Enterprise Risk Management

Enterprise Risk Management known as (ERM) has evolved a lot since the seventies. From simply 'buying' insurance, it has now evolved and grown in importance to become a prime function in many organizations. It is now part of a bigger system known as Governance, Risk and Compliance (GRC) which starts with corporate governance and ends with compliance. ERM is the function of studying the risks that may hinder a corporation's ability to achieve its goals and then deciding how to overcome these risks. Studies regarding risk management were done by different organizations, including ISO which issued ISO 31000 on risk management. However, the most accepted ERM system is the one designed by 'COSO'. This system, which is the one covered in this course, teaches the steps needed to control risk. It starts with the evaluation of the internal environment and the setting of objectives which are, mainly, a result of the tone at the top of the organization, the directives from corporate governance as well as the vision, mission and corporate strategies. Then, the course goes through the steps management needs to consider in order to identify and assess risk and decide on proper risk responses and controls. The course ends with how to monitor, communicate and report risk. In addition, the course looks at risk in different organizational areas such as strategy, reporting, compliance, operations, financial or physical risk as well as risk in different industries.

Course Methodology

The course is based on detailed explanations by the instructor and presentations by both the participants and the instructor. It also includes many case studies related to different industries and areas of the business.

Course Objectives

By the end of the course, participants will be able to:

• Identify internal and external changes that will create risks to the organization
• Understand the relation with the board of directors through governance and improve Risk-Based Decision Making (RBDM)
• Influence internal controls by choosing the response to the risks identified
• Classify risk categories in the organization and identify right authorities to manage them
• Analyze, assess and improve risk management practices within the organization

Target Audience

Managers, senior managers, directors, executives, financial controllers, senior accounting and finance personnel, and auditors.

Target Competencies

• Improve risk monitoring and control
• Analyze and assess risks
• Advise directors on risks
• Control risks
• Mitigate risks
• Report risks

Course Outline

• Introduction
•          Risk perception
•          Why should we care about risk
•          Internal environment changes
•          External environment changes
• Risk management and corporate governance
•          Introduction to corporate governance
•          GRC concept: governance, risk and compliance
•          GRC system: governance, risks and controls
•          Risk management as part of corporate governance
•          Governance failures
•          Risk based decision making
• Risk management and corporate control environment
•          Risk management’s influence on designing internal controls
•          Risk-Based internal audit assessment of risk management performance
• ERM and its evolution
•          ERM evolution
•          ERM benefits
•          ERM platform
•          Strategic approach
•          Operations and tactics
•          Business reporting
•          Compliance and process
• Risk categories
•          Strategic risks
•          Reporting risks
•          Financial risks
•          Physical: life and safety risks
•          Compliance
•          Laws and regulations
•          Financial reporting standards
•          Operations
•          External environment: socioeconomic, regulations, technology and competition
•          Internal environment: structure, processes and culture
• ERM components
•          Internal environment
•          Objectives setting
•          Event identification
•          Risk assessment:
•          The black swan challenge
•          Quantitative versus qualitative analysis
•          Risk response
•          Control activities
•          Information and communication
•          Risk monitoring