Scribd Logo
Upload

Welcome to Scribd!

  • Risk Management

    Uploaded by

    ayushiridara kwon
    8 views38 pages

    Original Title

    Risk-Management

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views38 pages

    Risk Management

    Uploaded by

    ayushiridara kwon

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 38

    ACT1110

    Fundamental Concepts of
    Risk Management
    a) Explain different definitions of Risk and Risk Management
    b) Discuss globally accepted frameworks on risk management
    internal control (i.e., COSO, ISO 31000, CoCo, COBIT)
    c) Discuss the Risk Management Process according to COSO

    Learning Objectives
    OBJECTIVES CONTROLS
    Defined, intended Increase the likelihood of
    outcomes achieving objectives

    RISKS
    Possibility of an event occurring that will have an
    impact on the achievement of objectives

    GOVERNANCE
    Ensure entity effectively and efficiently directs toward
    meeting the objectives

    Overview
    Illustration
    Objective
    Wake up at 4:30am to go to school as early as possible
    Risk
    Oversleeping
    Insomnia
    Controls
    Set up alarm clock
    Drink milk or take herbal sleeping medicine
    Inform other people
    Governance
    Parents advise you before you sleep
    Sermon

    Illustration
    What is risk?
    Risk
    The possibility of an event occurring that will have an impact on
    the achievement of objectives. Risk is measured in terms of impact
    and likelihood.

    If realized (or if it happens) , Occurring over a


    would affect the company. predefined time period
    Factors that define
    impact rating
    - Financial effect
    - Reputation
    - Ability to achieve
    key objectives

    Definition of Terms
    Residual Risk
    after a risk response

    Opportunity
    event will occur and positively affect the achievement of objectives

    Risk Appetite
    amount of risk is willing to accept in pursuit of value

    Risk Tolerance
    specific maximum risk that an organization is willing to take
    regarding each relevant risk

    Definition of Terms
    Risk should read as if something went wrong and what the impact
    of this would be

    Example:
    Unauthorized changes are made to the payroll master data
    resulting in payments to fictitious employees

    Risk should not be:


    - A negative control or absence of control
    - A process

    Recognition
    Risk Management

    A process to identify, assess, manage, and control


    potential events or situations to provide reasonable
    assurance regarding the achievement of the
    organization's objectives

    Definition of Terms
    COSO ERM - Integrated
    Framework
    - Enterprise Risk Management
    (ERM) - Integrated Framework
    - Published by the Committee of
    Sponsoring Organizations of the
    Treadway Commission (COSO)
    - A structure which Defines
    essential components, suggests a
    common language, and provides
    clear direction and guidance for
    enterprise risk management.

    Risk Management Framework


    COSO was established initially to sponsor research into the causes of fraudulent financial reporting.

    Risk Management Framework


    Enterprise Risk Management
    - a process, effected by an entity's board
    of directors, management and other
    personnel, applied in strategy setting and
    across the enterprise, designed to identify
    potential events that may affect the
    entity, and manage risks to be within its
    risk appetite, to provide reasonable
    assurance regarding the achievement of
    entity objectives.

    Risk Management Framework


    Risk Management Framework
    Risk Management Framework
    RISK MANAGEMENT OBJECTIVES
    1. Strategic – high-level goals, aligned
    with and supporting its mission

    2. Operations – effective and efficient use


    of resources

    3. Reporting – helps ensure accuracy,


    completeness and reliability of internal
    and external company reports of both
    financial and non-financial nature.

    4. Compliance – compliance with


    applicable laws and regulations.

    Risk Management Framework


    ENTITY AND UNIT LEVEL COMPONENTS

    Risk Management Framework


    RISK COMPONENTS

    Risk Management Framework


    RISK COMPONENTS

    Risk Management Framework


    RISK COMPONENTS

    Risk Management Framework


    RISK COMPONENTS

    Risk Management Framework


    RISK COMPONENTS

    Risk Management Framework


    RISK COMPONENTS

    Risk Management Framework


    RISK COMPONENTS

    Risk Management Framework


    RISK COMPONENTS

    Risk Management Framework


    ISO 31000:2018 Risk
    Management – Guidelines
    - Published by the International
    Organization for Standardization
    (ISO)
    - Provides principles and guidelines
    for effective risk management.
    - Standards that Provide foundations
    for discussing risk management
    and undertaking a critical review of
    an organization’s risk management
    process

    Increase the likelihood of achieving objectives, improve the identification of opportunities


    and threats and effectively allocate and use resources for risk treatment.

