Download Risk Management Toolkit - Brochure. - Riskpro
Download Risk Management Toolkit - Brochure. - Riskpro
Download Risk Management Toolkit - Brochure. - Riskpro
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Risk</strong> <strong>Management</strong> <strong>Toolkit</strong><br />
Practical Tools, Templates and Formats for <strong>Risk</strong><br />
<strong>Management</strong><br />
August 2012
What is <strong>Risk</strong> <strong>Management</strong> <strong>Toolkit</strong><br />
RM <strong>Toolkit</strong> is a set of Policies, procedures, tool and<br />
templates that you need to implement a risk<br />
management framework in your organisation.<br />
All the information is complete in all respect to get<br />
you started. It comes to you in a fully editable and<br />
zip file with all original word and excel files for you to<br />
use.<br />
<strong>Toolkit</strong> meets all Regulatory<br />
requirements<br />
The policies and set of tools, templates, reports and<br />
form meet most regulatory requirements. For<br />
industry specific requirements, please get in touch<br />
with us to provide you an overview of what else you<br />
might require, in case it is not already part of the<br />
toolkit.<br />
<strong>Toolkit</strong><br />
Contents<br />
• 1. <strong>Toolkit</strong> Document – This acts as the Guide on<br />
<strong>Risk</strong> <strong>Management</strong> Framework and how you<br />
should approach the project. (Pdf/Word)<br />
• 2. <strong>Risk</strong> <strong>Management</strong> Policy – Complete policy<br />
that can be implemented with little<br />
customisation (Word)<br />
• 3. FX <strong>Risk</strong> <strong>Management</strong> Policy - To manage FX<br />
risk and a requirement of Banks (Word)<br />
• 4. <strong>Risk</strong> Register – A listing of over 300 risks<br />
typically applicable to an organisation. (Excel)<br />
• 5. Quarterly MIS / <strong>Risk</strong> Reporting - Complete<br />
PPT slides to quickly report <strong>Risk</strong> related updates<br />
to <strong>Risk</strong> Committee and Board. (PPT)<br />
• 6. Templates, forms etc - More than 10<br />
templates, forms and report layouts that can be<br />
implemented straight away (Word/Excel/PPT)<br />
• 7. Free Consultation - Four hours of<br />
online/phone consultation with our risk<br />
management exerts to address specific<br />
implementation queries that you may have.<br />
Our price<br />
Rs 25,000 plus<br />
Service Tax<br />
All the above contents will save you substantial time and efforts and consulting<br />
fees. All you need to do is identify the level of maturity that you want and pick<br />
up the components that you need.
<strong>Risk</strong> <strong>Toolkit</strong> Document<br />
The <strong>Risk</strong> <strong>Toolkit</strong> main document gives a basic overview of <strong>Risk</strong> <strong>Management</strong> framework and provides all<br />
the links, references and material necessary to proceed with the Framework implementation.<br />
Contents<br />
1. <strong>Risk</strong>pro’s <strong>Risk</strong> <strong>Management</strong> <strong>Toolkit</strong> 3<br />
1.1 <strong>Toolkit</strong> Overview 3<br />
1.2 <strong>Toolkit</strong> Contents 3<br />
1.3 Aims of the toolkit 4<br />
1.4 Who should use this toolkit 4<br />
1.5 Is this toolkit fit for me. Am I too small or too large 4<br />
1.6 Queries and updates – key contacts 4<br />
2. Foundations of <strong>Risk</strong> <strong>Management</strong> 5<br />
2.1 <strong>Risk</strong> Culture 5<br />
2.2 <strong>Risk</strong> Definitions 5<br />
3. Evaluating existing <strong>Risk</strong> <strong>Management</strong> Frameworks (RMF) 6<br />
