demystifying risk management€¦ · 2019-03-01 · demystifying risk management governance, risk...
TRANSCRIPT
![Page 1: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/1.jpg)
Demystifying
Risk ManagementGovernance, Risk & Compliance Conference, Crowne Plaza, Santy.26th February 2019
Jason Dowling CPA
Partner Whelan Dowling & Associates and CEO Red Flare
![Page 2: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/2.jpg)
A little bit about me!!
• Jason Dowling CPA
• Partner – Whelan Dowling & Associates
• Director & Co-Founder Red Flare
• Specialise in G.R.C. and I.A.
• >25 Years Practice
• Married – 3 Kids
• Twin
• Nearly became a fireman
![Page 3: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/3.jpg)
Approach for today
GRC – Three Lines of Defence
Risk Terminology
Operational Risk Framework
Risk Appetite, Tolerance & Capacity
Risk appetite setting
Risk monitoring & reporting
Regulators View
Risk Management Systems
![Page 4: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/4.jpg)
GRC Framework
![Page 5: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/5.jpg)
Risk Terminology
Risk framework
Risk appetite
Risk tolerance
Risk capacity
Risk universe
Risk indicators / Key Risk Indicator’s
Loss events / incidents
Risk reporting and documentation
Quantitative and Qualitative risk analysis
![Page 6: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/6.jpg)
Risk Terminology
Risk causes
Risk consequences
Risk mitigation
Risk controls
Risk assessment
Risk root cause analysis
Inherent Risk & Residual Risk
Impact & Probability - Matrix
Emerging risks
![Page 7: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/7.jpg)
Risk Management
![Page 8: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/8.jpg)
Risk Framework
![Page 9: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/9.jpg)
Operational Risk Framework
![Page 10: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/10.jpg)
Risk Appetite & Capacity is Set By the Board!!
![Page 11: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/11.jpg)
Risk Structure for Directors Meetings
![Page 12: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/12.jpg)
Top of the Pyramid
- Risk Appetite
Would you ever take up hang gliding? What about base jumping?
Would you drive a car if the seat belt was broken? To get to an important
meeting maybe?
If you were down to your last €100, would you bet €10 on a horse after a
hot tip? €20? Your whole €100?
At age 65, would you invest 25 per cent of your pension fund in the share
market? 50 per cent? 100 per cent? Or none at all?
Would you cross the top of Santry Avenue to save a minute walking to the
pedestrian crossing?
![Page 13: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/13.jpg)
Risk Framework
![Page 14: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/14.jpg)
Top of the Pyramid - Risk AppetiteHow Long Is O’Connell Bridge ?
![Page 15: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/15.jpg)
Understanding Risk Capacity
![Page 16: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/16.jpg)
![Page 17: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/17.jpg)
Top of the Pyramid
- Risk Appetite
The UK’s Financial Services Authority (FSA) states:
❑ “Risk appetite is the amount of risk that one is prepared to
accept, tolerate, or be exposed to at any point in time.”
![Page 18: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/18.jpg)
Understanding Risk Capacity
Risk Capacity - The maximum amount of risk an entity is able to
support within its available financial resources
❖ Versus
Risk Tolerance - The maximum amount or type of risk the entity is
prepared to tolerate above risk appetite.
![Page 19: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/19.jpg)
Understanding Risk Capacity
![Page 20: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/20.jpg)
Risk Examples – Category Event Appetite Capacity
School – Insurance – Accidents – Zero (2)– Medium (13)
Nursing Home – Conduct – HIQA – Zero (2)- Low (7)
Rugby / Football Club – Liquidity – Relegation – Low(2) – Medium (13)
Airline – Environmental – Terrorism – Zero – Low
Cruise Line – Operational – Loss of Life – Zero – Low
Farming – Insurance – Weather – Low - Medium
Construction – Capital – Cashflow – Medium (13) – High (17)
Semi State Transport – Strategy – Strike – Low - High
High Street Retailer – Market – Online Retail – Medium - Medium
Xmas Tree Sales – Business Model – Seasonal – Low – Medium
Funeral Home – Market – Cure Cancer – High (17) - Extreme (22)
![Page 21: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/21.jpg)
Matching Score to Appetite
![Page 22: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/22.jpg)
Mapping Risk Appetite to Scoring Matrix
![Page 23: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/23.jpg)
You Need To Define Individual Scores and
relate back to appetite.
