2Why is risk important? How does it effect me? Risk is a part of lifePersonal life: damage to home or carFamily life: poor health of family membersWork life: not doing a job properly
3What does risk mean? Exposure to possible loss x Risk = The probability of such a lossRisk =- OR -Anything that can stop you from attaining your goals & objectives
4Risk Management Process Key Steps Risk management requires you to:Analyze functions and processes to identify riskAssess risks to measure the level or severity of the riskDefine the management techniques needed to control and mitigate the riskPeriodically review the techniques and controls to monitor and ensure ongoing adequacy and effectiveness
5Risk Analysis To analyze a function for risk you should: Document & understand objectives of the functionIdentify risks associated with the functionDocument risks identifiedDiscuss risks identified with associates and one-up managerDetermine if existing processes address identified risksIdentify risks not controlled by processes or systemsDetermine corrective actions to be taken (if any)Quantify risk as high, medium, or low
6What is a control?An action or series of actions that results in a reduction of risk to within acceptable tolerances.
7What is the purpose of having controls? Controls are used to ensure:Resources are adequately protectedSignificant financial, managerial, and operating data is accurate and reliableEmployees’ actions are in compliance with laws, regulations, policies, procedures, and standardsResources are employed effectively
8Characteristics of Control Controls are adequate and effectiveAdequate: a control must be designed to provide reasonable assurance that risk will be mitigatedEffective: a control must actually work as it was designed and the control objective is achieved
9Controls should also be predictive … That is, the limits of controls should be known as volumes of other factors approach the capacity of the control.For example, a control may be adequate and effective based on current volumes up to an additional 25%. Beyond that level, adequacy and effectiveness are diminished and modifications are needed.
10What types of controls are there? Preventative: actions designed to impede undesirable outcomes.Detective: actions that measure the effectiveness of preventative controls and identify errors when they occur.Corrective: actions that resolve problems identified by preventative and detective controls.
11Risk Management StepsAfter you analyze a function to identify risks, you:Quantify & measure risks as high, medium, or low to prioritize risksDefine and apply the controls and management techniques to manage the risksReview periodically to monitor the organization, functions, and control environment
12Risk Management Steps Why conduct a periodic review? The best way to ensure ongoing adequacy and effectiveness is by conducting periodic reviews to ensure adequacy and effectiveness
13Risk Management Steps How often do I conduct a periodic review? High Risk Functions: review not less than quarterlyMedium Risk Functions: review semi-annually or annuallyLow Risk Functions: review at leas annually
14Risk Management Steps Why monitor the risk management process? Accountability, which includes maintaining an adequate and effective control environmentResponsiveness, which includes effective communications, process improvement, and reliability