mastering enterprise risk management inside your organization
DESCRIPTION
openthinking.aeTRANSCRIPT
!"#$%&'()*$+%*,($%&-&'#%*.'#/*!"(")%0%($**'(#'1%*234&*3&)"('5"63(*
!"#$%&'(')*+*(,%%&'#,*-./'##0%
72"1*!34&$"1"8*97:8*9!:8*9;,8*9<=<8*!>:>*
:?"1%02*@%)&%%#A*
9%&6B%1*7($%&("C*:41'$3&**
9%&6B%1*;&"41*,D"0'(%&**
9%&6B%1*!"(")%0%($*:??34($"($**
9%&6B%1*<&3E%##'3("C*'(*=%"&('()*"(1*<%&E3&0"(?%**
9%&6B?"63(*'(*93($&3C*F%CE*:##%##0%($**
9%&6B?"63(*'(*.'#/*!"(")%0%($*:##4&"(?%*
72"1*!34&$"1"*
4
G-%(H+'(/'()*'#*"(**:9;,*:4$+3&'5%1*H&"'(%&*'(*$+%**I:,*"(1*J"$"&**
.'#/*@%B('63(#**
!.'#/*"#$%&'$()##"*"+"%,$%&-%$-.$'/'.%$0"++$)1123$-.4$-4/'3#'+,$-5'1%$%&'$-1&"'/'6'.%$)7$)*8'19/'#:;$$
<=>=$?@A$B$C.%'D3-%'4$E3-6'0)3F$GH'3#',$<"%,I$JHK$LC<ML#I$NOOPQI$MR$
!.'#/$S"#T$%&'$()##"*"+"%,$)7$-.$'/'.%$)11233".D$%&-%$0"++$&-/'$-.$"6(-1%$).$%&'$-1&"'/'6'.%$)7$)*8'19/'#:$@"#F$"#$6'-#23'4$".$%'36#$)7$"6(-1%$-.4$+"F'+"&))4;$$CMME$GL+%-6).%'$>(3".D#I$EUK$CCLI$NOVVQI$(:PW$$
9"(*234*%C'0'("$%*&'#/K**
X-+2'$-.4$@"#F$
VV$
E3-24$
U-0#2"%#$
M'.-+9'#$-.4$Y.'#$
C.13'-#'4$6-3F'%$#&-3'$
J'0$(3)421%$4'/'+)(6'.%$
C.13'-#'4$3'/'.2'$
9&%"6()*#+"&%+3C1%&*
L"C4%*
M*
N*
O*:*=*I*,*<&%#%&L'()*
#+"&%+3C1%&*L"C4%*
?.%'3(3"#'$@"#F$A-.-D'6'.%$G?@AQ$-#$-.$'##'.9-+$%))+$7)3$D))4$1)3()3-%'$D)/'3.-.1'I$@-&-82$M-+I$Z'+)"['$\$?.%'3(3"#'$@"#F$>'3/"1'#$I>'(%'6*'3$NOVO$
]2#".'##$=*8'19/'#$$
• >%3-%'D"1$=*8'19/'#$$• =('3-9).#$=*8'19/'#$$• @'()39.D$=*8'19/'#$$• <)6(+"-.1'$=*8'19/'#$<=>=$?@A$B$C.%'D3-%'4$E3-6'0)3F$GH'3#',$<"%,I$JHK$LC<ML#I$NOOPQI$MR$
9+"()%*$+%*93($%D$*
H"/'()*.'#/*
*'#*E4(1"0%($"C*$3*13'()*P4#'(%##*
@%"C'()*Q'$+*.'#/*
<)66"[''$)7$>().#)3".D$=3D-."^-9).#$)7$%&'$_3'-40-,$<)66"##").$\$@"#F$L##'##6'.%$".$M3-191'$G=1%)*'3$NOVNQ$$$MV$
=(96-+$$@"#F\_-F".D$$
V:$Z'Y.'$%&'$M3)*+'6$`$=(()3%2."%,$$$
N:$U"#%$L+%'3.-9/'#$$
W:$C4'.97,$M)##"*+'$)2%1)6'$$
P:$U"#%$M-,)5#$
R:$>'+'1%$%&'$?/-+2-9).$A)4'+$
a:$L((+,$A)4'+$b$A-F'$Z'1"#").$
c$
Internal Auditing: Assurance and Consulting Services, 2nd Edition. © 2009 by The Institute of
Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL
32701 USA
<=>=$G<)66"[''$)7$>().#)3".D$=3D-."^-9).#Q$
7(+%&%($*.'#/#*
Internal Auditing: Assurance and Consulting Services, 2nd Edition. © 2009 by The Institute of
Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL
32701 USA
F34&?%A*7.!*
RSS*
CCL$<-.-4-I$?3"1$U-/)"'$
@"#F$L(('9%'$-.4$_)+'3-.1'$
<C%"#%**/%%-**
$+%*79,*
<C"(*"(1*?3(#$&4?$*$+%*$"CC%#$*#$&4?$4&%*"(1*-4$*$+%*0"&#+0"CC3Q*3(*$3->**
C6(-1%$/#:$M3)*-*"+"%,$
Control
Share/Transfer Mitigate & Control
Accept (Mointor)
