300 likes | 412 Vues
Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance on Institutional Building for the Implementation of RCOP in Turkey. This project is co-financed by the European Union and the Republic of Turkey.
E N D
Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance on Institutional Building for the Implementation of RCOP in Turkey This project is co-financed by the European Union and the Republic of Turkey Risk management – Principles, Legal basis and Best practices Todor Yankulov, t.yankulov@globaladvisers.eu
Content This project is co-financed by the European Union and the Republic of Turkey • Risk Management purposes and principles • Risk Management in EC Regulations • Risk Management Best practices
Why Risk Management This project is co-financed by the European Union and the Republic of Turkey • Every entity, whether for-profit or not, exists to realize value for its stakeholders. • All entities face uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value. • Risk management enables management to effectively deal with uncertainty and associated risk, enhancing the capacity to build value. 3
Why Risk Management This project is co-financed by the European Union and the Republic of Turkey • Supporting strategic and operational planning • Objectives are more likely to be achieved • Damaging things will not happen or are less likely to happen • Beneficially things will be or are more likely to be achieved • Supporting effective use of resources • Promoting continuous improvement 4
Risk Management Definition This project is co-financed by the European Union and the Republic of Turkey • “…a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” • ERM COSO Framework 5
Risk Management principles This project is co-financed by the European Union and the Republic of Turkey • A process related with the objectives • Dynamic process • Process applied at every level of the organization • Dealing with potential events • Complex but not complicated • Close cooperation wit Internal Audit function 6
Objective related process This project is co-financed by the European Union and the Republic of Turkey • Able to provide reasonable assurance to an entity’s management and board of directors regarding the achievement of objectives • Applied in strategy setting • There must be objectives at place before identifying risks 7
Objective related process This project is co-financed by the European Union and the Republic of Turkey • Important objective concepts • Strategic and operational objectives must be consistent with each other • Clearly defined goals - more easily identified risks • Written down in relevant internal documents • Clearly communicated and understood by all the staff 8
Objective related process This project is co-financed by the European Union and the Republic of Turkey • Objectives are S.M.A.R.T. • Specific – clearly specified, not general • Measurable - units of accuracy, timeliness, quality, quantity, etc. used to determine progress and achievement. • Attainable - the objective could be achieved with the available resources • Relevant/Realistic - an objective that the goal-setter is willing and able to work towards • Time-bound - a time frame, a target date is needed 9
Dynamic process This project is co-financed by the European Union and the Republic of Turkey • Linked to the constantly changing environment • It is performed at a permanent basis in time and reflects the changes • Continuous monitoring and updating 10
Applied at every level of the organization This project is co-financed by the European Union and the Republic of Turkey • A process, ongoing and flowing through an entity • Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk • Effected by people at every level of an organization 11
Dealing with potential events This project is co-financed by the European Union and the Republic of Turkey • Risk - the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood. • Facing uncertainty • Subjectivity has to be accepted • How big is the fear of the uncertainty / the appetite for opportunities – risk appetite 12
Complex but not complicated This project is co-financed by the European Union and the Republic of Turkey • Covering multiple structures, policies and people • Clear and effective procedures are needed • Avoid unnecessary labeling – not to much terminology 13
Close cooperation wit Internal Audit function This project is co-financed by the European Union and the Republic of Turkey • IPPF 2120 – Risk Management - The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. • IPPF 2120.A2 – The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. • IPPF 2120.C3 – When assisting management in establishing or improving risk management processes, internal auditors must refrain from assuming any management responsibility by actually managing risks. 14
Conditions for successful risk management This project is co-financed by the European Union and the Republic of Turkey • Understanding and commitment by management and employees • To have strategic planning in the organization • Strategic Plan to be developed into operational plans • Resources to be provided, including the necessary information • The internal auditor shall assess the risk management, identify and evaluate significant risks, support the board without taking responsibility or participating directly in management 15
Legal Basis This project is co-financed by the European Union and the Republic of Turkey • Commission Regulation (EC) No 718/2007 • Art. 11, p. 2 - the management and control systems set up in the beneficiary country shall provide for effective controls in at least the areas set out in the Annex. • Annex 1 - Planning/risk management (planning of interventions) 16
Legal Basis This project is co-financed by the European Union and the Republic of Turkey • Annex 1 - Planning/risk management (planning of interventions) • Risk identification, assessment and management— ensuring that risks are identified and management, in particular that adequate control resources are applied in all areas, in function of the significance of different risks they mitigate. 17
Legal Basis This project is co-financed by the European Union and the Republic of Turkey • Annex 1 - Planning/risk management (planning of interventions) • Objective setting and allocation of resources against objectives — ensuring that appropriate (and measurable) objectives at output and impact level are established at all levels and understood throughout the organisation; • ensuring that resources are appropriately allocated against those objectives respecting transparent sound financial management principles; • ensuring that responsibility for those objectives is clear. 18
Legal Basis This project is co-financed by the European Union and the Republic of Turkey • Annex 1 - Planning/risk management (planning of interventions) • Planning of the implementation process — ensuring clear planning of steps needed to deliver objectives — including timing and responsibility for each step, and critical path analyses where necessary. 19
Best practices frameworks This project is co-financed by the European Union and the Republic of Turkey • Issued by international professional (standardization) organizations • Not obligatory but accepted by professionals (some cases receive official recognition by legal acts) • ERM COSO Framework, Risk Management Standards (UK), ISO Framework 20
ERM COSO Framework This project is co-financed by the European Union and the Republic of Turkey • This COSO ERM framework defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management. 21
ERM COSO Framework This project is co-financed by the European Union and the Republic of Turkey • Eight components - all are interrelated 22
ERM COSO Framework This project is co-financed by the European Union and the Republic of Turkey • Entity objectives can be viewed in the context of four categories: 23
ERM COSO Framework This project is co-financed by the European Union and the Republic of Turkey • ERM considers activities at all levels of the organization: 24
ERM Internal Environment This project is co-financed by the European Union and the Republic of Turkey • Establishes a philosophy regarding risk management. It recognizes that unexpected as well as expected events may occur. • Establishes the entity’s risk culture. • Considers all other aspects of how the organization’s actions may affect its risk culture. 25
ERM Objective Setting This project is co-financed by the European Union and the Republic of Turkey • Is applied when management considers risks strategy in the setting of objectives. • Forms the risk appetite of the entity — a high-level view of how much risk management and the board are willing to accept. • Risk tolerance, the acceptable level of variation around objectives, is aligned with risk appetite. 26
ERM Control Activities This project is co-financed by the European Union and the Republic of Turkey • Policies and procedures that help ensure that the risk responses, as well as other entity directives, are carried out. • Occur throughout the organization, at all levels and in all functions. • Include application and general information technology controls. 27
ERM Information & Communication This project is co-financed by the European Union and the Republic of Turkey • Management identifies, captures, and communicates pertinent information in a form and timeframe that enables people to carry out their responsibilities. • Communication occurs in a broader sense, flowing down, across, and up the organization. 28
ERM Monitoring This project is co-financed by the European Union and the Republic of Turkey • Effectiveness of the other ERM components is monitored through: • Ongoing monitoring activities. • Separate evaluations. • A combination of the two. 29
Questions/Discussions This project is co-financed by the European Union and the Republic of Turkey • Thank you for your attention! 30