Why Attend
Enterprise Risk Management (ERM) has evolved a lot since the seventies. From simply ‘buying’ insurance, it has grown in importance to become a prime function in many organizations. It is now part of a bigger system known as Governance, Risk and Compliance (GRC) which starts with corporate governance and ends with compliance. ERM is the function of studying the risks that may hinder a corporation’s ability to achieve its goals and then deciding how to overcome these risks. Studies regarding risk management were done by different organizations, including ISO which issued ISO 31000 on risk management. However, the most accepted ERM system is the one designed by ‘COSO’. This system, which is the one covered in this course, teaches the steps needed to control risk. It starts with the evaluation of the internal environment and the setting of objectives which are, mainly, a result of the tone at the top of the organization, the directives from corporate governance as well as the vision, mission and corporate strategies. Then, the course goes through the steps management needs to consider in order to identify and assess risk and decide on proper risk responses and controls. The course ends with how to monitor, communicate and report risk. In addition, the course looks at risk in different organizational areas such as strategy, reporting, compliance, operations, financial or physical risk as well as risk in different industries.
Course Methodology
The course is based on detailed explanations by the instructor and presentations by both the participants and the instructor. It also includes many case studies related to different industries and areas of the business.
Course Objectives
By the end of the course, participants will be able to:
- Identify internal and external changes that will create risks to the organization
- Understand the relation with the board of directors through governance and improve Risk-Based Decision Making (RBDM)
- Influence internal controls by choosing the response to the risks identified
- Classify risk categories in the organization and identify the right authorities to manage them
- Analyze, assess and improve risk management practices within the organization
Target Audience
Managers, senior managers, directors, executives, financial controllers, senior accounting and finance personnel, and auditors.
Target Competencies
- Improving risk monitoring and control
- Analyzing and assessing risks
- Advising directors on risks
- Controlling risks
- Mitigating risks
- Reporting risks
Course Outline
- Introduction
- Risk perception
- Why should we care about risk
- Internal environment changes
- External environment changes
- ERM benefits
- ERM components
- Internal environment
- Objectives setting
- Event identification
- Risk assessment: quantitative versus qualitative
- Risk response
- Control activities
- Information and communication
- Risk monitoring
- Risk management and corporate governance
- Introduction to corporate governance
- GRC concept: governance, risk and compliance
- GRC system: governance, risks and controls
- Risk management as part of corporate governance
- Governance failures
- Risk based decision making
- Risk management and corporate control environment
- Risk management’s influence on designing internal controls
- Risk-based internal audit assessment of risk management performance
- Risk categories
- Strategic risks
- Reporting risks
- Financial risks
- Physical: life and safety risks
- Compliance
- Laws and regulations
- Financial reporting standards
- Operations
- External environment: socioeconomic, regulations, technology and competition