risk management
play

Risk Management The Risk Management Value Proposition Dan Clayton - PowerPoint PPT Presentation

Sep 27, 2022 •734 likes •1.04k views

Collaborative Risk Management The Risk Management Value Proposition Dan Clayton CIA, CPA, CKM University of Texas System My IA journey Internal Audit History * Controls based extension of external audit (up to 1980s) Process

  1. Collaborative Risk Management The Risk Management Value Proposition Dan Clayton CIA, CPA, CKM University of Texas System

  2. My IA journey… Internal Audit History * • Controls based – extension of external audit (up to 1980’s) • Process based – added effectiveness and efficiency (1980’s) • Risk based – added “why should management care” (1990’s) • Risk management – added “optimizing risk” top down (late 1990’s) • Objective Based** – True Top Down, Objective Priorities “at Risk” *Paul J Sobel “Auditors Risk Management Guide” ** Tim Leech and other thought leadership (ISO 31000)

  3. My IA journey… Risk Management • Evaluated 12 ERM implementations in Healthcare 2008-2009 • Advised on Risk Management Consulting Approach for IA • Created Risk Management Based Risk Assessment & Audit • Coordinated UT Systemwide Taxonomy and Risk Assessment Update • Working towards collaborating with Risk Peers; Compliance, Information Security, Police, insurable Risk Management, Legal, etc.

  4. Presentation Objectives Discuss Risk Management Concepts • Set the modern context for RM • Be able to define the flavor of RM at your organization Assessing Collaborative RM Opportunities • Discuss assessing RM • Define Collaborative RM Maturity Model

  5. Presentation Objectives Risk Management Concepts • Definitions • Risk Perspectives within the Lines of Defense • Risk History and Context for RM • RM at your Organization

  6. Risk Management Concepts - Definitions • ISO 31000 Risk Management • Risk – the effect of uncertainty on objectives • Risk Management – identification, assessment and prioritization of risk… followed by… application of resources to minimize, monitor and control impact

  7. Risk Perspectives – 3 lines of Defense

  8. Risk Perspectives – 3 lines of Defense MANAGEMENT – 1 st LINE Risk is Assumed Objectives Defined/Managed (controlled) Operations Developed (control capabilities) People, Process Technology Aligned (Efficiency) Performance is Measured (Outcomes)

  9. Risk Perspectives – 3 lines of Defense

  10. Risk Perspectives – 3 lines of Defense

  11. Risk History and Context MANAGEMENT – 1 st LINE 3rd LINE FUNCTIONS 2 nd LINE FUNCTIONS

  14. Questions? • Risk and Risk Management definitions • The first line of defense, Management’s Role and Risk Perspective • The second line of defense, Roles, Risk Perspectives and GRC

  15. What is Risk Management at your Organization? • A Executive Risk Management Committee? (COSO-based) • A GRC Process for gathering all risks and managing them • One dominant Risk Function, leading the rest? • Something better? • Something worse?

  16. Presentation Objectives Assessing Collaborative RM Opportunities • Start with principled definitions and perspectives • Defining existing risk management • Understanding the appetite for improvement • Defining IA role in influencing and collaborating on risk management • Use Collaborative Risk Management Maturity Model

  17. Where do we begin? (3 rd Line of Defense) • Start with ISO 31000 definitions and Principles • Recognize its about objectives • Value comes from new information for management to leverage • Aligning risk organization and treatment with these realities is risk management • Internal Audit can encourage the right structure; and add risk management to risk assessments and audits • Validate your understanding of Risk Management happening at your organization

  18. Where do we begin? (3 rd Line of Defense) Understand RM and the appetite for improvement • Mgmt. Not likely to say “I need risk management,” but may say: • Isn’t there one place where I can see all the risks and issues and who is managing them? • I wish I had better insight into that area, but everything is so new I don’t have a feel for their chances of success • Shouldn’t we be vetting all of the major concerns across our organization as they occur? How do we get that information • What is the perspective of existing Risk information, who is getting it? • How far up and down the ladder does important risk info flow?

