Strengthen Risk Oversight in Your Organisation
In a business landscape rife with uncertainty, Board Directors are increasingly being expected to pursue risk-bearing opportunities in order to keep an organisation ahead of its competitors and to achieve competitive and viable returns. Through our Qualified Risk Director (QRD®) certification program, learn how to navigate this new expectation through the latest best practices in Enterprise Risk Management (ERM) and Governance, Risk, and Compliance (GRC).
This program is well-suited to both board directors as well as senior management professionals who would benefit from learning about risk management from a Board perspective. As a Qualified Risk Director, you will be skilled in managing the full complexity of your company’s risks and making strategic decisions with integrity and accountability.
Conducted by internationally experienced Board Directors and risk leaders, this program covers essential knowledge every board member needs to know in order to govern successfully.
Register for individual modules or enroll in the full certification program. To become fully certified, participants will have 3 years to complete all training modules.
Upcoming training modules held at the IERP® Training Center in Malaysia:
In these difficult times, many corporate directors wonder if they and their boards are doing all they should to fulfill their fiduciary duty with respect to risk oversight. While most boards have taken on the challenge of upgrading their risk oversight capabilities, there is significant diversity across companies in their approach to this challenge. In addition, their sense of urgency toward adopting best practices also varies greatly from case to case. This program offering highlights a set of concrete emerging best practices for boards in this important area of responsibility.
The attitudes and actions of those viewed as leaders within a company (“tone at the top”) help to define corporate culture and are critical to implementing a successful enterprise risk management program. This part of the Qualified Risk Director (QRD™) program explores the challenges and benefits of creating a risk-aware corporate culture and provides suggestions and best practices on how the Board can facilitate the establishment of such a culture.
As a result of the various global financial crisis, regulators, ratings agencies, and investors have heightened expectations for board oversight of risk. This Qualified Risk Director (QRD™) program analyses the handicaps created by current risk oversight and assurance approaches and tools, highlights six goals for boards in executing their risk oversight duties, and provides practical advice for directors on how to achieve them.
Recent significant risk events, including catastrophic weather events, cybercrime, macroeconomic issues, and supply chain interruptions, have resulted in an increased focus on risk and risk management by boards of directors. One of the board’s key oversight roles is to understand the organisation’s strategic risks and the relationship between risk and strategy. This Qualified Risk Director (QRD™) program describes the factors that are driving the need for strategic risk management, outlines a strategic risk assessment process, and offers recommendations for integrating risk management in strategy execution and measurement.
Expectations for board oversight of management’s risk appetite and tolerance are rapidly evolving, and most boards face significant challenges in meeting those new expectations. Many current approaches to risk oversight often fail to link risks to strategic business objectives. This program provides guidance on how boards can take action to implement a board-driven approach that links retained risk information to strategic and foundation business objectives and increase the certainty of achieving them.
Civil charges against independent directors alleging negligence in the face of fraud serve as a sharp reminder for boards that ignorance of fraud risks and red flags is no excuse for inaction. The liability directors can face in a fraud case by doing nothing should serve a s a wake-up call that turning a blind eye to warning signs and red flags is not acceptable. While the ramifications can be serious, this new climate also brings to the forefront the positive impact of effective board governance in safeguarding organisations from fraud. However, an engaged and dedicated board can have a measurable, positive impact on an organisation by requiring, supporting, and overseeing a fraud risk management program. This programs shows directors how they may effectively discharge their responsibilities, while helping to secure a financially and ethically sound future for their organisation by requiring, implementing, and overseeing a proactive fraud risk management plan.
Board Directors are often confused about the segregation of work and duties between the Board Audit Committee (BAC) and the Board Risk Management Committee (BRMC). This confusion is often exacerbated by the lack of understanding of the concepts of the 1st, 2nd, and 3rd lines of defence. It is critical that Board members understand the forces giving rise to the increasing best practice process relating to the establishment and functioning of the BRMC. This program guides the participants through the factors contributing to effective BRMC empowerment as well as effective terms of reference/BRMC charter. The programs also examines common BRMC pitfalls and potential overlaps between the BAC and BRMC and suggests practical solutions.
The role of the board of directors in enterprise-wide risk oversight has become increasingly challenging as expectations for board engagement are at all-time highs. Risk is a pervasive part of everyday business and organisational strategy. But, the complexity of business transactions, technological advances, globalisation, speed of product cycles, and the overall pace of change have increased the volume and complexities of risks facing organisations over the last decade. With the benefit of hindsight, the global financial crises, swooning economies and the aftermath thereof, boards are becoming more aware of their responsibilities and challenges in overseeing the management of increasingly complex and interconnected risks that have the potential to devastate organisations overnight.
At the same time, boards and other market participants are receiving increased scrutiny by investors and regulators regarding their role in managing risks. Boards are being asked – and many are asking themselves – whether they actually understand the nature and scope of Enterprise Risk Management, how they could have done a better job in overseeing the management of their organisation’s risk exposures, and how properly implemented objective centric (not taxonomy) ERM processes and board oversight can prevent or minimise the impact of the various financial and other crisis on their organisation? This QRDTM program guides Board Directors through the maze of considerations above against the backdrop of ISO 31000 – the only International Standard on Risk Management.
