risk management
play

Risk Management The Risk Management Value Proposition Dan Clayton - PowerPoint PPT Presentation

Sep 27, 2022 •734 likes •1.04k views

Collaborative Risk Management The Risk Management Value Proposition Dan Clayton CIA, CPA, CKM University of Texas System My IA journey Internal Audit History * Controls based extension of external audit (up to 1980s) Process

  1. Collaborative Risk Management The Risk Management Value Proposition Dan Clayton CIA, CPA, CKM University of Texas System

  2. My IA journey… Internal Audit History * • Controls based – extension of external audit (up to 1980’s) • Process based – added effectiveness and efficiency (1980’s) • Risk based – added “why should management care” (1990’s) • Risk management – added “optimizing risk” top down (late 1990’s) • Objective Based** – True Top Down, Objective Priorities “at Risk” *Paul J Sobel “Auditors Risk Management Guide” ** Tim Leech and other thought leadership (ISO 31000)

  3. My IA journey… Risk Management • Evaluated 12 ERM implementations in Healthcare 2008-2009 • Advised on Risk Management Consulting Approach for IA • Created Risk Management Based Risk Assessment & Audit • Coordinated UT Systemwide Taxonomy and Risk Assessment Update • Working towards collaborating with Risk Peers; Compliance, Information Security, Police, insurable Risk Management, Legal, etc.

  4. Presentation Objectives Discuss Risk Management Concepts • Set the modern context for RM • Be able to define the flavor of RM at your organization Assessing Collaborative RM Opportunities • Discuss assessing RM • Define Collaborative RM Maturity Model

  5. Presentation Objectives Risk Management Concepts • Definitions • Risk Perspectives within the Lines of Defense • Risk History and Context for RM • RM at your Organization

  6. Risk Management Concepts - Definitions • ISO 31000 Risk Management • Risk – the effect of uncertainty on objectives • Risk Management – identification, assessment and prioritization of risk… followed by… application of resources to minimize, monitor and control impact

  7. Risk Perspectives – 3 lines of Defense

  8. Risk Perspectives – 3 lines of Defense MANAGEMENT – 1 st LINE Risk is Assumed Objectives Defined/Managed (controlled) Operations Developed (control capabilities) People, Process Technology Aligned (Efficiency) Performance is Measured (Outcomes)

  9. Risk Perspectives – 3 lines of Defense

  10. Risk Perspectives – 3 lines of Defense

  11. Risk History and Context MANAGEMENT – 1 st LINE 3rd LINE FUNCTIONS 2 nd LINE FUNCTIONS

  14. Questions? • Risk and Risk Management definitions • The first line of defense, Management’s Role and Risk Perspective • The second line of defense, Roles, Risk Perspectives and GRC

  15. What is Risk Management at your Organization? • A Executive Risk Management Committee? (COSO-based) • A GRC Process for gathering all risks and managing them • One dominant Risk Function, leading the rest? • Something better? • Something worse?

  16. Presentation Objectives Assessing Collaborative RM Opportunities • Start with principled definitions and perspectives • Defining existing risk management • Understanding the appetite for improvement • Defining IA role in influencing and collaborating on risk management • Use Collaborative Risk Management Maturity Model

  17. Where do we begin? (3 rd Line of Defense) • Start with ISO 31000 definitions and Principles • Recognize its about objectives • Value comes from new information for management to leverage • Aligning risk organization and treatment with these realities is risk management • Internal Audit can encourage the right structure; and add risk management to risk assessments and audits • Validate your understanding of Risk Management happening at your organization

  18. Where do we begin? (3 rd Line of Defense) Understand RM and the appetite for improvement • Mgmt. Not likely to say “I need risk management,” but may say: • Isn’t there one place where I can see all the risks and issues and who is managing them? • I wish I had better insight into that area, but everything is so new I don’t have a feel for their chances of success • Shouldn’t we be vetting all of the major concerns across our organization as they occur? How do we get that information • What is the perspective of existing Risk information, who is getting it? • How far up and down the ladder does important risk info flow?

