Enterprise risk management (ERM) includes the strategies, methods and processes used by business organizations to manage risks.
ERM sets out a framework for risk management. Typically this involves identifying specific events or circumstances relating to the business organization's objectives (in terms of risks and opportunities), assessing them on the basis of their likelihood of occurrence & their magnitude of impact on the firm, determining a response strategy, and monitoring progress of the event, the response and the outcome.
By being proactive in the identification and addressing such risks and opportunities, business organizations protect shareholder value as well as create additional value for their stakeholders, including the owners, employees, customers, regulators, and ultimately society overall.
ERM can may also be seen as a risk-based approach to managing a business, integrating the concepts of internal control, regulatory requirements (such as the Sarbanes-Oxley Act), and strategic planning.
ERM continues to evolve and aims to address the needs of various stakeholders, who want to understand the broad continuum of risks that face complex organizations to make certain they are managed appropriately. Regulators and rating agencies have also increased their scrutiny on the risk management processes of companies and firms. This increased scrutiny today makes up an important component of how the outside world views business organizations.
This practical 2-day hands-on training course provides you with an understanding of the requirements needed to design and implement an appropriate Enterprise Risk Management system, i.e. policies, procedures, practices, and accountability required to establish the right levels of Risk Management in compliance with current standards and other requirements for their organizations. It will benchmark their ERM practices against the COSO - ERM framework, and learn how to implement an effective ERM system.
The course provides an opportunity for delegates to benchmark their ERM practices against the COSO - ERM framework, and learn how to implement an effective ERM system.
Organizations are experiencing an increased concern and focus on risk management. The challenge for management of both private and public organizations today is to determine how much uncertainty to accept as it strives towards achieving the organization’s objectives and delivering value to its stakeholders.
The solution to this challenge is the establishment of an Enterprise Risk Management (ERM) system and processes that effectively identify, assess, and manage risk within acceptable levels.
The COSO Enterprise Risk Management - Integrated Framework is designed to provide best practice guidance for management of businesses and other entities to improve the way they are dealing with these challenges.
COSO - ERM integrates various risk management concepts into a solid framework in which a common definition is established, components are identified, and key concepts described. This enables COSO to provide a starting point for organizations to assess and enhance their Enterprise Risk Management.
Course Objectives:
The course will provide participants with the necessary perception, knowledge and skill set to understand the risks and benefits of Enterprise Risk Management and learn how the COSO - ERM framework enables organizations and management to:
- Comply with the requirements for corporate governance (such as the various international standards like Sarbanes-Oxley and the Cadbury Report),
- Align risk appetite and strategy,
- Enhance risk response decisions,
- Reduce operational surprises and losses,
- Identify and manage multiple and cross-organizational risks,
- Provide integrated responses to multiple risks,
- Improve the deployment of capital,
- Introduces the concept of unpredictability and the steps that can be taken to lessen its impact.
Methodology:
This is a highly interactive course comprised of presentations, case studies, multidirectional discussions and comprehensive exercises.
Most importantly it will offer participants, opportunities to plan such work within small working groups, providing practice in the application of the techniques and tools generating active participation.
Course Content
Day 1What risk is about
- What is Risk?
- Governance issues
- Risk issues
- Legislative issues
- Security
- Internal threats
- External threats
- Physical security
- International risk management frameworks
- What is ERM?
- Standards
- Key ERM implementation factors
- Organizational design
- Linkages
- Establishing ERM
- ERM organization
- Assessing Risk
- Risk models
- Risk analysis
- Determining the risk appetite
- Identifying risk responses
- Impact and probability
- Communicating results
- Management oversight & periodic review
- Generic risk management frameworks
Our opening case study is a story about currency trading, accounting practices, organizational dynamics and human psychology or how John Rusnak lost $691 million for Allied Irish Bank.
- The ERM Funnel
- Strategic objectives
- Risk assessment
- Risk tolerance matrix
- Risk analysis
- Risk strategy
- Risk infrastructure
- The internal organizational environment
- Setting objectives for ERM
- Event identification
- Risk assessment
- Risk response
- Control activities
- Information & communication
- Monitoring
- Internal control & its relationship to ERM
- ERM roles & responsibilities
- Standards, Implementation factors
- Designing the organization
- Establishing and ERM process/system
- Assessing risk and risk analysis
- Determining the risk appetite
- Identifying the risk response
- Impact versus probability
- Communicating the results
- Management oversight.
