The webinar covers: • The start of any ERM Program • Link between Strategy, ERM and ISO 31000 • Periodic Risk Review – Game Lost Presenter: This webinar was presented by Eddie de Vries, a PECB ISO 31000 Certified Risk Manager and Trainer with 20 years’ experience in Quality Management and more than 12 years’ experience in Enterprise Risk Management. Link of the recorded session published on YouTube: https://youtu.be/UR6ObDfY1QM

1. 1

2. WELCOME!
2
Webinar Agenda
• The start of any ERM Program
• Link between Strategy, ERM and
ISO 31000
• Periodic Risk Review – Game Lost

3. THE START OF ANY ERM PROGRAM
3

4. THE START OF ANY ERM PROGRAM
GOVERNANCE, RISK AND COMPLIANCE
Enterprise Risk
Management (ERM)
forms part of what
is been termed
Governance Risk
and Compliance
(GRC)
4
Governance
Risk
Compliance
Governance refers to "all processes of
governing, whether through laws, norms,
power or language.
Risk is the identification and assessment of events
so that uncertainty does not deflect the endeavour
from the business goals.
Adherence to laws, regulations,
policies, standards, best practices, and
frameworks (Internally & Externally

5. THE START OF ANY ERM PROGRAM
INTRODUCTION TO RISK
5
As managers we need to ask ourselves:
1. Is our organization likely to achieve its objectives?
2. Are we managing the organization's significant risks?
3. Can our organization recognize opportunities and act
on them?

6. 6

7. 7

8. LINK BETWEEN STRATEGY, ERM AND ISO 31000
8

9. 9
“In order to make money you have to take risks.”
A rich man
“If you don’t manage your risk – you will lose money”
A clever man
The start of any ERM Program
Introduction to Risk

10. HOW DO I MANAGE RISK? 10
Risk
Management
Frameworks
/Standards
PeopleProcess
ISO
31000:200
9

11. ERM FUNDAMENTALS? = ISO 31000
11
– A process, ongoing and flowing through an
entity
– Effected by people at every level
– Applied in strategy setting
– Applied across the enterprise
– Designed to identify potential events
– Able to provide reasonable assurance
– Geared towards the achievement of
objectives

12. 12

13. 13
Establishing the
Context
• The RM process should be aligned with the organisational culture,
processes and structures
• Establishing the external context
– Relates to anything external to the organisation (Cultural, political,
economics, etc..
• Establishing the internal context
– Relates to anything internal to the organisation (Information, technology,
capabilities, values, policies, process, etc..)
• Establishing the risk management process context
– Objectives, strategies, activities of the organisation or parts of the
organisation
– Risk assessment methods
• Developing risk criteria
– Risk appetite
– Levels
– Ratings
13

14. 14
Risk Identification
• Risk identification is done in terms of possible
non achievement of objectives
• Not just strategic based (Process, project,
strategic, etc..
• Should have a set of identification tools to
identify risks
• Relevant information needed
• Risk identification should also include risks of
not pursuing opportunities

15. 15
General ERM Concepts
Is Risk a BAD thing!
1. Thought of as a degree of
opportunity to invest time,
talent and resources in
elements within a company
to help it attain the
organization’s goals.
2. No Entity, Organization or
Government Agency can
make a profit or attain its
goals without taking a risk.
3. The Classic “risk-return”
philosophy is essential in all
situations, but managing that
decision well to invest (or
not) is what allows the
philosophy to bring benefit to
the Organization.
Risk, properly managed, should be:
NO

16. PERIODIC RISK REVIEW – GAME LOST
16

17. WHO, WHAT, HOW?
17
– A process, ongoing and flowing through an
entity
– Effected by people at every level
– Well defined role and responsibilities

18. 1818
Management owns
the CONTENT
Risk Management
owns the PROCESS

19. MANAGEMENT OVERSIGHT & REVIEW
Management’s Accountability for risks
Ownership is clearly business
Updates
- Changes in business objectives
- Changes in systems
- Changes in processes

20. QUESTIONS
20