Scribd
Upload
116 views18 pages

Risk Management & Internal Control

This document discusses risk management and its importance. It defines risk as uncertainty that can positively or negatively impact objectives. Risk management involves identifying risks, assessing their importance, planning responses, implementing responses, communicating about risks, reviewing risks, and learning lessons. The document outlines various risks businesses face like economic, compliance, security, financial, reputation, and operational risks. It also discusses measures to mitigate risks like avoidance, transfer, acceptance, and limitation/control. Finally, the document notes ethics is important in risk management decisions around seeking information to understand uncertainties.

Uploaded by

Dana Lanto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
116 views18 pages

Risk Management & Internal Control

This document discusses risk management and its importance. It defines risk as uncertainty that can positively or negatively impact objectives. Risk management involves identifying risks, assessing their importance, planning responses, implementing responses, communicating about risks, reviewing risks, and learning lessons. The document outlines various risks businesses face like economic, compliance, security, financial, reputation, and operational risks. It also discusses measures to mitigate risks like avoidance, transfer, acceptance, and limitation/control. Finally, the document notes ethics is important in risk management decisions around seeking information to understand uncertainties.

Uploaded by

Dana Lanto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Risk

Management
& Internal
Control
JAN 16, 2021
Outline
- What is Risk?

- What is Risk Management & Why is it important?

- Risk Exposure of Businesses

- Measures to Mitigate Risks


What is Risk?
Risk & Uncertainty

Risk is ‘uncertainty that matters’

◦ All risks are uncertain, but not all


uncertainties are risks
◦ Risks are measurable uncertainties
◦ Not all uncertainties matter and some
are vital
What is Risk?
Risk & Objectives
◦ Risk is ‘uncertainty that, if it
occurs, will affect achievement of
objectives’
◦ Objectives defines what matters to
individuals, group or organization
◦ When risks are effectively managed, the
chances of achieving objectives will be
optimized
◦ Risk applies wherever there are
objectives
What is Risk?
Risk & Objectives
◦ Risk applies wherever there are objectives
What is Risk?
Risk, Threat & Opportunity

◦ Threat is an uncertainty that, if it occurs, will have a negative effect on objectives

◦ Opportunity is an uncertainty that, if it occurs, will have a positive effect on objectives

◦ Both Threat & Opportunity are ‘uncertainties that matter’


What is Risk?

Risk is ‘uncertainty that, if it


occurs, will have a positive or
negative effect on achievement of
objectives’
What is Risk Management?
8 Basic questions to understand what risk management is:

1. What are we trying to achieve? (Establishing the Context.)

2. What could affect us achieving these objectives? (Risk Identification.)

3. Which of those things are most important? (Risk Assessment.)

4. What shall we do about them? (Plan Risk Responses.)

5. Having taken action, did it work? (Implement Risk Responses.)

6. Who shall we tell? (Risk Communication.)

7. What has changed? (Review Risk.)

8. What did we learn? (Risk Lessons Learned.)


As Risk
Slide 2

se
ss
02
01tify 3
e
Id R
n is k 0 o ntr o l
C sk
Ri

04
Re ntro
Co
vie ls
w
What is Risk Management?
Why is Risk Management Important?
Enterprise Risk Management
- economic uncertainties threatens the organization’s ability to meet their
objectives
- uncertainties can be both a threat and an opportunity

- strategic decision making is required to assess and navigate through the


uncertainties
- according to the Association for Federal Enterprise Risk Management
(AFERM), Enterprise Risk Management (ERM) is ‘a discipline that
addresses the full spectrum of an organization’s risks, including
challenges and opportunities, and integrates them into an enterprise-
wide, strategically aligned portfolio view. ERM contributes to improved
decision making and supports the achievement of an organization’s
mission, goals and objectives.’
Enterprise Risk Management
- How is it managed?

- Identify Value Drivers (Knowledge, Capital, Cash Flow and Liquidity)


- Design an ERM program
- Implement (Figure 2.2)
- Embed in the company’s culture
- Communicate, Consult and Report
Enterprise Risk Management
- How does ERM fit?
1. Economic Risk

2. Compliance Risk

Risk 3. Security and Fraud Risk

Exposures of 4. Financial Risk

Business 5. Reputation Risk

6. Operational Risk

7. Competition Risk
Measures
to Mitigate Risk
1. Avoid

2. Transfer

3. Accept

4. Limit/Control
Ethics in Risk Management

We make ourselves powerless when we choose not to know. But we give ourselves hope when we
insist in looking. (. . .) As all wisdom does, seeing starts with simple questions: What could I
know, should I know, that I don’t know? Just what am I missing here? (Heffernan, 2011, p.247)

Ethics plays a big role in deciding on whether to remain ignorant or seek answers/understand
uncertainties. Risk leadership focuses on relationships with stakeholders and helping them to
understand uncertainty. We faced ethical dilemmas when values conflict or we cannot apply an
overriding and shared ethical framework.

You might also like