|
Risk and Enterprise Risk Management – Review and
Audit |
PLEASE NOTE: This
course is run in partnership with the Institute of Internal Auditors (IIA).
Please visit the IIA's
website
or call the IIA's Training &
Events Department on 0207 498 0101 for course cost and details of how to book.
______________________________________________________________
COURSE
OVERVIEW
Risk based auditing includes
the review of risk management systems and this is new territory for many
auditors. This course introduces delegates to the vital concepts of risk and
enterprise risk management thinking using a unique and practical format that
has evolved from working with advanced and leading edge risk management
systems.
COURSE
BENEFITS
Skills:
After completion of this
course, you will be able to:
-
Describe the
relationship between Risk and Enterprise Risk Management and the Auditor
-
Use the correct
terminology when discussing and reviewing Risk and Enterprise Risk
Management systems
-
Understand how your
organisation should design, build and deploy an effective Risk Management
system
-
Evaluate the
effectiveness, soundness and capability of a Risk or Enterprise Risk
Management system implementation
-
Undertake an
effective audit or review of a Risk or Enterprise Risk Management system
Support Materials:
The course is accompanied by a
detailed manual that contains briefings, examples and reference materials,
including an extensive work-programme to review risk and enterprise risk
management systems.
WHO SHOULD
ATTEND
Those that need to extend
their knowledge and activities into Risk and Enterprise Risk Management. A
life-like case study will span the most important elements of the main
section of this training course allowing delegates to learn by example.
COURSE Programme
Risk and Enterprise Risk Management and
the Internal Auditor
-
Risk and Enterprise Risk
Management (RM and ERM)
-
Internal auditors and risk
managers – the relationship
-
The IIA position statement
on RM and ERM
Risk management at large
-
COSO frameworks and the COSO
ERM
-
Core definitions and
terminology that span RM and ERM systems
-
A swift résumé of risk
assessment methods
-
Risk appetite, reasonable
assurance and the limitations of RM and ERM systems
Building out an ERM System –
how it's done
-
The RM/ERM architect – the
role
-
Establishing the
organisation’s context and objectives
-
Mapping objectives and
linking them to core processes
-
Evaluating risks that
endanger the objectives
-
Factoring in risk appetite
and priorities
-
Envisioning possible control
strategies
-
Choosing the optimum
strategies
-
Deciding on metrics for
monitoring and reporting results
-
Setting tolerances and
thresholds
-
Multi-level expansion of
strategies into component elements
-
Integration of
risk-mitigating activities within the structure
-
Maintenance of completed
structures
Auditing and reviewing RM and ERM
systems
-
Demonstrating capability –
reviewing the approach and architectural method – top down analysis versus
ad-hoc structures
-
Demonstrating operational
effectiveness – use of metrics, monitoring, thresholds and tolerances
-
Demonstrating integration
and connectivity – the “occurs once only” rule and the notion of reverse
engineering
-
Demonstrating accountability
– establishment of process ownership and risk ownership
-
Demonstrating currency –
continuous improvement in risk management systems – the OECD model
-
Demonstrating integrity –
validity of structure – no open-endedness
-
Demonstrating inclusiveness
– meeting the statement of applicability and scope
-
The suggested audit approach
and detailed audit programme for reviewing RM and ERM systems
PRESENTED BY:
This course is designed, developed and presented by MindGrove Ltd. |
