Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chap IV : Managing Risk to Enhance Stakeholder Value

Published byHector Pearson Modified over 7 years ago

Similar presentations

Presentation on theme: "Chap IV : Managing Risk to Enhance Stakeholder Value"— Presentation transcript:

1 Chap IV : Managing Risk to Enhance Stakeholder Value
Dr. Ir. Yeffry Handoko Putra, M.T Magister Sistem Informasi Universitas Komputer Indonesia

2 Five Steps of the ERM Review Process
Risk Identification. What can go wrong? List all possible events that could occur in a subsystem if there are no controls. Once risks are identified, combine like risks according to the following key areas impacted by the risks: people, mission, physical assets, financial assets, and customer/stakeholder trust. Risk Analysis. What is the likelihood and impact? Rate risks according to probability and impact. Requirements Identification. What is in place to prevent it? List all controls that would exist without DOE subsystem-specific controls. Controls Identification. What else is needed to control the risk? Where there is a significant or extreme risk rating, list gaps between existing risks and existing controls. Risk Registry. What documentation is needed so that the logic and conclusions are clear? Create a register that documents the results of the risk evaluation, including the events, probabilities, impacts, and risk management strategy.

3 Risk Identification and Analysis
For each subsystem a group of senior level staff and subject matter experts complete the following- Risk Identification. What can go wrong? What events can have an impact on people, mission, physical assets, financial assets, and customer/stakeholder trust? A risk can also be a missed opportunity for improving effectiveness and efficiency. Risk Analysis. Look at the subsystem in the context of existing external controls. If there were no DOE-specific controls what is the probability and impact of specific risks?

4 Requirements Identification
Cost Effective Risk Management What is the most effective method for bringing risk down to an acceptable level? Are the controls most expensive than the risk? 3. Requirements Identification. What is in place to prevent it? List all controls that would exist without DOE subsystem-specific controls. Controls Identification. What else is needed to control the risk? Where there is a significant or extreme risk rating, list gaps between existing risks and existing external controls. Defer to existing external controls and standards whenever possible. Minor – risk acceptance may be preferred Moderate – existing controls may be adequate Significant – may need to add more controls Extreme – more controls likely needed

5 Risk Register Risk Registry
Clearly document the analysis of identified risks, existing controls, and proposed controls to address any serious gap between existing controls and risk. Risk Mitigation Options – Acceptance, Monitoring, Mitigation, and Avoidance Evaluate the costs of various mitigation techniques compare the cost/benefit of the risk Risk/ Opportunity Risk Level Potential Cost/Benefit External Control(s) Proposed Mitigation Technique Internal Control (if needed) Identify specific risks and their risk level Minor, Moderate, Significant and Extreme – based on the probability and impact chart. Give a rough estimate of the magnitude of the cost/benefit of the risk/opportunity without DOE-specific controls. List all external controls that help address the risks and opportunity identified. Based on any gap between the risk/opportunity and existing controls, what strategy should DOE adopt? List all internal controls needed to effectively and efficiently address gaps between risks and external controls.

6 Sample Risk Analysis Please note: The sample above has been tweaked for instructional purposes.

7 Why is ERM important? Integrated Strategy - ERM is important because it supports the Department’s strategy and our Management Principles including, “we will manage risk in fulfilling our mission”. Consistency- Systematic approach for management and operations – how we make decisions, govern how we establish and implement requirements, and how we hold ourselves accountable . Better Communication - ERM will provide that framework for clearly articulate the processes we use for program execution, and governance. Clear and Concrete Measures of Performance - It will improve efficiency and allow DOE to consistently speak with one voice to our contractors, customers, and stakeholders.

8 Identify Requirements
Path Forward Program Secretarial Officers can submit a request to the DRB to evaluate a subsystem The DRB develops a Risk Assessment Team Risk Assessment Team completes the ERM risk assessment tool Writer develops/revises a directive incorporating any DOE-specific controls needed after the risk analysis Regularly evaluate the effectiveness of the chosen risk mitigation techniques Identify Risk Analyze Risk Identify Requirements Identify Controls Risk Registry

9 Organize the assessments using a probability/impact matrix

10

11

12 Earn Value Management System
Example The project A budget of $1.2 million. Time duration is 12 months Production requirement is 10 deliverables. Time line Elapsed time is six months. Money spent to date is $700,000. Deliverables produced: 4 complete and 2 partial.

