RISK MANAGEMENT

The change we wish to see

Emmanuel Johannes CIA,ISO 31000 Lead

Trainer, CFE

About Trainer

• Position: CEO of Kepler Associates and Former President of IIA

• Education: BSc Electronics, BSc Accounting, MBA, FCCA, ACPA-PP

• Certifications: CIA, CFSA, CGAP, CCSA, CFE, ISO 31000 CT, CRMA

• Work experience: UCC, PwC, Stanchart, KCB Bank, Kepler Associates

• Other positions: Audit Committee , Member of Advisory Council of ACFE

Global

• ISO 31000 Lead Trainer

• CFE Authorized Trainer

• IIA Certified Trainer

Outline

• The current state of risk management

• Importance of risk management

• Implication to internal auditors

4

Basic Concepts

Current State of Risk Management

Current State of Risk Management

• Most ERM Programs are built on “Governance” or “Compliance” models

• Value: “Did we do it? Good.”

• Measures are rarely in meaningful terms

• Not a KEY role in performance management, planning, budgeting and strategy formation

• Limited in scope and focus

• Not a “day-to-day” part of decision making

• Not based on or tied to a standard or tight framework

Current State of Risk Management

.

7

Risk

compliance

reporting

regulations

insurance

Controls

audit

Benefits of Risk Management

Benefits of Risk Management

The only alternative to risk management is crisis management --- and crisis management is much more expensive, time consuming and embarrassing.

JAMES LAM, Enterprise Risk Management, Wiley Finance © 2003

Without good risk management practices, government cannot manage

its resources effectively. Risk management means more than

preparing for the worst; it also means taking advantage of opportunities

to improve services or lower costs.

Sheila Fraser, Auditor General of Canada

10

Benefits of Risk Management

• Allows intelligent “informed” risk-taking.

• Focuses efforts –helps prioritize. Top 10 list. Or top 3. Or…

• Is proactive…. not reactive – Prepare for risks before they happen.

Identify risks and develop appropriate risk mitigating strategies.

• Improve outcomes – achievement of objectives (corporate, clinical,

etc)

• Really comes to down to simple good management

• Enables accountability, transparency and responsibility

• And maybe even mean survival

Reasons for closing

• Blames Brexit

• Rental costs

• Rise in minimum wages

“Expert say the growth of takeaway apps,

and a saturation of food chains on Britain

high streets…” Daily mail UK home 21 May 2019

14

Effect of uncertainty on

objectives…

Risk

.

“May you live in an interesting time- The

Future”

15

ISO 31000:2018

20

18

Back at the office

• Why is the organization interested in RM? What

are they hoping will be achieved with its

implementation?

• Who is doing what? Roles & responsibilities must

be clearly defined. Make sure Leadership supports

RM and uses RM results to make decisions.

Everyone is a risk manager.

Back at the Office

• How will it be implemented? What is your framework? What is

the common language? How will risks be measured and

reported?

• Where will you start? Choices could be where you can most

easily succeed or where it is needed the most or where interest

is high.

• When will it be implemented? It is a journey not a destination;

3-5 years for complete roll-out; how often will risks be assessed;

when will mitigation plans be implemented and monitored; when

will risks be reported.

20

Ask questions and develop your approach

• Do we understand our major risks? Do we know what

is causing our risks to increase, decrease or stay the

same?

• Have we assessed the likelihood and impact of our

risks?

• Have we identified the sources and causes of our

risks?

21

Ask questions and develop your approach

• Are we taking too much risk? Or not enough risk?

• Are the right people taking the right risks at the right

time?

• What’s our culture? Are we risk adverse or are we

risk-takers? Or are we somewhere in between?

22

Ask questions and develop your approach

• How well are we managing our risks?

• Are we trying to prevent the downside risks from

happening? Or are we trying to simply recover from them?

• Who is accountable for these risks?

• How do we talk about risk? Do we have a common

language across branches, across divisions, across the

ministry

Five considerations for Internal Audit

• Strategic planning and alignment.

• Risk assessments

• Analytics and dashboards

• Training and recruitment

• The power of internal audit automation.

Mission of Internal Auditing

“To enhance and protect organizational

value by providing risk-based and

objective assurance, advice and insight.”

25

Keep it simple

Case Based Learning:

Advanced Fraud Risk

Assessment Techniques from

Internal Auditor's Eye