Enterprise Risk Management Skills

Posted in Leadership - Management - Quality Management

Introduction

Enterprise Risk Management known as (ERM) has evolved considerably since the seventies. From simply 'buying' insurance, it has now grown in importance to become a prime function in many organizations as part of a bigger system known as Governance, Risk and Compliance (GRC) which starts with corporate governance and ends with compliance. ERM is the function of studying the risks that may hinder a corporation's ability to achieve its goals and then deciding how to overcome those risks. Studies regarding risk management were done by different organizations, including ISO which issued ISO 31000 on risk management. However, the most accepted ERM system is the one designed by the Committee of Sponsoring Organizations of the Tread way Commission (COSO). This system, which is the one covered in this course, teaches the steps needed to control risk. It starts with the evaluation of the internal environment and the setting of objectives which are, mainly, a result of the tone at the top of the organization, the directives from corporate governance as well as the vision, mission and corporate strategies. Then, the course goes through the steps management needs to consider in order to identify and assess risk and decide on proper risk responses and controls. The course ends with how to monitor, communicate and report risk.

Objectives

By the end of the course, participants will be able to:

Apply a practical approach to enterprise risk management
Update your risk process to enable an enterprise –wide approach to risk
Use one approach across the business – to reduce silos • Engage all levels of management in the risk agenda
Sell the benefits effectively
Apply the different techniques for identifying risks
Measure the risks in a simple way • Implement effective risk mitigation
Link risk management into the business planning process
Deliver practical techniques for the assessment of people, process and reputation risks
Record the risk process efficiently
Engage stakeholders

Course Methodology

The course is based on detailed explanations by the instructor and presentations by both the participants and the instructor. It also includes several case studies related to different industries and areas of the business.

This interactive training course includes the following training methodologies as a percentage of the total tuition hours:

30% Lectures, Concepts, Role Play
30% Workshops & Work Presentations, Techniques
20% Based on Case Studies & Practical Exercises
20% Videos, Software & General Discussions
Pre and Post Test

Who Should Attend?

Risk managers
Managers responsible for the risk management function or process
Internal Auditors and audit managers
Other assurance professionals such as those in Compliance and QA functions who are being asked to review the risk process
Finance managers and Insurance professionals who need knowledge of the wider approach to risk management

Outline

Day 1

The key aspects of ERM

Explanation of ERM and its benefits
The current economic crisis and how ERM can provide a lifeline
The role and responsibilities of directors and senior management with respect to ERM
ERM roles
ERM tips
Strategic, financial and operational risk.
The key link between corporate governance and risk
Selling the benefits to top management
How to quantify and measure risk – and why the approach followed by most organizations, may be misleading
The steps to success
Why ERM is receiving such publicity
High profile corporate failures and the lessons to learn

Risk standards

Risk standards – choosing the right one
Explanation of the new ISO 31000 international risk standard
ISO 31000 and ERM paper will be shared
AUS/NZ 4360 standard
COSO
COSO ERM paper will be shared
IRM standards
The regulatory regime and impact on ERM

Day 2

The link between ERM and strategic objectives

The need to understand the organisation’s strategic objectives
Developing a programme to reflect these objectives
Risk appetite – the least understood aspect of risk?
External risk statements – principal risk factors
Examples of risk appetite statements will be provided
Categories of risk
Establishing a risk management framework
The results of a Global RM study will be shared

Establishing an Embedded Risk Management Process

Risk management framework guide
Surprises and risk
Why financial risks are only the tip of the iceberg
The widening of the risk portfolio
Risk cultures
IRM paper on risk culture assessment
The challenges
New and emerging risks- reputation, social, environmental
Updating the risk strategy for your organisation
Establishing the business case
Selling the benefits to management
The need for risk champions
Risk and competitive advantage

Day 3

Risk Identification and Evaluation

Approaches and techniques
How to establish a risk workshop process
Risk workshops – the do’s & don’ts
How to identify, sift and group the risks
Measuring the consequences and the likelihood of occurrence of each risk
The use of risk matrices to prioritise the risks.
The need for effective facilitation
Facilitation skills • Risk as an opportunity
The use of diagnostic questions and thought-provokers
The pros and cons of using data capture technology
Other methods of risk identification

Assessment of Risk Mitigation

Controls or mitigation
Ensuring risks are managed effectively
How to assess risk mitigation
The need for diligence and challenge
Identification of risk exposures
Dealing with the exposures (the 4 Ts - terminate, tolerate, treat or transfer)
Recording the risks – risk registers or risk maps
Risk registers – do’s and don’ts
The need to keep the process as simple as possible
Establishment of action plans
Allocation of risk owners

Day 4

Linking the output from risk workshops into the business planning process

Linking corporate risks with the strategic planning process
Linking operational risks into service planning
Risk owners – how to determine such personnel and enforce ownership
Annual statements by risk owners
Developing risk tracking
Using the risk register as a decision skeleton
Quarterly board reporting to review progress in addressing the exposures
Risk management committee reporting
Half yearly evaluation of key risks to ensure new risks identified and included

People and Process Risks

Key risk themes and how to deal with them
Failure to manage projects effectively
Failure of partners or inability to establish effective partnering
Hacking/breach of system security
Poor prioritisation of systems development
Too much data – insufficient information
E-Commerce – the key risks and steps to take to mitigate them
IT security – how to evaluate effectiveness and influence change

Reputation risk

The rise of reputation as a key risk
The magnifying effect on reputation of business failures
The explosion of regulation and external assurance
A checklist for reviewing reputational risk will be provided

The checklist incorporates sections on:

Financial performance
The senior management role
Quality of service provision
Treatment of staff
Social responsibility
Customer service Exercise

Day 5

Recording the Risk Environment

The need to coordinate and link the output
Risk treatment analysis – how to determine the cost/benefits of dealing with exposures / exploiting opportunities
Risk management as a route to reducing bureaucracy
How to use the risk process to break down the barriers

Cascading the Process

Making risk management second nature
Keeping up the momentum
Risk financing and how to introduce the disciplines
Integrating health and safety, insurance and claims etc
Evaluating risks within these relationships
Risk indicators (KRI’s)
Auditing the risk management programme
Coordinating the whole process
Measuring the benefits

Schedule

08:30 – 10:15 First Session
10:15 – 10:30 Coffee Break
10:30 – 12:15 Second Session
12:15 – 12:30 Coffee Break
12:30 – 14:00 Third Session
14:00 – 15:00 Lunch

Fees

The Fee for the seminar, including instruction materials, documentation, lunch, coffee/tea breaks & snack:

4.250 USD$