RISK AND MANAGEMENT CONTROL SYSTEM ▒

Presented by:
CPA Majala
SS-CERM,C31000
▒ COVERAGE

• Risk and Management Control Systems

• Loss Control and Prevention

• Loss Prediction and Risk Optimization

• Key Risk Reduction Techniques

07/23/2020
▒RISK AND MANAGEMENT CONTROL SYSTEM
• Objective of Risk Management

– The objective is that an organization takes risk

and manage risk intelligently, in a controlled
manner so that the business is viable for a
longer term while meeting the expectation of
all relevant stakeholders by creating shared
value

07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM
• Optimizing the tradeoffs between risk and return can
be achieved through:
– Making informed decision
By identifying, measuring and managing risks consistently
and systematically, and ensuring the timely communication
of risk related information across the enterprise in a
transparent manner.

– Having the right solution

By designing, implementing and monitoring effective
controls to optimize the management of risk in the
organization
07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM
• Main risk response strategies
– Acceptance – allowing the risk event to occur, accepting the
consequences(Tolerate)

– Avoidance – eliminating a specific threat, usually the cause of

risk(Terminate)

– Mitigation – minimize the consequences and/or likelihood of

the risk occurring below a threshold of risk acceptability(Treat)

– Transfer – move the risk elsewhere(Transfer)

07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM
• Internal control system
– It encompasses the policies, processes, tasks,
behaviours and other aspects of a company that,
taken together:
• Facilitate its effective and efficient of operations by
enabling it to respond appropriately to significant business,
operational, financial, compliance and other risks to
achieving the company’s objectives. This includes the
safeguarding of assets from inappropriate use or from loss
and fraud, and ensuring that liabilities are identified and
managed

07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM
• Internal control system
– It encompasses the policies, processes, tasks,
behaviours and other aspects of a company that, taken
together…:
• Help ensure the quality and reliability of internal and external
financial reporting. This requires the maintenance of proper
records and processes that generate a flow of timely, relevant
and reliable information from within and outside organization

• Help ensure compliance with applicable laws and regulations,

and also with internal policies with respect to the conduct of
business:
07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM

• Internal control system _ factors to be

considered
– The nature and extent of the risks facing the
company

– The extent and categories of risk which it regards as

acceptable for the company to bear

– The likelihood of the risks concerned materializing

07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM

• Internal control system _ factors to be

considered…:
– The company’s ability to reduce the incidence and
impact on the business of risks that do materialize

– The costs of operating particular controls relative to

the benefits thereby obtained in managing the
related risks

07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM
• Main risk response techniques

– Risk prevention techniques

– Risk prediction and optimization techniques

– Risk reduction techniques

– Risk transfer techniques

07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM

07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM

07/23/2020 SS-CERM,CT3100
▒RISK AND MANAGEMENT CONTROL SYSTEM

• Risk control optimization

– It is the process of utilizing findings from risk
assessments and implementing changes to reduce or
even to eliminate risk in these areas while
maximizing opportunities

– It can involve the implementation of new strategies,

policies and standards, physical changes and
procedural changes that can optimize the risk/return
balance within business
07/23/2020 SS-CERM,CT3100
▒ LOSS CONTROL AND PREVENTION

• Loss prevention
• Reduce the frequency(or likelihood) of a
particular loss
• Improving security measures may prevent intruders
from committing theft and vandalism in the office
building

• Regular maintenance and checkups of the major

systems in a vehicle increase the odds of preventing
an accident that might otherwise cause by a
mechanical failure

07/23/2020 SS-CERM,CT3100
▒ LOSS CONTROL AND PREVENTION

• Loss prevention
• A public company is planning to establish a
textile manufacturing plant

• What are the potential risks?

• What are the possible controls to prevent

loss?