  19. Defining IA Risk Management input • Can we help seed/develop the structure of general risk management? • Who is talking to who? • How are risks and issues organized; can it fit with what management sees? • Are they any existing Risk Committees to leverage? CAPABILITY MATURITY MODEL? • Measure the current state and identify roles to play • Advocate, Evangelist, Assessor, Collaborator…

  20. COLLABORATIVE RISK MANAGEMENT MATURITY MODEL Risk Awareness in Integrated Risk Risk Part of Business Unclear Risk Operations Silos Operations Organization MANAGEMENT MANAGEMENT -Risk/Issue Reporting at -Proactive Exec. Risk all levels Committee/business aligned -Enhanced state is -Reporting from bottom up furthered by technology and top down -Renewal processes exist -Risk and Issues managed by MANAGEMENT MANAGEMENT for innovation and shared terms (taxonomy) -Executive Risk Committee effectiveness -Delegates risk to 2 nd Line 2 nd LINE -Top risks identified -Address major risk events 2 nd LINE -Risk Event Management -Risk functions specialize -Risk function processes -Enhanced state is 2 nd LINE 2 nd LINE draw on all risk/issue furthered by technology sources -Chartered risk functions - -Organized common risk -Immature risk functions -Defined roles exist for goals, measures, reporting and issue data for all -Siloed goals/processes shared processes -Interactive Processes INTERNAL AUDIT INTERNAL AUDIT INTERNAL AUDIT INTERNAL AUDIT -Enhanced furthered by - Ongoing Risk Assessment -Annual Risk Assessment -Annual Risk Assessment technology draws from all risks draws from 2 nd Line produces only audit plans -Real-time Risk and Issues -Audits evaluates risk -Audits focus on validating functions, shares findings sharing, live risk management compliance, policy or -Audits begin with detailed assessment -Findings flow into RM process efficiencies area risk assessment -Audit expertise for risk activities and follow-up management operations

  21. Initial • Management – delegates “risk management” to 2 nd Line • Management – address major “issues” (risks) as they occur • 2 nd Line – functions informal and/or immature • 2 nd Line – Siloed and redundant at times • Internal Audit – Our Risk Assessment serves our audit plan only • Internal Audit – Audits mostly validate compliance, policy or process efficiency

  22. Adequate • Management – risk committee exists, reviews 2 nd Line data • Management – top risks (risk events) formally identified/managed • 2 nd Line – Clearly Chartered functions, with goals and measures • 2 nd Line – Interactive (across risk peers) processes defined • Internal Audit – Our Risk Assessment draws from 2 nd Line, shares… • Internal Audit – Audits start with risk assessment of area

  23. Enhanced • Management – risk committee at Executive Level prioritizes and assigns risk management activities • Management – risk management reporting - common components • Management – risk and issues managed with shared terms/taxonomy • 2 nd Line – functions specialize in area of expertise • 2 nd Line – shared processes and defined roles across all functions • Internal Audit – Ongoing risk assessment, connected with 2 nd Line • Internal Audit – Risk Assessment Reporting, shared perspective of whole • Internal Audit – Audit findings flow into risk management processes

  24. Optimized • Management – Enhanced state is furthered by technology; risk and issues reporting at all levels • Management – Renewal and innovation processes added • 2 nd Line – shared technology eliminates redundancy • 2 nd Line – shared reporting moves towards one perspective of the whole • Internal Audit – Risks and Issue shared in real time improving periodic risk assessment and audit planning risk assessment • Internal Audit – Expertise developed to assess ideal risk management in the 1 st and 2 nd lines

  25. Defining IA Risk Management input WHERE ARE WE… are we mature enough to contribute… • Controls based – extension of external audit (up to 1980’s) • Process based – added effectiveness and efficiency (1980’s) • Risk based – added “why should management care” (1990’s) • Risk management – added “optimizing risk” top down (late 1990’s) • Objective Based** – True Top Down, Objective Priorities “at Risk” *Paul J Sobel “Auditors Risk Management Guide” ** Tim Leech and other thought leadership (ISO 31000)

  26. Defining IA Risk Management input • How can we adjust our processes to better fit risk management? • Taxonomies that match organizational area (ORGANIZATION) • Adding Risk Management questions to audit planning • Using Capability Maturity Models to define risk and control • Others?

  27. Taxonomy Example • Aligning risk and control buckets with business management • A Taxonomy all can understand

  28. Capability Maturity Model Example • Evaluating Risk Management in the Audit • TERM ALIGNMENT Management Objective Oversight Control • MODEL ALIGNMENT -Accountabilities - Tone at the top -Metrics -Environment -Reporting Performance

Recommend

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

FREE Lifelong Learning Event for Fasset Members Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk assessment control matrix management process Governance Risk appetite Agenda for and risk Risk

1.28k views • 105 slides
Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op.

Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op.

Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op. Risk Management Board of Enterprise Risk Senior Management Committees Directors Management Credit Risk Cross-Border Exposure Country Rating

453 views • 6 slides
What is Risk Management? What is Risk Management? A (great) management tool Focus

What is Risk Management? What is Risk Management? A (great) management tool Focus

Proudly Presents How To Establish Functional Risk Management in Your Public Entity R. J oy J ackson, City of London Tina Gardiner, Region of York RIMS, Ottawa, 2011 What is Risk Management? What is Risk Management? A (great)

463 views • 24 slides
Preparedness Preliminary risk management Risk assessment Risk management Risk

Preparedness Preliminary risk management Risk assessment Risk management Risk

FAO/WHO guide for application of risk analysis principles to food safety emergencies Food Recall and Traceability (February 2013, Thailand) Preparedness Preliminary risk management Risk assessment Risk management Risk

440 views • 39 slides
Group Risk Management May 10, 2010 David Benson Chief Risk Officer Agenda 1 . Risk Management

Group Risk Management May 10, 2010 David Benson Chief Risk Officer Agenda 1 . Risk Management

Risk Management Group Risk Management May 10, 2010 David Benson Chief Risk Officer Agenda 1 . Risk Management Framework - 4 Pillars 2 . Risk Appetite pp 3 . Economic Capital Analysis 4 . Illiquid Asset Analysis 2 1. Risk Management

562 views • 10 slides
Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Risk Management Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer November 2015 Risk Management Sections 1) Aims of presentation 7) Tips for success 2) What is Risk Management (RM)? 8) Why RM may

533 views • 32 slides
ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system. ARM is a complete suite allowing the management of market risk and operational risk for commodities derivatives. 4 main modules are available:

848 views • 26 slides
ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system. ARM is a complete suite allowing the management of market risk and operational risk for commodities derivatives. 4 main modules are available:

543 views • 31 slides
Risk Management Ken Haas USA Hockey Atlantic District Risk Manager 1 Risk Management Risk

Risk Management Ken Haas USA Hockey Atlantic District Risk Manager 1 Risk Management Risk

Risk Management Ken Haas USA Hockey Atlantic District Risk Manager 1 Risk Management Risk Management What you need to know 2 Risk Management for Coaches What do you need to know? Pennsylvania Act 15 Insurance Issues Inj

908 views • 22 slides
Construction Contract: Risk management EPCC Contract Management 1 Can We Ignore Risk ?

Construction Contract: Risk management EPCC Contract Management 1 Can We Ignore Risk ?

Construction Contract: Risk management EPCC Contract Management 1 Can We Ignore Risk ? Construction is a risky business Why wait till the risk occurs? Knowing the objectives of risk management 2 Risk Recognition Dr. Julian

921 views • 90 slides
RISK RISK MA MANAGEMENT GEMENT Background Checks OSYSA Risk Management Policy

RISK RISK MA MANAGEMENT GEMENT Background Checks OSYSA Risk Management Policy

RISK RISK MA MANAGEMENT GEMENT Background Checks OSYSA Risk Management Policy Concussion Safe Sport OSYSA Risk Management Jeff Rossi OS Board member, Risk Management Coordinator Jim Sturm OS Board member,

610 views • 14 slides
1/12/2015 Chapter 3 Introduction to Risk Managem ent Agenda Meaning of Risk Management

1/12/2015 Chapter 3 Introduction to Risk Managem ent Agenda Meaning of Risk Management

1/12/2015 Chapter 3 Introduction to Risk Managem ent Agenda Meaning of Risk Management Objectives of Risk Management Steps in the Risk Management Process Benefits of Risk Management Personal Risk Management Meaning of Risk

371 views • 12 slides
1 Risk in hospitals Legal Risk Clinical risk Risk arising out of failure to comply with

1 Risk in hospitals Legal Risk Clinical risk Risk arising out of failure to comply with

Effective Risk Management Dr Rohini Sridhar MD FRCPA Dr. Rohini Sridhar, MD, FRCPA Chief Operating Officer, Apollo Speciality Hospital, Madurai Risk Management programme Identification of risk Strategies to avoid risk Strategies

