WHY YOU NEED ADVANCED LEVEL KNOWLEDGE AND SKILLS
REASON #1 - STAKEHOLDERS & THE BOARD INCREASINGLY EXPECT IT
Regulatory bodies around the world and the National Association of Corporate Directors ("NACD") have called for directors to exponentially increase their focus on risk management and oversight to meet new SEC and Canadian Security Administrator ("CSA") and OSC expectations:
While risk oversight objectives may vary from company to company, every board should be certain that:
- the risk appetite implicit in the company's business model, strategy, and execution is appropriate
- the expected risks are commensurate with the expected rewards
- management has implemented a system to manage, monitor, and mitigate risk, and that system is appropriate given the company's business model and strategy
- the risk management system informs the board of the major risks facing the company
- an appropriate culture of risk-awareness exists throughout the organization
- there is recognition that management of risk is essential to the successful execution of the company's strategy
Source: National Association of Corporate Directors, REPORT OF THE NACD BLUE RIBBON COMMISSION, RISK GOVERNANCE: BALANCING RISK AND REWARD, October 2009
In Canada the new and radical CICA guidance "A Framework for Board Oversight of Risk" is expected to be released in final late fall 2011. (http://www.rogb.ca/risk-oversight-framework/index.aspx)
REASON #2 –IIA PROFESSIONAL STANDARDS CALL FOR IT
The Institute of Internal Auditors Standard 2120 requires internal auditors evaluate the effectiveness of risk management processes. Effective January 2009 the IIA revised the professional practice standard to elevate the importance of risk management. The wording changed from "should evaluate the effectiveness and contribute to the improvement of risk management processes" to "must evaluate and contribute..." To assess risk management processes auditors need advanced level knowledge.
REASON #3 – PROFESSIONAL SKILLS ADVANCEMENT
In August 2011 the Institute of Internal Auditors ("IIA"), to equip members to meet the new focus on effective risk management processes, announced the launch of a new professional designation, Certification in Risk Management Assurance ("CRMA") (http://www.theiia.org/certification/crma/). The grandfathering period to qualify without exam for this hot new designation commenced October 1, 2011. This IIA initiative is designed to help internal auditors meet the new expectations and advance their personal career tracks. This training has also been specifically designed to help professionals that want to qualify for their "CRMA", a designation that is expected to quickly become a "must have" for many positions.
WHAT THIS WORKSHOP COVERS – RISK ASSESSMENT NUTS AND BOLTS
The workshop focuses on the key elements to build an effective ERM program, including giving you step-by-step guidance on how to perform a reliable risk assessment. These elements are critical to understanding the core components of an effective ERM program.
Day 1 – Elements of Effective ERM
ü Escalating risk management and oversight expectations in the public and private sector – what specifically do senior management and boards need to demonstrate to regulators, investors, credit rating agencies, customers, and others. What's the role of internal auditors and ERM facilitators?
ü Evolution of generally accepted risk management frameworks and terminology, including COSO ERM 2004, the new COSO Internal Control Integrated Framework expected in exposure draft form October 2011, ISO 31000, RIMS risk management maturity, IRM risk frameworks, and more.
ü Why thousands of ERM initiatives around the world have failed – "fatal ERM flaws".
ü Understanding the mechanics of the different approaches to assess and report on risk – pros and cons of each approach
ü Why "Objective-Centric" risk management provides maximum business benefits and avoids fatal flaws of many traditional ERM approaches.
ü Defining an ERM universe – practical methods to create an "Risk and Assurance Heat Map"
ü Why the sudden increase in focus on defining "risk appetite"? What is it, how do you assess/measure it, how can senior executives and boards demonstrate they have defined what it is and have implemented frameworks to measure and monitor it.
Day 2 – Risk Assessment Step-by- Step & Auditing ERM
ü Step 1- often overlooked – before commencing a risk assessment identify clear end result business objectives to be assessed. Understand the difference between what needs to be achieved as an end result outcome and "ways to achieve".
ü Practical methods to identify key elements of the "internal and external risk context".
ü Practical methods to identify and assess risk, including "black swan risks" - low probability/massive impact risks. (NOTE: brain storming alone often fails to identify key risks)
ü Reasons why "people stink at risk management" – leading theories on why some of the biggest and most sophisticated organizations in the world sometimes get it seriously wrong.
ü Methods to identify and document the full range of relevant "risk treatments", including risk mitigation/internal controls and risk financing/transfer vehicles including the role of insurance and contract indemnities.
ü Documenting key elements of the "residual risk status" linked to business objective(s) being assessed.
ü Rating and reporting on the current and target residual risk status - how to facilitate management risk acceptance of residual risk status
ü ERM reporting options to management and the board - what would reporting look like and what are the critical elements to include
ü Facilitating risk assessment workshops – key do's and don'ts.
0 comments:
Post a Comment