1 / 30

Organisational risk management Anton Usher 19 March 2014

Organisational risk management Anton Usher 19 March 2014. A whistle stop risk review Risk in Australian corporate governance The benefits of organisational risk maturity Risk management and in-house counsel The evolution of in-house counsel’s role

kamin
Download Presentation

Organisational risk management Anton Usher 19 March 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Organisational risk management • Anton Usher • 19 March 2014

  2. A whistle stop risk review Risk in Australian corporate governance The benefits of organisational risk maturity Risk management and in-house counsel The evolution of in-house counsel’s role In-house counsel’s contribution to risk management Integrating risk management within your organisation Using an enterprise risk management framework Using a compliance framework Using a risk based internal auditing approach Key takeaways Overview

  3. A whistle stop risk review

  4. A global view: top risks in 2013

  5. A selected industry view: top risks in 2013

  6. Risk in Australian Corporate Governance

  7. Increasing risk management prominence (1) • (Proposed) third edition of ASX Corporate Governance Principles and Recommendations • Increases risk management prominence by recommending listed entities: • establish a risk committee • undertake risk management reviews at board / board committee level at least annually • disclose whether, and if so how, they have regard to economic, environmental and social sustainability risks

  8. Increasing risk management prominence (2) • New APRA risk governance measures: • New Risk Management standard - CPS 220 • Revised Governance standard - CPS 510 • Increases risk management prominence by requiring: • a separate board risk committee & designated CRO • a risk management framework that: • includes a risk management appetite and strategy • addresses material risk (financial, operational, strategic) • adopts a ‘three lines of defence’ risk governance model • annual risk management declarations and three yearly risk management reviews at board risk committee level

  9. Risk governance: three lines of defence model Source: Draft Prudential Practice Guide CPG 220 Risk Management, APRA, January 2014, p19.

  10. The benefits of organisational risk maturity

  11. Prosperity is connected to risk maturity Prosperity Risk management maturity

  12. Some characteristics of risk maturity

  13. Risk management & in-house counsel

  14. Evolution of in-house counsel’s role

  15. In-house counsel’s contribution to risk management • HELPyour Executive/Board answer these questions: • Do we have a handle on critical organisation risks and our ability to respond? • Is the top-down strategic view of critical organisation risks right? • Is the effort being put into risk processes aligned with the risk priorities? • Are our systems and people capable of responding to these risks? • Is risk management “built into” the way we do business or is it “added-on”? • USE an enterprise risk management approach that is: • Consistent with ISO AS/NZS 31000 • Tailored to your organisation • Practical and value adding

  16. Integrating risk management

  17. Enterprise risk management framework

  18. Identifying risks that matter

  19. A risk to successful delivery of objective Risk

  20. Using sources of risk to identify risk

  21. An example risk Risk: poor incident data quality

  22. Use a heat map to assess and report risk

  23. A compliance framework defines what you: HAVEto do (legal and regulatory obligations) WANTto do (organisational requirements) VOLUNTARILYdo (organisational commitments) Using a compliance framework

  24. Compliance = achieving business objectives safely An empowering compliance framework

  25. Prioritising legislative compliance obligations

  26. Risk based internal auditing (RBIA): is independent and objective evaluates and improves risk management effectiveness helps achieve corporate objectives Why use a risk based internal auditing approach

  27. RBIA is linked to the risk assessment process RBIA focusses on: areas of high risk key control systems for high risk areas, testing: control design – operational effectiveness control operation – operational compliance RBIA adds value

  28. Internal audits should be given overall risk ratings reflecting the level of inherent risk associated with the activity within the audit scope and the effectiveness of internal controls Use risk based internal audit ratings

  29. Risk management is becoming more prominent in Australian corporate governance Risk mature organisations do better In-house counsel has a key role in contributing to effective organisational risk management Enterprise risk management adds value by: prioritising risk mitigation effort prioritising and helping to ensure compliance obligations are met helping to ensure risk mitigation effectiveness helping to achieve corporate objectives Key takeaways

  30. Thankyou

More Related