Integrated Risk Management (ppt presentation) by 06h053z8


									        Taking Internal Audit to the Next Level:
Facilitating Company-Wide Integrated Risk Management
         Objectives of Integrated Risk Management

The objective of risk management is to successfully create and maintain an
appropriate balance between danger and opportunity, by:

     —   Helping to avoid unexpected or unidentified events that can impact the
         organization’s short-term and long-term performance.

     —   Establishing and communicating a clear understanding of acceptable
         risk levels and types (risk tolerance) throughout the organization.

     —   Putting into place the appropriate controls and processes to manage
         risks within acceptable tolerances to enable the company to take smart
         risks that maximize opportunity.
                          Risk: A Delicate Balance

   Rigorous                                                                   Aggressive
Risk-Avoidance                                                                Risk-Taking


 "A common impression is that the risk management process is designed to minimize or
 remove risk from the business. But this is not the case - a satisfactory risk management
 culture in an organization delivers a clear understanding of acceptable risk type and
 levels of risk to take (risk tolerance) within the context of the business environment.“

                      - “From An Introduction to Risk Management in Business”
                         from Barclay Simpson (a compliance/audit/risk consultancy)
          Benefits of Integrated Risk Management

Improved strategic planning and execution:
Greater predictability improves the planning and budgeting processes, and
contingency plans can help to avoid major business disruptions due to unexpected or
unidentified events.

Better exploitation of business opportunities:
A company’s well-managed risk framework creates the freedom to take more risks
(with reasonable controls) where necessary. A risk-averse company may miss out on
opportunities due to an unwillingness to take risks.

Improved investor and stakeholder confidence:
A well-managed response to an unexpected event can enhance a company’s
reputation, while consistent delivery of predicted financial results with no unpleasant
surprises increases investor and stakeholder confidence.

Improved compliance, with laws and regulations.
            Proactive Risk Management Structure

A proactive risk structure could be put in place in order to accomplish the following:

     —   Develop a common definition of risk and a culture of risk awareness
         throughout the organization, making risk assessment a natural
         component of all decisions at every level.

     —   Facilitate communication about risk across business lines and functional

     —   Guide the development and implementation of an operational risk
         identification and management program.

     —   Guide the integration all of the organization’s risks into one well-
         managed risk management program, based on the identified risk
                     Components of Risk Management Structure
       Internal Audit Facilitation     Risk Committee/ Risk Steering Group            Business Unit Management

Internal Audit would facilitate the   − Increases awareness of the existence      − Identifying, controlling, and
process by:                             of risk throughout the organization by      monitoring operational risk,
                                        making risk a highly visible issue.         including in all new products,
 − Driving the process by working                                                   projects, and processes.
                                      − Guides the process to complete an
   with Business Unit Management        exhaustive, company-wide risk             − Developing and applying effective
   and the Risk Committee / Risk        assessment.                                 operational risk monitoring controls
   Steering Group.                                                                  and key performance indicators.
                                      − Supervises and validates the creation,
 − Providing functional expertise       implementation, and monitoring of         − Operating within established risk
   where needed, on the risk            the risk management strategy.               tolerances.
   management strategy and
   operational risk controls.         − Oversees appropriate levels of risk       − Developing and maintaining
                                        tolerance and monitors the total            effective contingency plans.
 − Providing independent analysis.      levels of the group’s exposure to risk.
                                                                                  − Developing and implementing
 − Issuing independent reports on     − Helps to assign ownership of risk to        remedial action plans where
   the effectiveness of operational     responsible stakeholders.                   operational risk events occur.
   risk controls and events.
                                      − Agrees to consistent risk processes       − Promoting awareness of
                                        throughout the company, and to              operational risks and controls.
                                        minimum standards of risk
                                        management.                               − Reporting on effectiveness of
                                                                                    operational risk controls and
                                      − Recommends changes in policy and            events.
                                        risk management plan as necessary.
                                                                                  − Providing business perspective and
                                      − Promote the sharing of information          specialist advice on the unit’s risk
                                        and risk mitigation strategies              environment.
                                        throughout the company, minimizing
                                        current silos.
                             Roles of Internal Role in Risk Management
                              Internal Audit’s Audit in Risk Management

* Graphic taken from The IIA’s “The Role of Internal Audit in Enterprise-Wide Risk Management”.
 Strategic    Strategic    Acquisitions       Strategic                Investor
   Risk       Direction    & Disposals       Partnerships             Relations

               /Social      Downturn

                                                                                         Risk Universe
                           Advertising    Acquisition
             Regulatory    Restrictions    Approval
                            Industry      Competitor
             Competition    Structure     Strategies

                           Consumer        Social       Uncertainty
             Customers      Trends         Trends       of Demand

 Financial    Financial    Financial        Treasury              Tax
                                                                                    Planning &       Fraud
   Risk       Reporting    Planning        Management           Planning

             Shareholder     Human                Tax &               Information      Operational
              Reporting     Resources            Treasury               Systems        Standards &
   Risk      Regulations   Regulations          Compliance            Regulations      Regulations
                Brand          Brand         Brand        Innovation                              Community           Intellectual
                                                                       Reputation   Trademarks
              Management      Strategy     Innovation       Roll-Out                               Relations            Property

                               Spend        Loyalty
               Marketing      Efficacy     Programs
                                                                                              Risk Universe

                             Quality of    Availability    Supplier
              Procurement     Supply       Of Supply        Failure

              Operations    Operations       Asset        Business      Health &    Disasters &                       Customer
                                                                                                   Quality &
               Activities    Planning      Protection     Continuity     Safety      Accidents                         Service
   Risk                                                   Demand
                Product       Sales &
                                             Pricing      Timing &
                 Sales      Promotions

              Transaction                                 Payment       Payment
                            Reservations    Invoicing                               Reporting       Payroll
              Processing                                  Collection     Cycles     &Payment

              Information     System         System        System       System
                Systems     Development    Integration     Failure      Security

                               Talent       Talent        Motivation                Workplace      Internal             Ethics/
              Resources/     Attraction    Retention       & Focus
                                                                                    Relations      Comm.                Culture

To top