1 / 43

Auditoria Interna e Gestão de Risco Operacional

Auditoria Interna e Gestão de Risco Operacional. Experiência em Empresa Não-Financeira. IPAI 2009. Management and Control. The Operator shall commit to the implementation of Enterprise Risk Management. Source: IATA AMS 2007. Enterprise Risk (ERM).

davelar
Download Presentation

Auditoria Interna e Gestão de Risco Operacional

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auditoria Interna e Gestão de Risco Operacional Experiência em Empresa Não-Financeira IPAI 2009

  2. Management and Control • The Operator shall commit to the implementation of Enterprise Risk Management Source: IATA AMS 2007

  3. EnterpriseRisk(ERM) • Strategic risk (market dynamics, resource allocation, etc.) • Financial risk (capital structure, liquidity, credit, etc.) • Operational risk (assets, people, technology, etc) • Compliance risk (legal, regulatory, best practices, etc.) • Environmental risk (petroleum products, hazardous materials, etc.) • Corporate citizen/image/reputation risk • Project risk Source: IATA AMS 2007

  4. Enterprise Risk Management (ERM) System • Perhaps the most significant limitation to ERM is the absence of multi-variant mathematical models that are needed to support both operational and enterprise risk management efforts. Source: IATA AMS 2007

  5. Enterprise Risk Management (ERM) System • Enterprise Risk Management (ERM) is typically an activity of the senior management team, i.e., an assessment and analysis of all risks in an organization. It is important to note that this activity is not typically of interest to the State CAA; however, the regulatory authority will be interested in the operational risk management system. Source: IATA AMS 2007

  6. Operational Risk Operational risk in an airline is a component of the entity's overall risk, i.e., enterprise risk. Regulatory agencies and the majority of the airline employee groups are primarily concerned with operational risk. Source: IATA AMS 2007

  7. Operations Risk Management The air carrier needs to have a SMS risk analysis process that provides for: • Identification of operational hazards; • Qualitative or quantitative analysis to determine risk acceptability; • Development of corrective action that eliminates or mitigates unacceptable risks; • Implementation of corrective action in appropriate operational areas; and • Evaluation of corrective action to determine effectiveness Source: IATA AMS 2007

  8. SMS/QMS/ESMS/SEMSAn Evolution of Continuous Improvement Implement change & re-evaluate AIRLINE OPERATIONS DATA FOQA / FDA/ FDM Safety Statistics SAFETY REPORTS AUDITING RISK ANALYSIS Everyone sees safety status Management Regulators Employees/Unions Adjust / Change Operational Risk Analysis output to ERM model Source: IATA AMS 2007

  9. COSO MODEL Source: Manual de Risco TAP

  10. The evolution of safety thinking Source: ICAO SMM MANUAL 2009

  11. A concept of accident causation Source: ICAO SMM MANUAL 2009

  12. Management levels Resources Resources Protection Production The management dilemma

  13. Resources Management levels Resources Protection Production Catastrophe The management dilemma Source: ICAO SMM MANUAL 2009

  14. Resources Management levels Resources Production Protection Bankruptcy The management dilemma Source: ICAO SMM MANUAL 2009

  15. Safety space Bankruptcy Safety space Protection Catastrophe Production Source: James Reason Source: ICAO SMM MANUAL 2009

  16. SOURCE: ARMS WORKING GROUP

  17. Safety The state in which the possibility of harm to persons or of property damage is reduced to, and maintained at or below, an acceptable level through a continuing process of hazard identification and safety risk management. Source: ICAO SMM MANUAL 2009

  18. SOURCE: ARMS WORKING GROUP

  19. Reactive Risk Management • Minor events, irregularities and occurrences occur often during normal operations, many times without noticeable consequences. Identifying and investigating certain irregular operational occurrences can reveal system weaknesses or deficiencies that, if left unchecked, could eventually lead to an accident or serious incident. These types of events are referred to as accident precursors. Source: IATA AMS 2007

  20. Proactive Risk Management It is preferable to conduct a risk assessment prior to introducing a significant change in the operation and then taking appropriate action to alleviate (or mitigate) important problems prior to implementation of the change rather than proceeding immediately to the implementation phase and then await potential negative outcomes Source: IATA AMS 2007

  21. SOURCE: ARMS WORKING GROUP

  22. SOURCE: ARMS WORKING GROUP

  23. Formal risk • Formal risk management is a systematic and disciplined method of accident prevention. The programme may appear complex, but experience has shown that familiarity and proficiency is gained with practice.

  24. Safety Risk Safety risk is defined as the assessment, expressed in terms of predicted probability and severity, of the consequences of a hazard, taking as reference the worst foreseeable situation. Source: ICAO SMM MANUAL 2009

  25. Safety risk probability table Source: ICAO SMM MANUAL 2009

  26. Safety risk severity table Source: ICAO SMM MANUAL 2009

  27. Safety risk assessment matrix Source: ICAO SMM MANUAL 2009

  28. Safety risk tolerability matrix Source: ICAO SMM MANUAL 2009

  29. Safety Risk Management Source: ICAO SMM MANUAL 2009

  30. The safety risk mitigation process Source: ICAO SMM MANUAL 2009

  31. The safety risk management process Source: ICAO SMM MANUAL 2009

  32. Hazard identification and risk mitigation

  33. The five fundamentals of safety risk management • There is no such thing as absolute safety in aviation it is not possible to eliminate all safety risks. • Safety risks must be managed to a level “as low as reasonably practicable” (ALARP).

  34. The five fundamentals of safety risk management • Safety risk mitigation must be balanced against: 1) time; 2) cost; and 3) the difficulty of taking measures to reduce or eliminate the safety risk (i.e. managed).

  35. The five fundamentals of safety risk management • Effective safety risk management seeks to maximize the benefits of accepting a safety risk (most frequently, a reduction in either time and/or cost in the delivery of the service) while minimizing the safety risk itself.

  36. The five fundamentals of safety risk management • The rationale for safety risk decisions must be communicated to the stakeholders affected by them, to gain their acceptance.

  37. Safety Risk Management The safety risk management function of an SMS provides for initial identification of hazards and assessment of safety risks. Organizational safety risk controls are developed, and once they are determined to be capable of bringing the safety risk to ALARP, they are employed in daily operations. Source: ICAO SMM MANUAL 2009

  38. Safety RiskManagement The safety assurance function takes over at this point to ensure that the safety risk controls are being practised as intended and that they continue to achieve their intended objectives. The safety assurance function also provides for the identification of the need for new safety risk controls because of changes in the operational environment.

  39. Safety Risk Management Safety risk management requires feedback on safety performance to complete the safety management cycle. Through monitoring and feedback, SMS performance can be evaluated and any necessary changes to the system effected. In addition, safety assurance provides stakeholders an indication of the level of safety performance of the system. Source: ICAO SMM MANUAL 2009

  40. Safety RiskManagement Once safety risk controls are developed and implemented, it is the organization’s responsibility to assure that they continue to be in place and that they work as intended. Source: ICAO SMM MANUAL 2009

  41. AUDIT Safety Risk Management INAC EASA FAA EXTERNAL AUDITS ICAO IOSA INTERNAL AUDITS

  42. INTERNALAUDIT • Confirm that Safety Risk Management complies with regulation • Guarantee the process integrety

  43. Muito Obrigado pela Vossa Atenção

More Related