Implementing Enterprise Risk Management:
A Practical Approach
What you will gain from this seminar:
Understand
- Enterprise Risk Management
- The COSO ERM Framework
- Risk management challenges and emerging practices
- Four real world case studies
Be able to:
- Introduce the risk management discipline to your organization
- Enhance your risk management practices
- Play a leading role in your organization’s move towards enterprise risk management
_______________________________________________________________________________________________
Two-Day Seminar Outline
Risk Management Basics
- ERM origins and drivers
- The risk management process – basic
- The new understanding of risk
- ERM – An Integrated Framework: what you need to know about it
- Benchmark your organization
ERM: A Practical Approach
and Two Real-World Examples
- Conclusions from the IIA research report Four Approaches to Enterprise Risk Management
- The right way to implement ERM
- Robust ERM at a major financial services firm
- The minimalist approach at a Fortune 500 manufacturing firm
Internal Environment
- Internal environment factors & issues
- Techniques to foster the desired environment
- A Tool to measure the internal environment:
Ameritech
- Self-assessment survey: keys to success, caveats, things to consider
- Exercise: develop survey statements for internal environment
Objective Setting
- Alignment of strategic, operational, financial, compliance objectives
- SMART objectives
- Exercise: set objectives for an organization
- Risk appetite and risk tolerance
Event Identification
- Events: risks and opportunities
- Techniques for identifying events
- Event categories: examples
- Exercise: develop event categories
- Exercise: identify events for your objectives
Risk Assessment
- Inherent and residual risk
- Qualitative and quantitative risk assessment techniques
- Exercise: select techniques for risks you identified
- Risk maps
- Aggregating risks ― portfolio view
ERM: Real-World Example
- Simple, practical, bottoms-up approach at Texas State Comptroller
Risk Response and Control Activities
- Risk response: avoid, reduce, share, accept
- Exercises: risk response
- Control activities:
- Some useful concepts
- Control activities are changing
- COSO/CoCo and soft controls
- “Working inventory” of soft controls
Information & Communication; Monitoring
- Enterprise risk & assurance software
- Monitoring risk management techniques: guidelines and tips
- Exercise: monitoring
- Separate evaluations: Canada Post example
- Continuous monitoring: example
ERM: Real-World Example
- The Evolution of ERM at Aquila
ERM Issues
- Enterprise risk management architecture
- Sample risk management policy
- Risk management culture, implementation guidelines and tips
- A diagnostic tool to evaluate the maturity of risk management
- Internal audit’s role in ERM