RISK MANAGEMENT
TO ASSESS
EFFECTIVE
COMMUNICATION
REPORTING
ENSURE REMUNERATION SYS
RISK TAKING BEHAVIOR?
RISK & INT CTRL METHOD
EFFECTIVE
COMPREHENSIVE
ILL-EQUIPPED
COMPETENCY
CAPABILITY
OVER-RELIANCE ON MGT
OPERATIONAL
RISK
OVER-DEPENDENCE
COMPLEX MODEL
NO PROPER STRESS TEST
MERE COMPLIANCE TO REGULATION
NOT CONSIDER UNDER-REGULATED RISK
RM FRAMEWORK
COSO
ERM
ISO 31000:2009
RM LIFE CYCLE
IDENTIFICATION
ASSESSMENT
MITIGATION / CTRL
MONITOR & REPORT
A. CONCISE REVIEW
B. FULL REVIEW
C. CONCISE REVIEW
D. OVERALL CONCLUSION
CE
CA
I&C
MA
RA
1
TONE @ THE TOP
STD OF CONDUCT
ADHERENCE?
DEVIATION?
TIMELY ADDRESS?
2
BOD
OVERSIGHT
SKILLS & EXPERTISE
INDEPENDENCE
3
REPORTING LINES
DESIGN
EVALUATE
DELEGATION
DEFINED RESPONSIBILITIES
STRUCTURE
4
HR
POLICIES
PRACTICES
COMPETENCY
STAFF
ATTRACT
DEVELOP
RETAIN
SUCCESSION PLAN
5
COMM STRUCTURES
MEASURE
PERFORMANCE
REWARD
INCENTIVES
EXCESSIVE PRESSURES?
EVALUATION OF PERFORMANCE
6
7
8
9
SET OBJECTIVES
OPERATION
EXT RPTING
EXT NON-FIN REPORTING
INT REPORTING
COMPLIANCE
CONSIDER ALL RISKS
DEVELOP & IMPLEMENT CTRL
ASSESSMENT OF FRAUD
ASSESS CHANGES
EXT ENVIRONMENT
BIZ MODEL
LEADERSHIP
10
11
12
ASSESS CONTROLS
GENERAL IT CTRLS
POLICIES & PROCEDURES
ESTABLISH
RESPONSIBILITIES
ACCOUNTABILITIES
TIMELINESS
CORRECTIVE ACTION
REASSESS
DEPENDENCY
RELEVANCY
SECURITY MGT
TECH ACQUISITION
SUPPORT OBJECTIVES
INTEGRATE WITH RISKS
13
14
15
RELEVANT QUALITY INFO
INTERNAL COMM
EXT COMM
16
17
ONGOING EVALUATIONS
DEFICIENCIES
EVALUATE
COMMUNICATE