gen risk manag in ps aw
TRANSCRIPT
-
7/28/2019 Gen Risk Manag in Ps AW
1/46
RiskManagement
Andy Wynne
-
7/28/2019 Gen Risk Manag in Ps AW
2/46
Profit is the
reward for
taking risk
-
7/28/2019 Gen Risk Manag in Ps AW
3/46
Corporate Failure = Poor Risk
Management?
South Sea Bubble
US Savings and Loans
Maxwell
BCCI
Polly Peck
Barings
-
7/28/2019 Gen Risk Manag in Ps AW
4/46
More recently:
-
7/28/2019 Gen Risk Manag in Ps AW
5/46
20 year study of Fortune 500
companies
Crises prepared (proactive)
Crisis prone (reactive)
Crises prepared companies stay in
business nearly 25% longer.
Crises prone companies have half the
profit rate.
-
7/28/2019 Gen Risk Manag in Ps AW
6/46
What is Risk?
Risk is something which
may (or may not) happen
which would have an(negative) effect on the
achievement of an
organisation's objectives.
-
7/28/2019 Gen Risk Manag in Ps AW
7/46
Risk Management
Know your objectives and risk attitude
Identify risks
Assess risk
Manage risk
Monitor, learn and improve, reconsider
-
7/28/2019 Gen Risk Manag in Ps AW
8/46
1992 COSO report on internal control
growing recognition of importance of risk
management:
Rutterman and then Turnbull - UK
Sarbannes-Oxley - US
King Report South Africa
ECSAFA Guidance on governance
-
7/28/2019 Gen Risk Manag in Ps AW
9/46
-
7/28/2019 Gen Risk Manag in Ps AW
10/46
COSO report on Enterprise Risk
Management published in 2004
Internal control is now part of risk
management
Emphasis on risk control across the
organisation
-
7/28/2019 Gen Risk Manag in Ps AW
11/46
-
7/28/2019 Gen Risk Manag in Ps AW
12/46
Enterprise risk management is aprocess, effected by an entitys board ofdirectors, management and other
personnel, applied in strategy setting and
across the enterprise, designed to identify
potential events that may affect the entity,
and manage risk to be within its risk
appetite, to provide reasonable assurance
regarding the achievement of entity
objectives.
-
7/28/2019 Gen Risk Manag in Ps AW
13/46
Certain fundamental concepts:
A process, ongoing and flowing
through an entity
Effected by people at every levelof an organization
Applied in strategy setting
Applied across the enterprise, at every
level and unit, and includes taking an
entity level portfolio view of risk
-
7/28/2019 Gen Risk Manag in Ps AW
14/46
Fundamental concepts: (cont)
Designed to identify potential events
that, if they occur, will affect the entity
and to manage risk within its risk
appetite
Able to provide reasonable assurance to
an entitys management and board of
directors
Geared to achievement of objectives in
one or more separate but overlapping
categories
-
7/28/2019 Gen Risk Manag in Ps AW
15/46
Eight
components
-
7/28/2019 Gen Risk Manag in Ps AW
16/46
1. Internal Environment
The tone of an organization
How risk is viewed and addressed
Risk management philosophy
Risk appetite
Integrity and ethical values.
-
7/28/2019 Gen Risk Manag in Ps AW
17/46
2. Objective Setting
Objectives needed to identify potential
risks
Agreed objective setting process
Chosen objectives support entitys
mission
Chosen objectives consistent with its
risk appetite.
-
7/28/2019 Gen Risk Manag in Ps AW
18/46
3. Event Identification
Internal and external events identified
Distinguish between risks and
opportunities
Consider all risk categories.
-
7/28/2019 Gen Risk Manag in Ps AW
19/46
4. Risk Assessment
To assist their management analyze risks:
Likelihood
Impact
Also asses risks as inherent and residual
basis.
-
7/28/2019 Gen Risk Manag in Ps AW
20/46
5. Risk Response
Select appropriate response:
Terminate (avoid)
Tolerate (accept)
Treat (reduce)
Transfer (Share).
-
7/28/2019 Gen Risk Manag in Ps AW
21/46
6. Control Activities
Policies and procedures to help ensure
the risk responses are effectively carried
out.
The traditional internal controls.
-
7/28/2019 Gen Risk Manag in Ps AW
22/46
7. Information & Communication
Management information is produced and
provided.
Effective communication occurs down,across, and up the entity.
-
7/28/2019 Gen Risk Manag in Ps AW
23/46
8. Monitoring
The whole enterprise risk management
process is monitored and amended as
necessary.
-
7/28/2019 Gen Risk Manag in Ps AW
24/46
Four risk
categories
-
7/28/2019 Gen Risk Manag in Ps AW
25/46
Entity objectives can be viewed
in the context of four categories:
Strategic
Operations
Reporting
Compliance
Four categories of risk
-
7/28/2019 Gen Risk Manag in Ps AW
26/46
Four levels
within entity
-
7/28/2019 Gen Risk Manag in Ps AW
27/46
Levels within the organisation
Considers activities at all levels
of the organization:
Enterprise-level Division
Business unit
Subsidiary
-
7/28/2019 Gen Risk Manag in Ps AW
28/46
Risk
Management
part 2
Andy Wynne
-
7/28/2019 Gen Risk Manag in Ps AW
29/46
Risk
management
cycle
-
7/28/2019 Gen Risk Manag in Ps AW
30/46
The risk management cycle
Establish a business framework
Identify all risks
Assess the risks
Deal with the risks
Monitor the arrangements
-
7/28/2019 Gen Risk Manag in Ps AW
31/46
Establish a business framework
Corporate attitude to risk risk appetite
Integrate risk into general management
activities part of business planning
Allocate responsibilities for risk
management
Agree an approach, processes and
timetable
Ensure risk awareness and
communication.