07/23/2020 SS-CERM,CT3100
▒ LOSS CONTROL AND PREVENTION

• Loss prevention activities

• Process reengineering

• Work and job restructuring

• Human factors engineering

• Fraud prevention, detection, and response

07/23/2020 SS-CERM,CT3100
▒LOSS CONTROL AND PREVENTION
• Process reengineering
• Process is a measurable interconnected group of activities
that can flow across departments (Input – Output) e.g
accounting, sales and marketing, legal, recruitment.

• Resource is the means available to a company which can

be used to accomplish a goal such as increasing
production, revenue or profit.

• Process re-engineering may include implementation of

management systems such as Quality Management
System, and Six Sigma
07/23/2020 SS-CERM,CT3100
▒LOSS CONTROL AND PREVENTION
• Process reengineering
• Quality Management System[ISO 9001:2015]
• Quality Management System (QMS) is the
management system which directs and controls an
organization with regard to quality of service
delivered .

• It can help to improve the performance of the

organization, and achieve a sustained success that
allows the business to continually improve and
develop.
07/23/2020 SS-CERM,CT3100
▒LOSS CONTROL AND PREVENTION
• Process reengineering
• Benefits of Quality Management System[ISO
9001:2015]
– Streamline processes and procedures across the
organization
– Improves consistency and efficiency of services provision
– Improves customer satisfaction
– Improves communication
– Optimise use of resources both physical and intellectual
– Improve internal control systems and checks
– Efficient management of operational risks
07/23/2020 SS-CERM,CT3100
▒LOSS CONTROL AND PREVENTION
• Process reengineering
• Six Sigma
• A metric – standard deviations in a normal curve

• A goal – 3.4 defects per million opportunities

• A rigorous improvement process focused methodology

• A management philosophy and system – reducing

waste and defects
07/23/2020 SS-CERM,CT3100
▒LOSS CONTROL AND PREVENTION
• Process reengineering
• Six Sigma
–The higher the sigma, the fewer the defects

–An increase from 3 to six sigma represents a 20,000 fold improvement

07/23/2020 SS-CERM,CT3100
▒LOSS CONTROL AND PREVENTION
• Work and job restructuring
• Focusing on human capital
• Human capital refers to competitive advantage
due to individual abilities, skills and behaviour

• In encompasses Knowledge, Skills, Behaviour,

and Network

07/23/2020 SS-CERM,CT3100
▒LOSS CONTROL AND PREVENTION
• Work and job restructuring
• Focusing on human capital…
• Knowledge: Command of body of facts acquired through
education and training

• Skills: Ability, developed through practice, with the means

to carry out a task

• Attitude/Behaviour: Observable ways of acting that

contribute to accomplishing a task

• Network: The quality of social ties

07/23/2020 SS-CERM,CT3100
▒LOSS CONTROL AND PREVENTION
• Work and job restructuring
• Focusing on human capital
• Having the right people at the right place

• Recruiting and promoting the right people

• Working under proper supervision

07/23/2020 SS-CERM,CT3100
 ▒LOSS CONTROL AND PREVENTION
• Fraud prevention, detection, and response
• Conditions for fraud to occur[Fraud Triangle]
• Pressures
• Greed or perceived intense needs resulting in
tremendous stress.

• Opportunity
• Possibility of committing fraud and get away with it

• Rationalization
• Justification for the committed fraud
07/23/2020 SS-CERM,CT3100
 ▒LOSS CONTROL AND PREVENTION
• Fraud prevention, detection, and response

07/23/2020 SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Risk treatment is not just about downside risk, it is about
optimizing the risk/return balance in any organization
activities
• Loss prediction and risk optimization activities
• Strategic and business planning

• Project risk management

• Human capital and organizational learning

• Business and market intelligence and Risk Management Information

System
07/23/2020 SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Strategic and business planning
• Understanding and managing strategic risks

