Embedding Risk Management into the Corporate Culture

Lab Epitomy – South Africa and Kenya

• The ability to manage significant risks effectively is an increasingly critical success factor for all organisations, irrespective of the sector they represent. Badly informed or poorly executed risk management, on the other hand, can easily spell disaster (as recent high profile failures have demonstrated).
  
• Any organisation that has encountered unwelcome surprises or unexpected events should realise that most were preventable. Such events will almost certainly have been caused by risks that were not fully understood, or the processes to mitigate those events being inadequate.
  
• As each month passes the importance of risk and assurance increases, or so it would appear form the ever-increasing coverage being given to the subject.
  
• The result is that risk management has been catapulted from being a useful tool to become the very pulse of the organisation and the yardstick by which its management is judged.
  
• The key is to recognise that risk is not something that should be avoided – a risk is often an opportunity in disguise.
  
• Even without Corporate Governance requirements regarding business risk management, most forward-looking organisations have recognised the need to develop a formal, comprehensive business risk management programme.
  

Who Should Attend?

Any executive or manager tasked with developing, implementing or facilitating a business risk programme or anyone tasked with providing assurance to senior management that the significant risks are being managed appropriately.

This 3 day course will enable participants to :

• Increase focus on and delivery of objectives;
• Enhance understanding of risks and exposures faced
• Enforce ownership of risks;
• Build understanding of how risks are changing
• Integration of risk management into systems and project based development, contracting and partnership arrangements;
• Share effective working practices between managers and specialists;
• Enhance management information relating to Corporate Governance
• Identify over-managed risks and unnecessary controls

Topics Covered Include:

• Overview of the key elements of a business risk programme (i.e. a process to allow organisations to identify, evaluate, mitigate and monitor their key risks and opportunities)
• Explanation of the alternative risk identification methods
• How to successfully evaluate the key risks identified
• How to assess risk mitigation practices and identify exposures
• How to deal with exposures
• Practical demonstration of risk workshops
• Why you need to embed the risk management process into the Corporate culture
• Risk as the pulse of your organisation
• Why Risk management is a real business enabler
• Explanation of the key features of the various Standards (AUS/NZ, IRM/AIRMIC, COSO, BASEL etc)
• How to cascade the process effectively
• How to coordinate the efforts of the various assurance providers
• Why the emerging risks may be the real threats
• Opportunities for Internal Audit in the process

Course Outline

Day 1 - Identification of Major Business Risks

Breaking Down the Barriers

• Why senior management often lack a full understanding of the risks in their business.
• The role and responsibilities of Directors and line managers
• Definition of business risk and its nuances
• Designing strategies and systems to suit the organisation
• Defining significance in relation to risk (in monetary and other terms)
• Establishing a business risk programme - the steps to success.

Background

• Why business risk management is receiving such publicity
• High profile corporate failures and public embarrassments
• Exercise 1 – the major risks in your organisation
• The Corporate Governance debate
• Explanation of the AS/NZS 4360 standard – the internationally recognised risk management standard + COSO + IRM standards
• Other potential legislation and regulation
• The issues involved.

The Wider Business Agenda

• The need to understand the organisation’s strategic objectives
• Developing a programme to reflect these objectives
• Understanding the organisation’s risk appetite
• Categories of Risk
• The Risk management framework
• Exercise 2 – analysing a disaster – directly applicable to your sector
• Risk management systems

Establishing An Embedded Risk Management Process

• Why is risk such a hot topic?
• Surprises and risk
• Why financial risks are only the tip of the iceberg
• The widening of the risk portfolio
• The challenges- Basel, Governance, Non-Exec’s liabilities etc
• The need to link risk management with strategic planning
• New and emerging Risks- Reputation, Social, Environmental etc
• Getting your Chief Executives support
• Developing a risk strategy for your organisation
• Establishing the business case
• Selling the benefits to management
• Risk and competitive advantage
• Risk workshops – the do’s & don’ts

