Enterprise Risk Management (ERM) - MIS Training

The Global Leader In 

Audit and Information Security Training 

London 

Summer 

Schools 

2012 

Enterprise 

Risk 

Management 

(ERM) 

Implementing, embedding and 

enhancing enterprise risk 

management: Practical guide to 

optimising the role of internal 

auditors and risk managers 

A Hands-On Guide 

to Effective ERM 

3 DAY COURSE: 

11 - 13 July 2012 

London 

Course Director 

Jenny Rayner 

SAVE 10% 

Attend with 

Managing the Internal Audit 

Department 

for a full week of training 

Jenny has over fifteen years experience in 

risk management and internal audit as 

part of a wide-ranging thirty year business 

career 

■ Understand Enterprise Risk Management (ERM) and how to implement it 

■ Know how to assess the risk management capability and maturity of your business 

■ Be able to stimulate improvement at each stage of the risk management process 

■ Learn how to balance both threats and opportunities to maximise value to the business 

■ Discover how to raise risk awareness and embed risk management thinking and practice 

■ Explore what is meant by ‘risk appetite’ and how to determine and communicate it 

■ Clarify the boundaries between the roles of internal audit and risk management 

■ Understand new and emerging risks – and how you can contribute 

■ Gain insights into emerging best practice on managing and reporting risks 

■ Network and share your experiences with other senior audit and risk professionals 

Save up to 50% 

with In-House Training 

www.mistieurope.com/inhouse 

Register Online at: 

www.mistieurope.com/training 

Quoting Code: 

IA120705-W

Enterprise 

Risk 

Management 

(ERM) 

Implementing, embedding and 

enhancing enterprise risk management: 

Practical guide to optimising the role of 

internal auditors and risk managers 

Course focus and features 

Many businesses have introduced risk management 

processes to meet growing corporate governance 

requirements. But what if the risk management exists in 

name only so the box can be ticked? What if the board and 

senior management team are not committed to it? What if 

the business risk management process is ineffective or 

incomplete? What if the audit committee does not 

understand its critical role on business risk? How can 

internal auditors and risk managers help to embed an 

effective enterprise-wide risk management process and 

contribute to its continuous improvement? 

This highly interactive three-day course explores how internal 

auditors and risk managers can act as a catalyst for good risk 

management and can assist in embedding it and improving its 

effectiveness. Participants will learn how they can add value at 

each stage of the risk management process – from risk 

identification to monitoring and reporting – without, in internal 

audit’s case, compromising objectivity and independence. 

The course offers numerous practical tools, techniques and top 

tips for successful Enterprise Risk Management, including 

demystifying risk appetite, managing threats and opportunities in 

parallel, innovative use of control risk self-assessment (CRSA) and 

the latest trends in risk reporting. The implications for internal 

auditors and risk managers of new and emerging risk areas such 

as governance, ethics, corporate responsibility, reputation, supply 

chain, outsourcing and project risks will also be explored. 

Course Director 

Jenny Rayner 

Jenny Rayner is an independent consultant and trainer 

specialising in risk management, corporate governance and 

internal audit. Jenny works with directors, senior managers, 

internal audit departments and risk managers in the private 

and not-for-profit sectors to help them embrace best practice 

in governance and assurance and to manage risk positively to 

improve business performance and enhance reputation. 

Prior to this, Jenny’s wide-ranging career spanned over 20 

years with ICI, in a variety of sales, marketing, purchasing, 

logistics, supply chain and general business management 

roles, latterly, as a Chief Internal Auditor with ICI. 

Jenny writes and lectures extensively on internal auditing, risk 

management, corporate governance, corporate responsibility 

and reputation. Jenny was Executive Editor of Gee 

Publishing’s Business Risk Management handbook and was 

Joint Editor of Gee’s Corporate Social Responsibility Monitor. 

She is author of the study Risky Business: towards best 

practice in managing reputation risk (2001, Institute of 

Business Ethics). Her book, Managing Reputational Risk: 

curbing threats, leveraging opportunities, was published by 

John Wiley in July 2003. She is also a contributor to 

QFinance – The Ultimate Resource (2010, Bloomsbury). 

Jenny is a member of the Institute of Risk Management and 

for three years chaired the NW District Committee of the 

Institute of Internal Auditors - UK and Ireland. Jenny also 

chairs the Group Audit and Assurance Committee of a UK 

housing association, is Deputy Chair on its Board and is a 

member of its Governance and Remuneration Committee. 

Participants will learn through a combination of presentations, 

case studies, practical exercises and discussions and will take 

away sample documents, checklists and worked examples. 

