Professional Documents
Culture Documents
Management
● RISKS
1 RISK AND RISK EXPOSURE ● Strategic ● Operational
RISK COMMITTEE
• Ensure system exists
• Set risk policy assess risks
• Review internal audit work
• Review risk register
• Advise board
RISK MANAGER
• Leadership of enterprise risk management
• Establishing and promoting enterprise risk
management
• Developing common risk management policies
• Establishing a common risk language
• Dealing with insurance companies
• Implementing risk indicators, (such as designing
early warning systems)
• Allocation of resources based on risk
• Reporting to the CEO/ board/ risk committee as
appropriate
3 Strategy, reputation and risk ● BOSTON CONSULTING GROUP BCG
CONSESNSUS FORECASTING
DELPHI METHOD Other forms of disruption ● Relative market share
Strategic analysis – BRAINSTORMING Climate change
Information ● ● High ● Low
Stareteigc choice – DERVIDED DEMAND – Brexit
Strategic intelligence covid Market
Implementation RELATIONSHIP BETWEEN
●
Benchmarking
Review and control - PARTIES growth rate ● High ● Star ● Question mark
Forecasting ●
Where you currently are. Level of interest and power. Understanding how people respond to the digital age
Scenario planning
PESTEL Track the changing influences and try to think the Digital natives – always worked that way
Internally consistent view of what the future might
SWOT impact they might have on the strategy Digital immigrants – people who knew the world before the
turn out to be
digital age
Data is important to help you Macro scenarios
Product life cycle, How does technology disrupt strategy?
understand where you are Scenarios that model macro economic or political
shake out phase when things start to change Customers are more price conscious
Maturity – do we have something that is going to factors
Competitive data All parts of businesses are affected by technology
keep customers engaged?
Economic data SCENARIO PLANNING AND DISRUPTION STRESS TESTING
Political data Disruption – an interruption in the usual way that a LEAD TESTING – CAN COPE WITH ANTICIPATED
Legal data Due diligence is carried out in an operational and system, process or event works. LEVELS OF DEMANS
Social data financial way Something that gets in the way of normal, STRESS TESTING – CAN COPE WITH AS MUCH
Technological data technology? Telephone calls on the internet. The use AS POSSIBLE
of cash. VALUE AT RISK TRYING TO MEASURE THE MAX
PARTNERING
Competitive advantage and EXPECTED LOSSES THAT AN ORGANISATION
JINT VENTURE Technology disrupt strategy, easier and cheaper
strategic choice CAN EXPECT BASED ON NORMAL PROBABILITY
FRANCHISING ways to do things
Porter generic strategies DISTRIBUTIONS
STRATEGIC ALLIANCE Disruptive innovation, new technology
INTERNAL PARTNERING Robotic process automation
Suitability Partnering externally can bring risks The doff frank act us – assess enough capital to Banking
Acceptability – is it such as reputation withstand losses BASELINE, ADVERSE AND BASEL III – min amounts of capital required for
acceptable
DEVERLY ADVERSE banks to maintain their financial stability, better
Feasibility – right skills?
Bank of England – assess banks profitability and visibility of risks using systems of supervisory
Financial, people
Stress testing strategy itself capital ratios under a baseline macroeconomic review, better levels of disclosure that encourage a
Global bazaar – less loyalty scenario market that is disciplined and not reckless
Cautious capitalism – less trust
4 Governance risk
Budgeting
Ethical threats Costing systems
Management responsibility –making and Performance measurement systems
reviewing management decisions Capital investment appraisal
Advocacy
Self-review
Self-interest
Intimidation Post completion audits
Familiarity
Fraud investigations
Best value is achieved by Management audit
Investigate and detective Computer assisted audit
attempting the four cs Social and environmental audit Internal audit reports
Prevention and detection techniques – application of
Challenge Social audit – people are being used The business objective that the manager is aiming to
Compare appropriately auditing procedures using
CRESSEY TRIANGLE achieve
Consult Environmental – safeguarding the the computer as an
Pressure The operational standard
Complete environment auditing tool
Opportunity Observations of actual performance against the
Rationalisation standard, including any control weaknesses
The causes of the weaknesses
Professionalism The effect of the weaknesses
Authority Recommendations to address the weaknesses
Independence
resources Ethical issues
8 Cybersecurity threats Dumpster diving
ROBERT CIALDINI
RECIPROCATION – DESIRE TO REPAY GOOD
Information system risks MALWARE THREATS AND DEFENCES DEED
Cybersecurity – practice of protecting systems, MALWARE – MALICIOUS SOFTWARE COMMITMENT AND CONSISTENCY – AVOIDING
networks and programs from digital attacks VIRUS – ATTACH THEMSELVES HYPOCRITE
WORM – DON’T NEED TO BE ACTIVATED SOCIAL PROOF – MIMICKING BEHAVIOUR OF
TROJANS – INVADE, LOOK HARMLESS, OTHERS AROUND
Nature and impact of cybersecurity risks OPERATING SOMETHING THAT IS NOT VISIBLE
Sensitive information LIKING – BEHAVING SAME WAY AS PEOPLE
BOT – ACTIVITY DATA RECORDED THEY LIKE
Customer personal data
Supplier data AUTHORITY – OBEYING SOMEONE WHO IS IN
Employee data CHARGE
Financial records SCARCIT – SHORTAGE OF SOMETHING CAN
etc MAKE IT SEEM IMPORTANTY
Cybersecurity objectives
AIC DEFENCES AGAINST MALWARE OPPORTUNITIES FROME THICAL,UNETHICAL
AVAILABILITY Firewall AND GREY HAT HACKERS
CONFIDENTIALITY Back up copies Train people through simulations
INTEGRITY OF DATA Gatekeeping – limiting the access
INTEGRITY OF PROCESSING
ESTABLISHING MAINTAINING AND APPROVING OBJECTIVES