  19. Defining IA Risk Management input • Can we help seed/develop the structure of general risk management? • Who is talking to who? • How are risks and issues organized; can it fit with what management sees? • Are they any existing Risk Committees to leverage? CAPABILITY MATURITY MODEL? • Measure the current state and identify roles to play • Advocate, Evangelist, Assessor, Collaborator…

  20. COLLABORATIVE RISK MANAGEMENT MATURITY MODEL Risk Awareness in Integrated Risk Risk Part of Business Unclear Risk Operations Silos Operations Organization MANAGEMENT MANAGEMENT -Risk/Issue Reporting at -Proactive Exec. Risk all levels Committee/business aligned -Enhanced state is -Reporting from bottom up furthered by technology and top down -Renewal processes exist -Risk and Issues managed by MANAGEMENT MANAGEMENT for innovation and shared terms (taxonomy) -Executive Risk Committee effectiveness -Delegates risk to 2 nd Line 2 nd LINE -Top risks identified -Address major risk events 2 nd LINE -Risk Event Management -Risk functions specialize -Risk function processes -Enhanced state is 2 nd LINE 2 nd LINE draw on all risk/issue furthered by technology sources -Chartered risk functions - -Organized common risk -Immature risk functions -Defined roles exist for goals, measures, reporting and issue data for all -Siloed goals/processes shared processes -Interactive Processes INTERNAL AUDIT INTERNAL AUDIT INTERNAL AUDIT INTERNAL AUDIT -Enhanced furthered by - Ongoing Risk Assessment -Annual Risk Assessment -Annual Risk Assessment technology draws from all risks draws from 2 nd Line produces only audit plans -Real-time Risk and Issues -Audits evaluates risk -Audits focus on validating functions, shares findings sharing, live risk management compliance, policy or -Audits begin with detailed assessment -Findings flow into RM process efficiencies area risk assessment -Audit expertise for risk activities and follow-up management operations

  21. Initial • Management – delegates “risk management” to 2 nd Line • Management – address major “issues” (risks) as they occur • 2 nd Line – functions informal and/or immature • 2 nd Line – Siloed and redundant at times • Internal Audit – Our Risk Assessment serves our audit plan only • Internal Audit – Audits mostly validate compliance, policy or process efficiency

  22. Adequate • Management – risk committee exists, reviews 2 nd Line data • Management – top risks (risk events) formally identified/managed • 2 nd Line – Clearly Chartered functions, with goals and measures • 2 nd Line – Interactive (across risk peers) processes defined • Internal Audit – Our Risk Assessment draws from 2 nd Line, shares… • Internal Audit – Audits start with risk assessment of area

  23. Enhanced • Management – risk committee at Executive Level prioritizes and assigns risk management activities • Management – risk management reporting - common components • Management – risk and issues managed with shared terms/taxonomy • 2 nd Line – functions specialize in area of expertise • 2 nd Line – shared processes and defined roles across all functions • Internal Audit – Ongoing risk assessment, connected with 2 nd Line • Internal Audit – Risk Assessment Reporting, shared perspective of whole • Internal Audit – Audit findings flow into risk management processes

  24. Optimized • Management – Enhanced state is furthered by technology; risk and issues reporting at all levels • Management – Renewal and innovation processes added • 2 nd Line – shared technology eliminates redundancy • 2 nd Line – shared reporting moves towards one perspective of the whole • Internal Audit – Risks and Issue shared in real time improving periodic risk assessment and audit planning risk assessment • Internal Audit – Expertise developed to assess ideal risk management in the 1 st and 2 nd lines

  25. Defining IA Risk Management input WHERE ARE WE… are we mature enough to contribute… • Controls based – extension of external audit (up to 1980’s) • Process based – added effectiveness and efficiency (1980’s) • Risk based – added “why should management care” (1990’s) • Risk management – added “optimizing risk” top down (late 1990’s) • Objective Based** – True Top Down, Objective Priorities “at Risk” *Paul J Sobel “Auditors Risk Management Guide” ** Tim Leech and other thought leadership (ISO 31000)

  26. Defining IA Risk Management input • How can we adjust our processes to better fit risk management? • Taxonomies that match organizational area (ORGANIZATION) • Adding Risk Management questions to audit planning • Using Capability Maturity Models to define risk and control • Others?

  27. Taxonomy Example • Aligning risk and control buckets with business management • A Taxonomy all can understand

  28. Capability Maturity Model Example • Evaluating Risk Management in the Audit • TERM ALIGNMENT Management Objective Oversight Control • MODEL ALIGNMENT -Accountabilities - Tone at the top -Metrics -Environment -Reporting Performance

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

FREE Lifelong Learning Event for Fasset Members Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk assessment control matrix management process Governance Risk appetite Agenda for and risk Risk

1.28k views • 105 slides
Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op.

Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op.

Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op. Risk Management Board of Enterprise Risk Senior Management Committees Directors Management Credit Risk Cross-Border Exposure Country Rating

453 views • 6 slides
What is Risk Management? What is Risk Management? A (great) management tool Focus

What is Risk Management? What is Risk Management? A (great) management tool Focus

Proudly Presents How To Establish Functional Risk Management in Your Public Entity R. J oy J ackson, City of London Tina Gardiner, Region of York RIMS, Ottawa, 2011 What is Risk Management? What is Risk Management? A (great)

463 views • 24 slides
Preparedness Preliminary risk management Risk assessment Risk management Risk

Preparedness Preliminary risk management Risk assessment Risk management Risk

FAO/WHO guide for application of risk analysis principles to food safety emergencies Food Recall and Traceability (February 2013, Thailand) Preparedness Preliminary risk management Risk assessment Risk management Risk

440 views • 39 slides
Group Risk Management May 10, 2010 David Benson Chief Risk Officer Agenda 1 . Risk Management

Group Risk Management May 10, 2010 David Benson Chief Risk Officer Agenda 1 . Risk Management

Risk Management Group Risk Management May 10, 2010 David Benson Chief Risk Officer Agenda 1 . Risk Management Framework - 4 Pillars 2 . Risk Appetite pp 3 . Economic Capital Analysis 4 . Illiquid Asset Analysis 2 1. Risk Management

562 views • 10 slides
Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Risk Management Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer November 2015 Risk Management Sections 1) Aims of presentation 7) Tips for success 2) What is Risk Management (RM)? 8) Why RM may

533 views • 32 slides
ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system. ARM is a complete suite allowing the management of market risk and operational risk for commodities derivatives. 4 main modules are available:

848 views • 26 slides
ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system. ARM is a complete suite allowing the management of market risk and operational risk for commodities derivatives. 4 main modules are available:

543 views • 31 slides
Risk Management Ken Haas USA Hockey Atlantic District Risk Manager 1 Risk Management Risk

Risk Management Ken Haas USA Hockey Atlantic District Risk Manager 1 Risk Management Risk

Risk Management Ken Haas USA Hockey Atlantic District Risk Manager 1 Risk Management Risk Management What you need to know 2 Risk Management for Coaches What do you need to know? Pennsylvania Act 15 Insurance Issues Inj

908 views • 22 slides
Construction Contract: Risk management EPCC Contract Management 1 Can We Ignore Risk ?

Construction Contract: Risk management EPCC Contract Management 1 Can We Ignore Risk ?

Construction Contract: Risk management EPCC Contract Management 1 Can We Ignore Risk ? Construction is a risky business Why wait till the risk occurs? Knowing the objectives of risk management 2 Risk Recognition Dr. Julian

921 views • 90 slides
RISK RISK MA MANAGEMENT GEMENT Background Checks OSYSA Risk Management Policy

RISK RISK MA MANAGEMENT GEMENT Background Checks OSYSA Risk Management Policy

RISK RISK MA MANAGEMENT GEMENT Background Checks OSYSA Risk Management Policy Concussion Safe Sport OSYSA Risk Management Jeff Rossi OS Board member, Risk Management Coordinator Jim Sturm OS Board member,

610 views • 14 slides
1/12/2015 Chapter 3 Introduction to Risk Managem ent Agenda Meaning of Risk Management

1/12/2015 Chapter 3 Introduction to Risk Managem ent Agenda Meaning of Risk Management

1/12/2015 Chapter 3 Introduction to Risk Managem ent Agenda Meaning of Risk Management Objectives of Risk Management Steps in the Risk Management Process Benefits of Risk Management Personal Risk Management Meaning of Risk

371 views • 12 slides
1 Risk in hospitals Legal Risk Clinical risk Risk arising out of failure to comply with

1 Risk in hospitals Legal Risk Clinical risk Risk arising out of failure to comply with

Effective Risk Management Dr Rohini Sridhar MD FRCPA Dr. Rohini Sridhar, MD, FRCPA Chief Operating Officer, Apollo Speciality Hospital, Madurai Risk Management programme Identification of risk Strategies to avoid risk Strategies