High Risk
Medium Risk
Medium Risk
Low Risk
Low
High
High
I M P A C T
PROBABILITY
,($%&-&'#%*&'#/*0"(")%0%($*T,.!U*
9GFG*,.!*
@%B('63(*3E*,.!*$ $!"#$#!"#$%&&%#&'&()&*#+,#$-#&-.),/0#+1$2*#13#*42&()120%#5$-$6&5&-)#$-*#1)7&2#8&201--&9%#$8894&*#4-#0)2$)&6,#0&:-6#$-*#'$"#&&()*%(%+)%"!",&%%#*&046-&*#)1#4*&-.3,#81)&-.$9#&;&-)0#)7$)#5$,#$'&()#)7&#&-.),%#$-*#5$-$6ð<0#)1#+&#=4)74-#4)0#240<#$88&.)&%#)1#821;4*&$01-$+9&#$00>2$-(&6$2*4-6#)7&#$(74&;&5&-)#13#&-.),#1+?&(.;&0@A## # # #########################B1>2(&C##DEBE#F-)&28240&#G40<#H$-$6&5&-)#I#J-)&62$)&*#K2$5&=12<@##LMMN@##
O7&#D1554P&
#B81-0124-6#E26$-4Q$.1-0#13#)7&#O2&$*=$,#D15540041-#RDEBES$
,.!*@%B('63(*E&30*77:*
?@A$!"#$-$#%321%23'4I$1).#"#%'.%$-.4$1).9.2)2#$(3)1'##$-13)##$%&'$0&)+'$)3D-."^-9).$7)3$"4'.97,".DI$-##'##".DI$4'1"4".D$).$3'#().#'#$%)$-.4$3'()39.D$).$)(()3%2."9'#$-.4$%&3'-%#$%&-%$-5'1%$%&'$-1&"'/'6'.%#$)7$"%#$)*8'19/'#:;$
L##'##$@"#F#$M3)1'##$E+)0$Z"-D3-6$
Internal Auditing: Assurance and Consulting Services, 2nd Edition. © 2009 by The Institute of
Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL
32701 USA
@3?40%(6()**.'#/*:##%##0%($***
Rd$
Re$
&[(K``000:".#"D&%:%,('(-4:1):2F`$
=3#$*"$*F%"**V&"+"0%*W(3D*
V%$*R*H'?/%$*34$*RSS**$3*Q'(*RS8SSS*
V%$*R*H'?/%$*34$*3E*RS8SSS**$3*Q'(*R8SSS8SSS*
:*
X*RY*
S>SRY*
-.#/($'+(*'0%(1",22,'+)(,3%'&4(1/)(,5(6#/($'+7)(8%)()*%9('$"#&&:(6#/"(,3%'&(;#+7)(8%)(6#/('+6;*%"%<=(
(>(?%%(@'$#$$':(A#"9%"(B*"6&2%"($*',"9'+(*
.'#/*&%-3&6()*"(1*?3004('?"63(#*
I(1%&#$"(1*$+%*-%&#-%?6L%*3E*234&*?C'%($*
*Mea
sure
and
repo
rt RM
impl
emen
tatio
n
Excellent
• Advanced capabilities to identify, measure, manage all risk exposures within tolerances
• Advanced implementation, development and execution of ERM parameters • Consistently optimizes risk adjusted returns throughout the organization
Strong
• Clear vision of risk tolerance and overall risk profile • Risk control exceeds adequate for most major risks • Has robust processes to identify and prepare for emerging risks • Incorporates risk management and decision making to optimize risk adjusted
returns
Adequate
• Has fully functioning control systems in place for all of their major risks • May lack a robust process for identifying and preparing for emerging risks • Performing good classical “silo” based risk management • Not fully developed process to optimize risk adjusted returns
Weak • Incomplete control process for one or more major risks • Inconsistent or limited capabilities to identify, measure or manage major risk
exposures Source: Standard & Poor!
