1 / 19

Risk Management, Culture & Governance

Risk Management, Culture & Governance . Agenda. What is risk management? A framework for risk management Establishing a good risk culture Getting risk a seat at the table Providing the right risk information to stakeholders ERM – what does the “E” stand for?. What is a risk?.

donny
Download Presentation

Risk Management, Culture & Governance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management, Culture & Governance

  2. Agenda • What is risk management? • A framework for risk management • Establishing a good risk culture • Getting risk a seat at the table • Providing the right risk information to stakeholders • ERM – what does the “E” stand for?

  3. What is a risk? • “The effect of uncertainty on objectives”. • ISO 31000: 2009 Risk Management • “Those things that may stop you meeting • your objectives”. • Susan Crago What is risk management? • Risk Management = Objectives and Outcomes Management

  4. What risk management is not!

  5. A framework for risk management Escalate, Communicate and Consult Monitor and Review

  6. A framework for risk management • Identify • Establish Context • Assess • What is our strategy and objectives? • What issues have we experienced? • What risks are we currently managing? • What is going on in the external environment? • What are the risks that could stop us meet objectives? • What would cause those risks to occur? • What controls do we currently have in place? • How likely is it that this risk will occur? • If it does occur what will be the consequence? • How effective are the controls to manage this risk?

  7. A framework for risk management • Prioritisation • What will we do about the risk? Nothing or something? • If something what is the best action to take? • Action Escalate, Communicate and Consult • Who needs to make the decision about this risk? • Who needs to take any actions on this risk? • Who needs to be aware of this risk? Monitor and Review • Are we on track with managing this risk? • Has something changed so we need to review this risk?

  8. The sales pitch • Value Proposition…. • 1. Making informed decisions • supports prioritisation and transparency of decision making • 2. Meeting business unit objectives • alignment to the business strategy and objectives • highlights areas of potential focus • 3. Preparing for the unexpected • identifying uncertainties • fewer shocks and unwelcome surprises

  9. Good risk culture ??

  10. Impacts of poor risk culture

  11. Establishing a good risk culture

  12. Establishing a good risk culture ‘Values and culture drive people to do the right thing even when no one is looking … Although value and culture cannot always be measured quantitatively, they impact governance in powerful ways.’ John F Laker - APRA Chairman (27 February 2013)

  13. Getting risk a seat at the table 3 lines of defence

  14. Getting risk a seat at the table

  15. Getting risk a seat at the table Bendigo & Adelaide Bank Group’s Vision: “We aim to be Australia’s leading customer-connected banking group.”

  16. Providing the right risk information to stakeholders “... integral to the effectiveness of risk governance, concerns the flow of information to the board.  The lack of timely, relevant and comprehensive risk information [is] often a critical weakness.” John F Laker - APRA Chairman (27 February 2013)

  17. Providing the right risk information to stakeholders Clear risk appetite and tolerances Escalation of new key risks Good risk governance Monitoring of actions for key risks Monitoring of testing of key controls Consistent across risk types

  18. ERM – what does the “E” stand for? • Effective? • Efficient? • Engaging? • Enterprise?

  19. Questions?

More Related