RISK MANAGEMENT

TO ASSESS

EFFECTIVE

COMMUNICATION

REPORTING

ENSURE REMUNERATION SYS

RISK TAKING BEHAVIOR?

RISK & INT CTRL METHOD

EFFECTIVE

COMPREHENSIVE

ILL-EQUIPPED

COMPETENCY

CAPABILITY

OVER-RELIANCE ON MGT

OPERATIONAL

RISK

OVER-DEPENDENCE

COMPLEX MODEL

NO PROPER STRESS TEST

MERE COMPLIANCE TO REGULATION

NOT CONSIDER UNDER-REGULATED RISK

RM FRAMEWORK

COSO

ERM

ISO 31000:2009

RM LIFE CYCLE

IDENTIFICATION

ASSESSMENT

MITIGATION / CTRL

MONITOR & REPORT

A. CONCISE REVIEW

B. FULL REVIEW

C. CONCISE REVIEW

D. OVERALL CONCLUSION

CE

CA

I&C

MA

RA

1

TONE @ THE TOP

STD OF CONDUCT

ADHERENCE?

DEVIATION?

TIMELY ADDRESS?

2

BOD

OVERSIGHT

SKILLS & EXPERTISE

INDEPENDENCE

3

REPORTING LINES

DESIGN

EVALUATE

DELEGATION

DEFINED RESPONSIBILITIES

STRUCTURE

4

HR

POLICIES

PRACTICES

COMPETENCY

STAFF

ATTRACT

DEVELOP

RETAIN

SUCCESSION PLAN

5

COMM STRUCTURES

MEASURE

PERFORMANCE

REWARD

INCENTIVES

EXCESSIVE PRESSURES?

EVALUATION OF PERFORMANCE

6

7

8

9

SET OBJECTIVES

OPERATION

EXT RPTING

EXT NON-FIN REPORTING

INT REPORTING

COMPLIANCE

CONSIDER ALL RISKS

DEVELOP & IMPLEMENT CTRL

ASSESSMENT OF FRAUD

ASSESS CHANGES

EXT ENVIRONMENT

BIZ MODEL

LEADERSHIP

10

11

12

ASSESS CONTROLS

GENERAL IT CTRLS

POLICIES & PROCEDURES

ESTABLISH

RESPONSIBILITIES

ACCOUNTABILITIES

TIMELINESS

CORRECTIVE ACTION

REASSESS

DEPENDENCY

RELEVANCY

SECURITY MGT

TECH ACQUISITION

SUPPORT OBJECTIVES

INTEGRATE WITH RISKS

13

14

15

RELEVANT QUALITY INFO

INTERNAL COMM

EXT COMM

16

17

ONGOING EVALUATIONS

DEFICIENCIES

EVALUATE

COMMUNICATE