from audit to risk management case study - metricstream · 2018. 11. 21. · from audit to risk...
TRANSCRIPT
![Page 1: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/1.jpg)
From Audit to Risk ManagementCase Study
Mohammed Shihadeh, CPA, CRMAChief Audit Executive
Capital Guidance2001 Pennsylvania Ave. NW Ste. 1150,
Washington, DC 20006 USAtel: +1.202.775.1273 | fax: +1.202.466.5507 | mob:
+1.857.919.4040
![Page 2: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/2.jpg)
KEY QUESTIONS???• How to move from IA to RM?• What is Risk Management (RM)?• How is RM different from Enterprise Risk Management (ERM)?• What are the components of the Risk Management function?• Whom to report to? What to report?• Should I use a top‐down approach? Or a bottom‐up approach?• What are the phases and stages to plan, design, develop, and implement a RM
function?• What are the requirements and outcome of each phase and stage?• What is the expected timeframes for different phases and stages?• What should be the order of the implementation?• What is Risk, Control, Process, Risk Appetite, Risk Tolerance, KRIs, KPIs? How all
these concepts linked together?• Where to start a RM function from? How to start a RM function?• What is your organization’s RM maturity level? • Do we need RM Software? If so, what is the best Software for this function?
![Page 3: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/3.jpg)
Walkthrough
• During this short session, we should be able to answer all these questions and have a decent idea as to how to implement a successful RM function.
• I will use a practical case study from my company that deals with various industries (Investment, Chemical & Oil, Real Estate, Mortgage, Distribution, and Manufacturing) and operates in 30+ countries.
![Page 4: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/4.jpg)
RM Phases
1. Planning and
Setup
2. RM
Design
3.Development
Phase
4.Implementation
Phase
5.Reporting & monitoring
![Page 5: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/5.jpg)
Phase 1 ‐ Planning and Setup ‐ Stages
1• Brainstorming & high level discussion
2• Seek Board & Senior Management Involvement and Oversight
3• Identify and position a leader(s) to drive the ERM Initiative
4• Establish a Management Working Group
5• Evaluating the need for a RM Software
![Page 6: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/6.jpg)
Phase 2 ‐ RM Design‐ Stages1
• Assess corporate Risk Management maturity level
2• Assess the Governance Structure (including risk governance)
3• Document the RM Framework for the Company
4• Determine the BOD risk appetite levels
5• Determine the Management's threshold/tolerance levels
6• Develop high‐level risk policies and procedures
![Page 7: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/7.jpg)
Phase 3 ‐ RM Development ‐ Stages
1• RM System setup
2• Develop RM Manual ‐ How to use RM System
3• Key Risk Indicators (KRI) & Library
4• Upload of KRIs and other relevant data into the system
5• RM System integration
![Page 8: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/8.jpg)
Phase 4 ‐ Implementation ‐ Stages
1• Perform and upload risk assessments to the RM system
2• Update and upload actual KRIs Data to the RM system
3• Identify risk response plans for key risks
4• Conduct workshops to transfer knowledge and train
5• Monitor and evaluate the effectiveness of the process
![Page 9: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/9.jpg)
Phase 5 ‐ Reporting & Monitoring ‐ Stages
1• Develop risk reporting templates (BOD, Management, Employee level)
2• Updating appetites, thresholds, assessments, response plans
3• Continuous reporting and monitoring within the organization
4• Continuous reporting and monitoring of risk reports to the BOD
5• Monitoring and evaluation
![Page 10: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/10.jpg)
RISK APPETITE TABLE
![Page 11: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/11.jpg)
RISK APPETITE STATEMENT
![Page 12: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/12.jpg)
GROUP STRUCTURE
![Page 13: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/13.jpg)
MATURITY LEVELS
![Page 14: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/14.jpg)
RM USER MANUAL
![Page 15: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/15.jpg)
AUTHORITY MATRIX
![Page 16: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/16.jpg)
MANAGEMENT THRESHOLD
![Page 17: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/17.jpg)
KRI 7 – ACTUAL DATA
![Page 18: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/18.jpg)
KRI 7 – FINAL DELIVERABLE
![Page 19: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/19.jpg)
KRI 9 – FINAL DELIVERABLE
![Page 20: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/20.jpg)
HEAT MAP
![Page 21: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/21.jpg)
RISK ASSESSMENT
![Page 22: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/22.jpg)
RECEIVABLE ‐ RISK CHART
![Page 23: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/23.jpg)
COMPANY P&P
![Page 24: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/24.jpg)
RISK P&P
![Page 25: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/25.jpg)
Deliverables Per Phase
PHASE 1 ‐PROJECT
PLANNING & SETUP
‐ Executive Summary;‐ List of potential
names to be involved‐ Email
communication to the whole organization‐White paper,
Frequently Asked Questions
‐White paper, ERMthe role of Executive
Management
PHASE 2 ‐ ERMDESIGNING
‐Maturity diagram ‐ Description of the
principles and processes of RM
‐White paper, Most common ERM
barriers‐ Risk appetite &
Tolerance statements‐ Risk Management policy and Risk
committee charter‐ ERM program
roadmap, Organization and
Governance structures, and roles and responsibilities
PHASE 3 ‐ ERMDEVELOPMENT
‐ Risk Matrix ‐ ERMmanual
‐ Risk Management Checklist, and Implementation
summary‐ Organization Chart, Job descriptions, and evaluation Matrix‐ Process flows and
descriptions
PHASE 4 ‐IMPLEMENTATION
‐Workshops‐ Questionnaires‐ Risk register
‐ Key risks identified and quantified, Risk response options ‐ Identified and optimized, Risk response plans developed
PHASE 5 –REPORTING & MONITORING
‐ Key risk indicators identified and
monitoring plans developed
‐ Risk reports designed and developed
‐ Key risks quantified, correlated, and
aggregated into risk profile
‐ Risk reports updated with risk measures
![Page 26: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/26.jpg)
Timetable
![Page 27: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/27.jpg)
Progress & Level of Involvement
![Page 28: From Audit to Risk Management Case Study - MetricStream · 2018. 11. 21. · From Audit to Risk Management Case Study Mohammed Shihadeh, CPA, CRMA Chief Audit Executive Capital Guidance](https://reader036.vdocuments.net/reader036/viewer/2022071409/6101608ccfbee0630707d6d5/html5/thumbnails/28.jpg)
Tips for success
• Think out of the box;• Step‐back and look at/evaluate the big picture;• Show value‐added;• Be creative and pro‐active;• Be a leader not a manger;• Communicate as early as possible;• Communicate to the appropriate level;• Be efficient & effective by utilizing in house resources.
• Plan & Budget.