1 / 20

What is risk? [and how should we manage it?]

What is risk? [and how should we manage it?]. AGA Central PA Chapter Joe Kull February 9, 2011 PwC . Risk Defined. ISO 3100: the effect of uncertainty on objectives

dena
Download Presentation

What is risk? [and how should we manage it?]

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What is risk?[and how should we manage it?] AGA Central PA Chapter Joe Kull February 9, 2011 PwC

  2. Risk Defined • ISO 3100: the effect of uncertainty on objectives • More classic: the likelihood of an event(s) occurring and the impact that event(s) will have on mission goals. The event can be positive or adverse. • Events that cause problems

  3. ERM[Enterprise Risk Management] Risk based approach for managing an enterprise, integrating strategic planning, operations management and internal control No ‘surprises’: mitigate/eliminate preventable losses Seek/identify opportunities to achieve mission goals At its core: Identify, measure, continuously monitor, periodically assess, and recalibrate/modify

  4. Basic Cycle Mission GOAL (Measurement) Strategies Tactics Plan Outcomes Metrics Assess Measures Indicators (Targets) Perform Operate Execute (Numbers) Record

  5. Types of Risk • External / Inherent Risk- conditions or events beyond management control, which could impact achieving mission objectives assuming no controls are in place. • Internal / Operational Risk- conditions or events management can influence directly that could impact achieving mission objectives assuming no controls are in place. • Control Risk- the risk that controls may fail to prevent or detect inherent risks • Residual Risk- the risk that remains after management’s response to risk (considering controls that are in place).

  6. Intangible risk management • 100% chance of occurring but cannot be identified • Usually has impact on productivity, efficiency • Deficient knowledge [knowledge risk] • Relationship risk [ineffective collaboration] • Process risk [ineffective operational procedures] • Results: reduces productivity, decreases cost effectiveness, service, quality, reputation, brand

  7. Dealing with Risk • Reduce/mitigate • Transfer/share • Avoid • Accept and budget

  8. COSO Internal Control Framework(same as GAO Definition of IC) Monitoring • Assessment of a control system’s performance over time. • Combination of ongoing and separate evaluation. • Management and supervisory activities. • Internal audit activities. Control Activities • Policies/procedures that ensure management directives are carried out. • Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties. Information and Communication • Pertinent information identified, captured and communicated in a timely manner. • Access to internal and externally generated information. • Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action. Control Environment • Sets tone of organization-influencing control consciousness of its people. • Factors include integrity, ethical values, competence, authority, responsibility. • Foundation for all other components of control. Risk Assessment • Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives-forming the basis for determining control activities. All five components must be in place for control to be effective.

  9. Principles of risk management [ISO] • Creates value • Part of processes, decision making • Addresses uncertainty • Systematic and structured • Considers the human factor • Transparent and inclusive • Informed, adapts to change and improvement

  10. Operational risks

  11. Controls abound • Air traffic • Quality • Inventory • Flood • Crowd • Climate • Financial • Rodent/pest • ARRA

  12. Recovery Act, Risk Management, and Internal ControlRisk Management – Risk Evaluation Likelihood - probability than an event could occur Impact - impact of an event should it occur

  13. Questionnaire

  14. Sample Methodology

  15. Risk Management – Risk Evaluation

  16. Challenges Challenges • Sponsorship, ownership, and buy-in • Jargon • Compliance drives controls, not risk • No clear approach to identifying, managing risk • No link between goals/risks/controls • Benefits (tangible and intangible) are not clearly understood • Stove-pipe, ad hoc approaches • Focus on documentation, testing, not results

  17. > 80% of U.S. MNCslist ERM as “top 10” Challenges include quantifying risks Conflicting priorities identifying/measuring the potential benefits of ERM Timelines, availability, and quality of information Different cultures and behaviors Integrating risk management into business processes Lack of clarity, roles and responsibilities Lack of skills Challenges Private sector • Source: PricewaterhouseCoopers Management Barometer ERM Survey, 1/19/07

  18. Enterprise Risk Benefits of ERM nag • Enhances service delivery / improves customer service • Promotes the efficient use of resources • Improves project management • Helps minimize waste, fraud, and abuse • Promotes continual improvement, innovation • Informs and directs the evaluation of internal controls • Helps achieve goals/objectives • Live within our means

  19. We have been doing so much for so long with so little, that soon we’ll be able to do everything with nothing forever.

More Related