- Defining corporate governance within the ERM framework
- What ERM looks like across various industries including,
- Financial services
- Consumer products
- Financial institutions
- Internal audit roles
- ERM activities
- Evolving audit approaches
- Impact of COSO on ERM
- COSO ERM components
- ERM information flow
- Forces driving ERM
- Questions for the company board
- Internal audit issues
- Maintaining independence
- How internal auditors add value
- Why mastering business processing is so important for ERM
- Mapping risks to processes
- Process documentation
- Flowcharting
Practical Implementation of ERM
- ERM and its related risk management processes
- ERM drivers
- Recent survey results
- Key objectives
- Defining “Risk”
- Public company view of ERM
- Private company view of ERM
- Balancing diverse views - consistent framework
- Using the value driven approach
- Evaluate risk process
- Current state assessment
- Risk maturity benchmarking
- Maturity: Building risk capabilities
- Risk identification & prioritization
- Calibrate definitions and criteria
- Prioritized risk map
- Risk quantification
- Risk quantification / valuation
- Defining value
- Value Centric - ERM framework
- Risk response solution
- Risk appetite - Two views
- Evaluating solutions
- Risk management implementation
- ERM enabling technologies
- Governance, Culture and Disclosure
- Commonly cited challenges
- Critical success factors
- Potential benefits
- Gap analysis
- Risk management vision
- Key risk/ performance indicators
- Minimum control requirements
- What is measured when assessing risks?
- Risk identification tools
- Focus on value
Statoil is an international energy company present in more than 30 countries around the world. We examine how ERM has been implemented at the company and the key risk issues that an international energy company faces today. We end the case study be examining a worst case event - the BP “Deepwater Horizon” incident.
- ERM in the Banking Industry
- Background to financial risk - Basle II
- Evolution of industry practices
- A silo approach to risk management
- Interdependence of risks
- Integrated ERM framework
- The “dashboard” approach
- Value integration and business creation
- Integrating ERM into Business Processes and value drivers
- Balancing the hard and soft side of risk management
- Key action points
A black swan is a highly improbable event with three principal characteristics: unpredictability; massive impact; and, after the fact, we create an explanation that makes it appear less random, and more predictable, than it was.
- We examine the nature of a Black Swan event
- Can two recent outlier events, the recent eruption of Iceland’s Eyjafjallajökull volcano and the Japanese Tsunami catastrophe be seen as black swan events?
- Challenges for Planners, Strategists and CEOs
- How can you mitigate a Black Swan event?
- Blind Spots in our planning
Siemens is a company that carries out major long-term projects in almost every country in the world, that continually brings technical innovations to the market, and that offers financing concepts and operator models is exposed to many business risks. Systematic and comprehensive risk management is necessary to identify these risks, assess them, and ensure the appropriate controls. We examine how ERM has been implemented at Siemens and the key risk issues that the company faces. Despite this, it was revealed in 2008 that some staff of the company had been involved in a massive bribery scandal in some of the countries it operated in.
How could this vital aspect of ERM go so wrong? What were the consequences for the company and for the staff involved?
Course Provider
Mr Richard Barr,
Operational Risk & Back Office Specialist ,
High-level Consulting ServicesRichard Barr , holds a B.S. in International Business Administration from San Jose State University in California. His professional experience spans over 23 years, 5 of which were spent with Wells Fargo Bank. Another 5 were spent honing his global banking skills, when Richard was intimately involved with International Trade Finance, Real Time Gross Settlement and Cross Border Banking. The past 14 years have been in the private and high-tech sectors providing high-level consulting services, business analysis, project management and training to a wide range of banking clientele across the globe.
Richard has also filled the role of advisor to central banks on payment systems and technical payments issues. Furthermore, key staff members from the Bank of England, South African Reserve Bank, Central Bank of Ireland, Bank Indonesia, European Central Bank and Bank of Portugal have attended training sessions presented by Richard.
Who Should Attend
This practical hands-on training course is designed for all businesses both large and small. The following job titles/ positions will benefit from participating;
- Ethics & Compliance Executives/Managers
- General / Corporate Counselors
- Corporate Legal Executives/Managers
- Business Division Managers
- Branch and Regional Management
- Supply chain and procurement directors, managers and their staff
- Board members, especially risk and audit committee chairs and members
- Heads of market, credit, and operational risk
- Head of Risk Management
- Risk Officers
- Compliance Officers
- Audit Officers
- Financial Officers
- Auditors (External & Internal)
- Risk management consultants