Chapter 5: Risk Management Framework and Process

Risk management framework
A foundation for applying the risk management process throughout the organization
Fundamental Purpose of Risk Mgmt Framework
1. To integrate risk management throughout the organization.
2. The ____________ is intended to support a risk mgmt. process.
Four Components of ERM Framework Model
1. Lead and establish accountability
2. Align and integrate
3. Allocate resources
4. Communicate and report
Five steps of the ERM Process Model
1. Scan environment
2. Identify risks
3. Analyze risks
4. Treat risks
5. Monitor and assure
Risk Owner
An individual accountable for the identification, assessment, treatment, and monitoring of risks in a specific environment.
Key Performance Indicator (KPI)
Financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals.
Key Risk Indicator (KRI)
A tool used by an organization to measure the uncertainty of meeting a strategic business objective.
P-D-C-A Cycle
Also known as Shewhart cycle and the Deming cycle, is an expansion of an approach to process improvement. The steps include Plan, Do, Check, and Act.
Lead and establish accountability
1. Leadership includes developing a risk management
philosophy and mission
2. Accountability
Accountability techniques
1. Identify risk owners
2. Key performance indicators
3. Key risk indicators
4. Criteria for risk evaluation
Align and Integrate
1. Risk Management’s objectives should be aligned with
objectives at both the strategic and operational levels of
the organization.
2. Organizational process integration
• Strategic planning
• Performance management
• Internal Control
• Compliance
• Governance
Allocate Resources
• Technology, including equipment and systems
• Administrative persons
• Specialists and analysts
• Training
• Financial resources
Communicate and Report
• Establish buy-in at all levels of the organization
• Establish the communication channels
• Risk Management Policy
• Communicate best practices
• Reporting; frequency and audience
Scan Environment
1. Specific and detailed review of both the internal and external environments of an organization.
2. Includes an evaluation of how each of an organization’s risk management processes aligns with its overall objectives.
Internal Environment
Information needed to evaluate the _________________ _________________________.
• What are the organizations objectives?
• What are the policies and procedures?
• What is organizational culture?
• How is risk management integrated into this function?
External Environment
Factors of __________________________ __________________________.
• Economic
• Political
• Legal and regulatory
• Technology
• Competitive landscape
• Natural
Identify Risks
• Develop a comprehensive list of risks that could effect the organizations ability to achieve objectives.
• Focus on key risks and emerging risks
• Appropriate individuals to involve: SMEs and Risk Owners
Risk identification tools
• Incident reports
• Scenario analysis
• Brainstorming
• Decisions trees
• Networking
• SWOT analysis
Analyze Risks
• Determine the sources of risks
• Likelihood
• Consequences
Treat Risks
Comparison will guide decisions regarding _____________ ________________.
These are the major options available for risks:
• Avoid the risk
• Modify the likelihood or impact of the risk
• Transfer the risk
• Retain the risk
• Exploit the risk
Monitor and Assure
Key purposes for monitoring
• Determine the effectiveness of controls
• Obtain information to improve risk assessment
• Analyze events and their consequences to understand trends, successes and failures
• Observe changes in internal and external environments
• Identify emerging risks
Traditional Risk Management Process
Step 1: Identifying loss exposures
Step 2: Analyzing loss exposures
Step 3: Examining feasibility of risk management techniques
Step 4: Selecting the appropriate risk management technique
Step 5: Implementing selected risk management technique
Step 6: Monitoring results and revising the risk management program
Step 1: Identifying loss exposures
•Identifying hazard risk
•Identifying operational risks
Identifying hazard risk
•Inspections
•Compliance reviews
•Risk assessment check lists
Identifying operational risks
•Internal control audits
•Review of organizational policies and procedures
Step 2: Analyzing loss exposures
•Loss frequency: number of losses
•Loss severity: amount, in dollars, of loss
•Total dollar losses
•Timing: when losses occur
Step 3: Examining feasibility of risk management techniques
•Risk Control: reduce the frequency or severity
•Risk Financing: techniques such as risk financing or risk transfer
Step 4: Selecting the appropriate risk management technique
•Forecast of the dimensions of expected losses
•Forecast of the effect of combined techniques on the frequency, severity and timing of the expected loss
•Forecast of the after- tax costs involved in applying the risk management techniques
•Non-financial considerations
Step 5: Implementing selected risk management technique
•Implement risk management technique
Step 6: Monitoring results and revising the risk management program
Circumstances requiring revision to the risk management program
•New loss exposures
•New developments in existing loss exposures
•Different risk management techniques
International Standard
To Implement an ___________________________ ________________________.
1. Gap analysis
2. Evaluation of the internal/ external environment
3. Integration into existing process
4. Commitment of resources
5. Communication and reporting
6. Monitoring and improvement
Risk Control
A conscious act or decision not to act that reduces the frequency and/or severity of losses or makes losses more predictable.
Risk Financing Techniques
Risk management techniques, such as retention or transfer, that generate funds to finance losses that risk control techniques cannot entirely prevent or reduce.