1 / 36

Victorian TAFE Governance Program 2006

Victorian TAFE Governance Program 2006. Risk Management Matters Sponsored by Victorian Managed Insurance Authority. Risk Management Matters. Key elements of an enterprise risk management framework. What is Enterprise Risk Management?.

lidia
Télécharger la présentation

Victorian TAFE Governance Program 2006

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Victorian TAFEGovernance Program 2006 Risk Management Matters Sponsored by Victorian Managed Insurance Authority

  2. Risk Management Matters Key elements of an enterprise risk management framework What is Enterprise Risk Management? Enterprise Risk Management ERM is a Structured, Systematic method of: Identifying Analysing and managing Risk “We manage risks continuously, sometimes consciously and sometimes without realising it, but rarely systematically.” ERM has emerged through the need to balance stability and innovation

  3. Risk Management Matters Key elements of an enterprise risk management framework Background ERM Governance Strategic Planning S W COSO O T

  4. Risk Management Matters Key elements of an enterprise risk management framework Benefits Proactive & forward thinking Rigorous thinking Responsible thinking Improved accountability Improved understanding Balanced thinking Better decision making

  5. Risk Management Matters Key elements of an enterprise risk management framework Holistic • Comprehensive analysis of all risks • Risks easily prioritised and easily benchmarked Integrated • Incorporated into the Organisation’s strategic plan and control framework • Fit with existing management reporting systems Explicit • Formalises and co-ordinates risk management practices • Easy to use language, able to be understood at all levels

  6. Risk Management Matters Key elements of an enterprise risk management framework sources ofrisk strategic Harder toidentify risk categories Risk exposures external internal Easier to identify operational sources of risk

  7. Risk Management Matters Key elements of an enterprise risk management framework What is Risk? The chance ofsomething happeningthat will have an impact on objectives It is measured in terms of consequences and likelihood

  8. Risk Management Matters Group Discussion Activity ACTIVITY 1 Scenario: risk analysis of potential car accident

  9. Risk Management Matters Risk Examples Risk Examples Self Assessment Objective:Safe Car Travel – Paris Risk:Potential accident Safe car travel

  10. Risk Management Matters Risk Examples Self Assessment Risk Examples Objective:Safe Car Travel – Paris Risk:Potential accident Causes/ Factors:- speed - weather conditions - foreign country - language/ signage - unfamiliar roads & rules - heavy congested traffic - LHS drive vehicle  Inherent risk: high sig med low Controls:- new vehicle - wearing seatbelts - road rule enforcement - driver caution and expertise - suitable tyres Safe car travel  Assessed risk: high sig med low

  11. Risk Management Matters Risk Examples Risk Examples SelfAssessment Objective:Safe Car Travel – Paris  Strategies: avoid accept reduce transfer/spread Risk Appetite:Do not drive in a foreign country Safe car travel

  12. Risk Management Matters Importantfeatures of the AS/NSZ 4360 – Risk Management Standard Overview of the risk management process

  13. Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard ERM levels of risk assessment • Determine levels of context • Identify objectives • Agree criteria for assessment • Construct severity levels (including consequence & likelihood) Step One Business wide reviews organisational level Business Unit/ reviews on a cyclical plan Significant & High Risks Specialist / specific reviews (e.g: safety, fraud) Assignment/ task level

  14. Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard Identify Risk – Risk Wheel example Personnel Governance Step Two • Initial presentation/meeting to set the scene • Build the wheel • Data collection • Construct severity levels (including consequence & likelihood) Strategic/External Commercial & Legal Program Delivery Systems Facilities/ Infrastructure Financial

  15. Risk Management Matters Group Discussion Activity ACTIVITY 2 Participants to practice developing a risk wheel for institutes.

  16. Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard Key Attributes for quantifying risk The need to consider three key attributes: Step Three Consequence Likelihood Controls

  17. Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard Risk Quantification AS/NZ 4360:2004 Step Three Business Unit/ reviews on a cyclical plan

  18. Inherent risk Assessed risk Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard Effectiveness of Controls Effectiveness of existing control environment to mitigate risk exposures Step Four Opportunity for further risk reduction strategies

  19. Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard Risk Treatment Options accept Accept the risk and do nothing Step Five reduce consequence Reduce either one or both likelihood options spread Spread the risk to a third party share Develop contingency arrangements transfer Insure for financial loss avoid Do not participate with the activity