494 views • 8 slides
1/16/2018 THE OBJECTIVE OF RISK MANAGEMENT Risk Management Suppose the firm is closely

1/16/2018 THE OBJECTIVE OF RISK MANAGEMENT Risk Management Suppose the firm is closely

1/16/2018 THE OBJECTIVE OF RISK MANAGEMENT Risk Management Suppose the firm is closely owned Proprietorship Partnership Privately held corporation Suppose the owner(s) are risk averse Risk management can make

297 views • 8 slides
INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information

INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information Security & Privacy Office June 8, 2017 Version 1.5.7 Risk Management at Florida State University Risk assessments

549 views • 11 slides
Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk Officer, EVP 1 Todays Agenda Risk Management Risk governance Enterprise Risk Management Community Reinvestment Act Operational Risk

366 views • 23 slides
Cyber Insurance Illinois State Innovation Consulting Community Agenda Our Research Method

Cyber Insurance Illinois State Innovation Consulting Community Agenda Our Research Method

Cyber Insurance Illinois State Innovation Consulting Community Agenda Our Research Method Segment Definition Why is cyber different? Major Takeaways How will cyber change the industry? Recommendations Research Approach

1.11k views • 22 slides
The Dutch Health Care System in Transit! Finally? Ad A.M. Kok AAG Dresden 28 April 2004 1

The Dutch Health Care System in Transit! Finally? Ad A.M. Kok AAG Dresden 28 April 2004 1

The Dutch Health Care System in Transit! Finally? Ad A.M. Kok AAG Dresden 28 April 2004 1 Outline of presentation Current system Why the change ? New Standard Insurance Cover Coverage Premium Insurers

447 views • 24 slides
Re/Insurance? Dr. Andreas Schertzinger IVW St. Gallen, Future.Talk 1 / 2017, May 3 rd The buzz

Re/Insurance? Dr. Andreas Schertzinger IVW St. Gallen, Future.Talk 1 / 2017, May 3 rd The buzz

InsurTech Growth Opportunity for Re/Insurance? Dr. Andreas Schertzinger IVW St. Gallen, Future.Talk 1 / 2017, May 3 rd The buzz continues Continued growth in number and volume of deals Early-stage start-up investments 40 180 Number of

118 views • 7 slides
How to Determine the Total Cost of Risk Agenda Discuss the risk managers role in

How to Determine the Total Cost of Risk Agenda Discuss the risk managers role in

Proudly Presents How to Determine the Total Cost of Risk Agenda Discuss the risk managers role in defining the risk tolerance of the organization Understand how a risk manager can use the Total Cost of Risk metric

595 views • 32 slides
The Risk Management Process And Discussion for 2015 Board Leadership Conference May 30, 2015

The Risk Management Process And Discussion for 2015 Board Leadership Conference May 30, 2015

The Risk Management Process And Discussion for 2015 Board Leadership Conference May 30, 2015 Introductions What group do you represent? How long have you been in the not-for- profit sector For your group, what do you feel is the

448 views • 41 slides
Risk And What To Do About It? February 21, 2017 Heres the agenda for todays conversation

Risk And What To Do About It? February 21, 2017 Heres the agenda for todays conversation

Employers Have Full Health Care Risk And What To Do About It? February 21, 2017 Heres the agenda for todays conversation 1. Why we should have this conversation 2. Audience profiling discussion 3. Upfront questions 4. Magnitude of the

538 views • 24 slides
Agriculture insurance Urgent needed actions and recommended Policy change to move Ag-Insurance

Agriculture insurance Urgent needed actions and recommended Policy change to move Ag-Insurance

Agriculture insurance Urgent needed actions and recommended Policy change to move Ag-Insurance forward Contents of the presentation: I . What is the agriculture Insurance? II . Analysis of the Ag-Insurance current situation in Egypt. III .

547 views • 36 slides
gaps and opportunities Innovation Forum and FSDU Insurance Challenge Fund Launch Kampala, 10

gaps and opportunities Innovation Forum and FSDU Insurance Challenge Fund Launch Kampala, 10

Insurance innovation: needs, gaps and opportunities Innovation Forum and FSDU Insurance Challenge Fund Launch Kampala, 10 December 2018 Contents The changing insurance landscape globally The need for insurance: unpacking the risk

838 views • 39 slides

More recommend