1 / 21

Audit Committee Risk Management Training September 2010

Audit Committee Risk Management Training September 2010. John Allsop Marcus Richards. Introduction. Definition of Risk Management Risk Management Principles & Practice Benefits of Risk Management Current Developments Anecdote. What do we mean by Risk?.

charleen
Download Presentation

Audit Committee Risk Management Training September 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Audit Committee Risk Management TrainingSeptember 2010 John Allsop Marcus Richards

  2. Introduction • Definition of Risk Management • Risk Management Principles & Practice • Benefits of Risk Management • Current Developments • Anecdote

  3. What do we mean by Risk? • Contemporary Definition – Risk is the “effect of uncertainty on objectives’’. (ISO 31000 - Risk Management Principles and Guidelines (2009) • Uncertainty can be positive or negative.

  4. Traditional view All about threats Risk averse ‘Can’t Do’ Contemporary View About opportunities Risk enabling/managing ‘Can Do’ Towards a balance view of risk

  5. What is Risk Management • The culture, processes and structures directed towards realising opportunities whilst managing adverse effects. • Its purpose is not to eliminate risk, but to understand it so as to take advantage of the upside and minimise the downside.

  6. Risk Management is not • A new responsibility • About eliminating risk • An add-on • A one-off exercise • The universal answer

  7. Why is risk management important? • Good management practice • Achievement of objectives • Opportunities • Assurance to stakeholders

  8. What if we don’t manage our risks? • Corporate failures (private sector) • Step-in (local government) • Project failures • Missed opportunities

  9. The Risk Model • Strategic Risks • High level • Owned at board level • Cross cutting • Operational Risks • Departmental/business unit level • Any risk which is not strategic

  10. Risk Management Process Risk Identification What could happen? How could it happen? Risk Monitoring & Review Ongoing process Reporting Risk Assessment Likelihood? Impact? Risk Profiling Prioritisation Risk Mitigation & Management Accept? Avoid? Reduce? Transfer?

  11. Step 1 - Risk Identification Tools available to identify risk: • PESTLE/SWOT Analysis • Brainstorming/Challenge sessions • Scenario Planning • Audit reports

  12. Step 2 - Risk Assessment Assess each risk in terms of: • Likelihood (frequency/probability) • Impact (Severity)

  13. Risk Score (L x I) 11 – 16 5 – 10 1 - 4 Risk Rating High Medium Low Level of Risk

  14. Impact 1 Minor 2 Significant 3 Serious 4 Major 4 – Very Likely L M H H 3 - Likely L M M H 2 - Unlikely L L M M 1 - Remote L L L L Step 3 - Risk Profiling

  15. Step 4 - Risk Mitigation & Management • Tolerate the risk • Within Ealing’s risk appetite (need to monitor) • Terminate the risk • Quit the operation (often not a real option) • Treat the risk • Reduce likelihood (put in extra controls) • Reduce impact (PR, recovery/continuity plans etc.) • Transfer the risk • Transfer exposure through insurance or to partner organisation

  16. Step 5 – Risk Monitoring & Reporting • Quarterly reporting to Corporate Board and Audit Committee. • Quarterly Corporate Risk Management Forum. • Committee Report template

  17. Risk Registers • Used to document the risk management process • Strategic Risk Register • Operational Risk Register • Project Risk Logs

  18. Benefits of Risk Management • Increased ownership and understanding of risk • Consistent, shared view • Fewer surprises – issues highlighted earlier • Improved and informed decision-making • Visibility and evidence

  19. Current Developments • ISO 31000 - Risk Management Principles and Guidelines (2009) • Enterprise Risk Management • UK Corporate Governnance Code (2010)

  20. And Finally Black Swan Theory – The disproportionate role of high-impact, hard to predict and rare events that are beyond the realm of normal expectations (Taleb 2007)

  21. Any Questions?

More Related