Same as Module 5
Now we focus on advisory corporate governance regimes that encourage good RM processes
The Orange Book (Management of Risk - Principles and Concepts) from UK
High level guide designed to provide broad-based general guidance on the principles of RM in the public and private sectors
Includes identification and analysis of risk
Some advanced guidance:
Importance of horizon scanning
(Systematic activity designed to identify indicators of changes in risk)
Examines how the organization’s RM activities relate to the wider environment in which it functions
…that distinguish it
Importance of linking risk to objectives
Distinction between the risk and its impact
Need of distinguishing inherent and residual risks
Prioritization of risks is more important than quantification
Risk appetite should be subdivided into corporate, delegated and project
Should have a dedicated risk committee
(Read the orange book if have time)
The Treasury Board of Canada Integrated Risk Management Framework (2001) form CA
Developing the corporate risk profile
Establishing and Intergrated Risk Management Function (RMF)
Management direction on RM is communicated, understood and applied
Implement IMR operation through existing decision making and reporting structures
Practicing IRM
Apply a common RM process consistently at all levels
Integrate results of RM practices into informed decision making and priority settings
Ongoing consultation and communication with stakeholders
Ensuring continuous RM learning
Establish supportive work environment where learning from experience is valued, lessons are shared
Results of RM are evaluated to support innovation, learning and continuous improvement
Experience and best practices are shared, internally and across government
…that distinguish it
Importance of a comprehensive understanding of the organization’s risk profile, appetite and tolerance
Focus on RMF and the IRM activities
Value of a continuous and supportive learning environment
Need to establish the relationship between the organization and its operating environment, revealing the interdependence of individual activities and the horizontal linkage
New revised version “The Framework for the Management of Risk”
AS/NZS 4360: best practice RM standard by Standards Australia
Establish the context (SWOT factors)
Risk assessment:
identify \(\Rightarrow\) analyse \(\Rightarrow\) evaluate
Treat Risk
Monitor and review
Communicate and consult
…that distinguish it
Detail on risk analysis for non-financial organization
(Similar to op-risk for financial org)
Recommendation that RM process is formulated into a RM plan
Importance of senior managmenet buy in
Need for adequate resources being allocated to RM
Similar to the other guidance that provides generic guidelines without dealing with specific risks or sectors
Step forward from existing standards (more of what is needed for successful ERM) but still not a comprehensive framework
Risk Assessment and Management of Projects (RAMP)
RAMP Process:
(Key difference with AS/NZS 4360)
Similar steps as AS/NZS 4260
Additional steps:
Project launch stage and project close down analysis
Go/no-go decision step
Joint work from major RM organization in the UK
Institute of Risk Management (IRM), Association of Insurance and Risk Managers (AIRMIC), and ALARM The National Forum for Risk Management in the Public Sector
Similar to COSO with a methodical approach to RM and a structured approach to risk reporting
Strong focus on the role of a RM champion in the organization
Principles:
(In addition to what’s in the COSO)
In-house approach to RM is preferable
Internal audit is an important control
Clarity over the roles of stakeholders is important
Highly structured approach to risk reporting is beneficial