Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management For the Board of The Law Society 16 February 2005.

Published byFelix Lamb Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk Management For the Board of The Law Society 16 February 2005."— Presentation transcript:

1 Risk Management For the Board of The Law Society 16 February 2005

2 The Law Society As a board member – What am I expected to be doing? Board is not management – What do I expect from senior management? – What are the bigger risks? Reputational risk – Especially as a regulator

3 Risk!

4 The Law Society Voluntarily complies with The Combined Code – To the extent applicable C.2 Internal Control Main Principle The board should maintain a sound system of internal control to safeguard shareholders’ investment and the company’s assets. Code Provision C.2.1 The board should, at least annually, conduct a review of the effectiveness of the group’s system of internal controls and should report to shareholders that they have done so. The review should cover all material controls, including financial, operational and compliance controls and risk management systems.

5 OBJECTIVES RISKS CONTROLS

6 What is risk? Anything that contributes to the organisation’s failure to meet its stated objectives The chance of something happening that will have an impact upon objectives - measured in terms of consequences and likelihood (AS/NZS 4360:1999)

7 What is risk? ‘Risk - The uncertainty of an event occurring that could have an impact on the achievement of objectives. Risk is measured in terms of consequences and likelihood.’ [The Institute of Internal Auditors, Glossary to Standards until end 2003] IIA Standards Glossary from 2004 Residual Risks – The risk remaining after management takes action to reduce the impact and likelihood of an adverse event, including control activities in responding to a risk. Risk - The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood. Risk Management– A process to identify, assess, manage, and control potential events or situations, to provide reasonable assurance regarding the achievement of the organization’s objectives.

8 Risk management Know your objectives Identify risks – external e.g. reputation, customers, suppliers, lenders – internal e.g. operations, staff, working capital, capacity Assess risk, prioritise and know what you can accept Manage risk – Tolerate (Acceptance – COSO ERM) – Treat (Reduction – COSO ERM) – Transfer (Sharing – COSO ERM) – Terminate (Avoidance – COSO ERM) – Track (Law Society) Monitor, learn and improve, reconsider objectives

9 Some COSO definitions Event – An incident or occurrence, from sources internal or external to an entity, that affects the strategy implementation and achievement of objectives. Exposure – Portion of the range of possible impacts of future events for which the entity is susceptible to loss. Impact – Result or effect of an event. There may be a range of possible impacts associated with an event. The impact of an event can be positive or negative relative to the entity’s related objectives. Risk – The possibility that an event will occur and adversely affect the achievement of objectives. Risk appetite – The broad-based amount of risk a company or other entity is willing to accept in pursuit of its mission or vision. Uncertainty – Inability to know in advance the exact likelihood or impact of future events.

10 COSO’s components of Enterprise Risk Management (2004)

11 The Law Society Strategic risk register – Ideally should be related to the corporate plan – eg.: Loss of role Operational risk register – eg.: Business continuity threats Breakdown of financial controls

12 Risk assessment matrix – undertake first before taking account of control

13

14 Risk assessment matrix – Overlay suggests control approach

15 Risk assessment matrix Adjust after taking account of control

16 CONTINGENCY PRIMARYSHOWSTOPPER CONTINGENCY PRIMARY MONITORING & REVIEW HOUSEKEEPING Likelihood Impact Risk Control Matrix

17 Risk response key Showstopper: Continuous focus, as with 'Primary' risks (below), supplemented by regular attention of the board. The intention is to eliminate as far as possible the risk of this unwanted outcome materialising, which would prudently involve avoidance of risk taking in this area. Primary: Risks which must be focussed upon continuously by top management to minimise the likelihood of them occurring and the impact of them if they do occur. Contingency: Requires carefully pre-designed and tested contingency plans to be in place to cater for the eventuality if it occurs. Housekeeping: Sufficiently regular and careful attention by way of effective internal control to minimise the likelihood of this unwanted outcome. Monitoring and review: Provision of periodic information to confirm the containment of this risk within acceptable levels, together with assigned responsibilities to keep this periodic information under review.

18

19

20

21 Ideal layout for a risk register RiskGross RiskBoard Accounta- bility Control description Control effectiveness Net/residual risk ActionResponsi -bility Review Date Im- pact Likeli- hood Im- pact Likeli- hood 1. 2. 3. 4. Numeric scale 1 to 5 Strong, Good, Weak or Poor Numeric scale 1 - 5

22 Illustration: overall state of relationship health …The Court of Public Opinion Local Communities Business partners The Media Business Leaders Competitors PoliticiansRegulators Government CustomersEmployeesShareholders Financiers

23 Illustration: relative importance of each stakeholder group …The Court of Public Opinion Local Communities 3 Business partners 1 The Media 1 Business Leaders 3 Competitors 3 Politicians 3 Regulators 3 Government 3 Customers 1 Employees 2 Shareholders 1 Financiers 1

24 Other points Downside risk + upside risk = overall risk – Mitigate threats – Capture/realise opportunities – Upside risk risk which relates to outcomes more favourable than expected

25 Other points Risks are like buses – they tend to come all at once Risk management is embedded when it is a ‘mindset’ – a natural part of management rather than an add-on

26 Risk Management Andrew Chambers (ProfADC@management- audit.com)

Download ppt "Risk Management For the Board of The Law Society 16 February 2005."

Similar presentations

Organizational Governance

Organizational Governance
Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.

Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
Risk Analysis & Management. Phases Initial Risk Assessment Risk Analysis Risk Management and Mitigation.

Risk Analysis & Management. Phases Initial Risk Assessment Risk Analysis Risk Management and Mitigation.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Risk Identification Chapter 6.

Risk Identification Chapter 6.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

Similar presentations

Ads by Google