Certified Enterprise Risk Officer (CERO)The Next Level in Enterprise Risk Management
Covid-19 had created massive disruption to global supply chain globally impacting all businesses in the world as their transportation for land, air and sea came to a complete halt since March/April 2020. This phenomenon had clearly revealed the inadequacy in risk management in many global organisations for not adopting holistic approach in managing risks. COSO ERM June 2017 stated that many corporations attempt to implement ERM were often not enterprise-wide in scope, and applications of ERM were rarely integrated with strategy-setting. ISO31000 February 2018 reiterated the effectiveness of risk management will depend on its integration into the governance of the organization, including decision-making. This requires support from stakeholders, particularly top management.
This 5-day program will adopt best practices of enterprise risk management (ERM) principles, frameworks and policies from latest ISO31000 February 2018 Risk Management and latest COSO ERM June 2017. Participants will learn how to develop and implement processes that identify, measure, monitor, control and mitigate risks across the enterprise with best practice on risk assessment techniques derived from IEC/ISO31010 and COSO ERM 2017 standards. Participants will learn to build the enterprise risk management framework that encompasses integrating, designing, implementing, evaluating and improving risk management across the organization.
By the end of this training program, each participant will be able to:
- Able to identify, measure, monitor, control and mitigate risk from unexpected and uncontrollable events adopting best principles, frameworks from ISO3100 and COSO ERM 2017 standards
- Establish early warning detection on any unusual patterns for effective risk control
- Align ERM strategy and framework to your corporate strategy for effective strategic planning adopting COSO ERM 2017 standard
- Implement a holistic ERM framework for effective risk monitoring and control
This 5-day program is entirely interactive and every participant will be fully participative in group discussion, exercises and case studies. A step-by-step guidance in how to develop, establish and implement an enterprise risk framework will be taught to each participant. Trainer will coach each participant and ensure that each participant is able to execute the ERM framework.
Who should attend
Anyone who is currently working in the risk management department, compliance department and internal audit are welcome to join this certification program.
Participant should have at least 3 years of practical experience in risk and/or audit related experiences. He/she needs to have pre-requisite knowledge in finance and capital markets.
What is ERM? Scope and Definition per ISO31000: 2018 and COSO ERM 2017 standards
- What is ERM per ISO3100: 2018 and COSO ERM 2017
- Why it is not fully understood
- The current VUCA event related crisis and how ERM can provide a lifeline
- The role and responsibilities of directors and senior management with respect to ERM
- The key link between governance and risk at strategic level
What is Risk? Importance Risk appetite and Risk Capacity
- What is risk
- Importance of root causes to risk
- Scope of risk capacity and risk appetite of each organisation
- Strategic, financial and operational risk
Understanding Risks from Behavioural Finance
- The importance of behavioural finance and how it works
- What can we learn from “market history” on risk
- Identifying patterns of irrationality of the financial markets
- Relationship between Risk and Behavioural Finance
- Behavioural finance influencing economic decision markers’ decision making
REAL LIFE CASE STUDY
Participants will learn to apply behavioural finance techniques on real-world case and identify its impact on strategy selection and other investment decision making. Participants will draw concrete lessons learnt resulting in ability to balance impacts from rational and emotional behaviours.
Global ERM Standards – Basel, ISO31000 and COSO ERM and its impact on ERM
- What causes these high profile corporate failures and the lessons learnt
- Explanation of ISO 31000 February 2018 international risk standard
- Key highlights to COSO ERM June 2017
- Comparison of ISO31000: 2018 to COSO ERM 2017 and Basel III
- The regulatory impact on ERM implementation
Importance of Aligning ERM to Strategic Planning per ISO31000: 2018 and COSO ERM 2017
- Understand the organisation’s strategic objectives
- Why Align ERM to Strategic Planning at corporate level
- Identify risk appetite and balance with risk capacity
- Institute key risk areas at strategic level
- Establishing an enterprise risk management framework per ISO3100: 2018 standards
REAL LIFE CASE STUDY
Participants will study a classical case study on how the enterprise risk management was misaligned to corporate strategy during the strategic planning process. They will identify key lessons learnt while drawing references to current global financial and VUCA situation leading to best practices being formed and adopted.
