The course offers numerous practical tools, techniques and top tips for successful Enterprise Risk Management, including demystifying risk appetite, managing threats and opportunities in parallel, innovative use of control risk self-assessment (CRSA) and the latest trends in risk reporting. The implications for internal auditors and risk managers of new and emerging risk areas such as governance, ethics, corporate responsibility, reputation, supply chain, outsourcing and project risks will also be explored.

By the end of this course delegates will be able to:

• Understand Enterprise Risk Management (ERM) and how to implement it
• Know how to assess the risk management capability and maturity of your business
• Be able to stimulate improvement at each stage of the risk management process
• Learn how to balance both threats and opportunities to maximize value to the business
• Discover how to raise risk awareness and embed risk management thinking and practice
• Explore what is meant by ‘risk appetite’ and how to determine and communicate it
• Clarify the boundaries between the roles of internal audit and risk management
• Understand new and emerging risks and how you can contribute
• Gain insights into emerging best practice on managing and reporting risks
• Network and share your experiences with other senior audit and risk professionals

Internal Auditors, Auditors-in-Charge, Chief Audit Executives, Financial & Operational Auditors, Finance Personnel, External Auditors, Audit Managers and Supervisors, IT Auditors, Team Leaders and Directors, Operations Managers, Audit Managers, Risk Management Heads, Risk Managers

Introduction to ERM

•  Risk management unravelled
•  Risk, risk management and Enterprise Risk
• Management (ERM) defined
• The corporate governance and regulatory context
• Lessons from the credit crunch
• Investor and stakeholder pressures
• Review of risk management standards and guidelines
• COSO ERM and the new British and ISO standards
• The core components of an ERM system
• The risk management process: key steps
• Risk language, risk registers and assessment methodology
• Defining, establishing and communicating risk appetite
• Roles and responsibilities for ERM
• The board and risk leadership
•  Audit and risk committees
• Internal audit’s role in ERM
•  Implications of the IIA’s position statements
• Internal audits and risk management’s respective roles

Promoting and Enhancing Enterprise Risk Management

• Determining what needs to be done
• Understanding risk management maturity and effectiveness
•  Assessing the risk maturity of your business
• The implications for internal auditors and risk managers
• Articulating your risk management vision – and the steps to achieve it
• Identifying business risks
• Risk categorization
• Sample risk categories
•  Risk identification: what works and what doesn't
• Getting at strategic risks

PESTLE Analysis & Assessing and Prioritizing Risks

• Handling threats and opportunities
• Articulating risks to elicit action

Improving risk identification

• Importance of inherent and residual risk
• Risk assessment methodologies for threats and opportunities
• Applying risk appetite
• Multiple risk appetites and risk appetite hierarchies
• Risk quantification
•  Improving risk assessment

Responding to Risks

• Response options: the 4Ts (Tolerate, Treat, Transfer, Terminate)
• Establishing an appropriate response
• Black swans and risk resilience
• Ownership and action planning
• Enhancing risk responses

Monitoring, Reporting and Assurance

• The value of monitoring, reporting and assurance
• Who should do what?
• Assurance mapping: establishing the best source/type of assurance
• Clarifying reporting lines
• Reporting within the business

Sample Reporting Formats

•  The latest developments in external risk disclosure
• Hints and hazards
• Common ERM weaknesses
• Top tips for successful ERM implementation

New and Emerging Risk Management Challenges

• Refreshing the business risk profile
•  Governance, strategic and ethics risks
• Corporate responsibility and stakeholder risks
• Reputational risks
• Supply chain and outsourcing risks
• Project and program risks
• IT risk hotspots

The Business Case for ERM

• Exploring the benefits – does ERM deliver value?
• Gaining ‘buy in’ from non-believers
• Analysis of a disaster

Embedding Risk Management throughout the Organisation

• The importance of organizational culture
•  Encouraging everyone to be their own risk manager
• Innovative use of Control Risk Self-assessment (CRSA)
• The power of risk workshops

Adapting Your Approach as Risk Management Matures

• Dealing with changing skills requirements
•  Flexible interaction with other assurance providers
• Tools for assessing risk management capability and effectiveness

Sample Assessment Programs & Action Plan

•  Towards best practice in ERM
•  Modifying your relationship with management and the board/audit committee
• Measuring and reporting your own performance
•  Optimizing and communicating your role

BTS attendance certificate will be issued to all attendees completing minimum of 75% of the total course duration.