494 views • 8 slides
1/16/2018 THE OBJECTIVE OF RISK MANAGEMENT Risk Management Suppose the firm is closely

1/16/2018 THE OBJECTIVE OF RISK MANAGEMENT Risk Management Suppose the firm is closely

1/16/2018 THE OBJECTIVE OF RISK MANAGEMENT Risk Management Suppose the firm is closely owned Proprietorship Partnership Privately held corporation Suppose the owner(s) are risk averse Risk management can make

297 views • 8 slides
INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information

INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information Security & Privacy Office June 8, 2017 Version 1.5.7 Risk Management at Florida State University Risk assessments

549 views • 11 slides
Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk Officer, EVP 1 Todays Agenda Risk Management Risk governance Enterprise Risk Management Community Reinvestment Act Operational Risk

366 views • 23 slides
Leveraging Operational Risk Management (ORM) in Operational Risk Management AIG Enterprise Risk

Leveraging Operational Risk Management (ORM) in Operational Risk Management AIG Enterprise Risk

Kimberly Fix, Director Leveraging Operational Risk Management (ORM) in Operational Risk Management AIG Enterprise Risk Management Third Party Risk Management (TPRM) 212.770.6752 kimberly.fix@aig.com 175 Water St., NY, NY Operational Risk

116 views • 10 slides
Re-Emphasizing Risk Management by George Huff November 9, 2011 2 Risk Management and Supply

Re-Emphasizing Risk Management by George Huff November 9, 2011 2 Risk Management and Supply

Re-Emphasizing Risk Management by George Huff November 9, 2011 2 Risk Management and Supply Chain Security ISO 28000s Risk-Based Approach to Management Systems ISO Format adopted from ISO 14001:2004 Environmental Performance, but

450 views • 13 slides
Research & Education Challenges in Risk Analysis & Risk Management Improved

Research & Education Challenges in Risk Analysis & Risk Management Improved

Research & Education Challenges in Risk Analysis & Risk Management Improved Understanding of Risk Management Type Matching Risks, Risk Analysis & Risk Response Maritime Risk Symposium 2011 Rutgers University 9 November, 2011

1.18k views • 82 slides
INFORMATION RISK MANAGEMENT PROGRAM The Need for a Risk Management Program Information Security

INFORMATION RISK MANAGEMENT PROGRAM The Need for a Risk Management Program Information Security

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM The Need for a Risk Management Program Information Security & Privacy Office June 8, 2017 Why Unit Risk Management Programs Are Important For the most part FSU has enjoyed

402 views • 9 slides
Health and Safety Risk Management Health and Safety Risk Management What does the law say

Health and Safety Risk Management Health and Safety Risk Management What does the law say

Health and Safety Risk Management Health and Safety Risk Management What does the law say Hazards and Risk Reasonably Practicable Engagement and Participation Risk Perception H&S Risk Management Process What does the

280 views • 16 slides
Innovations in Third-Party Risk Management 2019 Risk Summit Nonprofit Risk Management Center

Innovations in Third-Party Risk Management 2019 Risk Summit Nonprofit Risk Management Center

Innovations in Third-Party Risk Management 2019 Risk Summit Nonprofit Risk Management Center Lansdowne Resort & Spa Leesburg, VA October 21, 2019 T odays Speakers T om Rogers, CPA Jeff T enenbaum, Esq. Founder & CEO Chair

563 views • 40 slides
Risk Management Massimo Felici Massimo Felici Risk Management 2011 c 1 Risk Management

Risk Management Massimo Felici Massimo Felici Risk Management 2011 c 1 Risk Management

Risk Management Massimo Felici Massimo Felici Risk Management 2011 c 1 Risk Management There are many threats to the success of your project. It is crucial to identify the worst risks at the outset of your project, and to take

524 views • 29 slides
The Risk Assessment/Risk Management Process What is risk assessment? The process of evaluating

The Risk Assessment/Risk Management Process What is risk assessment? The process of evaluating

Risk Assessment 101 Scott D. Dwyer, PhD, DABT Practice Leader Risk Analysis and Toxicology Kleinfelder 14710 NE 87 th Street, Suite 100 Redmond WA 98074 425-636-7910 sdwyer@kleinfelder.com The Risk Assessment/Risk Management Process What

378 views • 12 slides

More recommend