Add to collection(s) Add to saved
  1. Business
  2. Finance

Risk Management

advertisement 
Energy Trusts of New Zealand
2011 Spring Conference
Risk Management and Internal Audit
What are they and how do they work?
Presenter: Rodger Murphy
Partner – Deloitte
Areas for Discussion
•
Risk management
- What is it?
- How it works
- Principles of risk intelligence
•
Three lines of defence
•
Top down approach
- Risks, risk mapping, risk prioritisation, measurement
- Assurance sources
•
Internal audit
- What is it?
- How can it work for your organisation
•
What could be included in an internal audit plan?
•
Some risks facing Energy Trusts
2
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Risk Management
•
What is it:
Co-ordinated activities to direct and control an organisation
with regard to risk
or
A Process to Manage What Keeps You Awake At Night
•
Risk Management: A set of components that provide the foundations and
Framework:
organisational arrangements for designing,
implementing, monitoring, reviewing and continually
improving risk management throughout an organisation
See diagram
3
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Risk Management Process – how it works
Establish context
Risk identification
Risk analysis
Risk evaluation
Monitoring and review
Communication and consultation
Risk assessment
Risk treatment
4
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Principles of Risk Intelligence
5
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Principles of Risk Intelligence
•
Common definition of risk applied consistently
•
Common risk framework used to manage risks
•
Key roles, responsibilities and authority relating to risk management are clearly
defined and delineated
•
Governing bodies (boards, committees) have transparency and visibility into the
organisations risk management practices
•
A common risk management infrastructure is used to support business units
and functions to deliver on their risk responsibilities
•
Executive management responsible for designing, implementing and
maintaining an effective risk program
•
Business units are responsible for managing their risks
•
Certain functions (finance, legal, IT) are pervasive and need to support
business units on risk
•
Certain functions (e.g. Internal audit) providing objective assurance and
monitoring
6
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
The ‘Three Lines of Defence’ Risk Governance Model
7
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Top Down Approach
Understand the full picture of your organisation
Take a Top Down Perspective
RISKS
Financial
Treasury
External
Reputational
Tax
Regulatory
Operational
Health & Safety
Strategic
Assets/IT
Legal
Business Continuity
Assurance
Management
Internal Audit
External Audit
Compliance
Specialists H&S /
Engineering
Value Drivers
Revenue
Growth
8
Strictly Private & Confidential
Operating
Margin
Asset Efficiency
Management &
Governance
Effectiveness
Execution
Capabilities
External
Factors
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Risk Prioritisation
•
Identify key risks in your organisation
•
Prioritise the top risks for Board oversight
•
Review top risks on a regular basis
•
Seek attestation from management on risks and mitigating controls
9
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
10
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Risk Assessment and Risk Measurement
LIKELIHOOD
Minor
CONSEQUENCE
Moderate
Serious
Major
Catastrophic
Certain
H
H
VH
E
E
Almost certain
M
H
VH
VH
E
Likely
L
M
H
VH
VH
Unlikely
L
M
M
H
VH
Highly unlikely
L
L
L
M
H
• Consistency
• Five point scale
11
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Internal Audit
•
What is it:
Independent activity providing assurance and feedback on risks,
controls and process improvement opportunities
•
How can it work for your organisation / trustees?
- Focus is primarily on assurance
- Helps protect an organisation from downside or risk and control weakness / failure
- Can be used to find smarter ways of doing business – process improvement
- One component of wider assurance activity
12
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Effective and Value Add Internal Audit Functions
•
Have independence
•
Appropriate reporting line to the Board
•
Strong on risk profiling / risk based approach
•
Get planning at overall and individual audit level right
•
Apply specialist skills – e.g. Treasury, IT, modelling
•
Must be practical with recommendations
•
Input at design and build stage of new processes and systems
•
Recognise new and changing risk areas e.g. Modelling, IT security and
automated operating environments (Scada systems)
•
Provides context reporting
•
Provides opinion on control effectiveness
•
Follow-up is critical on remedial actions
13
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
What could be included in your internal audit plan?
•
Links to top down risk profiling process
•
Identifies organisations core business processes as plan framework
•
Risk based
•
Follows organisation minimum requirements from policy/charters
•
Applies cycle of reviews over business processes
•
Provides you with a full 3 to 5 year picture of assurance reviews
•
Allocates sufficient budget to internal audit activity
•
Applies structured approach to review of IT areas (CoBiT/ITIL)
•
Focus on new and emerging risk areas e.g. IT security
14
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Sample risks facing Energy Trusts
Managing the Trust
•
Inadequate/ inappropriate risk management to ensure fiduciary
responsibilities and beneficiary expectations are met
•
Key personnel risk and segregation of duties due to a small team
•
Succession planning for trustee role
•
Legislative compliance risk
•
Inappropriate investment decisions
•
Trustee disagreement
•
Reputation risk (non-performing assets/investments/incidence management)
•
Inappropriate/lack of communication to beneficiaries regarding key issues
15
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Sample risks facing Energy Trusts
Managing the Trust’s Assets
•
Insufficient technical knowledge of the business or industry risks
•
Regulatory Compliance
•
Key issues/ concerns of management unknown/ inappropriately
communicated to Trust
•
Lack of presence/ authority on relevant business’ boards
•
Increased population vs. fixed payment amount (solvency risk)
•
Failure to appropriately distribute dividend payments
- Incorrect/ duplicate payments
- Fraud
- Cheques not cashed
16
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Questions
17
Strictly Private & Confidential
© 2011 Deloitte. A Member of Deloitte Touche Tohmatsu Limited
Related documents
2015 Strategic Vision. Technology Stream
2015 Strategic Vision. Technology Stream
Big Data
Big Data
Claudia Cattani Member of the Board of Statuary Auditors Ferrovie
Claudia Cattani Member of the Board of Statuary Auditors Ferrovie
CQD_Modelling Credit Risk_09042010_v1
CQD_Modelling Credit Risk_09042010_v1
Standaard Grootboekrekeningschema
Standaard Grootboekrekeningschema
Deloitte Mike Carnovali
Deloitte Mike Carnovali
Stephen Reid Delloite CSG Powerpoint Presentation
Stephen Reid Delloite CSG Powerpoint Presentation
William Asante
William Asante
Deloitte U.S. India Offices Overview
Deloitte U.S. India Offices Overview
How to Construct a Cover Letter
How to Construct a Cover Letter
Meet the Team
Meet the Team
Corporate Volunteering Expert
Corporate Volunteering Expert
Download
advertisement