• Strategic risks comprises of change in

competitive environment, and adaptation to that
changes

• The competitive environment refers to all

relations of the organization with clients,
competitors, regulators and other economic
actors
07/23/2020 SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Strategic and business planning
• Understanding and managing strategic risks
• There are two types of changes in the
competitive environment:
• Abrupt or gradual changes; and
• Temporally and permanent changes

• Strategic risk may be as a result of failure to

respond to changes or failure of the CEO to come
up with the right strategy
07/23/2020 SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Project risk management
• Types of projects:
• Expansion or diversification projects
• Safety and maintenance projects
• Cost saving projects

• Risk Continuum

07/23/2020 SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Project risk management- Risk and Knowledge areas
• Project objectives
• Scope
• Poor definition of scope or work packages, incomplete definition of quality requirements,
inadequate scope controls

• Quality
• Poor attitude toward quality, substandard design/materials/workmanship, inadequate quality
assurance program

• Time
• Errors in estimating or resource availability, poor allocation and management of float, early
release of competitive products

• Cost
• Estimating errors, inadequate productivity, cost, change, or contingency control, poor
maintenance, security, purchasing etc.

07/23/2020 SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Project risk management- Risk and Knowledge areas
• Support activities in order to achieve project objectives
• Project management integration
• Inadequate planning, poor resource allocation, poor integration management, lack of
post project reviews

• Information communication
• Carelessness in planning or communicating, lack of consultation with key stakeholders

• Human resources
• Poor conflict management, poor project organization and definition of r responsibilities,
absence of leadership

• Contract procurement
• Unenforceable conditions or contract clauses, adversarial relations

07/23/2020 SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Project risk management- Project failures
• Unanticipated act of God and Black swans
• Bad things may happen

• Technical feasibility /impossibility

• Being too ambitious, the question of capability

• Incompetently management and people issues

• Wrong people assigned to manage project

• Over constrained and unbalanced

• Strict deadline, budget and scope

07/23/2020 SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION

• Human capital and organizational learning

• Human capital development
• Knowledge

• Skills

• Behaviour

• Network
07/23/2020 SS-CERM,CT3100
 ▒LOSS PREDICTION AND RISK OPTIMIZATION
• Human capital and organizational learning
• Human capital risk

• The cost of employees not showing up,

underperforming or making a mistake causing lower
production, accident, injury or death

• There are two main issues with human capital risk;

Vulnerability human capital, and ineffective himan
capital
07/23/2020 SS-CERM,CT3100
 ▒LOSS PREDICTION AND RISK OPTIMIZATION
• Human capital and organizational learning
• Human capital risk
• Vulnerability human capital which include death,
disability/sickness, and retirement
• Ineffective human capital which include:
• Failure to perform

• Destructive behaviour including dishonesty

• Staff turnover – people leave organization before they reach

their productivity level. Effective people should stay long
07/23/2020 enough to create value for the organization
SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Human capital and organizational learning
• Human capital risk management(Attract, Develop, Protect and
Retain)
• Attracting the right human capital
• Proper recruitment procedures

• Developing human capital

• Regular training programs and cross training
• Protecting and retaining human capital
• Effective incentive plans
• Security management
07/23/2020
• Talent management system
SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Business and marketing intelligence, and Risk
Management Information System(RMIS)
• Market intelligence system is one that systematically gathers and
processes critical business information, transforming it into
actionable management intelligence for marketing decision

• Data and information:

• Data are isolated facts not placed in any meaningful context
that would permit inferences or conclusions to be drawn

• Information is data organized in ways that identify certain

variables or conditions that is, data placed into a context for
decision making
07/23/2020 SS-CERM,CT3100
▒LOSS PREDICTION AND RISK OPTIMIZATION
• Business and marketing intelligence, and Risk
Management Information System(RMIS)
• Designing a Risk Management Information System:
• RMIS specifications – analyzing the organization’s particular
RMIS requirements
• Data requirements – identifying the flows of information
needed to meet these requirements
• Feasibility study – determining the technological and
financial feasibility of a RMIS to meet these requirements
• Buy or lease decision – deciding whether to build, buy, or
lease the hardware and software components of such
system