3.1 Adequacy of RMF 6<br />
3.2 Sharing of Findings and Design of a Roadmap for RMF 6<br />
4. Need for a <strong>Risk</strong> <strong>Management</strong> Framework 7<br />
4.1 Purpose of a risk management framework 7<br />
4.2 Different <strong>Risk</strong> <strong>Management</strong> Frameworks 7<br />
5. <strong>Risk</strong> Governance 9<br />
5.1 What is governance 9<br />
5.2 <strong>Risk</strong> <strong>Management</strong> as three lines of defence 9<br />
5.3 Typical components of a <strong>Risk</strong> Governance 10<br />
5.4 Roles and Responsibilities 11<br />
6. <strong>Risk</strong> Appetite 14<br />
6.1 What is risk appetite? 14<br />
6.2 Why is risk appetite important 14<br />
6.3 <strong>Risk</strong> Appetite setting process 14<br />
7. <strong>Risk</strong> Identification: How to identify risks 16<br />
8. <strong>Risk</strong> Assessment 17<br />
9. Annual Follow up 18<br />
HIGHLIGHTS OF THE CONTENTS
<strong>Risk</strong> <strong>Management</strong> Policy<br />
Contents<br />
1. Introduction 4<br />
1.1 Objective 4<br />
1.2 Benefits of <strong>Risk</strong> <strong>Management</strong> 5<br />
1.3 <strong>Risk</strong> <strong>Management</strong> Principles 5<br />
1.4 Components of a Sound <strong>Risk</strong> <strong>Management</strong> System 5<br />
2. <strong>Risk</strong> <strong>Management</strong> Framework Overview 6<br />
3. <strong>Risk</strong> Governance and <strong>Risk</strong> Organization 7<br />
4. Roles and responsibility of the <strong>Risk</strong> Organization 8<br />
4.1 Board 8<br />
4.1.1 Responsibilities of the Board 8<br />
4.2 <strong>Risk</strong> <strong>Management</strong> Committee 9<br />
4.2.1 Responsibilities of the RMC 9<br />
4.3 <strong>Risk</strong> <strong>Management</strong> Head / CRO 10<br />
4.3.1 Responsibilities of the Head - <strong>Risk</strong> <strong>Management</strong> 10<br />
4.4 Business Unit Heads and employees of the organisation 10<br />
4.4.1 Responsibilities of the each Division and Function 11<br />
5. <strong>Risk</strong> Appetite 12<br />
5.1 <strong>Risk</strong> Strategy 12<br />
5.2 <strong>Risk</strong> <strong>Management</strong> and Budgeting / Business Planning 12<br />
5.3 <strong>Risk</strong> Tolerance 12<br />
6. <strong>Risk</strong> <strong>Management</strong> Process and procedures 14<br />
6.1 14<br />
7. <strong>Risk</strong> identification 15<br />
7.1 Top down approach 15<br />
7.2 <strong>Risk</strong> Identification at strategic and process level 15<br />
7.3 <strong>Risk</strong> categorization 15<br />
7.4 <strong>Risk</strong> Register 15<br />
7.5 Maintenance and Regular updates to <strong>Risk</strong> Register 16
8. Incident Reporting / Loss Reporting 17<br />
8.1 Definition of an Incident 17<br />
8.2 Purpose of Incident reporting: 17<br />
8.3 Incident Reporting Process 17<br />
8.4 Senior <strong>Management</strong> Reporting and Analyzing incidents 17<br />
9. <strong>Risk</strong> Assessment 19<br />
10. <strong>Risk</strong> Prioritization and Mitigation 20<br />
10.1 <strong>Risk</strong> Prioritization 20<br />
10.2 <strong>Risk</strong> Mitigation 20<br />
10.3 <strong>Risk</strong> Treatment 20<br />
10.4 Adequacy of Insurance 20<br />
11. <strong>Risk</strong> Monitoring 22<br />
11.1 <strong>Risk</strong> Mitigation Action Plan 22<br />
11.2 Key <strong>Risk</strong> Indicators (KRI) 22<br />
11.3 KPI Framework 22<br />
12. <strong>Risk</strong> Reporting 23<br />
12.1 <strong>Risk</strong> Escalation 24<br />
12.2 Quarterly Review of <strong>Risk</strong> <strong>Management</strong> Framework 24<br />
13. <strong>Risk</strong> management as part of the Internal Control framework 25<br />
