Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.

Similar presentations

Presentation on theme: "Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards."— Presentation transcript:

1 Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards

2 Introduction Definition of Risk Management Risk Management Principles & Practice Benefits of Risk Management Current Developments Anecdote

3 What do we mean by Risk? Contemporary Definition – Risk is the effect of uncertainty on objectives. (ISO 31000 - Risk Management Principles and Guidelines (2009) Uncertainty can be positive or negative.

4 Towards a balance view of risk Traditional view All about threats Risk averse Cant Do Contemporary View About opportunities Risk enabling/managing Can Do

5 What is Risk Management The culture, processes and structures directed towards realising opportunities whilst managing adverse effects. Its purpose is not to eliminate risk, but to understand it so as to take advantage of the upside and minimise the downside.

6 Risk Management is not A new responsibility About eliminating risk An add-on A one-off exercise The universal answer

7 Why is risk management important? Good management practice Achievement of objectives Opportunities Assurance to stakeholders

8 What if we dont manage our risks? Corporate failures (private sector) Step-in (local government) Project failures Missed opportunities

9 The Risk Model Strategic Risks –High level –Owned at board level –Cross cutting Operational Risks –Departmental/business unit level –Any risk which is not strategic

10 Risk Management Process Risk Identification What could happen? How could it happen? Risk Assessment Likelihood?Impact? Risk Mitigation & Management Accept?Avoid? Reduce?Transfer? Risk Profiling Prioritisation Risk Monitoring & Review Ongoing process Reporting

11 Step 1 - Risk Identification Tools available to identify risk: PESTLE/SWOT Analysis Brainstorming/Challenge sessions Scenario Planning Audit reports

12 Step 2 - Risk Assessment Assess each risk in terms of: Likelihood (frequency/probability) Impact (Severity)

13 Level of Risk Risk Score (L x I) 11 – 16 5 – 10 1 - 4 Risk Rating High Medium Low

14 Step 3 - Risk Profiling Impact 1 Minor 2 Significant 3 Serious 4 Major 4 – Very Likely L M H H 3 - Likely L M M H 2 - Unlikely L L M M 1 - Remote L L L L

15 Step 4 - Risk Mitigation & Management Tolerate the risk –Within Ealings risk appetite (need to monitor) Terminate the risk –Quit the operation (often not a real option) Treat the risk –Reduce likelihood (put in extra controls) –Reduce impact (PR, recovery/continuity plans etc.) Transfer the risk –Transfer exposure through insurance or to partner organisation

16 Step 5 – Risk Monitoring & Reporting Quarterly reporting to Corporate Board and Audit Committee. Quarterly Corporate Risk Management Forum. Committee Report template

17 Risk Registers Used to document the risk management process Strategic Risk Register Operational Risk Register Project Risk Logs

18 Benefits of Risk Management Increased ownership and understanding of risk Consistent, shared view Fewer surprises – issues highlighted earlier Improved and informed decision-making Visibility and evidence

19 Current Developments ISO 31000 - Risk Management Principles and Guidelines (2009) Enterprise Risk Management UK Corporate Governnance Code (2010)

20 And Finally Black Swan Theory – The disproportionate role of high-impact, hard to predict and rare events that are beyond the realm of normal expectations (Taleb 2007)

21 Any Questions?

Download ppt "Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards."

Similar presentations

Ads by Google