During the seminar attendees will have the opportunity to develop 

a tailored action plan for their own business. 

Whether you have been charged with establishing an ERM 

framework for your organisation, want to increase the 

effectiveness of the existing risk management process or wish to 

benchmark your business against emerging best practice, this is 

the course for you. 

Who Should Attend 

Chief Audit Executives, Internal Audit and Risk Management 

Heads, Risk Managers, Supervisors, Lead Auditors and Directors 

from private, public and not-for-profit sectors. 

Note: Highly experienced risk managers in businesses with wellestablished 

risk management systems may find the course 

content insufficiently advanced to be of major benefit. 

Prerequisite: None 

Advanced Preparation: None 

Training Type: Group-Live 

Learning Level: Intermediate 

Price: GBP £2,145 

CPEs: 22 

Telephone: 

+44 (0)20 7779 8454 

Email: 

training@mistieurope.com

Day One: 

Building a solid 

foundation 

Wednesday 11th July 

Introduction and course objectives 

Risk management unraveled 

• Risk, risk management and Enterprise Risk 

Management (ERM) defined 

• The corporate governance and regulatory context 

• Lessons from the credit crunch 

• Investor and stakeholder pressures 

• Review of risk management standards and 

guidelines (including COSO ERM and the new 

British and ISO standards) 

The core components of an ERM system 

• The risk management process: key steps 

• Risk language, risk registers and assessment 

methodology 

Sample documents 

• Defining, establishing and communicating risk 

appetite 

Exercise 

• ERM hierarchy and reporting framework 

• Risk management strategy and policy 

Sample documents 

Roles and responsibilities for ERM 

• The board and risk leadership 

• Audit and risk committees 

Sample terms of reference 

• Senior management 

• Employees 

• Key business partners 

• The risk management function 

Internal audit’s role in ERM 

• Implications of the IIA’s position statements 

• Internal audit’s and risk management’s respective 

roles 

Case study 

• Maintaining independence and objectivity 

• The ‘dos’ and ‘don’ts’ 

• Risk-based internal auditing 

Day Two: 

Promoting and 

enhancing enterprise 

risk management 

Thursday 12th July 

Determining what needs to be done 

• Understanding risk management maturity and 

effectiveness 

• Assessing the risk maturity of your business 

Exercise 

• The implications for internal auditors and risk 

managers 

• Articulating your risk management vision – and 

the steps to achieve it 

Identifying business risks 

• Risk categorization 

Sample risk categories 

• Risk identification: what works and what doesn’t 

• Getting at strategic risks 

PESTLE analysis 

• Handling threats and opportunities 

• Articulating risks to elicit action 

• Improving risk identification 

Assessing and prioritising risks 

• importance of inherent and residual risk 

• Risk assessment methodologies for threats and 

opportunities 

• Applying risk appetite 

Exercise 

• Multiple risk appetites and risk appetite 

hierarchies 

• Risk quantification 

• Improving risk assessment 

Responding to risks 

• Response options: the 4Ts (Tolerate, Treat, 

Transfer, Terminate) 

• Establishing an appropriate response 

• Black swans and risk resilience 

• Ownership and action planning 

• Enhancing risk responses 

Monitoring, reporting and assurance 

• The value of monitoring, reporting and assurance 

• Who should do what? 

Exercise 

• Assurance mapping: establishing the best 

source/type of assurance 

• Clarifying reporting lines 

• Reporting within the business 

Sample reporting formats 

• The latest developments in external risk disclosure 

Case study 

Hints and hazards 

• Common ERM weaknesses 

• Top tips for successful ERM implementation 

Day Three: 

Maintaining momentum 

and embedding ERM 

Friday 13th July 

New and emerging risk management 

challenges 

• Refreshing the business risk profile 

• Governance, strategic and ethics risks 

• Corporate responsibility and stakeholder risks 

• Reputational risks 

Case study 

• Supply chain and outsourcing risks 

• Project and programme risks 

• IT risk hotspots 

The business case for ERM: winning 

hearts and minds 

• Exploring the benefits – does ERM deliver value? 