13.1 Independent Internal Audit function 25<br />
14. <strong>Risk</strong> <strong>Management</strong> Culture, Training and Awareness 26<br />
15. <strong>Risk</strong> <strong>Management</strong> requirement as per Clause 49 27<br />
16. Ownership and Review of Policy 28<br />
17. Annexure 1: <strong>Risk</strong> Guidelines for Specific <strong>Risk</strong> Types 29<br />
18. Annexure 3: <strong>Risk</strong> Assessment: Rating Scales 31<br />
19. Annexure 5: Sample <strong>Risk</strong> Appetite Statements 33<br />
20. Annexure 5: Formats of Key <strong>Risk</strong> Reports 34
<strong>Risk</strong> Register<br />
More than 300+ key risks applicable to most industries outlined in the <strong>Risk</strong> register along with suggested<br />
controls and risk impact type.<br />
Business Line / Segment -<br />
Mandatory<br />
Main Process<br />
Key <strong>Risk</strong><br />
(Event, Causes, Impacts)<br />
<strong>Risk</strong> Impact<br />
(Financial, Reputation,<br />
Regulatory Operational, Legal)<br />
Accounting & Finance Accounting Policies Accounting principles are inappropriately applied Regulatory<br />
Accounting & Finance<br />
Accounting & Finance<br />
Accounts Receivable<br />
Consoldiation and MIS<br />
Credit risks caused by failure of customers to pay for<br />
delivered products;<br />
Materially inaccurate or untimely reporting in case of MIS<br />
and Budgeting<br />
Financial<br />
Operational<br />
Accounting & Finance Consoldiation and MIS Inadequate MIS Reporting Operational<br />
Accounting & Finance Fixed Assets Incorrect Fixed Asset accounting Regulatory<br />
Accounting & Finance Fixed Assets Incorrect depreciation calculations Regulatory<br />
Accounting & Finance Internal Audit Inadequate internal audit coverage Operational<br />
Accounting & Finance Payables Non Deduction of tax at source Regulatory<br />
Advance payment not in accordance with the purchase<br />
Accounting & Finance Payables<br />
order or purchase agreement<br />
Regulatory<br />
Accounting & Finance Payables Misuse of cheques Financial<br />
Accounting & Finance Projects/ Investments Financial stability of the JV partner is not assessed Financial<br />
Accounting & Finance Revenue Recognition Incorrect value of FG is included in the Inventory Valuation Regulatory<br />
Accounting & Finance<br />
Taxation<br />
Delays or Unable to meet the requirements of IncomeTax<br />
department during assessment<br />
Regulatory<br />
Accounting & Finance Taxation Non compliance with Taxation laws Regulatory<br />
Administration Insurance Inadequate insurance for business losses and liabilities Financial<br />
Compliance Compliance Contractual compliance Operational<br />
Compliance Environment Compliance with health, safety standards Regulatory<br />
Corporate Business Strategies Competition risk Financial<br />
Corporate Business Strategies Adverse movements of raw material prices Financial<br />
Corporate Business Strategies Increased competition from other producers Financial<br />
Corporate Corporate Inability to identify internal and external frauds Financial<br />
Corporate Corporate Outsourcing of activities not managed properly Operational<br />
Ensuring arms length relationship for transactions amongst<br />
Corporate<br />
Corporate<br />
different business entities within the group<br />
Regulatory<br />
Corporate Corporate Inadequate internal processes for storage of documents Operational<br />
Corporate Corporate Inadeuqate Internal Control Framework Operational<br />
Corporate<br />
Corporate<br />
International and domestic macro-economic risks, including<br />
economic growth rates, inflationary expectations<br />
Operational<br />
