SlideShare a Scribd company logo

LEAD2015_Auditor_Intro_to_Risk_Management.pdf

S
ssuserb1c139

QMS

Education
1 of 26
Download to read offline
Lead 2015 Auditor - Risk Management approach 27 Lead 2015 Auditor - Risk Management approach I. Objectives II. Instructions III. Basic concepts of risk management IV. Understanding risk treatment V. Processes involved in risk management VI. Basic model of risk management VII. Risk management standards VIII. Self assessment 01
Lead 2015 Auditor - Risk Management approach 27 1. Objectives 02
Lead 2015 Auditor - Risk Management approach 27 Objectives 03 Objectives: Understand the basic concepts and principles of risk management. Understand processes involved in risk management Understand the basic model of risk management Understand risk treatment
Lead 2015 Auditor - Risk Management approach 27 2. Instructions 04
Lead 2015 Auditor - Risk Management approach 27 05 There are important details and comments voiced over in this course. Please enable sound, turn on volume and use headphones or computer loudspeaker. If you can’t hear the voice-over or a soft background music with this first page, then you need to change your set-up. To support a successful training, we strongly recommend you take notes during the course. Use your trainee booklet or download it and print it before taking the course The course is interactive and not necessarily linear, but all pages can be accessed directly when needed. The course is deemed completed once the last training page is reached. Instructions
Lead 2015 Auditor - Risk Management approach 27 3. Basic concepts of risk management 06
Lead 2015 Auditor - Risk Management approach 27 Basic concepts of risk management 07 ► Annex SL – High-level structure requirement: • Actions to address risks and opportunities ► Impact on auditors • Need to understand risk management concepts • Need to understand risk different methodologies for:  Risk analysis  Risk assessment  Risk treatment Risk-based thinking in management systems
Lead 2015 Auditor - Risk Management approach 27 Basic concepts of risk management 08 ► Fundamental concept of tolerable risk: • “Risk which is accepted in a given context based on the current values of the society” • “Risk that has been reduced to a level that can be endured by the organisation, having regard to its legal obligations and own risk management policy” Tolerable risk Unacceptable Tolerable Broadly acceptable Risk cannot be justified except in extraordinary circumstances Organization is prepared to accept risk in order to secure benefits Risk regarded as insignificant – Further efforts to reduce risk not required
Lead 2015 Auditor - Risk Management approach 27 Basic concepts of risk management 09 ► Risk source: • “Element which, alone or in combination, has the intrinsic potential to give rise to risk”. ► Hazard: • “Source of potential harm” Risk Source
Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Basic concepts of risk management 10 ► Risk: • “Effect of uncertainty on objectives”. ► Uncertainty: • “State or condition that involves a deficiency of information” ► Risk is understood as: • “Combination of the likelihood and consequences of a specific hazardous event occurring” Risk
Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Basic concepts of risk management 11 ► Likelihood = Probability • Likelihood is usually estimated on assumptions • Probability is more likely to be subject to calculations • Likelihood can be expressed qualitatively or quantitatively • Probability is usually expressed quantitatively ► Probability: • “Relation between the population of conducive events and all events” Likelihood or Probability PROBABILITY
Lead 2015 Auditor - Risk Management approach 27 4. Understanding risk treatment 12
Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Understanding risk treatment 13 ► Risk treatment: • Process to modify risk • Manipulating of likelihood or consequences Risk Treatment ► Which are we more likely to be able to manipulate? Likelihood Consequences Click on one of the buttons to continue Of course, likelihood is more likely to be able to be manipulated, to limit consequences.
Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Understanding risk treatment 14 ► Inherent risk: • “Risk that is inherently associated with a source of risk” ► Residual risk: • “Risk remaining after risk treatment” Inherent Risk and Residual Risk Click on one of the buttons to continue
Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Understanding risk treatment 15 Risk Treatment ► Risk treatment: • “Process to modify risk” ► Treatment options: • Reduce the risk • Remove source of the risk • Modify the consequences • Change the probabilities • Share the risk with others • Retain the risk to pursue an opportunity
Lead 2015 Auditor - Risk Management approach 27 5. Processes involved in risk management 16
Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Processes involved in risk risk assessment 17 Risk Assessment Process to identify, analyze and evaluate risks
Lead 2015 Auditor - Risk Management approach 27 Risk Identification Processes involved in risk risk assessment Risk identification is a process that involves finding, recognizing, and describing the risks that could affect the achievement of an organization’s objectives. It is used to identify possible sources of risk in addition to the events and circumstances that could affect the achievement of objectives. It also includes the identification of possible causes and potential consequences. The organization can use historical data, theoretical analysis, informed opinions, expert advice, and stakeholder input to identify its risks. 17
Lead 2015 Auditor - Risk Management approach 27 Risk Analysis Processes involved in risk risk assessment Risk analysis is a process that is used to understand the nature, sources and causes of the risks that the organization has identified and to estimate the level of risk. It is also used to study impacts and consequences and to examine the controls that currently exist. How detailed the organization’s risk analysis ought to be will depend upon the risk, the purpose of the analysis, the information they have and the resources available. 2 1 4 3 LIKELIHOOD IMPACT 17
Lead 2015 Auditor - Risk Management approach 27 Risk Evaluation Processes involved in risk risk assessment Risk evaluation is a process that is used to compare risk analysis results with risk criteria in order to determine whether or not a specified level of risk is acceptable or tolerable. 17
Lead 2015 Auditor - Risk Management approach 27 6. Basic model of risk management 18
Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Basic model of risk management 19 Risk Management Process
Lead 2015 Auditor - Risk Management approach 27 7. Risk management standards 20
Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Risk management standards 21 Available Risk Management Standards ► ISO 31000:2009 – Risk Management – Principles and guidelines ► ISO Guide 73:2009 – Risk management – Vocabulary ► ISO 31010:2009 – Risk management – Risk assessment techniques
Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Tip for the auditor 22 Typical Flaws in Risk Management ► Focusing on spectacular risks ► Focusing only on core business processes
Lead 2015 Auditor - Risk Management approach 27 Self Assessment Now it's time to practice! Please work on the following exercises 23

