Compliance MONASH BUSINESS SCHOOL 35 A General Taxonomy of Business Risks

Compliance

MONASH BUSINESS SCHOOL 35 A General Taxonomy of Business Risks (source: EY) § An illustrative guide. Businesses will typically construct their own.

MONASH BUSINESS SCHOOL 36 The Risk Register is a firm’s record of a risk Need to clearly identify risks All risks should be incorporated into a risk register Need for continuous monitoring and reviewing

MONASH BUSINESS SCHOOL 37 5. Inherent risk vs. residual risk • The risk level prior to taking into account existing controls and any existing risk responses Inherent risk • The remaining risk level after taking into account existing controls and any existing risk responses Residual risk “Gross Risk” “Net Risk” After management actions to reduce risk

MONASH BUSINESS SCHOOL Risk management architecture Principles, Framework and Process

MONASH BUSINESS SCHOOL 39 Why we need to manage risk The purpose of managing risk is to increase the likelihood of an organization achieving its objectives by being in a position to manage threats and adverse situations and being ready to take advantage of opportunities that may arise. National Guidance on Implementing ISO 31000:2009 Risk management involves balancing the conflicts inherent in exploring opportunities on the one hand and avoiding losses, accidents and disasters on the other

MONASH BUSINESS SCHOOL 40 The outcomes of implementing risk management § The risk management approach adopted by an organization will: – provide the framework for embedding the risk management process and effectively managing risks at all levels of an organization – provides the overall context for risk management in the organization along with the various instruments required to design, implement, monitor, review and continually improve risk management throughout all levels of an organization in a cohesive and consistent manner. – Identify instruments including policies, objectives, plans, relationships, accountabilities, resources, processes and activities which are used for designing, implementing, conducting, monitoring, reviewing and continually improving risk management throughout the organization.

MONASH BUSINESS SCHOOL 41 Risk management and the Organisational Structure Source: Dicjenson,G., (2001) “Enterprise Risk Management: Its Origins and Conceptual Foundation”, The Geneva Papers on Risk and Insurance Vol. 26 No. 3 (July 2001) 360±366

MONASH BUSINESS SCHOOL 42 Steps to achieve successful risk management § For an enterprise to become successful in its implementation of risk management, the top management needs to be involved, and activities must be put into effect on many levels. § Some important points to ensure success are: § Establishment of a strategy for risk management, that is, the principles of how the enterprise defines and runs the risk management.