Risk Identification and Evaluation

• Exercise 3 – An exercise to allow you to see risk taking in action
• Approaches and techniques
• How to establish a risk workshop process
• The benefits of facilitation and the characteristics required
• The use of diagnostic questions and thought-provokers
• The pros and cons of using data capture technology
• How to identify, sift and group the risks
• Measuring the consequences and the likelihood of occurrence of each risk
• The use of risk matrices to prioritise the risks.
• Corporate Governance reporting requirements
• Getting your Chief Executives support
• Agreeing a common risk language
• Developing a risk policy for your organisation
• Selling the benefits to management

Day 2 – Practical Risk Evaluation and mitigation

Interactive Risk Workshop

• Exercise 4 - An actual risk workshop – with your own risks
• Enabling you to appreciate all elements covered in a live situation

Assessment of Risk Mitigation

• Managing risk – the options
• Management evaluation of mitigation controls
• How to assess risk mitigation
• Identification of risk exposures
• Critical evaluation of exposures
• Dealing with the exposures (the 4 Ts - terminate, tolerate, treat or transfer)
• Establishment of action plans.

Interactive workshop –part 2

• Exercise 5 - Risk mitigation and dealing with the exposures in practice

Integrating The Output From Risk Workshops Into The Business Planning Process

• Linking corporate risks into the Strategic planning process
• Linking operational risks into service planning
• Risk owners – how to determine such personnel and enforce ownership
• Annual statements by risk owners
• Developing risk tracking
• Using the risk register as a decision skeleton
• Quarterly Board reporting to review progress in addressing the exposures
• Risk Management Committee reporting
• Half yearly evaluation of key risks to ensure new risks identified and included
• Reports for Senior Management - power point example will be shared
• Exercise 6 – Team exercise to enable you to appreciate the emerging risks

Day 3 – Embedding the Risk process

Reputation and how to manage it

• The rise of reputation as the key risk
• The increasing importance of a positive image – the need to be admired
• Reputation – the value measure of the 21st century
• Where does reputation come from?
• How do you measure it?
• The explosion of regulation and external assurance
• The scrutiny dilemma (league tables etc) and the implications.
• The relationship between vision, values, behaviour and reputation
• Damage by association – partnering and alliances#
• Exercise 7 - how to judge reputation

Recording The Risk Environment

• Risk registers – the need to coordinate and link the output
• Flagging interdependencies – if one risk treatment is changed the other party or parties impacted need to be notified.
• Risk treatment analysis – how to determine the cost/ benefits of dealing with exposures / exploiting opportunities
• Risk management as a route to reducing bureaucracy
• Coordinating assurance under the risk umbrella – a successful model will be shared
• How to use the risk process to break down the culturalbarriers
• Making risk management second nature
• Keeping up the momentum
• Risk financing and how to introduce the disciplines
• Integrating incident management
• Business Continuity planning
• Integrating Health and Safety, Insurance and claims etc
• Measuring the benefits
• Exercise 8 -Measuring the benefits

Options for Internal Audit Involvement

• Pros and cons of Internal Audit facilitating the process
• Risk-based auditing: explanation and options
• Translation of the most significant risks into the basis of the audit programme
• Monitoring of action plans and Audit Committee reporting
• Evaluation and reporting of actual versus perceived controls
• Determining which key risks are not readily auditable.

Cascading the process

• Stakeholders interest in risk
• Workshops for other management levels
• How to measure the benefits
• Risk awareness for staff
• Sharing output with partners
• Evaluating risks within these relationships
• Risk indicators (KPI’s)
• Auditing the Risk Management programme
• How to Identify and reduce excessive controls
• Feeding key risks up the organisation
• Co-ordinating the whole process
• Useful web sites and reference books
• Managing stakeholder expectations
• How to use the programme to change the culture in a positive way
• Exercise 9 – The Bamboo pole – a fun way of putting all the issues covered in context

©Business Risk Management Ltd 2007

Course Outlines

Course Diary

Booking Information

In-House Training