Enterprise Risk Management

Enterprise Risk Management known as (ERM) has evolved considerably since the seventies.

Programme Code
TR-1072
Duration
5 Days
Delivery
Classroom - Virtual
Programme Overview

Enterprise Risk Management known as (ERM) has evolved considerably since the seventies. From simply 'buying' insurance, it has now grown in importance to become a prime function in many organizations as part of a bigger system known as Governance, Risk and Compliance (GRC) which starts with corporate governance and ends with compliance. ERM is the function of studying the risks that may hinder a corporation's ability to achieve its goals and then deciding how to overcome those risks. Studies regarding risk management were done by different organizations, including ISO which issued ISO 31000 on risk management. However, the most accepted ERM system is the one designed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). This system, which is the one covered in this course, teaches the steps needed to control risk. It starts with the evaluation of the internal environment and the setting of objectives which are, mainly, a result of the tone at the top of the organization, the directives from corporate governance as well as the vision, mission and corporate strategies. Then, the course goes through the steps management needs to consider in order to identify and assess risk and decide on proper risk responses and controls. The course ends with how to monitor, communicate and report risk. In addition, the course looks at risk in different organizational areas such as strategy, reporting, compliance, operations, financial and physical risk as well as risk in different industries.

Programme Objectives

By the end of the course, participants will be able to:

  • Identify internal and external changes that will create risks to the organization
  • Understand the relation with the board of directors through governance and improve Risk-Based Decision Making (RBDM)
  • Influence internal controls by choosing the response to the risks identified
  • Classify risk categories in the organization and identify the right authorities to manage them
  • Analyze, assess and improve risk management practices within the organization
Target Audience

Managers, senior managers, directors, executives, financial controllers, senior accounting and finance personnel, and auditors.


Target Competencies
  • Improving risk monitoring and control
  • Analyzing and assessing risks
  • Advising directors on risks
  • Controlling risks
  • Mitigating risks
  • Reporting risks
Programme Outline

Introduction

  • Risk perception
  • Why should we care about risk
  • Internal environment changes
  • External environment changes

Risk management and corporate governance

  • Introduction to corporate governance
  • GRC concept: governance, risk and compliance
  • GRC system: governance, risks and controls
  • Risk management as part of corporate governance
  • Governance failures
  • Risk based decision making

Risk management and corporate control environment

  • Risk management’s influence on designing internal controls
  • Risk-based internal audit assessment of risk management performance

ERM and its evolution

  • ERM evolution
  • ERM benefits
  • ERM platform
  1. Strategic approach
  2. Operations and tactics
  3. Business reporting
  4. Compliance and process

Risk categories

  • Strategic risks
  • Reporting risks
  • Financial risks
  • Physical: life and safety risks
  • Compliance
  1. Laws and regulations
  2. Financial reporting standards
  • Operations
  1. External environment: socioeconomic, regulations, technology and competition
  2. Internal environment: structure, processes and culture

ERM components

  • Internal environment
  • Objectives setting
  • Event identification
  • Risk assessment
  1. The black swan challenge
  2. Quantitative versus qualitative analysis
  • Risk response
  • Control activitiesInformation and communication
  • Risk monitoring