Advanced Enterprise Risk Management

advanced-enterprise-risk-management-header


Overview

Advanced Enterprise Risk Management

The turmoil in the world is intense– with unimaginable impact leading to increasing public unrest, fluctuating oil prices, natural disasters of a scale thought unimaginable, volatile stock markets and world economic uncertainty. In this time of global uncertainty how do you steer a course through these difficult waters?

The answer is to recognise the only real link between all these events – RISK – and then to try to anticipate, manage and then deal with these risks at an enterprise level. Most organisations have now realised that much more is needed and have developed an Enterprise Risk management (ERM) approach.

This has ensured that risks that were previously managed in isolation can be aggregated and prioritized across the entire business.

Advanced ERM goes one step further. Risks are scored based on business materiality with each risk being evaluated and compared by it’s financial, legal, reputational, and regulatory impact, and classified by the effect they could have on the business.

New understandings of risk emerge, and efficient controls can be implemented to tackle what really matters to the business. And drive competitive advantage.

In short the focus becomes strategic risk management.


Benefits of attending

Why you should attend

  • Implement appropriate and varied techniques for the identification and assessment of risks
  • Generate measurable value by aligning the ERM framework with corporate performance expectations
  • Engage the Board in the analysis of enterprise risk scenarios
  • Foster a culture that reinforces appropriate risk-taking to balance value creation and value protection
  • Clarify ERM accountabilities of all employees from executives to the front line
  • Implement key risk indicators (KRI’s) for each line of business
  • Enhance achievement of corporate objectives by linking performance targets, and risk management actions
  • Develop risk appetite statements and apply risk tolerance techniques


Who should attend?

Who should attend

  • Risk managers
  • Managers and Directors responsible for the risk management function or process
  • Heads of Internal Audit
  • Internal Audit managers and senior auditors
  • Heads of Assurance functions
  • Senior Finance professionals
  • Senior project managers

Course Details

Course Level

  • This is an advanced level course and delegates should have 2 years’ experience in a supervisory, management or assurance role
  • Delegates should have a good educational standard (Bachelors degree or above) and/or a professional qualification or be suitably experienced
  • No advance preparation is required
  • Delivery method – On-line interactive (with exercises and case studies to provide practical application of the tools and techniques)

After completing this course you will be able to

  • Implement appropriate and varied techniques for the identification and assessment of risks
  • Generate measurable value by aligning the ERM framework with corporate performance expectations
  • Engage the Board in the analysis of enterprise risk scenarios
  • Foster a culture that reinforces appropriate risk-taking to balance value creation and value protection
  • Clarify ERM accountabilities of all employees from executives to the front line
  • Implement key risk indicators (KRI’s) for each line of business
  • Enhance achievement of corporate objectives by linking performance targets, and risk management actions
  • Develop risk appetite statements and apply risk tolerance techniques

CPE credits

Participants will earn 10 CPE credits ( in the Management Advisory Services field of study)

Modules

Day 1: Taking Enterprise Risk Management to the next level

Characteristics of an advanced ERM process

  • Board-level commitment to ERM as a critical decision  framework
  • An ERM culture that encourages full engagement and accountability at all levels of the organization
  • Engagement of stakeholders in risk management strategy development and policy setting
  • Transparency of risk communication
  • Integration of financial and operational risk information into decision making
  • Identification of new and emerging risks using internal data as well as information from external providers
  • A move from focusing on risk avoidance and mitigation to leveraging risk and risk management options that extract value
  • New paper on ERM and the role of Executive management will be shared
  • Exercise 1 – The challenges involved

Extreme risk events

  • Why crises such as extreme pollution, tsunamis, loss of significant critical information and the Covid 19 virus have shocked the world
  • Triggers for extreme events
  • Awareness of external trends – key risk indicators
  • Determining a practical plan- it is not possible to plan for everything
  • Identifying principal risk factors (Vodafone case study)
  • Understanding of third party risks
  • The domino effects – mapping the impacts
  • Crisis response capability
  • Allocating clear roles and responsibilities
  • Post crisis review – collection and analysis of data and actions taken
  • External reporting
  • Learning from others – keeping up to date
  • Risk register for extreme events
  • Exercise 2 – Extreme risk management

Risk Attitude

  • The need to define risk as the need to get things right – not what can go wrong
  • ‘Ring fencing’ risk exposure – never allow one part of the business to impact the  whole organisation
  • Determining and communicating your attitude to risk and your required risk culture to managers and stakeholders
  • Recognising that reputation is both your biggest asset and the biggest risk you face – and one you cannot insure
  • Not waiting until you are required to provide evidence of effective risk management by regulators or legislation – this will usually be too late
  • Exercise 3 – Enforcing a risk attitude

Key risk indicators (KRI’s)

  • The banana skins
  • Identifying these in advance
  • Examples of KRI’s
  • New KRI guidance
  • How to develop effective KRI’s
  • Exercise 4 – Identifying KRI’s for all key risks

The Risk register challenges

  • Why the ERM process often fails to engage management
    • Risks recorded are much too general
    • Causes and effects are confused with risks
    • Only residual risk is concentrated on
    • Various different methods are used for scoring risks
    • Benefits are difficult to determine
    • The process is far too complex
  • The Risk register solution
    • Start with the business objectives
    • Record the risk events
    • Assess the inherent risk
    • Identify the cause or causes for each risk
    • Determine an accurate position for the process to mitigate each cause
    • Assess the residual risk
    • Determine any areas of risk exposure (or opportunity)
    • Develop an action plan to deal with each exposure
    • Determine a target for each risk
  • Exercise 5  – The advanced ERM risk register