    Risk Management Framework


    1. A mandate and commitment by the board and
    senior management ensure that RM processes
    are consistent with the organization’s
    objectives and sufficient resources have been
    committed towards its success.
    2. The design of a framework for managing risk
    ensure a foundation is established for effective
    RM processes.
    3. Implementing RM assists the organization
    achieve its objectives.
    4. Monitoring and review of the framework
    assesses the effectiveness of RM processes.
    5. Continual improvement of the framework
    ensures long-term effectiveness of risk
    management processes.

    Risk Management Framework


    International Organization for Standardization

    Risk Management Framework


    1. Risk Identification
    - Performed for the entire entity
    - Audit/ Risk Universe
    - Brainstorming, SWOT (strengths, weaknesses, opportunities,
    threats), scenario analysis

    Risk Management Process


    1. Risk Identification
    - Performed for the entire entity
    - Audit/ Risk Universe
    - Brainstorming, SWOT, scenario analysis
    Accounting Liquidity
    Capital
    and and Market Tax
    structure
    reporting credit
    Market Sales and
    Dynamics Marketing

    Major Supply
    initiatives Financial Chain
    reporting

    Mergers,
    Acquisitions, Information
    and Technology
    divestiture
    Strategic Audit Universe Operations

    Planning
    People/
    and
    Human
    Resource
    Resources
    Allocation
    Compliance
    Governance Hazards

    Communication Physical
    and investor Code of Assets
    Regulatory Legal
    Relations Conduct

    Risk Management Process


    2. Risk Assessment and Prioritization
    - Probabilities and potential effects of the risk events identified
    are used to prioritize risks

    Involves
    - Estimate significance/impact
    - Assess likelihood
    - Consider means to manage

    Risk Modeling
    - Qualitative methods – listing, ranking and mapping
    - Quantitative methods – probabilistic models, weighted, e.g.
    assess how risks affect earnings

    Risk Management Process


    2. Risk Assessment and Prioritization
    Heat Map
    Overall risk assessment

    ►High ►M ►H ►H
    Impact

    ►Moderate ►L ►M ►H

    ►Low ►L ►L ►M

    ►Low ►Moderate ►High

    Likelihood

    Risk Management Process


    2. Risk Assessment and Prioritization
    Heat Map

    Overall risk assessment

    ►High ►M ►H ►H
    Impact

    ►Moderate ►L ►M ►H

    ►Low ►L ►L ►M

    ►Low ►Moderate ►High

    Likelihood

    Risk Management Process


    3. Risk Response

    Risk Avoidance
    ends the activity from which risk arises
    Ex. Risk of having a pipeline sabotaged can be avoided by selling
    the pipeline

    Risk Retention
    accepts the risk of an activity
    Ex. self-insurance; sinking funds (fund formed by periodically
    setting aside money for the gradual repayment of a debt or
    replacement of a wasting asset)

    Risk Management Process


    3. Risk Response

    Risk Reduction
    lowers the level of risk associated with an activity
    Ex. Risk of systems penetration (hacking) can be reduced by
    maintaining a robust information security function within the
    entity

    Risk Sharing
    transfer some loss potential
    Ex. Risk of car crash can be accepted through insurance, hedging,
    joint ventures, outsourcing

    Risk Exploitation
    pursue a high return on investment
    Ex. Risk of winning or losing a lottery

    Risk Management Process


    4. Risk Monitoring

    - Tracks identified risks


    - Evaluates current risk response
    - Monitors residual risks
    - Identifies new risks

    Risk Management Process


    Questions
    Thank you

    You might also like