Recommended

PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
Nikhil Soni
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
 
ASIS - Training #4 - Social innovation risk management
ASIS - Training #4 - Social innovation risk managementASIS - Training #4 - Social innovation risk management
ASIS - Training #4 - Social innovation risk management
armelleguillermet
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
Risk Management Institution of Australasia
 
Asis social innovation risk management_004_02.07.2020
Asis social innovation risk management_004_02.07.2020Asis social innovation risk management_004_02.07.2020
Asis social innovation risk management_004_02.07.2020
armelleguillermet
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)
Adnan Naseem
 

Recommended

PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
Nikhil Soni
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
 
ASIS - Training #4 - Social innovation risk management
ASIS - Training #4 - Social innovation risk managementASIS - Training #4 - Social innovation risk management
ASIS - Training #4 - Social innovation risk management
armelleguillermet
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
Risk Management Institution of Australasia
 
Asis social innovation risk management_004_02.07.2020
Asis social innovation risk management_004_02.07.2020Asis social innovation risk management_004_02.07.2020
Asis social innovation risk management_004_02.07.2020
armelleguillermet
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)
Adnan Naseem
 
20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin
20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin
20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin
Shibu Davies
 
ISO 9001-2015: New Risk Requirements
ISO 9001-2015: New Risk RequirementsISO 9001-2015: New Risk Requirements
ISO 9001-2015: New Risk Requirements
MasterControl
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016
Rohit Chawda
 
Risk Management Training 2013
Risk Management Training 2013Risk Management Training 2013
Risk Management Training 2013
Vicky Ames
 
Risk Management Toolkit
Risk Management ToolkitRisk Management Toolkit
Risk Management Toolkit
PeterFranz6
 
Risk based thinking ppt mal
Risk based thinking ppt malRisk based thinking ppt mal
Risk based thinking ppt mal
michaelnano79
 
Risk managament by Vilas Mahajan
Risk managament by Vilas MahajanRisk managament by Vilas Mahajan
Risk managament by Vilas Mahajan
Nicmarpunenotes
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
 
Asis social innovation risk management
Asis social innovation risk managementAsis social innovation risk management
Asis social innovation risk management
armelleguillermet
 
ASIS - social innovation risk management
ASIS - social innovation risk managementASIS - social innovation risk management
ASIS - social innovation risk management
armelleguillermet
 
Risk Management Process.ppt
Risk Management Process.pptRisk Management Process.ppt
Risk Management Process.ppt
Uday Nayakwadi
 
Maximising value to stakeholders through risk management
Maximising value to stakeholders through risk managementMaximising value to stakeholders through risk management
Maximising value to stakeholders through risk management
Association for Project Management
 
Trustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing riskTrustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing risk
NCVO - National Council for Voluntary Organisations
 
ICH Q9 Quality Risk Management
ICH Q9 Quality Risk ManagementICH Q9 Quality Risk Management
ICH Q9 Quality Risk Management
Seetharam Kandarpa ASQ CMQ/OE, CPGP, CQA
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
AjjuSingh2
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
Tim Leech
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk Management
Goutama Bachtiar
 