Corporate<br />
Corporate<br />
Imposition of quotas and other trade barriers in key export<br />
markets<br />
Financial<br />
Corporate Corporate Incidents of Acts of Bribery Regulatory
Templates, Forms and Formats<br />
1. <strong>Risk</strong> <strong>Management</strong> Framework – Gap Analysis<br />
# SECTION REQUIREMENT<br />
DEVELOPING A RISK MANAGEMENT FRAMEWORK<br />
ESSENTIAL<br />
(E)/<br />
ADVANCED<br />
(A)<br />
IN PLACE<br />
(Yes/No)<br />
1 Communicate and Consult Has the board and executive expressed their support for<br />
a risk management programme?<br />
2 Establish the Context Have you identified a person who will be responsible for<br />
implementing risk management?<br />
3 Establish the Context Does the risk manager, or equivalent, have reasonable<br />
access to staff and management across the<br />
organisation?<br />
4 Establish the Context Have you defined categories of risk relevant to your<br />
organisation and industry?<br />
5 Establish the Context Do your risk categories reflect all operational risk areas<br />
of the business as well as more strategic risk<br />
categories?<br />
6 Establish the Context Is there a clear organisational strategy (or objectives)<br />
articulated for the organisation?<br />
7 Establish the Context Have you defined and agreed a likelihood scale to<br />
assess the potential for the risk to occur throughout the<br />
organisation?<br />
8 Establish the Context Have you defined and agreed a consequence scale to<br />
help assess risk impacts across the organisation?<br />
9 Establish the Context Does the organisation's consequence scale describe<br />
both financial and non-financial impacts?<br />
E<br />
E<br />
E<br />
E<br />
E<br />
A<br />
E<br />
E<br />
E<br />
2. <strong>Risk</strong> Assessment Template<br />
<strong>Risk</strong> Assessment Template<br />
Title:<br />
Category:<br />
<strong>Risk</strong> Assessment<br />
Completed By:<br />
Date Assessed:<br />
Identify <strong>Risk</strong>s Analyse <strong>Risk</strong>s Evaluate Action<br />
<strong>Risk</strong> –<br />
Description /<br />
Impact<br />
Cause Existing Controls Control<br />
Assessment<br />
<strong>Risk</strong> Assessment<br />
Treat <strong>Risk</strong>?<br />
Consequence<br />
Avoid <strong>Risk</strong>.<br />
Likelihood<br />
Accept <strong>Risk</strong>.<br />
Reduce <strong>Risk</strong>.<br />
<strong>Risk</strong> Rating<br />
Transfer <strong>Risk</strong>.<br />
Increase <strong>Risk</strong>
3. <strong>Risk</strong> Reporting – Example<br />
<strong>Risk</strong> Profile<br />
Almost Certain 6<br />
Likely 2,3 8<br />
Possible 1 15 9,5,10<br />
Unlikely 7 13 12,4<br />
Remote 14 11<br />
LIKELIHOOD/<br />
CONSEQUENCE<br />
Insignificant Minor Moderate Major Extreme<br />
Rank Ref <strong>Risk</strong> Category <strong>Risk</strong> Description Rating Trend Reason for<br />
Change<br />
Improvement<br />
Required?<br />
1 6 High<br />
<br />
Yes<br />
Improvement<br />
Status<br />
2 8 High<br />
<br />
Yes<br />
3 9 Significant<br />
<br />
Yes<br />
4 5 Significant<br />
<br />
Yes<br />
5 10 Significant<br />
<br />
No<br />
6 12 Significant<br />
<br />
No<br />
Big Savings -You do the Maths<br />
Salary for CA with 7-8 years exp<br />
researching for templates, sample<br />
policies and then drafting policy and<br />
all templates (Atleast 7 days)<br />
Salary cost for about 5-7 days needed<br />
to prepare comprehensive listing of<br />
<strong>Risk</strong> register<br />
Rs 45,000<br />
Rs 40,000<br />
Our price<br />
Rs 25,000 plus<br />
Service Tax<br />
Future Updates – Free<br />
Free Half day consultation<br />
Rs 15,000<br />
Rs 10,000<br />
Rs 1,10,000