building enterprise risk management - sas
TRANSCRIPT
Copyright © 2015, SAS Institute Inc. All right reserved.
Building Enterprise Risk
Management
in industrial company
Copyright © 2015, SAS Institute Inc. All right reserved.
Integrated Risk Management Model
GOAL:
Key elements:
Increased spread of
risk management into
business processes
Comprehensive
view of business
risks
Strengthening the
culture of risk
management
Risk Governance Risk ReportingProcess
Copyright © 2015, SAS Institute Inc. All right reserved.
Risk governance
Definition of risk management guidelines
Second Level
Risk Control
Functions
First Level
Management
– risk owner
Third Level
Independent
assurance
provider
General frameworks
By-lawsCode of
ethics
Code of
conduct
COSO
Report
Framework
Regulatory
systemetc.
Copyright © 2015, SAS Institute Inc. All right reserved.
Risk governance (continued)
Board of
Directors
CEO
Integrated Risk
ManagementInternal Audit
CFO Staff Function
P&C and Focal Point
RMI Business Corp
Control and Risk
Committee
Risk Committee
Risk Specialist Chief business
…
P&C Focal Point RMI Business Function …
Risk Specialist
…
1
2
3
4
5
Control and Risk Committee1
Risk Committee2
Integrated Risk Management (IRM) 3
Planning & Control Functions 4
Risk Specialists5
Copyright © 2015, SAS Institute Inc. All right reserved.
RMI Process
Risk Assessment & Treatment
Monitoring & Reporting
Guidance for risk
management
Copyright © 2015, SAS Institute Inc. All right reserved.
Risk Assessment & Treatment
Copyright © 2015, SAS Institute Inc. All right reserved.
Risk Assessment & Treatment
Specific treatment plans are defined for “top
risks”, should they require additional
mitigation. The treatment plan provides
detailed information on:
1. treatment strategy;
2. treatment action(s) to be adopted;
3. timing of implementation;
3. responsibilities for the implementation;
4. possible key indicators to monitor the risk
and the status of implementation of treatment
actions.
Copyright © 2015, SAS Institute Inc. All right reserved.
Monitoring and Reporting
The RMI function, with the support of corporate and
business area Planning and Control functions,
defines Key Indicators (KRIs, KCIs, KPIs) to:
• monitor eni Top Risks (e.g. trends, emerging risks,
etc.);
• supervise degree of implementation or Treatment
Plans;
• detect any improvement areas.
Risk Register
Monitoring Dashboard
Copyright © 2015, SAS Institute Inc. All right reserved.
Monitoring and Reporting
BoD
Control and risk committee/
Board of statutory auditors
CEO
Risk Committee
Management (as risk owner or risk specialist)
Risk examination
Risk sharing
Risk identification
and evaluation
Copyright © 2015, SAS Institute Inc. All right reserved.
PLANNING AND CREATION OF BUSINESS OBJECTIVES
Copyright © 2015, SAS Institute Inc. All right reserved.
ASSOCIATING THE STRATEGY TO THE RISKS AND
RELATED OBJECTIVES
Drill Strategy
Drill to related risks
Copyright © 2015, SAS Institute Inc. All right reserved.
VISUALISATION OF STRATEGY (INCLUDING OBJECTIVE
AND SUBOBJECTIVES RELATED)
Drill to view Objective details
Drill sub-objective
Copyright © 2015, SAS Institute Inc. All right reserved.
Drill to objective
RISK REGISTER
Copyright © 2015, SAS Institute Inc. All right reserved.
Drill graphical Link Analysis
RISK REGISTER DETAIL
Copyright © 2015, SAS Institute Inc. All right reserved.
LINK ANALYSIS
Copyright © 2015, SAS Institute Inc. All right reserved.
ASSESSMENT PLANNING
Copyright © 2015, SAS Institute Inc. All right reserved.
DETAILED ASSESSMENT
Copyright © 2015, SAS Institute Inc. All right reserved.
Identified issues
Drill related KRIS
Drill linked causes
DETAILED ASSESSMENT
Copyright © 2015, SAS Institute Inc. All right reserved.
TREND KRIS RELATED TO THE RISK REGISTER
Copyright © 2015, SAS Institute Inc. All right reserved.
ISSUES DETAIL VIEW
Copyright © 2015, SAS Institute Inc. All right reserved.
CORRECTIVE
ACTION PLANS