enterprise risk management best practices for microfinance and savings programs in developing...
TRANSCRIPT
Leadership Summit 2016
ENTERPRISE RISK MANAGEMENT HOPE and Industry Practices
Leadership Summit 2016
History of the HOPE ERM program, where does it stand now and where is it going?
What is Enterprise Risk Management?
Why did HOPE start ERM?
What does HOPE’s ERM provide to the Organization?
How does HOPE’s ERM support good stewardship?
HOPE has a robust ERM program given its size.
Leadership Summit 2016
Given our goals and strategic plan, what risks should we be thinking about? External environment
Governance
Operational and business model risk
Efficiency
Technology
Capacity building
Leadership Summit 2016
Risk management examples
Josh Ruyle – Asia and Eastern Europe Regional Director Dera Rakotondratsimba – Managing Director of HOPE DRC
Leadership Summit 2016
Best practices
Organizations need well understood risk management and control principles to • Protect finances and reputation • Provide management accountability, independent controls and risk
disclosure Key elements of an effective risk culture include
• Strategy aligned with risk principles • Keep the risk management process relatively simple and straight forward • Clear risk, risk management and risk control definitions
(see below)
Business Operating Model
Inherent Risks
Risk Mitigants
Residual Risk
Leadership Summit 2016
Best practices (continued)
Risks • The risk of loss resulting from inadequate or failed internal processes, people and
systems or from external causes (deliberate, accidental or natural) • The losses
- May be direct or indirect financial losses - May be in the form of falling short of mission goals or reputational damage
Risk management - A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives. Risk control - The employment of all the means devised in an enterprise
to promote, direct, restrain, govern, and check upon its various activities for the purpose of seeing that enterprise objectives are met. These means of control include, but are not limited to, form of organization, policies, systems, procedures, instructions, standards, committees, charts of accounts, forecasts, budgets, schedules, reports, records, checklists, methods, devices, and internal auditing.
Business Operating Model
Inherent Risks
Risk Mitigants
Residual Risk
Leadership Summit 2016
Best practices (continued)
Management ownership of risks and their appropriate mitigation • Management involvement and ownership in identifying, understanding and
addressing risks – straightforward highlighting of key risks with senior management
• Establish, monitor and report on action plans to appropriately mitigate risks Day-to-day risk management as a key component of operations
• Employees at all levels responsible for identifying and managing the risks in their day-to-day activities
• Building a “risk culture” throughout the organization of honesty and transparency. Reinforcing this culture in the performance appraisal system and recognizing / rewarding those who honestly identify risks and cultivate appropriate risk mitigation.
Business Operating Model
Inherent Risks
Risk Mitigants
Residual Risk
Leadership Summit 2016
Q&A?