  20. Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard Risk decision process Step Five Business Unit/ reviews on a cyclical plan cut-off increasing risks

  21. Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard Setting Risk Appetite & Tolerance Step Five Setting risk appetite 5 Business Unit/ reviews on a cyclical plan Risk 1 Risk 2 4 3 level of inherent risk 2 Minimum control requirements 1 ranking Establish base minimum requirements

  22. Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard Review Risks and Controls Framework Additional controls for increasing levels of risk Step Six Levels of Inherent risk high significant medium low Baseline minimum level of control

  23. Risk Management Matters Important features of the AS/NSZ 4360 – Risk Management Standard Identify the Risk Champion • Needs to have… • Credibility • Clarity and understanding of Risk Methodology • Facilitation and influencing skills • Thorough understanding of the business specific areas for assessment • Key person to co-ordinate and communication is essential to successful outcomes Step Seven

  24. Risk Management Matters Key elements of an enterprise risk management framework Key elements for a successful ERM program  Executive Commitment Policy & Procedures accountabilities  Operational Framework Roles & responsibilities - approach - methodology - structure   Training & Education  Monitor & Review

  25. Risk Management Matters Risk Management Matters Part Two

  26. Risk Management Matters Audit Committee Role • “ …The audit committee has become a committee of review on a wide range of matters prior to them being considered by the board. Today’s audit committee has three key areas of responsibility: • Assessment of risk and control environment • Overseeing financial reporting • Evaluating the audit process.” • To meet these requirements there should be a strong and effective risk and control framework to provide assurance to the committee and board members • Source: Audit Committee Toolkit – The essential guide, KPMG 2002

  27. Audit Committee Key areas of concern for Audit Committees • Financial accuracy • Risk Management • Control Assessment • External Auditor oversight • Effective use of Internal Auditing

  28. Risk Management Matters Audit Committee Directors’Needs • Understand business risk and exposures • Protection from significant risk is essential • Risk information should be analysed within a risk profile report rather than a register of issues • Adequate measurement, monitoring and management of risk is necessary

  29. Risk Management Matters Audit Committee Governance Framework Governance Framework Enabling Processes ENTERPRISE LEVEL Overarching arrangements

  30. Risk Management Matters Summary Governance Framework Overview – Audit Committee focus ENABLING GOVERNANCE ELEMENTS KEY FOCUS Direct • Strategic Planning • Policy framework • Policy framework- ensure there is a formal process for developing, approving, maintaining policy Control and Manage • Primary Processes • Enabling Processes • Examine risk profile so that key controls mitigate ‘high’ and ‘significant’ risks • Ensure that these processes have effective control points • Examine and track risk strategies and actions • Determine the level of assurance required • Internal audit plan needs to show how it is risk based (tip use risk wheel categories) Assurance • Internal Audit • External Audit • Consultancy reviews • Self Assessment Processes

  31. Risk Management Matters Risks and Controls Monitor & Review - Assurance Strategic Internal Audit Approach • Risk Assessment Process • Organisational Objectives • Risk Identification • Management Strategies • & Control • Audit Process • Effectiveness of controls • including compliance

  32. Risk Management Matters Assurance Planning-Developing the internal audit plan Key Risk Issues PotentialInternal Audit Activity Other Assurance

  33. Risk Management Matters Risk Reporting for better Governance Importance of tailoring reporting according to the level within the Organisation

  34. Risk Management Matters Risk Reporting forbetterGovernance High Level Risk Profiles Traffic light systems are effective

  35. Risk Management Matters Risk Reporting for better Governance Example risk profile reporting POTENTIAL RISK FACTORS CONTROLS FUTURE STRATEGIES ISSUE POTENTIAL EFFECTS • Potential litigation fines or penalties • Damage to reputation Compliance The risk of non compliance with environmental laws / regulations • Many sites decentralised, wide spread organisation • Complexity of requirements e.g. environmental laws • No framework for assuring compliance up front or at the entity level • Limited awareness of changes of environmental laws • Monitoring by the Board and Audit Committee • Various internal/external compliance reviews undertaken • Implement recommendations from compliance reviews • Develop self assessment compliance framework • Appoint central coordinator • Risk Owner Peter OC

  36. Risk Management Matters Conclusion Where change is constant and can be unpredictable, sound systems of risk management and control are critical pre-requisites Source: Risk Management, Audit Faculty, The Institute of Chartered Accountants in England and Wales

More Related