Scribd Logo
Carica

Benvenuto in Scribd!

  • Business Risk Assessment - ERM Process

    Caricato da

    carwadevilisback
    39 visualizzazioni26 pagine
    y

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    y

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    39 visualizzazioni26 pagine

    Business Risk Assessment - ERM Process

    Caricato da

    carwadevilisback
    y

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 26

    BUSINESS RISK ASSESSMENT

    - ERM Process -
    MOHAMAD HASSAN, AK., MAFIS, QIA, CRMP, CRMA
    RISK GLOSSARY
    Risk is the possibility of an event occurring that could have an impact on
    the achievement of objectives.
    Risk is measured in term of consequences & likelihood.
    Risk Appetite is the amount of risk, on a broad level, an entity is willing
    to accept.
    Residual Risk is the remaining after management takes action to reduce
    the impact & likelihood of an adverse event, including control activities in
    responding to a risk.
    Risk Management is a process to identify, assess, manage, & control
    potential events or situations, to provide reasonable assurance regarding
    the achievement of the organizations objectives.
    BUSINESS RISK ASSESSMENT GRID
    High Impact
    Low Likelihood
    Low Impact
    Low Likelihood
    Low Impact
    High Likelihood
    High Impact
    High Likelihood
    Likelihood
    Impact
    RISK/EVENT CATEGORIES
    INTERNAL
    Infrastructure
    Personnel
    Process
    Technology
    EXTERNAL
    Economic
    Business
    Technological
    Natural
    Environment
    Political/Social
    RISK ASSESSMENT OVERVIEW
    (for internal audit purpose)
    Perform Risk Assessment
    at the Enterprise Level
    Develop Annual Plan
    of Audit
    Use Enterprise Level Risk
    Assessment in Audit Planning
    Perform Risk Assessment
    in Audit Planning
    Complete the Audit Based on
    Risk Assessment
    Update the Enterprise
    Risk Assessment
    RISK ASSESSMENT OVERVIEW
    Identify
    Operational
    Activities
    Determine
    Risk
    Factors
    Weight
    The Risk
    Factors
    Determine
    Scale for
    Risk Factors
    Assess
    Operational
    Activities
    Develop
    & Update
    Plans
    Identify
    Risks
    Prioritize
    Risks
    Identify Ctrl.
    & Evaluate
    Design
    Understand
    Bus. Process
    & Objectives
    Enterprise Risk Management
    Internal Audit Assignment
    Measure
    Risk
    Dev. Aud.
    Objective
    & Program
    ENTERPRISE LEVEL RISK ASSESSMENT
    Identify Operational Activities:
    Functional/Organizational units, or Cost/Profit Centers.
    Processes (purchasing, production, inventory, etc.)
    Information Systems
    Laws & Regulations
    Product or Service Lines
    Major Contracts & Programs
    Component from the Organizations Strategic Plan
    Others
    Risk Identification
    Risk Measurement & Prioritization
    Risk Management
    Action Plan
    BUSINESS RISK ASSESSMENT PROCESS
    METHODOLOGY OF BUSINESS RISK ASSESSMENT PROCESS
    The Risk
    Management
    Process
    Identify &
    Assess Risks
    Document Risk
    Acceptance Decision
    Acceptable
    Organizational
    Objectives
    Identify Current
    Control s
    No
    Yes
    Action
    Identify & Assess
    Residual Risks
    OBJECTIVES
    RISKS
    RISK ANALYSIS
    RISK COMPONENTS
    RISK IDENTIFICATION
    Formulasi:
    Spesific
    Measurable
    Attainable
    Realistic
    Timeframe
    Kesepakatan Bersama
    Sosialisasi Tujuan
    Sinkronisasi Tujuan Unit dan Tujuan Organisasi
    DISKUSIKAN & IDENTIFIKASI BRANCH OBJECTIVES :
    I. LOGISTIC
    II. FINANCE
    III. PRODUCTION
    IV. MARKETING
    V. HRD
    VI. ADMINISTRATION
    VII. OTHERS (if any)

    GROUP DISCUSSION
    Exposure Analysis
    Kerentanan terhadap aset.

    Threat Scenario Analysis
    Ancaman terhadap proses kegiatan.

    Environment Analysis
    Risiko perubahan lingkungan



    ANALISIS RISIKO
    Financial Assets:
    Cash, Securities, Credit

    Physical Assets: Land, Building, Equipment

    Human Assets: Knowledge, Skills

    Intangible Assets: Reputation, Information
    EXPOSURE ANALYSIS
    Buatkan daftar risiko
    (minimal 5 risiko)
    berdasarkan pendekatan
    exposure analysis
    GROUP DISCUSSION
    ENVORINMENTAL ANALYSIS
    Alam
    Kondisi Ekonomi
    Peraturan
    Persaingan
    Pelanggan
    Mitra Usaha
    Serikat Pekerja
    Teknologi
    Buatkan daftar risiko minimal
    5 risiko berdasarkan
    pendekatan perubahan
    lingkungan
    GROUP DISCUSSION
    THREAT SCENARIO
    Keterlambatan
    Kecelakaan
    Kecurangan
    Kesalahan
    Penundaan
    Pemogokan
    Pemborosan, dst.
    Buatkan daftar risiko minimal
    5 risiko berdasarkan
    pendekatan ancaman ATAS
    proses kegiatan
    GROUP DISCUSSION
    I
    M
    P
    A
    C
    T

    PROBABILITY
    H
    I
    G
    H

    M
    E
    D
    I
    U
    M

    L
    O
    W

    HIGH
    RISK
    MEDIUM
    RISK
    LOW
    RISK
    High
    Medium
    Low
    Low Medium High
    Magnitude of Impact
    P
    r
    o
    b
    a
    b
    i
    l
    i
    t
    y

    o
    f

    O
    c
    c
    u
    r
    r
    e
    n
    c
    e

    Your Risk Appetite
    Mission Critical Risks
    Risk Measurement
    High
    Medium
    Low
    Low Medium High
    Magnitude of Impact
    P
    r
    o
    b
    a
    b
    i
    l
    i
    t
    y

    o
    f

    O
    c
    c
    u
    r
    r
    e
    n
    c
    e

    Action to Mitigate
    ACTION PLANS

    1. Prevent : Menghindari
    2. Detect : Pengungkapan diri
    3. Protect : Membatasi

    Buatkan Business Risk Management
    (Risk Response/Risk Treatment) -
    Preventive, Detective, & Protective
    Action
    Tentukan untuk prioritas 3 (tiga) risiko
    teratas !
    GROUP PROJECT

    Potrebbero piacerti anche