ABGR XI International Risk management and Insurance Seminar “Introduction to Risk Management” ALARYS Latin American Risk Management Foundation (FUNDALARYS) Javier Mirabal, Eng, ARM, AIRM, RF FUNDALARYS- Executive Director Sao Paulo-Brasil October 26, 2015

Table of Contents 1.Risk 2.Risk Management 3.The Risk Management Process

1- Risk

Planning (strategic, operational, etc.) Time Objectives to achieve (strategic, operational, etc.)

Risk (ISO GUIDE 73:2009, Risk Management - Vocabulary) “Effect of uncertainty on objectives”

Planning (strategic, operational, etc.) Time Objectives to achieve (strategic, operational, etc.) Risks

Internal environment (weaknesses, strengths) Organization External Environment (threats, opportunities) Source of Risk in an Organization ‘‘Events’’

Classification of the Risk Events (Criteria: Type of Environment) Internal Environment External Environment -Culture -Infrastructure (financial, physical, etc.) -Personnel (people) -Processes -Systems (IT, etc.) -Economical -Environmental -Political -Social -Technological -Legal -Others

Risk Classification Political Economic Social Technological Environmental Legal, Regulatory Market Credit Counterparty Liquidity People Processes System (Technology) Corporate culture Property People (health, injuries, death, etc.) Legal Liabilities Gross benefit Hazard Risks Operational Risks Business Risks Financial Risks

Risk “Attributes” Risk Appetite Inherent Risk Tolerance Residual Risk

2- Risk Management

Planning (strategic, operational, etc.) Time Objectives to achieve (strategic, operational, etc.) Risks

Planning (strategic, operational, etc.) Time Objectives to achieve (strategic, operational, etc.) Risk Management

Risk Management (ISO GUIDE 73:2009, Risk Management - Vocabulary) “Coordinated activities to direct and control an organization with regard to risk”

Risk Management Criteria: Risk Tolerance Criteria: Risk Appetite

COSO-Enterprise Risk Management Integrated Framework-2004 (The Committee of Sponsoring Organizations of the Treadway Commission)

TGS DOC ID# 17 ISO 31000: 2009 Risk Management – Principles and guidelines Design of framework for managing risk Continual improvement of the framework Implementing risk management Monitoring and review of the framework Establishing the context Risk treatment Risk identification Risk analysis Risk evaluation Risk assessment Mandate and commitment Risk Management Principles Communication and consultation Monitoring and Review Framework Process Principles

3- The Risk Management Process

Risk Management Criteria: Risk Tolerance Criteria: Risk Appetite

Risk Transformation (criteria: Risk Appetite & Risk Tolerance) Inherent Risk Residual Risk

COSO-Enterprise Risk Management Integrated Framework-2004 (The Committee of Sponsoring Organizations of the Treadway Commission) Risk Management Process

TGS DOC ID# 22 ISO 31000: 2009 Risk Management – Principles and guidelines Design of framework for managing risk Continual improvement of the framework Implementing risk management Monitoring and review of the framework Establishing the context Risk treatment Risk identification Risk analysis Risk evaluation Risk assessment Mandate and commitment Risk Management Principles Communication and consultation Monitoring and Review FrameworkRisk Management Process Principles

Establishing the context Risk Treatment (Controls) Event Identification Risk Assessment Risk Management Process Communication and Consultation Monitoring & Review (Continuous Improvement) Controls Implementation

Control (ISO GUIDE 73:2009, Risk Management - Vocabulary) “Measure or action that modifies risk”

Control (Classification) Type of ControlProbabilityImpact Risk Control (Prevention) X Risk Mitigation (Reduction) X

The End