Certificate in Enterprise Risk Control and Management

Introduction

This course will give you a comprehensive understanding of Enterprise Risk Management (ERM) and how to embed an appropriate risk management process in your organisation. You will examine the different kinds of risk, including people and process risks and reputation risk, and you will learn how to report on risk and establish an appropriate risk awareness training program.

Main Topics:

• Understanding Enterprise Risk Management (ERM)
• Practical identification and evaluation of risks
• Dealing with the risk
• The wider aspects of risk (CSR and ethics, corporate governance)
• Recording the risk environment

Objectives

• Learn the concepts and practical application of risk management with different techniques for identifying risks and implementing effective risk mitigation strategies
• Understand how you can embed an ERM approach, the benefits of an enterprise-wide approach to risk and how to link risk management with your business planning process
• Evaluate techniques for the assessment of people, process and reputation risk as well as how to record the risk process effectively

Training Methodology

This is an interactive course. There will be open question and answer sessions, regular group exercises and activities, videos, case studies, and presentations on best practice. Participants will have the opportunity to share with the facilitator and other participants on what works well and not so well for them, as well as work on issues from their own organizations. The online course is conducted online using MS-Teams/ClickMeeting.

Who Should Attend?

Risk managers and directors, senior internal auditors and audit managers, assurance professionals working in compliance and quality assurance functions who are being asked to review the risk process, and finance managers and insurance professionals who need to understand the wider approach to risk management.

Course Outline

Day 1:  What Is ERM?

• Explanation of ERM and why it is not fully understood
• The current economic crisis and how ERM can provide a lifeline
• The role and responsibilities of directors and senior management with respect to ERM
• ERM roles
• ERM tips
• ERM value statements
• Strategic, financial and operational risk
• The key link between corporate governance and risk
• Selling the benefits to top management

Risk Measurement

• How to quantify and measure risk – and why the approach followed by most organisations, may be misleading
• Establishing a business risk program – the steps to success
• High profile corporate failures and the lessons to learn
• 10 easy steps to implement ERM

Risk Standards

• Risk standards – choosing the right one
• Explanation of the new ISO 31000 international risk standard
• ISO 31000 and ERM paper will be shared AUS/NZ 4360 standard
• COSO standards
• COSO ERM paper will be shared
• IRM standards
• The regulatory regime and impact on ERM

The Link between ERM and Strategic Objectives

• The need to understand the organisation’s strategic objectives
• Developing a program to reflect these objectives
• Risk appetite – the least understood aspect of risk
• External risk statements – principal risk factors
• Examples of risk appetite statements will be provided
• Categories of risk
• Establishing a risk management framework
• The results of a global RM study will be shared

Day Two: Practical Identification and Evaluation

Establishing an Embedded Risk Management Process

• Risk management framework guide
• Surprises and risk
• Why financial risks are only the tip of the iceberg
• The widening of the risk portfolio Risk cultures
• IRM paper on risk culture assessment
• The challenges
• New and emerging risks – reputation, social, environmental
• Updating the risk strategy for your organisation
• Establishing the business case
• Selling the benefits to management
• The need for risk champions
• Risk and competitive advantage

Risk Identification and Evaluation

• Approaches and techniques
• How to establish a risk workshop process
• Risk workshops – the dos and don’ts
• How to identify, sift and group the risks
• Measuring the consequences and the likelihood of occurrence of each risk
• The use of risk matrices to prioritise the risks
• The need for effective facilitation
• Facilitation skills

Day Three: Dealing With Risks

Assessment of Risk Mitigation

• Controls or mitigation
• Ensuring risks are managed effectively
• How to assess risk mitigation
• The need for diligence and challenge
• Identification of risk exposures
• Dealing with the exposures (the 4 Ts – terminate, tolerate, treat or transfer)
• Recording the risks – risk registers or risk maps
• Risk registers – dos and don’ts
• The need to keep the process as simple as possible
• Establishment of action plans
• Allocation of risk owners

Linking the Output from Risk Workshops into The Business Planning Process

• Linking corporate risks with the strategic planning process
• Linking operational risks into service planning
• Risk owners – how to determine such personnel and enforce ownership
• Annual statements by risk owners
• Developing risk tracking
• Using the risk register as a decision skeleton
• Quarterly board reporting to review progress in addressing the exposures
• Risk management committee reporting
• Half yearly evaluation of key risks to ensure new risks are identified and included

The Converging Roles of the Assurance Providers under the Risk Umbrella

• Why management must take full responsibility for ERM
• How should the various assurance providers rise to the ERM challenge?
• The need to coordinate quality assurance, security, internal audit, insurance and the health and safety functions in relation to risk management
• New guidance on coordinating RM and assurance
• The need to avoid duplication of effort
• How to spot the gaps
• Linking external auditors into the process
• The need to coordinate risk reporting

People and Process Risks

• Key risk themes and how to deal with them
• Failure to manage projects effectively
• Loss of IT systems
• Failure of partners or inability to establish effective partnering
• Loss of key personnel
• Hacking/breach of system security
• Failure to innovate
• Poor prioritisation of systems development
• Loss of morale/stress
• Too much data – insufficient information
• E-commerce – the key risks and steps to take to mitigate them
• IT security – how to evaluate effectiveness and influence change

Day Four: Managing Complex Risks

Reputation Risk

• Definitions
• The rise of reputation as a key risk
• The increasing importance of a positive image – the need to be admired
• Reputation – the value measure of the 21st century
• Creating value from intangible assets
• Where does reputation come from?
• How do you measure it?
• The magnifying effect on reputation of business failures
• The explosion of regulation and external assurance

Corporate Social Responsibility and Ethics

• Corporate Social Responsibility (CSR)
• Codes of conduct
• Business ethics training
• Inclusion of ethics criteria in review of performance
• The dangers of abusing leadership
• Social responsibility as an agent for positive change and better performance – the halo effect

Corporate Governance Risk

• The increasing importance of Corporate Governance
• Record of accountability
• Protecting the financial position
• Alliances, partnerships and contracts
• Fulfilment of promises
• Top down management of reputation
• Media management
• Business continuity
• Vulnerability management
• Carrying out a vulnerability audit
• Crisis management strategy
• Outsourced services risk
• Community and other stakeholder requirements
• Environmentally responsible sources/treatments
• Customer service
• Management of complaints
• Communication – internally and externally

Day Five: Reporting and Cascading Risks

Recording the Risk Environment

• The need to coordinate and link the output
• Flagging interdependencies – if one risk treatment is changed the other party or parties impacted need to be notified
• Risk treatment analysis – how to determine the cost/benefits of dealing with exposures/exploiting opportunities
• Risk management as a route to reducing bureaucracy
• How to use the risk process to break down the barriers
• Reports for senior management
• Making risk management second nature
• Keeping up the momentum
• Risk financing and how to introduce the disciplines
• Integrating incident management
• Business continuity planning
• Integrating health and safety, insurance and claims etc
• Measuring the benefits

Cascading the Process

• Stakeholders’ interest in risk
• Workshops for other management levels
• How to measure the benefits
• Risk awareness for staff
• Sharing output with partners
• Evaluating risks within these relationships
• Key Risk Indicators (KRIs)
• New guidance KRI – the power
• New paper on KRIs will be provided
• Auditing the risk management program
• The Internal Audit role in the risk management process – guidance and advice
• Feeding key risks up to the organisation
• Coordinating the whole process
• Useful websites and reference books
• Managing stakeholder expectations
• How to use the program to change the culture