R I S K   M A N A G E M E N T

Sessions will cover emerging global Risk Management guidance, ERM implementation in both the early and mature stages and internal audit’s roles in providing risk management assurance.

CS 1-2
How Can Internal Auditors Evaluate the Quality of Risk Management Decision-making?
Malcolm Schwartz, CRS Associates

Auditing typically has an historical dimension, and focuses on measuring results. Auditing risk-management decision-making moves the audit time dimension to the future: the outcome, as is risk management itself, is uncertain. So, how can one audit uncertainty? Doing so calls for a new approach, new tools, and old tools applied in new ways.

In this session, participants will learn how to:

  • Evaluate how the organization considers external events that can influence its risk profile.
  • Assess how risks are identified and prioritized in a predictive context.
  • Apply a rigorous approach to business-process analysis as an underlay to risk management.
  • Consider the use of key risk indicators in the context of the above.

FIELD OF STUDY: MANAGEMENT ADVISORY SERVICES

CS 2-2
Delivering Assurance Based on ISO Standard 31000: Risk Management
Andrew MacLeod, Brisbane City Council
Michael Parkinson, KPMG

ISO 31000 Risk Management was published in November 2009. It is the first truly international risk management standard. Internal auditors have an obligation to deliver a risk-based assurance program and other assurance providers should base their programs on risk so that cost-effective assurance can be delivered.

In this session, participants will learn how to:

  • Identify and use the components of ISO 31000.
  • Coordinate risk management and assurance.
  • Link internal audit risk analysis to the risk management framework.
  • Provide feedback on significant risks during every review.
  • Review risk management within their organization.

FIELD OF STUDY: MANAGEMENT ADVISORY SERVICES

CS 3-2
How Internal Audit Can Influence the Risk Management Culture
Karl Riem, Wells Fargo
Elisa Young, ING Insurance Americas

Effective risk management is becoming more important given today’s environment, regulatory focus on enterprise risk management (ERM) and management’s increased focus on this topic. Although ERM is ideal for any company, how can internal audit help management work towards effective ERM?

After this session, participants will be able to:

  • Be a key player in the ERM of their organization.
  • Develop specific actions to influence the risk management culture.
  • Create tools that will assist them in their role to facilitate effective risk management.
  • Apply an integrated risk management process to ensure overall effectiveness of the Internal Audit role.

FIELD OF STUDY: MANAGEMENT ADVISORY SERVICES

CS 4-2
Bite-sized ERM
Warren Stippich, Grant Thornton
Bailey Jordan, Grant Thornton

ERM discussions have gained a lot of momentum and interest in the board room this past year. In part, driven by the economic collapse of Wall Street, many board members are wondering if Wall Street could have done more holistically to have anticipated risks that drove some of the calamity. Board members have been challenging management to make sure that their companies don’t have unanticipated surprises and that uncertainties are identified, discussed and managed with an appropriate plan. Continual regulatory changes also put emphasis on the need for ERM.

After this session, participants will be able to:

  • Understand management’s perspective and concerns about ERM's benefits and challenges.
  • Explain the cost benefit to key stakeholders.
  • Educate management on implementation options.
  • Define ERM implementation in phases with defined periods and results.

FIELD OF STUDY: MANAGEMENT ADVISORY SERVICES

CS 5-2
ERM, Governance and Value
Richard Anderson, Richard Anderson & Associates

For many organizations, both in the financial and non-financial sectors, ERM has failed. Regulators around the world are exploring the linkages between ERM and Corporate Governance with the creation of board oversight committees. And yet this almost misses the point entirely: if boards are only doing this risk thing because they are required to do so, it will almost certainly fail. In this session we will explore some of the key elements of the relationship between ERM and the board including risk maturity, the importance of ethics, listening for weak signals and the linkages with shareholder (or economic) value. We will also explore some potential approaches.

In this session, participants will learn:

  • How to develop more effective ERM programs.
  • The relevance of risk management maturity.
  • The multiple role of ethics in ERM
  • Some potential approaches to empowering the Board Oversight Committee to fulfil its role.

FIELD OF STUDY: MANAGEMENT ADVISORY SERVICES

CS 6-2
The Risk Intelligent Internal Auditor
Sandra Pundmann, Deloitte & Touche

The risk intelligent internal auditor helps his/her company understand how value is created and destroyed in the business and how risks are identified, used to create value and managed within the company. Perhaps the two biggest lessons coming out of the credit and financial crisis are the need for companies in all industries to take a broader view of risk and for those at the highest levels of the organizations, particularly the C-suite officers and boards of directors, to be more focused on it.

In this session, participants will learn how to:

  • Build on investments already made in conventional risk management by identifying the 10 “fatal flaws” of traditional approaches and the 10 constructive, risk intelligent skills that counter them.
  • Assist the organization in defining risk management responsibilities of senior management and the board of directors and how internal audit can play a vital role.
  • Improve management and governance results by orchestrating people, processes and systems in a harmonious and synchronized risk intelligence program.
  • Adopt 10 essential and practical skills for surviving and thriving under conditions of uncertainty and turbulence.

FIELD OF STUDY: MANAGEMENT ADVISORY SERVICES

CS 7-2
Risk Management: Why Did It Fail and What Needs to be Done to Improve it?
Leen Paape, Nyenrode Business University

Risk Management failed miserably in preventing the current economic crisis. Apparently, risk management models and the widely adopted COSO framework were not much help. In this session not only the reasons why risk management failed will be explored but also which features of the COSO model are useful. Participants will also receive a survey tool to assess the quality of risk management in their own organization.

In this session, participants will learn:

  • The main reasons for the massive failure of risk management.
  • The best practices for a sound risk management process and system.
  • How to assess the quality of risk management in their organization.
  • As an internal auditor, where to look for assessing the quality of risk management.

FIELD OF STUDY: MANAGEMENT ADVISORY SERVICES

© 2009 The Institute of Internal Auditors | Atlanta photos © AtlantaPhotos.com