Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
RISK MANAGEMENT
The change we wish to see
Emmanuel Johannes CIA,ISO 31000 Lead
Trainer, CFE
About Trainer
• Position: CEO of Kepler Associates and Former President of IIA
• Education: BSc Electronics, BSc Accounting, MBA, FCCA, ACPA-PP
• Certifications: CIA, CFSA, CGAP, CCSA, CFE, ISO 31000 CT, CRMA
• Work experience: UCC, PwC, Stanchart, KCB Bank, Kepler Associates
• Other positions: Audit Committee , Member of Advisory Council of ACFE
Global
• ISO 31000 Lead Trainer
• CFE Authorized Trainer
• IIA Certified Trainer
Outline
• The current state of risk management
• Importance of risk management
• Implication to internal auditors
4
Basic Concepts
Current State of Risk Management
Current State of Risk Management
• Most ERM Programs are built on “Governance” or “Compliance” models
• Value: “Did we do it? Good.”
• Measures are rarely in meaningful terms
• Not a KEY role in performance management, planning, budgeting and strategy formation
• Limited in scope and focus
• Not a “day-to-day” part of decision making
• Not based on or tied to a standard or tight framework
Current State of Risk Management
.
7
Risk
compliance
reporting
regulations
insurance
Controls
audit
Benefits of Risk Management
Benefits of Risk Management
The only alternative to risk management is crisis management --- and crisis management is much more expensive, time consuming and embarrassing.
JAMES LAM, Enterprise Risk Management, Wiley Finance © 2003
Without good risk management practices, government cannot manage
its resources effectively. Risk management means more than
preparing for the worst; it also means taking advantage of opportunities
to improve services or lower costs.
Sheila Fraser, Auditor General of Canada
10
Benefits of Risk Management
• Allows intelligent “informed” risk-taking.
• Focuses efforts –helps prioritize. Top 10 list. Or top 3. Or…
• Is proactive…. not reactive – Prepare for risks before they happen.
Identify risks and develop appropriate risk mitigating strategies.
• Improve outcomes – achievement of objectives (corporate, clinical,
etc)
• Really comes to down to simple good management
• Enables accountability, transparency and responsibility
• And maybe even mean survival
Reasons for closing
• Blames Brexit
• Rental costs
• Rise in minimum wages
“Expert say the growth of takeaway apps,
and a saturation of food chains on Britain
high streets…” Daily mail UK home 21 May 2019
14
Effect of uncertainty on
objectives…
Risk
.
“May you live in an interesting time- The
Future”
15
ISO 31000:2018
20
18
Back at the office
• Why is the organization interested in RM? What
are they hoping will be achieved with its
implementation?
• Who is doing what? Roles & responsibilities must
be clearly defined. Make sure Leadership supports
RM and uses RM results to make decisions.
Everyone is a risk manager.
Back at the Office
• How will it be implemented? What is your framework? What is
the common language? How will risks be measured and
reported?
• Where will you start? Choices could be where you can most
easily succeed or where it is needed the most or where interest
is high.
• When will it be implemented? It is a journey not a destination;
3-5 years for complete roll-out; how often will risks be assessed;
when will mitigation plans be implemented and monitored; when
will risks be reported.
20
Ask questions and develop your approach
• Do we understand our major risks? Do we know what
is causing our risks to increase, decrease or stay the
same?
• Have we assessed the likelihood and impact of our
risks?
• Have we identified the sources and causes of our
risks?
21
Ask questions and develop your approach
• Are we taking too much risk? Or not enough risk?
• Are the right people taking the right risks at the right
time?
• What’s our culture? Are we risk adverse or are we
risk-takers? Or are we somewhere in between?
22
Ask questions and develop your approach
• How well are we managing our risks?
• Are we trying to prevent the downside risks from
happening? Or are we trying to simply recover from them?
• Who is accountable for these risks?
• How do we talk about risk? Do we have a common
language across branches, across divisions, across the
ministry
Five considerations for Internal Audit
• Strategic planning and alignment.
• Risk assessments
• Analytics and dashboards
• Training and recruitment
• The power of internal audit automation.
Mission of Internal Auditing
“To enhance and protect organizational
value by providing risk-based and
objective assurance, advice and insight.”
25
Keep it simple
Case Based Learning:
Advanced Fraud Risk
Assessment Techniques from
Internal Auditor's Eye