• Gaining ‘buy in’ from non-believers 

• Analysis of a disaster 

Case study 

• Dealing with objections and concerns 

Role play 

Embedding risk management throughout 

the organisation 

• The importance of organisational culture 

• Encouraging everyone to be their own risk 

manager 

• Innovative use of Control Risk Self-assessment 

(CRSA): pros and cons 

• The power of risk workshops 

Top facilitation tips 

• Integrating risk management with management 

processes 

• Developing Key Risk Indicators (KRIs) 

Practical examples 

• The use of risk management software 

Adapting your approach as risk 

management matures 

• Dealing with changing skills requirements 

• Flexible interaction with other assurance providers 

• Tools for assessing risk management capability 

and effectiveness 

Sample assessment programmes 

• Towards best practice in ERM 

• Modifying your relationship with management and 

the board/audit committee 

• Measuring and reporting your own performance 

• Optimising and communicating your role 

Conclusions and action planning 

• Getting started: targeting quick wins 

• Next steps – your individual action plan 



Quoting Code: 

IA120705-W

The Global Leader In 

Audit and Information Security Training 



Enterprise Risk Management 

11-13 July 2012 London 

PRICE GBP £2,145 + VAT 

YOUR REGISTRATION CODE: 

IA120705-W 

Price includes tuition, course folder with all course notes, lunch 

and refreshments and a prestigious certificate. Delegates are 

responsible for their own accommodation. You can request an 

invoice or pay online. Please note, payment must be received 

prior to course start. 

Travelling To London From Abroad? 

MIS Training has been accredited by the BAC, making your trip 

to London easier which should make your visa application 

process much smoother. 

Internal Audit & Fraud London Summer Schools 

London 

Summer 

Schools 

2012 

We can help with your visa. 

Email: training@mistieurope.com 

Develop your skills in one of the greatest cities in the world...visit London this July 

For more information visit: www.mistieurope.com/summerschools 

Internal Audit School - 2-6 July 2012 

IT Audit School – IT Auditing for Non IT Auditors – 2-6 July 

Training Weeks - Attend both and save 10% 

Developing the Annual Audit Plan – 2-3 July 

And 

Risk Based Internal Auditing – 4-6 July 

Fraud & Corruption Summer School: - 2-6 July 

Conducting an Investigation into Fraud and Corruption – 2-3 July 

And 

Conducting a Fraud Risk Assessment – 4-6 July 

Managing the Internal Audit Department – 9-10 July 

And 

Enterprise Risk Management – 11-13 July 

Data Protection: 

Use of your information: The information you provide on this form will be used by 

Euromoney Institutional Investor PLC and its group companies (“we” or “us”) in relation 

to your registration for this event. We may also monitor your use of our website(s), 

including information you post and actions you take, to improve our services to you 

and track compliance with our terms of use. Except to the extent you indicate your 

objection below, we may also use your data (including data obtained from monitoring) 

(a) to keep you informed of our products and services; (b) occasionally to allow 

companies outside our group to contact you with details of their products/services. As 

an international group, we may transfer your data on a global basis for the purposes 

indicated above, including to countries which may not provide the same level of 

protection to personal data as within the European Union. By submitting your details, 

you will be indicating your consent to the use of your data as identified above. Further 

information on our use of your personal data is set out in our privacy policy, which is 

available at www.mistieurope.com or can be provided to you separately upon request. 

Marketing choices: If you object to contact as identified above by telephone ❑, fax ❑, 

or email ❑, or post ❑, please tick the relevant box. If you do not want us to share your 

information with other companies ❑ please tick this box. 

Cancellation Policy: 

Please ensure you have read this carefully before submitting your 

registration] MIS Training operates a 20 working day cancellation policy. 

Any cancellations received after 20 days or any delegate that does not 

attend will be subject to full payment. You may transfer to another 

course/conference for a transfer fee of 25% of the initial booking fee plus 

the difference between the value of the course/conference you are 

transferred to. This will be invoiced or refunded. Please note that the 

replacement course/conference must take place within 6 months of the 

initial application. Alternatively you may send another colleague to the initial 

booked course/conference without incurring any additional fees. A full 

refund less an administration fee of £100 will be given for cancellation 

requests received up to 20 working days before the event. Cancellations 

must be made in writing and reach the MIS office before the 20 working 

days deadline. 

Accommodation: 

All training venues will be confirmed 3-4 weeks prior to the course start 

date. MIS Training Institute has negotiated special accommodation rates in 

4 star hotels in central London (Zone 1) for UK courses. 

VAT: 

All delegates attending are liable to pay VAT. 

Overseas delegates can claim a VAT refund under 

the European Union (EU) 8th and 13th Directives on 

all eligible business expenses such as course fees, 

hotel accommodation, meals, car hire 

etc., provided you are not registered for VAT in the 

UK. For more information please visit 

www.mistieurope.com/VAT or 

email training@mistieurope.com. 

Printed on paper from a sustainable 

source, using vegetable oil based inks

Enterprise Risk Management (ERM) - MIS Training

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?