07/23/2020 SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Risk reduction techniques
–Inventory management and buffering

–Separation and redundancy

–Duplication

–Contractual transfer for risk control

–Insurance

–Diversification

–Crisis management
07/23/2020 SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Inventory management and buffering
–It is a form of organizational slack and generally
has effect of reducing unexpected losses but at
the expense of higher expected costs

–Buffers act as shield that prevent uncertainty from

creating business continuity

–Uncertainty may be either in the demand for

resource or the supply of the resource.
07/23/2020 SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Separation and redundancy
–Segregation of exposure units
• Separation of exposure units techniques can be either
–Separation of loss exposure units; or

–Redundancy of loss exposure units

• Both separation and redundancy strive to reduce the

organization’s dependency on a single point of failure e.g asset,
activity, person etc
–Individual losses smaller and more predictable

07/23/2020
–Easier to manage and less disruptive
SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Duplication
– Involves maintaining backups, spares, or copies of
organizations critical property, information or
capabilities

– The duplication is not used unless the primary asset

or activity is damaged or destroyed

– This is appropriate when an entire asset or activity is

so important that the consequence of its loss justifies
the expense and time of maintaining a duplication
07/23/2020 SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Contractual transfer for risk control
–A contract that transfers to another entity the legal
responsibility for performing a particular activity and
bearing specified types of losses that might arise
from that activity

–Loss exposures associated with an activity or asset is

shifted to the transferee
• Transferor seeks no indemnity or compensation from the
transferee but rather expect the transferee to perform
certain activities that the transferor deemed unduly hazard
07/23/2020 SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Contractual transfer for risk control
–Loss exposures associated with an activity or asset
is shifted to the transferee
• The transferee performing the risky activity is
responsible for any loss that might result

–Examples of contractual transfer include

equipment leasing, subcontracting hazardous
activities

07/23/2020 SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Insurance
–The mechanism by which one party contractually
transfers to a third party its financial exposure to
risk. The third party[The Insurer] pools risks
together such that it can then spread amongst a
pool the cost of actual financial losses arising

–Insurable risk characteristics

• Risk of loss must be a random event(pure risk)
• Risk of loss must be accidental or fortuitous
07/23/2020 SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Insurance
–Insurable risk characteristics
• Loss event must be calculable
• Risk must be defined within a legal contract(Insurance
Policy)
• Definite loss(known time, in a known place, and from a
known cause)
• Control adverse selection: Insurer can
understand/observe insured’s risk to understand
profile
• Control moral hazard: does not cause the insured to
forgo their responsibility/actions to take
07/23/2020 SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Diversification
–Spreads loss exposures over numerous projects,
products, markets, or regions

–Closely resembles separation but more commonly

applied to managing business risks than risks
resulting in accidental losses
• Examples of diversification include
– A Fund Manager investing in different classes of assets

–A property developer developing both residential and

07/23/2020 commercial SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Crisis management
–Crisis management guide
• The critical preparation phase
–Avoiding or mitigate risks – to prevent or
minimize potential crisis
–Preparing to manage crisis – crisis can never
totally avoided

• The actual crisis management phase

–Recognizing the crisis – how to ensure early
detection through effective warning systems
07/23/2020 SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Crisis management
– Crisis management guide
• The actual crisis management phase
– Containing the crisis – quick intervention and
taking control of the situation before it is too late
– Resolving the crisis – bringing the organization
back to normal

• The post-crisis phase

– Learning and leveraging form crisis(finding ways to
benefit positively from the way you manage the
07/23/2020
crisis impact SS-CERM,CT3100
▒KEY RISK REDUCTION TECHNIQUES
• Integrated Management System

07/23/2020 SS-CERM,CT3100
 Thank You

07/23/2020 SS-CERM,CT3100