Establishing an Embedded Risk Management Process per ISO31000: 2018 and COSO ERM 2017
- Differences between Surprises and risk
- Why financial risks are only the tip of the iceberg
- Challenges due to regulatory and compliance
- Developing a enterprise risk strategy for your organisation
- Selling the benefits to management
Risk identification, analysis and evaluation methods per ISO31000: 2018 and COSO ERM 2017
- Identify the root causes to risks in your organisation
- Differences between root cause of risk and outcome of risks
- How to identify, sift and group the risks
- Evaluate hazards exposure, severity and mishap probability using inductive reasoning
- Approaches and techniques on Business, Market, Credit, Liquidity and Operational risks
- The use of diagnostic questions and thought provokers
- The pros and cons of using data capture technology
REAL LIFE CASE STUDY
Participants will be given a real world case study and deploy the various risk evaluation techniques to identify the types of risks, especially root cause, in the given case study. They will learn the different risk identification techniques applied and challenges involved in the process of risk analysis.
Assessment of Risk Treatment according to ISO31000: 2018 and COSO ERM 2017
- Identify risk exposures – what risk is acceptable within risk appetite
- Decide residual risk levels within risk capacity
- How to balance risk appetite with risk capacity
- Recording of risks – risk registers or risk maps
- Risk registers – do’s and don’ts
- Establishment of risk action plans
- Allocation of responsibilities to risk owners
Assessment of Risk Mitigation according to ISO31000: 2018 and COSO ERM 2017
- Controls or mitigation
- How to assess risk mitigation
- Develop hedging policy and options viability
- The need for diligence and challenge
- Risk mitigation and dealing with the exposures in best practice
REAL LIFE CASE STUDY
A real-world case will be given to participants to firstly identify the types of risks and discuss the various possible risk mitigation strategies. They will learn the different approaches and challenges involved in the process of risk mitigation and control.
Align Business Risks to Business Planning per ISO31000: 2018 and COSO ERM 2017
- Purpose of aligning business risks to business planning
- Cascade risks identified at corporate level to business unit/division levels
- Empower risk owners – how to determine such personnel and enforce ownership
- Using the risk register as a decision mechanism
- Establish risk management committee charter reporting to BOD
- Evaluate key business risks every half yearly
Establish Key risk indicators at business level according to ISO31000: 2018 /COSO ERM 2017
- Learn how to build effective key risk indicators (KRIs)
- Align KRIs to corporate strategy and key risk areas identified
- Develop holistic ERM policy using KRIs as key component
Setup Monitoring and Review control according to ISO31000: 2018 and COSO ERM 2017
- Measure KRAs and KRIs
- Establish risk benchmarking framework and policy for KRAs and KRIs
- Track risk management performance against KRAs and KRIs
- Develop scenario and sensitivity analysis for early warning of risks to BOD
- Report and escalate variance and unusual patterns to top management and BOD
REAL LIFE CASE STUDY
Participants will be given a real world case study to identify the misalignment of business planning to business risks resulting in financial losses. They will also discuss on the various methods to set proper KRAs and KRIs for alignment to corporate strategy, establish early warning indicators and establish effective monitoring and control mechanism with trainer sharing best practice.
People, Process, Cyber-Threats and Outsourcing Risks per ISO31000: 2018 and COSO ERM 2017
- Failure of external partners or inability to establish effective risk control
- Loss of key personnel, low morale/stress
- Hacking/breach of system security due to cyber attack
- Failure to innovate
- Poor prioritisation of systems development
- Too much data – insufficient information
- Latest E-Commerce and IT security risks development
Launch Risk Communication to Instil Effective Risk Culture
- Create strategic awareness of risk communication to external and internal stakeholders
- Promote benefits of adhering to ERM policies, regulations and governance
- Instil risk culture through implementing ERM processes
REAL LIFE CASE STUDY
A real world case study given to participants to identify the causes of risks resulting from people or process. They will also discuss on the various ways to mitigate such risks and design proper communication channels to various stakeholders as well as effective risk control mechanism.
Importance of Governance to ERM according to ISO31000: 2018 and COSO ERM 2017
- The increasing importance of governance
- Latest governance trends on Conduct Risk
- Code of conduct, ethical values for BOD and top management
- Establish KPIs on governance for all levels of staff including BOD and CEO
- Put in place business continuity and crisis management strategy
- Be responsible to environment sources / treatments
- Establish KPIs in handling customer service and management of complaints
- Ensure effective communication – internally and externally
Cascading the ERM Process from Business Levels to Individual per ISO31000: 2018 and COSO ERM 2017
- Stakeholders interest in risk & measuring the benefits
- Risk awareness for staff
- Breaking down Key Risk indicators (KRI’s) at corporate/business level into Key Performance Indicators (KPIs) for individuals/teams
- How to identify and reduce excessive controls
- Monitoring and control residual risks
- Manage stakeholder expectations
- How to use the programme to change the culture in a positive way Big ideas that can make
REAL LIFE CASE STUDY
Participants will be given a real world case study requiring them to establish the corporate KRIs and subsequently breaking them down into individual KPIs. They will discuss and challenged each other on its viability and functionality leading to drawing lessons learnt.