13 Terms & concepts Uncertainty: a lack of knowledge about an event that reduces confidence Risk averse: someone who does not want to take risks. Risk Prone – Someone who is willing to take big risk Risk tolerances: area of risk that are acceptable / unacceptable. Risk thresholds: the point at which a risk become unacceptable Risk Areas: Project Constraints (scope, time, cost, etc)

14 Rank the Risk and do a Review of Assessment Quality
judgment based on the following criteria (as specified in the PMBOK® Guide): - accuracy - quality - reliability - integrity

15 Sample Risk Breakdown Structure (PMBOK Guide)
The PMBOK® Guide begins the task of categorizing risk by first assigning it one of four sources from which it originates. These sources are: - technical - external - organizational - risks associated with the actual management of the project

16

17

18 Risk Profile A risk profile is a list of questions that address traditional areas of uncertainty on a project. These questions has been designed and developed from the experience of past projects.

19 Risk Profile Questions

20 A framework for understanding corporate governance
What follows is a defined governance framework focused on value creation – a framework to ensure the spirit of corporate governance is followed to deliver both conformity and performance improvement. Once boards fully understand their stakeholders, they will be better able to ensure governance effectiveness and accountability and thus add value to the organisation overall.

21 Risk Management Plan(Contd.)
Stakeholder tolerances – Stakeholders have a low risk tolerance than impact is high. That information should be taken into account to rank cost impacts higher than if the low tolerance was in another area. Tolerances should not be implied, but uncovered in project initiating and clarified or refined continually. Reporting – Describes reports related to RM and how they will be used and what they will include. Tracking – Auditing, documentation regarding RM

22 A framework for understanding corporate governance

23 Board operations Effective board operations are critical to the development of a strong governance structure. The skills and experience of the board must remain relevant to the company’s needs, whatever the standards, culture, and markets to which it is subject. Boards should take steps to ensure that they continue to have the appropriate mix of skills and levels of experience as conditions change. Periodic self-evaluation, preferably facilitated by an independent third party, will help them meet this important goal. Ultimately, the quality of the financial reporting, risk management and internal control structures that support the discharge of governance responsibilities will be rendered meaningless if the board operates ineffectively. Central to effective governance is the level at which risk and control issues are discussed and the frequency and standard of that discussion. In the current environment non-executive directors are being asked to question the level of challenge they currently provide to the executive. In response they are asking for improved information on the risks the organisation faces, the controls in place to manage these risks and the process by which this information is arrived at and updated

24 Board operations However, risk clearly does not stop once you get past the operational tiers of an organisation. Risks associated with succession planning and remuneration arrangements are repeatedly highlighted by the financial markets and yet are rarely identified or communicated effectively. The level of challenge at board and sub-committee level and an appetite to confront such issues are essential to effective board operations. Questions on the level of challenge should not be reserved specifically for non-executives. An example is the way in which many organisations have sought to better discharge their governance responsibilities through establishing dedicated risk management committees

25 Strategy development The board should seek to ensure that the organisation is sufficiently agile to be able to respond to changing circumstances and take advantage of relevant market opportunities even as it continues to pursue its planned goals and objectives. Aligning board and management efforts is an important first step — one that will help enable both groups to work co-operatively to achieve strategic aims and ultimately add value for stakeholders. Effective strategy development observes how key risks are managed and how risk influences business performance in the same way that the taking of opportunity can be seen to. Managing and reporting on risks outside the context of the organisation’s business objectives is at best interesting, at worst a waste of time. As a result, many organisations are now looking to better align their corporate planning and risk management activities to promote the selection of targets that are both stretching and achievable and to assist in the subsequent dialogue at all levels on actual results.

26 Corporate culture Efforts to ensure ethical behaviour and to protect an organisation’s reputation are an important part of the governance framework. A culture that condones negligent or even mediocre behaviour puts the company’s reputation at risk. Moreover, where appropriate standards of conduct promoting and maintaining integrity are not embedded within a company, there is a heightened risk that employees’behaviour and the information they produce become unreliable. The board must help ensure an appropriate tone at the top. The importance of risk management has advanced over the last few years with many organisations understanding that they have to take more risk if they are to generate value, and that all employees have a part to play in achieving this. Just as directors need to provide challenge on risk issues, clear ownership and accountability for risk needs to exist at all organisational levels. As organisations seek to support high performance and increased risk-taking, some are now including the evaluation of employee attitudes to risk in their performance appraisal process, firmly positioning risk management as a component of induction and ongoing management training.

