Scribd Logo
Upload

Welcome to Scribd!

  • 4 Risk Management Process

    Uploaded by

    Dyosa Me
    24 views22 pages
    Best material.

    Original Title

    4-Risk-Management-Process

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Best material.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views22 pages

    4 Risk Management Process

    Uploaded by

    Dyosa Me
    Best material.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    OPERATIONS AUDIT

    RISK MANAGEMENT PROCESS

    ELIGEN H. SUMICAD JR., CPA


    OPERATIONS AUDITING
    RISK is “the possibility of an event occurring that will
    have an impact on the achievement of objectives. Risk
    is measured in terms of impact and likelihood” (The
    IIA Glossary).

    RISK MANAGEMENT
    OPERATIONS AUDITING
    RISK MANAGEMENT is “a process to identify,
    assess, manage, and control potential events or
    situations to provide reasonable assurance regarding
    the achievement of the organization’s objectives” (The
    IIA Glossary).

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Performance Standard 2120
    Risk Management

    The internal audit activity must evaluate the effectiveness and


    contribute to the improvement of risk management process.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    RISK MANAGEMENT PROCESS

    Management must focus on risks at all levels of the entity and


    take the necessary action to manage them. All risks that could
    affect achievement of objectives must be considered.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Step 1 – Identification of Context

    • A precondition to risk identification is identifying the


    significant contexts within which risks should be managed.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Step 1 – Identification of Context

    Contexts include the following:


     Laws and regulations
     Capital projects
     Business processes
     Technology
     Organizations

    RISK MANAGEMENT
     Market risk
    - Interest rates, foreign exchange rates, etc.
    OPERATIONS AUDITING
    Step 2 – Risk Identification

    • Risk identification should be performed at every level of the


    entity (entity-level, division, business unit) relevant to the
    identified context(s).
    • Some occurrences may be inconsequential at the entity level but
    disastrous for an individual unit.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Step 2 – Risk Identification

    • Past events and future possibilities must be considered.


    • SWOT analysis, workshops, and scenario analysis can be used
    to identify risks.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Step 3 – Risk Assessment and Prioritization

    • The risk assessment process may be formal or informal.


    • The three-part process involves:
    1. Assessing the significance of an event,
    2. Assessing the event’s likelihood, and
    3. Considering the means of managing the risk.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Step 3 – Risk Assessment and Prioritization

    • The results of assessing the likelihood and impact of the risk


    events identified are used to prioritize risks and produce
    decision-making information.
    • Risk assessment methods may be qualitative or quantitative.
    - Risk ranking, risk maps, and risk modeling

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Step 4 – Risk Response

    • Risk responses are the means by which an organization elects to


    manage individual risks.
    • Each organization selects risks responses that align risks with the
    organizations risk appetite, or
    - The level of risk the organization is willing to accept.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Step 4 – Risk Response

    • Controls are actions taken by management to manage risk and


    ensure risk responses are carried out.
    • Residual risk is the risk that remains after risk responses are
    executed.
    • Control risk is the risk that controls fail to effectively manage

    RISK MANAGEMENT
    controllable risk.
    OPERATIONS AUDITING
    Step 5 – Risk Monitoring

    • Risk monitoring is a four-step continuous process that includes


    aspects of prior steps.
    • The two most important sources of information for ongoing
    assessments of the adequacy of risk responses and the changing
    nature of the risks are:

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Step 5 – Risk Monitoring
    1. Those closest to the activities, such as the manager of an
    operating unit.
    - However, because they design the strategy to mitigate risks,
    they are not always objective.
    2. The audit function.
    - Analyzing risks and responses are among the normal

    RISK MANAGEMENT
    responsibilities of internal auditors, who should be objective.
    OPERATIONS AUDITING
    Step 5 – Risk Monitoring

    Evaluate current risk


    Track identified risks
    response plans

    <Monitor residual risks Identify new risks

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Responsibility for Aspects of Organizational Risk
    Management
    Risk management is a key responsibility of senior management and
    the board.
    • Boards have an oversight function. They determine that risk
    management process are in place, adequate, and effective.
    • Management ensures that sound risk management processes are

    RISK MANAGEMENT
    functioning.
    OPERATIONS AUDITING
    Responsibility for Aspects of Organizational Risk
    Management
    • The internal audit activity may be directed to examine, evaluate,
    report, or recommend improvements.
    - It also has a consulting role in identifying, evaluating, and
    implementing risk management methods and controls.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Responsibility for Aspects of Organizational Risk
    Management
    Risk management process may be formal or informal, quantitative or
    subjective, or embedded in business units or centralized. They are
    designed to fit the organization’s culture, management style, and
    objectives. For example, a small entity may use an informal risk
    committee.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Internal Audit’s Role in Risk Management
    Interpretation of Standard 2120
    Risk management process may be formal or informal, quantitative or
    subjective, or embedded in business units or centralized. They are
    designed to fit the organization’s culture, management style, and
    objectives. For example, a small entity may use an informal risk
    committee.

    RISK MANAGEMENT
    OPERATIONS AUDITING
    Internal Audit’s Role in Risk Management
    Interpretation of Standard 2120
    Risk management process may be formal or informal, quantitative or
    subjective, or embedded in business units or centralized. They are
    designed to fit the organization’s culture, management style, and
    objectives. For example, a small entity may use an informal risk
    committee.

    RISK MANAGEMENT
    Thank you!
    ELIGEN H. SUMICAD JR., CPA
    eligensumicadjr@gmail.com

    You might also like