Risk management
Risk managementRisk management
Risk management
Anurag Bhusal
 
ISO 31000:2018 (Risk Management) Awareness Training
ISO 31000:2018 (Risk Management) Awareness TrainingISO 31000:2018 (Risk Management) Awareness Training
ISO 31000:2018 (Risk Management) Awareness Training
Operational Excellence Consulting
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
National Information Standards Organization (NISO)
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
Thiyagu K
 

More Related Content

Similar to LEAD2015_Auditor_Intro_to_Risk_Management.pdf

20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin
20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin
20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin
Shibu Davies
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016
Rohit Chawda
 
Risk Management Training 2013
Risk Management Training 2013Risk Management Training 2013
Risk Management Training 2013
Vicky Ames
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
Tim Leech
 
ISO 31000:2018 (Risk Management) Awareness Training
ISO 31000:2018 (Risk Management) Awareness TrainingISO 31000:2018 (Risk Management) Awareness Training
ISO 31000:2018 (Risk Management) Awareness Training
Operational Excellence Consulting
 

Similar to LEAD2015_Auditor_Intro_to_Risk_Management.pdf (20)

20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin
20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin
20150403 - TUV ME - ISO 9001 2015 and Risk Management - Linkdin
 
ISO 9001-2015: New Risk Requirements
ISO 9001-2015: New Risk RequirementsISO 9001-2015: New Risk Requirements
ISO 9001-2015: New Risk Requirements
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016
 
Risk Management Training 2013
Risk Management Training 2013Risk Management Training 2013
Risk Management Training 2013
 
Risk Management Toolkit
Risk Management ToolkitRisk Management Toolkit
Risk Management Toolkit
 
Risk based thinking ppt mal
Risk based thinking ppt malRisk based thinking ppt mal
Risk based thinking ppt mal
 
Risk managament by Vilas Mahajan
Risk managament by Vilas MahajanRisk managament by Vilas Mahajan
Risk managament by Vilas Mahajan
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Asis social innovation risk management
Asis social innovation risk managementAsis social innovation risk management
Asis social innovation risk management
 
ASIS - social innovation risk management
ASIS - social innovation risk managementASIS - social innovation risk management
ASIS - social innovation risk management
 
Risk Management Process.ppt
Risk Management Process.pptRisk Management Process.ppt
Risk Management Process.ppt
 
Maximising value to stakeholders through risk management
Maximising value to stakeholders through risk managementMaximising value to stakeholders through risk management
Maximising value to stakeholders through risk management
 
Trustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing riskTrustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing risk
 
ICH Q9 Quality Risk Management
ICH Q9 Quality Risk ManagementICH Q9 Quality Risk Management
ICH Q9 Quality Risk Management
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk Management
 
Risk management
Risk managementRisk management
Risk management
 
ISO 31000:2018 (Risk Management) Awareness Training
ISO 31000:2018 (Risk Management) Awareness TrainingISO 31000:2018 (Risk Management) Awareness Training
ISO 31000:2018 (Risk Management) Awareness Training
 

