Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management for Small & Medium Sized Enterprises

Published byBaldwin Beasley Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk Management for Small & Medium Sized Enterprises"— Presentation transcript:

1 Risk Management for Small & Medium Sized Enterprises
Doug Steele is a partner at Grant Thornton LLP leading the Risk Management practice in Vancouver. Doug has extensive experience in IT audit and security, helping organizations manage their risks. His client base includes companies in both the financial and public sector, for whom he has performed comprehensive risk assessments, data integrity audits, computer conversion audits, penetration testing, post-implementation reviews, business process improvement projects and general computer control reviews. He has worked on numerous internal audit projects with several large credit unions. Doug is a Certified Information Systems Auditor, a member of the Institute of Chartered Accountants of British Columbia, and the former president of the Vancouver Chapter of the Information Systems and Control Association (ISACA). He is also a former co-chair of the Speakers Program for the West Coast Security Forum. Grant Thornton LLP Doug Steele, CA, CISA Partner, Technology Risk Management

2 Risk Definition: Potential of loss or failure from unforeseen events
Lost opportunities or revenues Indicators: Changes in people or processes Multiple points of access Inability to monitor Evolving business & practices Dependency on systems Concentration or reach of business 2

3 Examples of Risks Criminal activities (fraud, robbery, vandalism)
Environmental (biological, contamination) Loss of service (communication, power, water) Natural (earthquake, fire, flood, severe weather) Operational (system failure, human error) Organizational (strike, key personnel turnover) Political (civil disturbance, war) 3

4 Benefits of Risk Management
Increased awareness of threats (early identification) Improved ability to respond to the unexpected Continuous improvement of products or services Enhanced ability to profit from new opportunities Improved management decision-making Higher probability of achieving objectives Enhanced stakeholder value More effective use of resources 4

5 Risk Management Structured Disciplined process Preventive measures
Technology Internal controls Proactive measures Transferring risk Insurance Outsourcing Integrated with management processes Policies & procedures 5

6 Integrated Risk Management
Aligns: Objectives (strategic, tactical, operational) Strategy (financial, reputation) Processes (operational, financial, compliance) People (culture, employees, community) Knowledge (internal, external) Technology (internal, outsourced) 6

7 Trends in Risk Management
Movement: Pre-1980 Insurance 1980s Financial Risk Management 1990s Enterprise Risk Management Post-2000 Strategic Significance Focus now: Information security (anti-fraud, privacy) Disclosure / transparency (MI ) Internal controls (MI , SOX) Business continuity planning 7

8 Integrated Risk Management Approach
Adopt a methodology Identify potential risks & vulnerability Conduct a risk assessment Develop response strategies Develop risk management policy Monitor risk response effectiveness Update risk assessment continuously 8

9 Challenges for SMEs Finding the right balance of: Knowledgeable staff
Experienced management Business infrastructure costs Technological infrastructure costs Consulting costs Competition from larger organizations Scarce resources (financial and other) 9

10 Practical Examples Successes Failures Lessons learned 10

11 Technology Solutions Automated internal controls
Access (physical, network & application security) Edits (batch, balance, format, check digit) Validation Purchased software Fraud detection software Risk management & analysis software Continuous monitoring software Outsourcing (transferring the risk) Risk Analysis/Management Software (from Internal Auditor Magazine – Aug-05) 2005 Buyer’s Guide to Audit, Anti-Fraud & Assurance Software ( Aline Audit Leverage Software AutoAudit, Risk Navigator; The Paisley Solution ( Certus Governance Suite ( Confident Compliance; Continuous Compliance Suite ( Decision Factor AEM ( Enterprise Risk Assessor (ERA); Pro Audit Advisor ( eProcessManager (ePM) ( Galileo; KnowledgeLeader ( Operational Risk Management (ORM) Portal ( Optial ( Pentana ( Sharpe Decisions Executive Workshop ( TeamRisk ( 11

12 Other Solutions Good corporate governance (tone at the top)
Internal audit activities External consulting services 12

13 Summary Know the risks Recognize the benefits
Integrate risk management in the organization Accept, reject, transfer or mitigate risk Take advantage of technology Set the tone at the top Balance the costs Make risk management a continuous process 13

14 Thank you Questions? Doug Steele is a partner at Grant Thornton LLP leading the Risk Management practice in Vancouver. Doug has extensive experience in IT audit and security, helping organizations manage their risks. His client base includes companies in both the financial and public sector, for whom he has performed comprehensive risk assessments, data integrity audits, computer conversion audits, penetration testing, post-implementation reviews, business process improvement projects and general computer control reviews. He has worked on numerous internal audit projects with several large credit unions. Doug is a Certified Information Systems Auditor, a member of the Institute of Chartered Accountants of British Columbia, and the former president of the Vancouver Chapter of the Information Systems and Control Association (ISACA). He is also a former co-chair of the Speakers Program for the West Coast Security Forum.

Download ppt "Risk Management for Small & Medium Sized Enterprises"

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Chapter 14 Fraud Risk Assessment.

Chapter 14 Fraud Risk Assessment.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Concepts.

Auditing Concepts.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works

Security Controls – What Works
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Health Aspect of Disaster Risk Assessment Dr AA Abubakar Department of Community Medicine Ahmadu Bello University Zaria Nigeria.

Health Aspect of Disaster Risk Assessment Dr AA Abubakar Department of Community Medicine Ahmadu Bello University Zaria Nigeria.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
1 Environmental Management SMITE: 1 st Awareness Campaign Eng. Samer Abu Manneh.

1 Environmental Management SMITE: 1 st Awareness Campaign Eng. Samer Abu Manneh.
The Information Systems Audit Process

The Information Systems Audit Process
Managing Project Risk.

Managing Project Risk.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Protection and Disaster Risk Reduction (Place) – (Date) Session 6.1: Integrating Protection into Disaster Risk Reduction.

Protection and Disaster Risk Reduction (Place) – (Date) Session 6.1: Integrating Protection into Disaster Risk Reduction.

Similar presentations

Ads by Google