Assessing The Risk Management Process
Assessing the RiskManagement ProcessPractice Guidance Released by IIA Mar 2019Presented to Alaska Chapter of the IIAMay 2019
Intro – Lance JohnsonTwo hats L&H Johnson (Consultant) including Denali FCU/Nuvision CUBank of the WestSuiss REUSAAThe IIA (Institute) USAA – CRO: Risk and Control Standardization:Talent Governance
Disclosure Statement:The basis of this presentation is the IIA PracticeGuide Assessing the Risk Management Process issuedin March 2019, however the viewpoints and positionsthat may be expressed by the presenter do notnecessarily represent those advocated or embracedby either the IIA or USAA
IIA Standard settingprocessInternational Professional PracticesFramework Oversight Council Established by the IIA board in 2010Comprised of
IIA Standard setting process
IIA Standard setting processRequired Standardsand GuidanceIIA Global BoardMakes standardand guidanceassignmentCommittee, Council, or Task ForceDeveloped orUpdated byassigned task forceor committeeIPPF Oversight CouncilExposure andfeedback PeriodEdits, refinements,and correctionsDependingonmagnitudeRelease andpublicationDue processoversightReviewed evidenceof due process forreleased guidance
IIA Standard setting processIIA Global BoardMakes standardand guidanceassignmentRecommended GuidanceGuidance Dev. Comm.Guidance Dev. Comm.Guidance DevCommitteeoutlines objectiveand deliverablesGuidanceDevelopment teamworksDewithContributors (SMEs)to draft guidanceGuidance team andContributors review,edits, refinements,and correctDependingonmagnitudeApproves releaseof guidanceIf notApprovedRelease andpublication
Supplemental Guidance Supports the Standards Endorsed by The IIA formal review and approval process Additional information, advice, and best practicesPractice Guides are a type of Supplemental Guidance Provide details and examples Support and applicable for all internal auditors.www.globaliia.org/standards-guidance
Purpose of the Assessing RM Guidance Does not advocate a particular risk managementprogram, framework, or model Outlines common attributes found in a mature riskmanagement process Risk culture Risk governance Risk management process
Purpose of the Guidance (Continued)Assist auditors in Appling the Standards of Internal Auditing in assessing RiskManagement programs Explaining why risk management activities need to be assessed Understanding components of an effective risk managementprocess. Developing an assessment approach that considers Business and regulatory environments Organization’s level of maturity. Information necessary to determine scope and evaluation criteria
Business Significance: Risks andOpportunitiesBenefits of a mature RMProcess Risk-balanced decisions Increased communication andconsultation Common risk language Connections & insights risks opportunities Timely risk identification andaction reporting Achievement of strategicobjectives Optimizing stakeholder valueBarriers to Success Risk assessments take too muchtime. Risk information gathered is notrelevant. Risk information is not used tomake decisions.
Risk Management Maturity What does a matureprocess look like? Why a maturity Model?
Illustrative example of Maturity Spectrum
Applying a Maturity Model:Considerations Risk Appetite: is there a defined and consistent riskappetite? Structure: are roles and responsibilities understood? Coordinating and Reliance Governance: What is the direction and perspective ofmanagement and the board and how is thisdemonstrated in the Culture Implementation and action
Role of IA in Risk ManagementDocumenting Risk Risk register Risk definition Mapping dependencies andinfluences Risk rationalizationResponding to Risk Strategic considerations Response actions Mitigation validation – When Control rationalization
Engagement Approaches to AssessingRisk ManagementTOP-DOWN Interviews Document ReviewsBOTTUM-UPCOMBINATIONInformation Gathering InterviewsSurveysDocument reviewsWalk-throughs Interviews (Sr. Mgt./Exec) Surveys (TacticalMgt./staff) Document ReviewsTypical Participants Board Sr./Exec Management Group/DivisionManagement Line Management Supervisors Board Sr./Exec Management Group/DivisionManagement Line Management
Engagement Approaches to AssessingRisk ManagementTOP-DOWNBOTTOM-UP Low level of detail May over focus ongovernance due toparticipant group. Board & seniormanagement viewsmay not representfunctioning culture oforganization Surveys confusion(lack a common risklanguage or immatureprocess) Inconsistent feedbackfrom distributedparticipants base time/resourceconstraints thatpreclude sufficientparticipation.COMBINATIONLimitation Considerations This approach shouldprovide a morecomprehensiveperspective, howeverthe limitations of bothTop-down andBottom-upapproaches may arise
Potential & sometimes common RiskScenariosFalse assuranceOperational sustainabilityOperational impactsOrganizational culturePriorities and strategiesRisk identification, communication andprioritization Process and system design
Risk and Control Assessing the ProcessAppendix D: Risk and Control Matrix Illustrative risk and control considerations Designed to avoid a prescriptive approach, but adaptableconcepts and guidanceAppendix E: Assessing the Risk Management Process Register of suitable and practical audit actions Assist in gathering sufficient evidence of the risk managementprogram design and operation
Appendix D: Example Culture
Appendix E: Example Culture
References and Resources Assessing and Managing Strategic Risks: What, Why, How for Internal Auditors by RichardAnderson and Mark Frigo Applying the International Professional Practices Framework, 4th Edition by UrtonAnderson and Andrew Dahle Practical Enterprise Risk Management: Getting to the Truth by Larry Baker COSO Enterprise Risk Management – Integrating with Strategy and Performance publishedby the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management – Integrating with Strategy and Performance: Compendium ofExamples published by COSO ISO 31000:2018, Risk management – Guidelines published by International Organization forStandardization (ISO) Auditor’s Risk Management Guide: Integrating Auditing and ERM, 2015 Edition by PaulSobel Managing Risk in Uncertain Times: Leveraging COSO’s New ERM Framework by Paul Sobel
Risk and Control Assessing the Process Appendix D: Risk and Control Matrix Illustrative risk and control considerations Designed to avoid a prescriptive approach, but adaptable concepts and guidance Appendix E: Assessing the Risk Management Process Register of suitable and practical audit actions Assist in gathering sufficient .
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. Crawford M., Marsh D. The driving force : food in human evolution and the future.
Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. 3 Crawford M., Marsh D. The driving force : food in human evolution and the future.