Recently uploaded

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 

LEAD2015_Auditor_Intro_to_Risk_Management.pdf

  • 1. Lead 2015 Auditor - Risk Management approach 27 Lead 2015 Auditor - Risk Management approach I. Objectives II. Instructions III. Basic concepts of risk management IV. Understanding risk treatment V. Processes involved in risk management VI. Basic model of risk management VII. Risk management standards VIII. Self assessment 01
  • 2. Lead 2015 Auditor - Risk Management approach 27 1. Objectives 02
  • 3. Lead 2015 Auditor - Risk Management approach 27 Objectives 03 Objectives: Understand the basic concepts and principles of risk management. Understand processes involved in risk management Understand the basic model of risk management Understand risk treatment
  • 4. Lead 2015 Auditor - Risk Management approach 27 2. Instructions 04
  • 5. Lead 2015 Auditor - Risk Management approach 27 05 There are important details and comments voiced over in this course. Please enable sound, turn on volume and use headphones or computer loudspeaker. If you can’t hear the voice-over or a soft background music with this first page, then you need to change your set-up. To support a successful training, we strongly recommend you take notes during the course. Use your trainee booklet or download it and print it before taking the course The course is interactive and not necessarily linear, but all pages can be accessed directly when needed. The course is deemed completed once the last training page is reached. Instructions
  • 6. Lead 2015 Auditor - Risk Management approach 27 3. Basic concepts of risk management 06
  • 7. Lead 2015 Auditor - Risk Management approach 27 Basic concepts of risk management 07 ► Annex SL – High-level structure requirement: • Actions to address risks and opportunities ► Impact on auditors • Need to understand risk management concepts • Need to understand risk different methodologies for:  Risk analysis  Risk assessment  Risk treatment Risk-based thinking in management systems
  • 8. Lead 2015 Auditor - Risk Management approach 27 Basic concepts of risk management 08 ► Fundamental concept of tolerable risk: • “Risk which is accepted in a given context based on the current values of the society” • “Risk that has been reduced to a level that can be endured by the organisation, having regard to its legal obligations and own risk management policy” Tolerable risk Unacceptable Tolerable Broadly acceptable Risk cannot be justified except in extraordinary circumstances Organization is prepared to accept risk in order to secure benefits Risk regarded as insignificant – Further efforts to reduce risk not required
  • 9. Lead 2015 Auditor - Risk Management approach 27 Basic concepts of risk management 09 ► Risk source: • “Element which, alone or in combination, has the intrinsic potential to give rise to risk”. ► Hazard: • “Source of potential harm” Risk Source
  • 10. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Basic concepts of risk management 10 ► Risk: • “Effect of uncertainty on objectives”. ► Uncertainty: • “State or condition that involves a deficiency of information” ► Risk is understood as: • “Combination of the likelihood and consequences of a specific hazardous event occurring” Risk
  • 11. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Basic concepts of risk management 11 ► Likelihood = Probability • Likelihood is usually estimated on assumptions • Probability is more likely to be subject to calculations • Likelihood can be expressed qualitatively or quantitatively • Probability is usually expressed quantitatively ► Probability: • “Relation between the population of conducive events and all events” Likelihood or Probability PROBABILITY
  • 12. Lead 2015 Auditor - Risk Management approach 27 4. Understanding risk treatment 12
  • 13. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Understanding risk treatment 13 ► Risk treatment: • Process to modify risk • Manipulating of likelihood or consequences Risk Treatment ► Which are we more likely to be able to manipulate? Likelihood Consequences Click on one of the buttons to continue Of course, likelihood is more likely to be able to be manipulated, to limit consequences.
  • 14. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Understanding risk treatment 14 ► Inherent risk: • “Risk that is inherently associated with a source of risk” ► Residual risk: • “Risk remaining after risk treatment” Inherent Risk and Residual Risk Click on one of the buttons to continue
  • 15. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Understanding risk treatment 15 Risk Treatment ► Risk treatment: • “Process to modify risk” ► Treatment options: • Reduce the risk • Remove source of the risk • Modify the consequences • Change the probabilities • Share the risk with others • Retain the risk to pursue an opportunity
  • 16. Lead 2015 Auditor - Risk Management approach 27 5. Processes involved in risk management 16
  • 17. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Processes involved in risk risk assessment 17 Risk Assessment Process to identify, analyze and evaluate risks
  • 18. Lead 2015 Auditor - Risk Management approach 27 Risk Identification Processes involved in risk risk assessment Risk identification is a process that involves finding, recognizing, and describing the risks that could affect the achievement of an organization’s objectives. It is used to identify possible sources of risk in addition to the events and circumstances that could affect the achievement of objectives. It also includes the identification of possible causes and potential consequences. The organization can use historical data, theoretical analysis, informed opinions, expert advice, and stakeholder input to identify its risks. 17
  • 19. Lead 2015 Auditor - Risk Management approach 27 Risk Analysis Processes involved in risk risk assessment Risk analysis is a process that is used to understand the nature, sources and causes of the risks that the organization has identified and to estimate the level of risk. It is also used to study impacts and consequences and to examine the controls that currently exist. How detailed the organization’s risk analysis ought to be will depend upon the risk, the purpose of the analysis, the information they have and the resources available. 2 1 4 3 LIKELIHOOD IMPACT 17
  • 20. Lead 2015 Auditor - Risk Management approach 27 Risk Evaluation Processes involved in risk risk assessment Risk evaluation is a process that is used to compare risk analysis results with risk criteria in order to determine whether or not a specified level of risk is acceptable or tolerable. 17
  • 21. Lead 2015 Auditor - Risk Management approach 27 6. Basic model of risk management 18
  • 22. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Basic model of risk management 19 Risk Management Process
  • 23. Lead 2015 Auditor - Risk Management approach 27 7. Risk management standards 20
  • 24. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Risk management standards 21 Available Risk Management Standards ► ISO 31000:2009 – Risk Management – Principles and guidelines ► ISO Guide 73:2009 – Risk management – Vocabulary ► ISO 31010:2009 – Risk management – Risk assessment techniques
  • 25. Lead 2015 Auditor - Risk Management approach 27 Introduction to risk management Tip for the auditor 22 Typical Flaws in Risk Management ► Focusing on spectacular risks ► Focusing only on core business processes
  • 26. Lead 2015 Auditor - Risk Management approach 27 Self Assessment Now it's time to practice! Please work on the following exercises 23