Course Description
COSO defines Enterprise Risk Management (ERM) as “a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within the risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” That sounds rather vague. What does it mean to your organization, and how do you make it happen?
During this course participants will examine risk types, methods for identification of risk, evaluation of risks, mitigating options, and on-going monitoring. This class will help individuals learn and develop the skills necessary to help drive, implement, and execute an effective Enterprise Risk Assessment through the use of lecture, interactive discussion, case studies, best practices, and group exercises.
Learning Objectives
- Learning what ERM is and why it is important and valuable to organizations
- Understanding risk issues faced by organizations
- Understanding risk management frameworks used in managing risks
- Learning how to assess risks and risk drivers for a corporation
- Learning why risk quantification is important and basic quantification approaches
- Understanding how risk management is a powerful tool for both strategic and tactical decisions
Course Outline
Enterprise Risk Management Basics
- What is risk?
- What ERM is and why it’s important
- Value proposition of ERM
- The role corporate culture plays
- Internal and external environments
COSO ERM Model
- Internal environment
- Objective setting
- Event identification
- Risk assessment
- Control activities
- Information and communication
- Monitoring
The ERM Process
- Defining the risk culture
- Establishing roles and responsibilities
- Sponsorship
- Tone at the Top
- Formally defining roles and responsibilities
- Internal Audit’s role
- Establishing goals and objectives
- Implementing a formal ERM framework, process, and documentation
- Aligning business strategy with ERM goals
- Considering organizational culture, principles, and values
- Determining resource allocation for ERM
- Communications for ERM process
- Identifying the risks—assessment methodologies, tools, and techniques to use
- External and environmental risks
- Business and reputational risks
- Financial risks
- Operational and process risks
- Assessing the risks—qualitative and quantitative assessment
- Evaluating the risks—options for managing the risks
- Mitigating the risks—strategies and methods for implementing mitigation and monitoring
- Monitoring the risks—internal audit, data analytics, dashboards, etc.
Incorporating Fraud Risk Assessments
- Learning how to conduct a fraud risk assessment
- Understanding basic fraud concepts
- Identifying best practices in fraud risk assessment
- Learning to utilize appropriate frameworks for assessing fraud risks
- Usage of commonly used frameworks, scorecards, and reporting templates
- Incorporating into the ERM
Exercises, Case Studies, and Best Practices
- Tools and techniques
- Successes and failures
- Best practices
Additional Information
Who Should Attend
- Internal audit management and staff
- Financial an operational management and staff
Learning Level
Intermediate
Delivery
Group-Live
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
Auditing experience
Session Duration
On Site: 2 days
CPE Credits: 16