Risk appetite

  • What is risk appetite
  • The difference between risk appetite and risk tolerance
  • Defining risk limits
  • Risk profiling
  • Developing risk appetite statements
  • Examples of risk appetite statements
  • Exercise 6 – Defining risk appetite for all business activities

Day 2: ERM risk measurement techniques

Risk workshops

  • The power of workshops
  • Techniques for successful risk workshops
  • The need to involve peer groups
  • Establishing a risk workshop
  • Facilitation techniques
  • Exercise 7 –Risk identification

Delphi (expert analysis)

  • Getting consensus from experts of different backgrounds and perspectives
  • Comparing  the opinions of qualified experts from different fields
  • Determining acceptable risk by using experts to assess e.g. total credit given versus credit available or to establish creditworthiness criteria
  • Worked example
  • Exercise 8 –Delphi analysis – the mystery

Ishikawa (fishbone) analysis

  • Very effective in evaluating risks with multiple causes
  • Steps in fishbone analysis
    • Problem identification
    • Primary and secondary causes
    • Establishing priority criteria
    • Preparing fishbone diagram
    • Analysing the output
  • Exercise 9 – Ishikawa exercise – loss of key personnel

Monte Carlo simulations

  • Mathematical technique that allows people to account for risk in quantitative analysis and decision making.
  • Provides a range of possible outcomes and the probabilities they will occur
  • Determines a probability distribution
  • The types of distribution
    • Normal (bell curve)
    • Uniform
    • Triangular
  • Uses of Monte Carlo simulations
    • Used to price complex financial instruments
    • To determine the VAR (value at risk)
    • Determining the option to expand, contract, or postpone a project
  • Exercise 10 – Monte Carlo exercise

Bayesian networks

  • Bayes theorem
  • The risk events where the  probability of one event is conditional on the probability of a previous one
  • Adding more data to an original idea to enhance decision making
  • Use of Bayesian networks
    • Weather forecasting
    • IT network failure
    • Medical diagnosis
  • Exercise 11 – Bayesian network exercise

Bayesian networks

  • Bayes theorem
  • The risk events where the  probability of one event is conditional on the probability of a previous one
  • Adding more data to an original idea to enhance decision making
  • Use of Bayesian networks
    • Weather forecasting
    • IT network failure
    • Medical diagnosis
  • Exercise 11 – Bayesian network exercise

Emergent risks

  • There is no clear boundary with other types of risk
  • Emergent Risks cannot often be easily anticipated
  • At early stages they are often low probability / high impact
  • Areas for consideration
    • Political
    • Regulatory
    • Legal
    • Security
    • Technology
    • Environmental
    • Knowledge
  • Exercise 12 – Team Exercise to enable you to appreciate the emergent risks

Risk appetite and risk tolerance

  • What is risk appetite
  • The difference between risk appetite and risk tolerance
  • Defining risk limits
  • Risk profiling
  • Developing risk appetite statements
  • Examples of risk appetite statements
  • Exercise 13 – Defining risk appetite

ERM and decision making

  • For every key proposal passed to the Board or senior management for decision, insist that a full risk analysis is submitted
  • Match key risks to corporate objectives each year.
  • Ensure that you under promise and over perform – not the other way round
  • Invite all your key stakeholders to a risk workshop
  • Analyse the major surprises and near misses that you have had in the last 12 months
  • Recognise that ‘if it seems too good to be true’ it probably is
  • Prepare media statements in advance to cover all possible crises
  • Twice a year ask all key executives to identify 3 opportunities and set up a high level workshop to discuss and prioritise them
  • Develop a corporate opportunity register
  • Offer special incentives for the best ideas to reduce risk or exploit opportunities
  • Exercise 14 – Exploiting Opportunities

About Phil Griffiths

Phil Griffiths, FCA

Phil Grifffiths

Phil Griffiths is founder and Managing Director of Business Risk Management Ltd.

A Chartered Accountant, he has over 30 years experience in risk management, Corporate Governance, internal audit and fraud prevention as practitioner, professional adviser, facilitator and trainer.

His areas of specialism are:

 

  • Assisting Senior Management to identify, manage and then exploit the risks within their business via facilitated business risk management programmes
  • Helping Internal Audit functions to implement world class standards.
  • Developing fraud prevention, detection and investigation programmes
  • Training both private and public sector organisations in all the above disciplines.

He has extensive experience of the European, Asian, Middle Eastern, and African markets having trained professionals from over 1000 organisations in these regions during the past 15 years

He has extensive experience of managing and auditing major International projects. He has also direct experience of negotiating major contracts (including the largest mobile telecommunications contract in the world at the time)

Phil has developed strategic alliances with professional bodies and world renowned training companies, to deliver training and consultancy services across Europe, Asia, the Middle East and Africa.

He has developed over 300 training courses on all aspects of internal audit, risk management and fraud and delivered them across the globe.

He has led risk management programmes for more than 120 private and public sector clients tailored specifically to include facilitated workshops, development of risk strategies and assistance with implementation

He is an accomplished author. His book ‘Risk Based Auditing’ is an international best seller and his new book ‘Enterprise Risk Management – the key to business success’ is receiving much acclaim

Phil has published research into many aspects of internal audit and risk management best practice, including “Strategic Risk management” “The Need to Co-ordinate Assurance Providers” and “The Expectations of Chief Executives towards Internal Audit and its future”

He is recognised as an accomplished and charismatic facilitator, trainer and lecturer and is in continual demand to speak at the most prestigious events on risk management, internal audit and fraud.

Schedule Overview

Course Fee and Timings

The fee for the 2-day course is GBP 500 (US$ 650) which includes comprehensive course materials. The course will consist of three 1.5 hour sessions each day and will run from 10am to 3.30 pm Dubai time each day.

Enquire
Close

Back to Top
Newsletter

Enter your email and subscribe for regular updates from Innoverto