Core Risk Management Skills

Summary

WHAT THIS WORKSHOP COVERS – RISK ASSESSMENT NUTS AND BOLTS

The workshop focuses on the key elements necessary to build an effective ERM and assurance program, including step-by-step guidance how to move from “risk-centric/supply driven” assurance to “demand driven/objective centric”.

WHAT THIS WORKSHOP COVERS – RISK ASSESSMENT NUTS AND BOLTS

The workshop focuses on the key elements necessary to build an effective ERM and assurance program, including step-by-step guidance how to move from “risk-centric/supply driven” assurance to “demand driven/objective centric”.


Day 1 – Elements of Effective ERM

 Escalating risk management and oversight expectations in the public and private sector – what specifically do senior management and boards need to demonstrate to regulators, investors, credit rating agencies, customers, and others. What’s the role of internal auditors and ERM facilitators?

 Evolution of generally accepted risk management frameworks and terminology, including Australia New Zealand Risk Management Standard 4360, COSO ERM 2004, ISO 31000 2009, ISO Guide 73,the new COSO Internal Control Integrated Framework expected to be released in 2013, RiskStatusOversight™ Design Principles, and more.

 Why thousands of ERM initiatives around the world have sub-optimized/failed – “ERM WRONG TURNS”.

 Understanding the mechanics of the different approaches to assess and report on control and risk – strengths and weaknesses of each approach

 Why “Demand Driven/Objective-Centric” risk management and assurance provides maximum business benefits and avoids pitfalls of many traditional ERM approaches.

 Defining an ERM assurance universe – practical methods to create an “OBJECTIVES REGISTER”

 Why the sudden increase in focus on defining and monitoring “risk appetite”? What is it, how do you assess/measure it, how can senior executives and boards demonstrate they have defined what it is and have implemented frameworks to measure and monitor it.

Day 2 – Risk Assessment Step-by- Step

 Step 1- often overlooked – before commencing a risk assessment identify clear end result business objectives. Understand the difference between what needs to be achieved as an end result business objective and “ways to achieve”.

 Practical methods to identify key elements of the “internal and external risk context”.

 10 practical methods to identify and assess risks, including “black swan risks” - low probability/massive impact risks. (NOTE: brain storming alone often fails to identify key risks)

 Reasons why “people stink at risk management” – leading theories on why some of the biggest and most sophisticated organizations in the world sometimes get it seriously wrong.

 Methods to identify and document the full range of relevant “risk treatments”, including risk mitigation/internal controls and risk financing/transfer vehicles including the role of insurance and contract indemnities. (NOTE: Internal audit has frequently only focused on “controls”.

 Documenting key elements of “residual risk status” linked to business objective(s) being assessed including “concerns/risks being accepted”, performance data, impact data, and impediments.

 Rating and reporting on the current and target residual risk status using a ten level RRR rating system - how to facilitate management risk acceptance of residual risk status

 ERM reporting options to management and the board - what would reporting look like and what are the critical elements to include

 Facilitating risk assessment workshops – lessons of a lifetime