![Page 24: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/24.jpg)
Objectives of an Effective Risk
Appetite Statement
Another way of thinking: RAF is an enabler to take accepted levels of risks inthe pursuit of its strategy. Hence it needs to be within the DNA of all staff asthey all have a role in ensuring the strategy is achieved.
A RAS allows staff to answer:
❑ How much risk can I take on to deliver on this objective?
❑ Can I pursue this new business opportunity?
❑ What is the guide on pricing for a particular type of product / customer / market?
Risk appetite formulation is a key element of overall strategy
Risk capacity – a company’s ability to take on risk – is compared against a company’s planned risk profile in the self-assessment process
Risk monitoring is included in the broader KPI’s that support strategy
As with strategy, risk appetite needs to be dynamic and periodically reviewed
![Page 25: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/25.jpg)
Failures In Governance & Risk Management can
Lead To …
![Page 26: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/26.jpg)
Thou Shalt Obey
Your Prescribed
Legislation
Not Maybe or
Might!!
![Page 27: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/27.jpg)
What Does the Regulator Think?
![Page 28: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/28.jpg)
Risk Reporting
![Page 29: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/29.jpg)
Risk Reporting
![Page 30: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/30.jpg)
Risk Reporting
![Page 31: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/31.jpg)
Risk Reporting For CU’s – Charities Could Adopt
Reports should cover the following at a minimum:
• significant risks and the effectiveness of systems and controls;
• any risk events that have occurred and the actions taken or proposed to mitigate
the risk;
• likely or actual deviations from risk tolerance levels or established systems and
controls and should include the timeframe and status of any activities that are
proposed to address these;
• any negative trends in higher risk areas and any recommended changes to risk
management activities;
• any new risks including their risk assessment, risk rating and systems and controls;
• any material emerging risks and recommended course of action;
• updates on risk management actions arising from previous reports that have been
approved by the board of directors (or risk committee where one exists); and
• any recommended remedial action required.
![Page 32: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/32.jpg)
What is Strategy
What is Strategy – Thompson and Strickland
Everybody is required to face the three central
questions
❑ What is our present situation?
❑ Where do we want to go from here?
❑ How are we going to get there?
![Page 33: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/33.jpg)
Strategic Delivery Formulating an effective strategy is not enough unless its successful
execution is enabled by the right business model with properly
embedded risk management and governance framework.
➢ Achievable Goals
➢ Clearly defined targets
➢ KPIS
➢ Strong Reporting
Framework
➢ Biggest Risk if Failure
of Strategy
![Page 34: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/34.jpg)
Risk Management & Technology
![Page 35: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/35.jpg)
Considerations Risk Systems
Excel Spreadsheets – Size, Version Control, Embedding
Integrated API’s in Risk Systems
Automatic Notifications
Audit Trail
Realtime Reporting – Filters, Historic Reporting
Internal Control Framework
Cloud vs Prem
Cost vs Benefit
Loss events / incidents / leading indicators
Bow Tie Risk Management – Cause & Consequences
Risk reporting and documentation
Value Add – Makes Life Easier
![Page 36: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/36.jpg)
Shameless Plug – Buy Red Flare
![Page 37: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/37.jpg)
Questions??
![Page 38: Demystifying Risk Management€¦ · 2019-03-01 · Demystifying Risk Management Governance, Risk & Compliance Conference, Crowne Plaza, Santy. ... Risk capacity –a company’s](https://reader033.vdocuments.site/reader033/viewer/2022060900/609dd9a6a812b242fd20f315/html5/thumbnails/38.jpg)
Contact details
Jason Dowling CPA
01-6771411
Thank you for your time!