Introduction
This work is designed to provide participants with alternative methods, tools and structures that can be used for establishing an ERM. During this workshop participants will have the chance to apply what they learned to a case study where they will get to use the most beneficial audit techniques, tools and process to evaluate an ERM fact situation.
Enterprise Risk Management known as (ERM) has evolved considerably since the seventies. From simply 'buying' insurance, it has now grown in importance to become a prime function in many organizations as part of a bigger system known as Governance, Risk and Compliance (GRC) which starts with corporate governance and ends with compliance. ERM is the function of studying the risks that may hinder a corporation's ability to achieve its goals and then deciding how to overcome those risks. Studies regarding risk management were done by different organizations, including ISO which issued ISO 31000 on risk management. However, the most accepted ERM system is the one designed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). This system, which is the one covered in this course, teaches the steps needed to control risk. It starts with the evaluation of the internal environment and the setting of objectives which are, mainly, a result of the tone at the top of the organization, the directives from corporate governance as well as the vision, mission and corporate strategies. Then, the course goes through the steps management needs to consider in order to identify and assess risk and decide on proper risk responses and controls. The course ends with how to monitor, communicate and report risk. In addition, the course looks at risk in different organizational areas such as strategy, reporting, compliance, operations, financial and physical risk as well as risk in different industries.
Course ObjectivesBy the end of the course, participants will be able to:
- Identify internal and external changes that will create risks to the organization
- Audit the ERM process that was design
- Understand the relation with the board of directors through governance and improve Risk-Based Decision Making (RBDM)
- Influence internal controls by choosing the response to the risks identified
- Classify risk categories in the organization and identify the right authorities to manage them
- Analyze, assess and improve risk management practices within the organization
Target AudienceManagers, senior managers, directors, executives, financial controllers, senior accounting and finance personnel, and auditors.
Target Competencies- Improving risk monitoring and control
- Analyzing and assessing risks
- Advising directors on risks
- Controling risks
- Mitigating risks
- Reporting risks
Target Audience
- Managers, senior managers,
- directors,
- executives,
- financial controllers,
- senior accounting and finance personnel, and auditors.
Content
Defining the Key Components of ERM
· Identifying Risk Events
· Assessing Risk, Probability and Impact
· Risk Reponses
· Monitoring the ERM process on an ongoing basis
*Integrating Business Risk and Internal Control
· The Concept of Business Risk
· Relationship of Business Risk
· Strategy on fundamental Business Process
· Using KPI’s and the Baseline
*Auditing the ERM Process
· Auditing the Risk Organizational Structure
· Auditing the Risk Infrastructure for Completeness
and Coverage
· Auditing the Information flow of the ERM Environment
· Timeliness
· Accuracy and Usefulness
*Auditing the Effectiveness of ERM in the Organization
· Evaluation criteria of success
· ERM Process in precluding or minimizing risks
· Auditing the maintenance and future strategic initiative
*A Top-Down Risk-Based Approach to Establishing an ERM process
· The Risk Organizational Structure
· Reporting structure
· Operating Format
*Developing an ERM Audit Process
· Risk Assessing the ERM Environment
· Focusing the Audit and Establishing the Audit Scope
· Audit Approach/Tools/Techniques/Strategy
· Effective Report Format to bring about chan
