSESSMENT?
A risk assessment is simply a careful examination of what, in your work, could go wrong to cause harm to people, and the organization, so that you can weigh up whether you have taken enough precautions or
should do more to prevent harm
A risk assessment is an important step in protecting
your workers and your business, as well as
complying with the law. It helps you focus on the risks
that really matter in your workplace – the ones with the potential to cause real
harm
OUR TASK TODAY
We need to be able to complete the following Total Risk Profiling table- terms are described in the following slides
Risk No
Vulnerability
Trigger
Consequences
Severity Probability/Likelihood
Current Controls /Management actions to Improve
EXPLAINING TERMS IN THE TOTAL RISK PROFILING TABLE
Terms VulnerabilityThis is the ‘what’, and the ‘where’This column describes the inherent potential vulnerability in the enterprise being analyzedWe need to identify all risks that can negatively impact on FICO
Trigger: The ‘how’ or the ‘why’Describes the failure or initiating that triggers an unintended release of the threat or development of the weakness described in the ‘vulnerability’ column
Consequences The ‘how bad’ or the ‘how big’This column describes the nature and magnitude of the consequences which result from the unintended release of the threat or development of the weakness described in the vulnerability and trigger columns
EXPLAINING TERMS IN THE TOTAL RISK PROFILING TABLE….
SEVERITY LEVEL DEFINITION
I Catastrophic Threatens viability of the businessII Critical Serious damage to financial condition,
reputation or ability to meet business objectives
III Significant Limits ability to operate within budgets and achieve business development and financial targets
IV Marginal Minor impact
EXPLAINING TERMS IN THE TOTAL RISK PROFILING TABLE….
PROBABILITY LEVEL DEFINITIONA Very High It will happen soon Often experienced or
likely to occur frequently
B High It will happen sooner or later
Several times experienced or occurring
C Occasional It can happen sooner or later
Sometimes experienced or occurring
D Low It is expected to happen one day
Maybe experienced or occurring
E Very Low It is not expected but can happen
Unlikely to be experienced or to occur
F Almost impossible
Theoretically possible Theoretically impossible
KEY FOCUS AREAS
Strategic RiskInsurance RiskOperational RiskCredit and Investment RiskFinancial Risk