Download Risk Management Toolkit - Brochure. - Riskpro

Risk Management Toolkit
Practical Tools, Templates and Formats for Risk
Management
August 2012

What is Risk Management Toolkit
RM Toolkit is a set of Policies, procedures, tool and
templates that you need to implement a risk
management framework in your organisation.
All the information is complete in all respect to get
you started. It comes to you in a fully editable and
zip file with all original word and excel files for you to
use.
Toolkit meets all Regulatory
requirements
The policies and set of tools, templates, reports and
form meet most regulatory requirements. For
industry specific requirements, please get in touch
with us to provide you an overview of what else you
might require, in case it is not already part of the
toolkit.
Toolkit
Contents
• 1. Toolkit Document – This acts as the Guide on
Risk Management Framework and how you
should approach the project. (Pdf/Word)
• 2. Risk Management Policy – Complete policy
that can be implemented with little
customisation (Word)
• 3. FX Risk Management Policy - To manage FX
risk and a requirement of Banks (Word)
• 4. Risk Register – A listing of over 300 risks
typically applicable to an organisation. (Excel)
• 5. Quarterly MIS / Risk Reporting - Complete
PPT slides to quickly report Risk related updates
to Risk Committee and Board. (PPT)
• 6. Templates, forms etc - More than 10
templates, forms and report layouts that can be
implemented straight away (Word/Excel/PPT)
• 7. Free Consultation - Four hours of
online/phone consultation with our risk
management exerts to address specific
implementation queries that you may have.
Our price
Rs 25,000 plus
Service Tax
All the above contents will save you substantial time and efforts and consulting
fees. All you need to do is identify the level of maturity that you want and pick
up the components that you need.

Risk Toolkit Document
The Risk Toolkit main document gives a basic overview of Risk Management framework and provides all
the links, references and material necessary to proceed with the Framework implementation.
Contents
1. Riskpro’s Risk Management Toolkit 3
1.1 Toolkit Overview 3
1.2 Toolkit Contents 3
1.3 Aims of the toolkit 4
1.4 Who should use this toolkit 4
1.5 Is this toolkit fit for me. Am I too small or too large 4
1.6 Queries and updates – key contacts 4
2. Foundations of Risk Management 5
2.1 Risk Culture 5
2.2 Risk Definitions 5
3. Evaluating existing Risk Management Frameworks (RMF) 6
3.1 Adequacy of RMF 6
3.2 Sharing of Findings and Design of a Roadmap for RMF 6
4. Need for a Risk Management Framework 7
4.1 Purpose of a risk management framework 7
4.2 Different Risk Management Frameworks 7
5. Risk Governance 9
5.1 What is governance 9
5.2 Risk Management as three lines of defence 9
5.3 Typical components of a Risk Governance 10
5.4 Roles and Responsibilities 11
6. Risk Appetite 14
6.1 What is risk appetite? 14
6.2 Why is risk appetite important 14
6.3 Risk Appetite setting process 14
7. Risk Identification: How to identify risks 16
8. Risk Assessment 17
9. Annual Follow up 18
HIGHLIGHTS OF THE CONTENTS

Risk Management Policy
Contents
1. Introduction 4
1.1 Objective 4
1.2 Benefits of Risk Management 5
1.3 Risk Management Principles 5
1.4 Components of a Sound Risk Management System 5
2. Risk Management Framework Overview 6
3. Risk Governance and Risk Organization 7
4. Roles and responsibility of the Risk Organization 8
4.1 Board 8
4.1.1 Responsibilities of the Board 8
4.2 Risk Management Committee 9
4.2.1 Responsibilities of the RMC 9
4.3 Risk Management Head / CRO 10
4.3.1 Responsibilities of the Head - Risk Management 10
4.4 Business Unit Heads and employees of the organisation 10
4.4.1 Responsibilities of the each Division and Function 11
5. Risk Appetite 12
5.1 Risk Strategy 12
5.2 Risk Management and Budgeting / Business Planning 12
5.3 Risk Tolerance 12
6. Risk Management Process and procedures 14
6.1 14
7. Risk identification 15
7.1 Top down approach 15
7.2 Risk Identification at strategic and process level 15
7.3 Risk categorization 15
7.4 Risk Register 15
7.5 Maintenance and Regular updates to Risk Register 16

8. Incident Reporting / Loss Reporting 17
8.1 Definition of an Incident 17
8.2 Purpose of Incident reporting: 17
8.3 Incident Reporting Process 17
8.4 Senior Management Reporting and Analyzing incidents 17
9. Risk Assessment 19
10. Risk Prioritization and Mitigation 20
10.1 Risk Prioritization 20
10.2 Risk Mitigation 20
10.3 Risk Treatment 20
10.4 Adequacy of Insurance 20
11. Risk Monitoring 22
11.1 Risk Mitigation Action Plan 22
11.2 Key Risk Indicators (KRI) 22
11.3 KPI Framework 22
12. Risk Reporting 23
12.1 Risk Escalation 24
12.2 Quarterly Review of Risk Management Framework 24
13. Risk management as part of the Internal Control framework 25
13.1 Independent Internal Audit function 25
14. Risk Management Culture, Training and Awareness 26
15. Risk Management requirement as per Clause 49 27
16. Ownership and Review of Policy 28
17. Annexure 1: Risk Guidelines for Specific Risk Types 29
18. Annexure 3: Risk Assessment: Rating Scales 31
19. Annexure 5: Sample Risk Appetite Statements 33
20. Annexure 5: Formats of Key Risk Reports 34

