1. ABGR XI International Risk management and Insurance Seminar “Introduction to Risk Management” ALARYS Latin American Risk Management Foundation (FUNDALARYS) Javier Mirabal, Eng, ARM, AIRM, RF FUNDALARYS- Executive Director Sao Paulo-Brasil October 26, 2015

2. Table of Contents 1.Risk 2.Risk Management 3.The Risk Management Process

3. 1- Risk

4. 32103210 Planning (strategic, operational, etc.) Time Objectives to achieve (strategic, operational, etc.)

5. Risk (ISO GUIDE 73:2009, Risk Management - Vocabulary) “Effect of uncertainty on objectives”

6. 32103210 Planning (strategic, operational, etc.) Time Objectives to achieve (strategic, operational, etc.) Risks

7. Internal environment (weaknesses, strengths) Organization External Environment (threats, opportunities) Source of Risk in an Organization ‘‘Events’’

8. Classification of the Risk Events (Criteria: Type of Environment) Internal Environment External Environment -Culture -Infrastructure (financial, physical, etc.) -Personnel (people) -Processes -Systems (IT, etc.) -Economical -Environmental -Political -Social -Technological -Legal -Others

9. Risk Classification Political Economic Social Technological Environmental Legal, Regulatory Market Credit Counterparty Liquidity People Processes System (Technology) Corporate culture Property People (health, injuries, death, etc.) Legal Liabilities Gross benefit Hazard Risks Operational Risks Business Risks Financial Risks

10. Risk “Attributes” Risk Appetite Inherent Risk Tolerance Residual Risk

11. 2- Risk Management

12. 32103210 Planning (strategic, operational, etc.) Time Objectives to achieve (strategic, operational, etc.) Risks

13. 32103210 Planning (strategic, operational, etc.) Time Objectives to achieve (strategic, operational, etc.) Risk Management

14. Risk Management (ISO GUIDE 73:2009, Risk Management - Vocabulary) “Coordinated activities to direct and control an organization with regard to risk”

15. Risk Management Criteria: Risk Tolerance Criteria: Risk Appetite

16. COSO-Enterprise Risk Management Integrated Framework-2004 (The Committee of Sponsoring Organizations of the Treadway Commission)

17. TGS DOC ID# 17 ISO 31000: 2009 Risk Management – Principles and guidelines Design of framework for managing risk Continual improvement of the framework Implementing risk management Monitoring and review of the framework Establishing the context Risk treatment Risk identification Risk analysis Risk evaluation Risk assessment Mandate and commitment Risk Management Principles Communication and consultation Monitoring and Review Framework Process Principles

18. 3- The Risk Management Process

19. Risk Management Criteria: Risk Tolerance Criteria: Risk Appetite

20. Risk Transformation (criteria: Risk Appetite & Risk Tolerance) Inherent Risk Residual Risk

21. COSO-Enterprise Risk Management Integrated Framework-2004 (The Committee of Sponsoring Organizations of the Treadway Commission) Risk Management Process

22. TGS DOC ID# 22 ISO 31000: 2009 Risk Management – Principles and guidelines Design of framework for managing risk Continual improvement of the framework Implementing risk management Monitoring and review of the framework Establishing the context Risk treatment Risk identification Risk analysis Risk evaluation Risk assessment Mandate and commitment Risk Management Principles Communication and consultation Monitoring and Review FrameworkRisk Management Process Principles

23. Establishing the context Risk Treatment (Controls) Event Identification Risk Assessment Risk Management Process Communication and Consultation Monitoring & Review (Continuous Improvement) Controls Implementation

24. Control (ISO GUIDE 73:2009, Risk Management - Vocabulary) “Measure or action that modifies risk”

25. Control (Classification) Type of ControlProbabilityImpact Risk Control (Prevention) X Risk Mitigation (Reduction) X

26. The End