f2"4'$%)$?.%'3(3"#'$@"#F$A-.-D'6'.%I$E3'g2'.%+,$L#F'4$h2'#9).#$M3)9/"9$C.1:$H-.2-3,$NOOa$
F?3-%*3E*7FG*ZRSSS*_&"#$".%'3.-9).-+$#%-.4-34$(3)/"4'#$(3".1"(+'#$-.4$D'.'3"1$D2"4'+".'#$).$3"#F$6-.-D'6'.%i$"%$1-.$*'$2#'4$*,$-.,$(2*+"1I$(3"/-%'$)3$1)662."%,$'.%'3(3"#'I$-##)1"-9).I$D3)2($)3$".4"/"42-+:$$_&'3'7)3'I$%&"#$#%-.4-34$"#$.)%$#('1"Y1$%)$-.,$".42#%3,$)3$#'1%)3:$
9&'6?"C*930-3(%($#*3E*7FG*ZRSSS*
_&'$-&'(?'-C%#$(3)/"4'$%&'$
7)2.4-9).$-.4$4'#13"*'$%&'$g2-+"9'#$)7$'5'19/'$3"#F$
6-.-D'6'.%$".$-.$)3D-."^-9).$
The framework manages the
overall process and
its full integration
into the organization
The process for managing risk
focuses on individual or
groups of risks, their
identification, analysis,
evaluation and treatment
A)."%)3".D$b$3'/"'0I$1).9.2-+$"6(3)/'6'.%$-.4$1)662."1-9).$)1123$%&3)2D&)2%$
E3)6$LJ>C`L>>?`C>=$WVOOO$
Principles
A-.4-%'$b$<)66"%6'.%$
Z'#"D.$73-6'0)3F$7)3$6-.-D".D$3"#F$
Framework RM Process
C6(+'6'.%$3"#F$6-.-D'6'.%$
A)."%)3$-.4$3'/"'0$%&'$73-6'0)3F$
<).9.2-++,$"6(3)/'$%&'$73-6'0)3F$
?#%-*+"#&$%&'$1).%'j%$
<)662.
"1-%'$-.4$1).#2+%$
A).
"%)3$-.4$3'/"'0
$@"#F$"4'.9Y1-9).$
@"#F$-.-+,#"#$
@"#F$%3'-%6'.%$
@"#F$'/-+2-9).$
@"#F$-##'##6'.%$
• <3'-%'#$/-+2'$• C.%'D3-+$(-3%$)7$$)3D-."^-9).-+$(3)1'##'#$
• M-3%$)7$4'1"#").$6-F".D$
• ?j(+"1"%+,$-443'##'#$2.1'3%-".%,$
• >,#%'6-91I$#%321%23'4$b$96'+,$
• ]-#'4$).$*'#%$-/-"+-*+'$".7)$
• _-"+)3'4$• _-F'#$&26-.$$b$12+%23-+$7-1%)3#$".%)$-11)2.%$
• _3-.#(-3'.%$b$".1+2#"/'$
• Z,.-6"1I$"%'3-9/'$b$3'#().#"/'$%)$1&-.D'$
• E-1"+"%-%'#$1).9.2-+$"6(3)/'6'.%$b$'.&-.1'6'.%$)7$%&'$)3D$
k.4'3#%-.4$J'0$@"#F#$
U)0$M3)*-*"+"%,$*2%$X'3,$l"D&$C6(-1%$
9&%"6()*"*.'#/*94C$4&%*
7($%CC')%($*.'#/*!"(")%0%($*#2#$%0*
7($%CC')%($*.'#/*!"(")%0%($*#2#$%0*
V3L%&("(?%8**.'#/*!"(")%0%($**
"(1*930-C'"(?%*TV.9U*
7$*'#*(3$*"P34$**.'#/*!"(")%0%($**P4$*&"$+%&*"P34$*
0"(")'()*$+%*&'#/*