Presentation is loading. Please wait.

Presentation is loading. Please wait.

COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,

Published bySpencer Todd Modified over 6 years ago

Similar presentations

Presentation on theme: "COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,"— Presentation transcript:

1 COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control, enterprise risk management and fraud deterrence. COSO defines Enterprise Risk Management as "a process, effected by an entity's board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."

2 Enterprise Risk Management Framework
The Enterprise Risk Management Framework reflects input from hundreds of business and risk professionals, senior executives and board members, academics and government representatives from across the globe.

3

4 Example Enterprise Risk Management Framework
The purpose of the J&J Enterprise Risk Management Framework is to describe: Categorization of risk The common framework used to identify and manage potential events that may affect the enterprise Accountability for risk management Governance and oversight of risk management activities

5 Example Enterprise Risk Management Framework
Generally, risks to J & J Company’s success can be grouped into four categories: (1) Strategic, (2) Operational, (3) Compliance and (4) Financial & Reporting.

6 Example Enterprise Risk Management Framework
Strategic Loss of intellectual property & trade secrets Operational Physical property/damage/disruption Compliance Employee health & safety Financial & Reporting Currency exchange, funding & cash flow, credit risk

7 ISO 31000 ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector.  The design and implementation of risk management plans and frameworks needs to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed”

8 ISO 31000 ISO 31000:2009 is a brief and high-level set of principles and guidelines on how to implement risk management. ISO 31000:2009, Risk management — Principles and guidelines IEC 31010:2009, Risk management — Risk assessment techniques ISO Guide 73:2009, Risk management — Vocabulary

9 ISO Process

10 Risk Treatments Avoid:  Avoiding risk is completely disengaging from the activity.  While avoidance precludes suffering losses, it also prevents potential gains from the activity. Modify the frequency or severity: For hazard risks, modifying the frequency/severity of loss is termed loss prevention.  Modifying the severity of the loss is loss reduction.   Transfer: A method of risk financing executed by insurance, contractual agreements, or hedging to reduce the variability in cash flows due to uncertainty in a particular risk. Retain:  A method of risk financing where a risk is funded internally.  This can be done purposefully (low financial impact) or because there is no other option (no insurance or contract available).  It should be done consciously after the risk in analyzed.  Retaining of unidentified risk can be catastrophic to an organization.  Retention can also be complete or partial.   Exploit:  Risk exploitation is a treatment for speculative risks to seize an opportunity for the organization.

11 Risk Classification Systems
An important part of analyzing a risk is to determine the nature, source or type of impact of the risk. Evaluation of risks in this way may be enhanced by the use of a risk classification system.

12 Name or title of risk Unique identifier or risk index Scope of risk Scope of risk and details of possible events, including description of the events, their size, type and number Nature of risk Classification of risk, timescale of potential impact and description as hazard, opportunity or uncertainty Stakeholders Stakeholders, both internal and external, and their expectations Risk evaluation Likelihood and magnitude of event and possible impact or consequences should the risk materialize at current level Loss experience Previous incidents and prior loss experience of events related to the risk Risk tolerance, appetite Loss potential and anticipated financial impact of the risk or attitude Target for control of risk and desired level of performance Risk attitude, appetite, tolerance or limits for the risk Risk response, treatment Existing control mechanisms and activities and controls Level of confidence in existing controls Procedures for monitoring and review of risk performance Potential for risk improvement Potential for cost-effective risk improvement or modification Recommendations and deadlines for implementation Responsibility for implementing any improvements Strategy and policy Responsibility for developing strategy related to the risk developments Responsibility for auditing compliance with controls

13 Qualitative Risk Analysis
A qualitative risk analysis prioritizes the identified project risks using a pre-defined rating scale. Risks will be scored based on their probability or likelihood of occurring and the impact on project objectives should they occur.

14

15

16 Quantitative Risk Assessment
A quantitative risk analysis is a further analysis of the highest priority risks during a which a numerical or quantitative rating is assigned in order to develop a probabilistic analysis of the project.

17

18 Loss Probability Distribution

19 Additional Examples of Risk Identification
Root Cause Analysis FMEA 5 Whys

Download ppt "COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,"

Similar presentations

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Enterprise Risk with Local Government. Enterprise Risk a process, effected by an entity's board of directors, management and other personnel, applied.

Enterprise Risk with Local Government. Enterprise Risk a process, effected by an entity's board of directors, management and other personnel, applied.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
Risk Identification Chapter 6.

Risk Identification Chapter 6.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
Risk Assessment Frameworks

Risk Assessment Frameworks
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-

Similar presentations

Ads by Google