1 / 36

Ian Abrahams

Ian Abrahams. An Integrated Risk Mngt, Compliance & Audit Solution. CorProfit Systems Pty Ltd. Introduction. Clients see risk-compliance as a “cost”, integration of functions would reduce the overhead There is no “1-way” to perform risk mngt, consists of a number of processes

talen
Download Presentation

Ian Abrahams

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ian Abrahams An Integrated Risk Mngt, Compliance & Audit Solution CorProfit Systems Pty Ltd

  2. Introduction • Clients see risk-compliance as a “cost”, integration of functions would reduce the overhead • There is no “1-way” to perform risk mngt, consists of a number of processes • An overall solution will see alignment of: risk – compliance - audit

  3. Risk Mgnt Dept Audit Compliance Depth & Breadth of Risk Where does R.M. fit in; who will use? Executive Senior Mgrs Team Ldrs ? Workers

  4. People & Technology Interwoven • If only risk mngt dept, or audit or compliance using a system, they can learn the hardest system. • If everyday staff are going to be the users (risk / control owners) of the system, the system must be user friendly for them. • The System follows the need.

  5. Executive Overview KnowRisk [Core Engine] Internal Audit & Compliance BU/Function Risk Id Integrates Proactive R.M. Link, Organisation’s In-house Objectives, Policies & Procedures

  6. Loss Recording Loss Prevention Regulatory compliance OH&S Projects KnowRisk Engine Incident Events Business continuity planning Crisis mgt Legal compliance Insurance Security, IT / Assets Multiple Risk Mgt Activities(Integrated & Aggregated Management)

  7. Risk Management Framework • CorProfit advocates, and KnowRisk supports a Framework: • That serves all functional areas • Works from Board to shop-floor • That integrates: • Risk • Audit • Compliance

  8. Risks Conseq Controls Controls Assurance Risk Methods – The Core Set Context This “core” covers all risk assessments, it is generic. KnowRisk has brought a science together.

  9. Action Plan Ctrls Ctrls Inh Res Inadequate Ctrls If High Inh Risks & Improve Acceptable Self Test Adequate Ctrls CSA & Audit • Audit – Independent Reviews

  10. Inherent Risk Residual Risk Controls Methodology Risk reduction a balance of: • Likelihood • Magnitude Impact • Control Effectiveness Controls Fail (or Gaps) Effectiveness Retained Risk

  11. Run Through Simplest Method • Run through the R.M. process • Add new User Defined field • Add new Key Word list • Apply filters / reports • Configure user screens Configure KnowRisk according to user roles. The ‘Simplest Method” is a broad-brush approach to populating a Risk Register

  12. Explorer View Admin View User’s View Context Data Context • Select in tree / context window, displays data in window: • logical associations • logical sequence Risk Data R (Risk) Impact Data Q (Impact) C (Likelih Control) Control Data User Interface

  13. Implementation of Risk – Compliance Solution • An ideal system delivers: • There are not many functions to learn • Once familiar in one area of the System, the same functionality and “look & feel” is available in all other areas • Training effort is low, particularly for richness in features and scope of methods covered.

  14. Inherent Residual Controls L x Q = Rating Prev Corr L x Q = Rating P P P P Calc Calc Calc Calc P P P P Calc Calc Calc Calc P P P P Calc Calc Calc Calc Risk Assessment Each has a role, and particularly useful for audit reviews.

  15. Risk Assessment • Benefits of the scientific options to assessment: • Strategic risk management • Increasing accuracy • Integrate different strategies Gain the maximum risk mitigation for the least efforts

  16. Controls Inherent Residual Strategic Risk Management • Start with Inherent to Residual levels R Before Controls Existing After Controls Q • Assessments at R level, view Q & C • Populates your Risk Register C C

  17. Strategic Risk Management • Inherent to Residual levels

  18. Controls Inherent Residual Target Next Stage Strategic Risk Management • Prioritise leads to Action Plan, set Targets R Controls After Existing Controls Improve Q C 1st Stage C • Work with small population Risks

  19. Strategic Risk Management • Prioritise key risks, start aggregation

  20. Overall Perspective

  21. Strategic Risk Management • Set targets for Prevention • Similarly for Correction

  22. Increasing Accuracy • Start with simplest approach (fewest fields, 8, but lots of risks, i.e. build Risk Register) • Prioritise risks, show target risk (add 5 fields, work with smaller population of risks) • Use ‘Global’ & ‘Relative’ impact values, start some semi-quantitative analysis • Start aggregation (add just 5 new fields) • Gap analysis in Controls, improve “Existing” effectiveness “To” (larger effort, smallest no. risks)

  23. Etc Projects Human Resource Business Continuity Generic, Broad-Brush Risks Conseq Controls Extend Broad-Brush Method • Use “Common” & “unique” fields in the process

  24. Extend Broad-Brush Method

  25. Same information in the Act now set in KnowRisk Compliance Strategies

  26. Structures in KnowRisk Ideal for Compliance

  27. Organisation Wide Risk Profile • A user interacts with their own profiles • That user is part of a business unit • Business unit part of a group / division • Etc . . .To encompass whole organisation

  28. Audit • KnowRisk provides for • Recording audit findings • Management of actions arising • Monitoring progress of actions - grouped by audits

  29. Risks Controls Audit Sampling Audit Sampling in KR • KnowRisk enables the review of control effectiveness / performance • Set the audit plan • Appropriateness of controls • Testing effectiveness • Maintains ongoing effectiveness

  30. Company Q R C Div 1 HR Reput’n Bus Unit 1 Proj Regul’n Risk Etc Etc Control Div 2 Knowledge Base Audit Plan • Audit can see framework “in 1 place” Profiles

  31. Example Risk Knowledge Base Consequences + Controls Likewise Classified

  32. Executive Aggregate Senior Mgrs Risk Mgnt Dept Audit Team Ldrs Workers Compliance Organisation Wide Framework IT HR Environ’t Etc BCP Recruit Etc Etc Etc Summarise

  33. Frame-work Implement “Core Method” Extend • Insurance • BCP etc Risk Register Start profiles Define needs. Estab. Process Work- shops Maintain Good Controls (Internal Audit) Mature Process Scalability & Distribution Populate Know. Bases

  34. Board Exec Audit / Risk Committee Divisions Business Units (Depts.) Profiles KnowRisk™ Reporting Summarised Reports Strategic Operational

  35. Risk - Compliance Kept Simple Cross-link Objectives & Work Performed ID & Assess Risks Prioritise / Treatment Key Tasks / Improve Controls / Monitor

  36. Value toBoards • Collates all identified risks on an equitable basis • Users can easily filter risks to select appropriate risks to report to the Board • Risk status can be aggregated • Standard reports (including graphs) can be prepared by activating pre programmed icons • Reports can be supported by detailed documentation at all framework levels & functions

More Related