ERM – Lessons Learnt
- Clarifying Strategies and Objectives
- Lessons from integrating ERM with ongoing
- Management initiatives
- Strategic planning and ERM
- The enterprise balanced scorecard and ERM
- Business continuity planning, crisis preparedness and ERM
- Corporate governance and ERM
- Key value lessons from ERM
REAL LIFE CASE STUDY
A real world case study will be given to participants requiring them to identify the ERM process, identification of corporate risks, use enterprise balanced scorecard (EBS) to measure the corporate risks and results as well as establishing the individual KPIs and corporate KRIs.
Importance of Business continuity management (BCM) and Crisis Management
- Identification and prioritisation of key risk factors
- Prioritising of enterprise risk drivers
- Establishing a risk hierarchy
- Event magnitude and frequency measurements
Emergence of Information Security Risk
- How to handle data breaches and headline news?
- Determine the information breaches and its impact on firm’s financial losses
- Best practices from international Information Security Standards
- Identify the types of information security incidents – what is key to the firm?
- Establish the key information security risks
- Determine the level of confidentiality of the identify key information security risks
- Types of Assessments – Surveys, stress test, sensitive analysis and scenario analysis
- Types of Controls – issues of behavioural bias, KRIs and early warning indicators
REAL LIFE CASE STUDY
Participants will get to practice using the ERM framework and apply onto this final case study using all the ERM processes and techniques to identify, measure, monitor and control enterprise risks arises from this case study.
Every participants will either use their own organization or an approved case study and attempt to apply all the knowledge that they had acquired over the 5-days. This includes setting up the ERM Framework, KRIs, identify the root causes to different types of key risks covering market, credit, operational, liquidity, compliance and cyber, setup enterprise risks measurements, monitoring and controls plus reporting structure. This project will be then assessed by a panel of international experts in the 2 accrediting bodies in addition to the trainer.
Dr. Christopher Goh
Dr. Christopher is a professional, with some 25 years with extensive experience in, risk management, design thinking, compliance, anti-money laundering, strategic planning, exotic options, behavioural finance, and structuring products using derivatives and in particular to enterprise risk management where he spent some 15 years in this area, where he was the pioneer in risk management, since 1989.
He holds the title of chief risk officer for Asia Pacific having established holistic enterprise risk management and compliance framework, which includes anti-money laundering, sanctions, compliance and governance, spearheaded the implementation enterprise risk management process for some 3 international banks in Asia Pacific.
He had implemented enterprise risk management and compliance framework through practical experience gained through various diverse economic cycles. He had worked for 6 different banks over a period of some 25 years across 6 different cultures, business practices and management styles. This had given him a very deep knowledge in handling clients and managed staff from diverse cultural background.
Dr Christopher had conducted many in-house corporate seminars for the past 15 years training international and central bankers, senior management from government bodies from Asia region like Malaysia, Indonesia, Taiwan, China, Singapore, South Korea, Thailand, Hong Kong, Vietnam, Myanmar, Philippines, and to as far as London, Vienna, Jeddah, Riyadh, Kuwait, Johannesburg, Lagos (Nigeria), Accra (Ghana), Nairobi (Kenya), Dubai, Zimbabwe, Zambia, Lesotho, Moscow and Ulaanbaatar (Mongolia). He had since travelled to some 38 international cities to conduct international workshops and consultancies.
His current seminars and consultancy works are mainly focused on Governance, Risk and Compliance, Design Thinking for Bankers and Non-bankers, Enterprise Risk Management, Setting KPIs with Enterprise Balanced Scorecard, Organisational Development Audit/Assessment, Compliance Risk Management, Operational Risk and Compliance Management, Transforming Strategy into Business Results.
He had published over 20 Risk Management, Strategy and Technopreneurship articles. He had co-authored 2 books published in 2017:
- Design Thinking for Management, Leadership and Technopreneurship, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-4217-8, published in December 2017
- Technopreneurship: in Industry 4.0, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-3875-1 published in December 2017
Dr Christopher has most recently been appointed as Dean for School of Finance and Banking with Swiss Institute of Management and Innovation based in Zug, Switzerland. He is also an Adjunct Visiting Faculty to some foreign universities namely: Shanghai JiaoTong University, Central University of Finance and Economics (Beijing), Harbin Institute of Technology (Harbin), S.P. Jain (Singapore and Dubai campus) on a yearly basis on banking certification courses and/or EMBA courses.
The Certified Enterprise Risk Officer (CERO) is the unique programs from the Swiss Institute of Management and Innovation (SIMI)’s School of Finance & Banking. This program is also accredited as the other accredited programs from SIMI.