-
7/28/2019 Gen Risk Manag in Ps AW
32/46
Identify all risks
Political
Financial
Health & safety Legal & regularity
Corporate issues
Commercial Operational
Reputational.
-
7/28/2019 Gen Risk Manag in Ps AW
33/46
Assess the risks - impact
1 The organisation would not survive
2 Major effect on achievement of
business plan or quality of services
3 Significant impact on achieving
business plan or quality of services
4 Some impact on staff and minor effect
on clients5 Insignificant impact on organisation or
staff
-
7/28/2019 Gen Risk Manag in Ps AW
34/46
Assess the risks - likelihood
1 Certain more than 80%
2 Probable, each year 50-80%
3 Possible, every three years 2550%
4 Unlikely, maybe over 5 years 5-25%
5 Remote less than 5%
-
7/28/2019 Gen Risk Manag in Ps AW
35/46
Low
High
High
I
M
P
A
C
T
PROBABILITY
High Risk
Medium Risk
Medium Risk
Low Risk
Loss of phones Loss ofcomputers
Credit risk Customer has a long wait
Customer cant get through Customer cant get answers
Entry errors Equipment obsolescence Repeat calls for same problem
Fraud Lost transactions Employee morale
Assess the risks
-
7/28/2019 Gen Risk Manag in Ps AW
36/46
Risk landscape
Outcome Measure Risk Likelihood Impact Controlactivities
Satisfiedcustomers
% ofcustomersstating they
are satisfiedin survey
% of focusgroupparticipantssatisfied with
product
Producttechnicallyfails
Medium High New productdevelopment
Quality
controlReturnspolicy
-
7/28/2019 Gen Risk Manag in Ps AW
37/46
Deal with the risks
Select appropriate response:
Terminate (avoid or stop activity)
Tolerate (accept, low impact or
contingency plans)
Treat (reduce by implementing soundinternal controls)
Transfer (share, usually by insurance).
-
7/28/2019 Gen Risk Manag in Ps AW
38/46
Deal with the risks (cont)
Share
Accept
High Risk
Medium Risk
Medium Risk
Low Risk
Low
High
High
I
M
P
A
C
T
PROBABILITY
Mitigate & Control
Control
-
7/28/2019 Gen Risk Manag in Ps AW
39/46
Monitor the arrangements
Full review every three years
Formal review at each level every year
As part of the business planning process.
-
7/28/2019 Gen Risk Manag in Ps AW
40/46
Sound internal
control
-
7/28/2019 Gen Risk Manag in Ps AW
41/46
Sound internal control
Internal control can be considered sound if
risk management is effective.
Are each of the eight componentsfunctioning properly?
Small entities can have effective risk
management is each component is
present and adequate.
-
7/28/2019 Gen Risk Manag in Ps AW
42/46
Limitations of
risk
management
-
7/28/2019 Gen Risk Manag in Ps AW
43/46
Limitations of risk management
Depends on human judgement
Breakdowns occur because of human
failures, errors etc
Controls can be overcome by collusion or
fraud
Managers may override risk management
policies.
-
7/28/2019 Gen Risk Manag in Ps AW
44/46
Limited implementation?
Half of health bodies in UK have yet to
identify their principle risks.
Half of local councils have yet to establishrisk registers
In central government only 1 in 10
ministries consider their processes are
fully embedded.
-
7/28/2019 Gen Risk Manag in Ps AW
45/46
Conclusions
Risk management is an essential part of
management.
How formal do you want to make it?
You now have the information to adopt a
more formal approach!
-
7/28/2019 Gen Risk Manag in Ps AW
46/46
Further Guidance
PEFA Performance Management Framework:
http://www.pefa.org
COSO Enterprise Risk Management:
http://www.coso.org
UK HM Treasury guidance on risk management:
http://www.hm-
treasury.gov.uk./media/FE6/60/FE66035B-BCDC-
D4B3-11057A7707D2521F.pdf
UK NAO report on risk management:
http://www.nao.org.uk/publications/nao_reports/03-
04/03041078es.pdf
http://www.pefa.org/http://www.coso.org/http://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.nao.org.uk/publications/nao_reports/03-04/03041078es.pdfhttp://www.nao.org.uk/publications/nao_reports/03-04/03041078es.pdfhttp://www.nao.org.uk/publications/nao_reports/03-04/03041078es.pdfhttp://www.nao.org.uk/publications/nao_reports/03-04/03041078es.pdfhttp://www.nao.org.uk/publications/nao_reports/03-04/03041078es.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.hm-treasury.gov.uk./media/FE6/60/FE66035B-BCDC-D4B3-11057A7707D2521F.pdfhttp://www.coso.org/http://www.pefa.org/