27 Monitor and evaluate No matter what their level of focus, boards should recognise that what gets measured is what gets attention. Therefore, they need to ensure they understand what management should be doing and assess whether those activities are being managed and measured. The reports the board receive should reflect this broad measurement perspective. How well management has met the organisation’s financial goals should be just one aspect of the board’s evaluation. The board should also ensure that the combined scope of internal and external audit is such that it is able to provide greater assurance that management has adequate governance systems and processes in place to protect shareholder value. Inseparable from the development of organisational strategy is the monitoring and evaluation of subsequent performance. When reporting on risks to business objectives many organisations continue to confuse quantity of reporting with quality of reporting.

28 Monitor and evaluate A growing number of organisations are appointing a chief risk officer to provide leadership, direction and co-ordination of organisational risk management activity. The chief risk officer does not directly ‘own’ responsibility for managing specific risks but operates in a consultative/collaborative role supporting the board, its sub-committees and key operating and functional management. The role seeks to improve consistency and accessibility of risk information at all levels of the organisation as well as improve the standard of discussion and challenge at board and management levels. As organisations better align their planning and risk management activities and the consistency of their risk reporting, they are also improving the means by which they measure performance to corporate bjectives. For many, the next step is the integration of information on key risks with these methods for monitoring performance since both seek to measure the likelihood of achieving the same corporate goals.

29 Stewardship Board members are accountable to shareholders. Accountability – including all the issues surrounding disclosure and transparency – is what provides the legitimacy to the classic model public company.Shareholders elect directors to run companies on their behalf – ipso facto, boards are accountable to shareholders for their actions. Boards should engage in a two way dialogue with their key stakeholders and use their acquired knowledge as part of their strategic planning and risk management process. Decisions based on a better understanding of stakeholders’ needs reduces the risks associated with the external environment and helps secure competitive advantage. Elsewhere we have discussed the improved alignment of organisational performance and risk information to better measure performance against objectives. The development over recent years of environmental, sustainability and social responsibility reporting represents one way in which organisations are responding to stakeholder concerns on risk. In many cases the risks and how they are actively managed are acutely linked to organisational sustainability – an example being that of mineral reserves for energy organisations. The ways in which these organisations look to develop and report on alternative energy sources explains to stakeholders their own plans for longevity as well as that of the planet. It is foreseeable that developing demands for disclosure and transparency and the desire to create competitive advantage will lead to increased reporting on other areas of risk and organisational efforts to manage them.

30 Reputational Risk A variety of stakeholders and reputations
External branding and internal values A culture of financial prudence Engaged employees Reputation, brand and risk management

31

32

33

34 Organizations perform
Enterprise Performance Management (EPM) and Governance, Risk, and Compliance (GRC).

35 Balanced Risk and Performance in an Integrated Platform
Strategy to Success (S2S) framework, Oracle Extension of Michael Porter’s concept

36 GRC processes should also be integrated
Put in place controls over applications and technology Align policies and processes to best practices and control frameworks Identify and assess risks Report on key risks to business goals

37 Balancing Risk and Performance

Download ppt "Chap IV : Managing Risk to Enhance Stakeholder Value"

Similar presentations

The Department of Energy Enterprise Risk Management Model

The Department of Energy Enterprise Risk Management Model
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
Purpose of the Standards

Purpose of the Standards
Trinidad & Tobago Corporate Governance Code 2013

Trinidad & Tobago Corporate Governance Code 2013
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
COBIT® 5 for Risk Introduction

COBIT® 5 for Risk Introduction
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.

Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
Towards a systematic approach to credit union governance Paul A Jones PhD Research Unit for Financial Inclusion Financing the Future: Achieving Sustainable.

Towards a systematic approach to credit union governance Paul A Jones PhD Research Unit for Financial Inclusion Financing the Future: Achieving Sustainable.
Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.

Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.

1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.

Similar presentations

Ads by Google