Risk management approach in new risk trends Risk

  • Slides: 9
Download presentation
Risk management approach in new risk trends – Risk Advisory and Root Cause Analysis

Risk management approach in new risk trends – Risk Advisory and Root Cause Analysis M Khumalo

 • To protect and enhance institutional value by mitigating against threats to organizational

• To protect and enhance institutional value by mitigating against threats to organizational performance whilst leveraging on opportunities. Changing Risk Management Value Proposition • Traditional value add – minimizing wastages, proactively identifying threats to institutional performance, ensuring compliance and avoiding penalties and fees. • Modern and current trends – enhancing institutional performance through robust strategy formulation, proactive management of downturns in performance and optimizing opportunities. • (Enterprise) RM plays an even deeper role in serving as a linkage to different strategic points within the organization. • RM also plays a critical role in enhancing stakeholder value – stakeholders more interested in how the organizations goes about implementing its strategy. • Further linkages to other disciplines such as governance, compliance, ethics and integrity management.

Risk Assurance failure – Lessons for new risk approaches Lack of risk governance Poor

Risk Assurance failure – Lessons for new risk approaches Lack of risk governance Poor engagement by various assurance providers Management overriding control environment Blurred lines of defense model Changing business environment Dealing with symptoms vs. root cause

 • Limited value to management • Limited advisory services External Assurance Providers •

• Limited value to management • Limited advisory services External Assurance Providers • Removed from business operations (by design and ability) • Risks not aligned to critical business processes • compliance function – Compliance risk management? Internal Audit Risk Management Weaknesses in risk management across different levels of assurance • Slow or nonresponse in addressing poor controls – mitigation strategies not implemented > 3 years • Overriding of controls • Poor accountability • Legal vs. Risk Assurance • Removed from operations • Reactive • Focus on audit vs risk • Diminished Influence

 Collective responsibility and accountability – Combined Assurance vs. Integrated Assurance Champion for Combined

Collective responsibility and accountability – Combined Assurance vs. Integrated Assurance Champion for Combined Assurance Greater management responsibility for risk management Shift of paradigm Internal Audit and Risk Management reporting protocol Skillset for Risk Committee Closer linkages between MPAC, Internal Audit, Risk Management and Audit Committee Advisory services vs. Policing? Root Cause Analysis (RCA)

 • Understanding key strategic inputs of the organization – wider focus beyond the

• Understanding key strategic inputs of the organization – wider focus beyond the normal finances, human resources – appreciation of the environment: right strategy for the right people at the right time. Risk Management and Influence on Strategy • Institutional performance is a function of various organizational processes - Optimizing key institutional processes should be part of the organizational strategy formulation programme – risk management is a key influencer in this. • Defining the performance measures and reporting means is as important – can have the right strategy but measure incorrectly – measure the right things right • Defined outcomes and impact measures – many organizations measure process and output

External Causes Root Cause Analysis in Risk Management – RIMS Model People/Internal Personnel Causes

External Causes Root Cause Analysis in Risk Management – RIMS Model People/Internal Personnel Causes Process/Operational Causes Relationship Causes Systems/Physical Causes

 Ripple effect of risk Measuring Risk at various source – Reiterative Process Appetite

Ripple effect of risk Measuring Risk at various source – Reiterative Process Appetite and Tolerance determined at each level Key Risk Indicators to measure risk at source Risk Management Monitoring to compliance performance monitoring (individual and organizational)

Thank you

Thank you