Risk Register
More than 300+ key risks applicable to most industries outlined in the Risk register along with suggested
controls and risk impact type.
Business Line / Segment -
Mandatory
Main Process
Key Risk
(Event, Causes, Impacts)
Risk Impact
(Financial, Reputation,
Regulatory Operational, Legal)
Accounting & Finance Accounting Policies Accounting principles are inappropriately applied Regulatory
Accounting & Finance
Accounting & Finance
Accounts Receivable
Consoldiation and MIS
Credit risks caused by failure of customers to pay for
delivered products;
Materially inaccurate or untimely reporting in case of MIS
and Budgeting
Financial
Operational
Accounting & Finance Consoldiation and MIS Inadequate MIS Reporting Operational
Accounting & Finance Fixed Assets Incorrect Fixed Asset accounting Regulatory
Accounting & Finance Fixed Assets Incorrect depreciation calculations Regulatory
Accounting & Finance Internal Audit Inadequate internal audit coverage Operational
Accounting & Finance Payables Non Deduction of tax at source Regulatory
Advance payment not in accordance with the purchase
Accounting & Finance Payables
order or purchase agreement
Regulatory
Accounting & Finance Payables Misuse of cheques Financial
Accounting & Finance Projects/ Investments Financial stability of the JV partner is not assessed Financial
Accounting & Finance Revenue Recognition Incorrect value of FG is included in the Inventory Valuation Regulatory
Accounting & Finance
Taxation
Delays or Unable to meet the requirements of IncomeTax
department during assessment
Regulatory
Accounting & Finance Taxation Non compliance with Taxation laws Regulatory
Administration Insurance Inadequate insurance for business losses and liabilities Financial
Compliance Compliance Contractual compliance Operational
Compliance Environment Compliance with health, safety standards Regulatory
Corporate Business Strategies Competition risk Financial
Corporate Business Strategies Adverse movements of raw material prices Financial
Corporate Business Strategies Increased competition from other producers Financial
Corporate Corporate Inability to identify internal and external frauds Financial
Corporate Corporate Outsourcing of activities not managed properly Operational
Ensuring arms length relationship for transactions amongst
Corporate
Corporate
different business entities within the group
Regulatory
Corporate Corporate Inadequate internal processes for storage of documents Operational
Corporate Corporate Inadeuqate Internal Control Framework Operational
Corporate
Corporate
International and domestic macro-economic risks, including
economic growth rates, inflationary expectations
Operational
Corporate
Corporate
Imposition of quotas and other trade barriers in key export
markets
Financial
Corporate Corporate Incidents of Acts of Bribery Regulatory

Templates, Forms and Formats
1. Risk Management Framework – Gap Analysis
# SECTION REQUIREMENT
DEVELOPING A RISK MANAGEMENT FRAMEWORK
ESSENTIAL
(E)/
ADVANCED
(A)
IN PLACE
(Yes/No)
1 Communicate and Consult Has the board and executive expressed their support for
a risk management programme?
2 Establish the Context Have you identified a person who will be responsible for
implementing risk management?
3 Establish the Context Does the risk manager, or equivalent, have reasonable
access to staff and management across the
organisation?
4 Establish the Context Have you defined categories of risk relevant to your
organisation and industry?
5 Establish the Context Do your risk categories reflect all operational risk areas
of the business as well as more strategic risk
categories?
6 Establish the Context Is there a clear organisational strategy (or objectives)
articulated for the organisation?
7 Establish the Context Have you defined and agreed a likelihood scale to
assess the potential for the risk to occur throughout the
organisation?
8 Establish the Context Have you defined and agreed a consequence scale to
help assess risk impacts across the organisation?
9 Establish the Context Does the organisation's consequence scale describe
both financial and non-financial impacts?
E
E
E
E
E
A
E
E
E
2. Risk Assessment Template
Risk Assessment Template
Title:
Category:
Risk Assessment
Completed By:
Date Assessed:
Identify Risks Analyse Risks Evaluate Action
Risk –
Description /
Impact
Cause Existing Controls Control
Assessment
Risk Assessment
Treat Risk?
Consequence
Avoid Risk.
Likelihood
Accept Risk.
Reduce Risk.
Risk Rating
Transfer Risk.
Increase Risk

3. Risk Reporting – Example
Risk Profile
Almost Certain 6
Likely 2,3 8
Possible 1 15 9,5,10
Unlikely 7 13 12,4
Remote 14 11
LIKELIHOOD/
CONSEQUENCE
Insignificant Minor Moderate Major Extreme
Rank Ref Risk Category Risk Description Rating Trend Reason for
Change
Improvement
Required?
1 6 High
Yes
Improvement
Status
2 8 High
Yes
3 9 Significant
Yes
4 5 Significant
Yes
5 10 Significant
No
6 12 Significant
No
Big Savings -You do the Maths
Salary for CA with 7-8 years exp
researching for templates, sample
policies and then drafting policy and
all templates (Atleast 7 days)
Salary cost for about 5-7 days needed
to prepare comprehensive listing of
Risk register
Rs 45,000
Rs 40,000
Our price
Rs 25,000 plus
Service Tax
Future Updates – Free
Free Half day consultation
Rs 15,000
Rs 10,000
Rs 1,10,000