In today’s world, Board Directors are confronted with an ever increasing array of risks facing all businesses, including natural (meteorological, geological, or biological), human (accidental or intentional), and technological (power, telecommunications, hardware, software, and cyber security). The impact of these hazards can be catastrophic – whether directly affecting the organisation, or indirectly interrupting their supply chain, vendors, or business partners. Even small interruptions can cause damage to a company’s financials and reputation, which means that organisations, with appropriate Board oversight, need a way to prevent potential downtime before it occurs.
To ensure resiliency, or business continuity, Boards need to ensure that there are appropriate ongoing practices to manage risk and to be prepared for quick and effective response, recovery, and resumption of normal operations. As such, Board Risk Management Committees must ensure the effective incorporation of business continuity disciplines into their core management practices. In addition to safeguarding business interests, organisations have a responsibility to protect the life and safety of their people.
ISO 22301 has many benefits, including more efficient resource use, improved risk management, and increased customer satisfaction. ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events when they arise. An effective Board should be aware of all relevant pertinent challenges and implementation issues in relation to BCM and ISO 22301.
What would you do if your company was suddenly swept up in a media firestorm? Boom goes your great reputation. You never know when a product will fail, an accident will happen, or an employee will do something spectacularly dumb. And when the crisis hits, the bad news will spread faster than you can say “Tweet.” Everyone with a desktop or smart phone has access to throngs of people who can fan flames for a very long time. Even though it probably isn’t in your job description as a Board Director, knowing how to play your role and, where necessary, lead in a crisis is a crucial part of a Director’s responsibility. This programs takes Directors through the fundamental concepts and shows how the principles covered during the program will guide Boards in not just surviving the onslaught of any crisis, but emerging after the crisis with a stronger business and wiser team.
An organisation’s risk management capabilities, along with the board’s risk governance processes, may be assessed according to their “maturity”—that is, where they reside on a curve that progresses toward Risk Smart and Risk Intelligent cultures. From ad hoc practices to formal and embedded processes, and various stages in between, there is no definitive threshold that all organisations should achieve. But there is a level of maturity that is right for each organisation, and it depends on how capable that organisation needs to be in order to manage its risk profile. Regular assessments can help organisations determine their current maturity level, the level they aspire to reach, and whether the board is getting the amount of information it needs to fulfil its role.
The key to effective assessments? Asking thoughtful questions to establish the current state and then assessing the risk governance process to help management identify, prioritise, and implement improvements. A simple maturity model, with sound Board understanding and effective Board oversight, can help organisations gauge where they are today, as well as set plans for the future.
Cyber-attacks and data leakage are daily threats to organisations globally, reminding us that we are all potential targets of this type of threat. Attorneys are discussing the potential risk of individual liability for corporate directors who do not take appropriate responsibility for oversight of cybersecurity.
Investors and regulators are increasingly challenging boards to step up their oversight of cybersecurity and calling for greater transparency around major breaches and the impact they have on the business. This has galvanised corporate boards who have woken up to the call that they must address cybersecurity issues on their front lines, as it is not just an Information Technology (IT) issue. In fact, cyber risks are an enterprise-wide risk management issue.
Given this environment, it is not surprising that cyber risk is now near the top of Board, Board Risk Management and Board Audit committee agendas. This program guides Directors on how to ask the right questions, what the key considerations are, how they can be more effective in managing cybersecurity risk, as well as how to close the loop in their information flow – to allow for continuous synchronization and integration as the board wants to remain agile and responsive to the evolving and changing cyber threat landscape.
The Board Audit Committee (BAC) has seen its role evolve over time and its role increase in relation to effective Governance. Understanding this evolution as well as the development of new international best practices resulting in the advent of modern empowered Board Audit Committees is critical in appreciating the challenges facing BAC members today. These developments make it more critical that the BAC has effective and relevant terms of reference and charters. To increase their effectiveness, the BAC should properly and effectively plan and co-ordinate their activities with Board Risk Management Committee to minimise duplication and hence improve effectiveness and efficiency.
This part of the QRDTM program guides Directors through the maze and plethora of issues mentioned above as well as the effective composition of the BAC and how the BAC members can effectively discharge their oversight responsibilities.
Audit committees play a critical role in overseeing internal control. Although their primary focus may be on internal control over financial reporting, now more than ever audit committees are taking the lead in overseeing controls pertaining to compliance and operational matters. Expectations of the audit committee’s role have expanded due to enhanced company and external auditor reporting requirements, along with an increased focus on compliance by regulators.
The updated version of the COSO Framework, issued in May 2013, emphasises the role of the board—and thereby the audit committee, depending on the governance structure—in creating an effective control environment and having a robust risk assessment process, including identifying and addressing fraud risks. Further, the updated framework provides additional structure by defining 17 principles of internal control. The framework’s enhanced structure increases the level of rigor required to evaluate the design and effectiveness of internal controls.
This program shows how the implementation of the updated framework provides a good opportunity to take a fresh look at internal control and create value for the organisation, regardless of how mature a company’s system of internal control may be. Improvements in the effectiveness of internal control can lead to more efficient operations, greater compliance rates, and more effective internal and external financial reporting.
The terminology of Governance, Risk and Compliance, or GRC, has been bandied around as the latest buzz phrase as a result of various standards. These words, however, are not new. Enterprise risk has been around for many years and so has regulatory or financial compliance. Only recently have organisations started to combine these words together in order to provide for better risk management and corporate governance. After all, it is the risk reports and compliance reports which are reviewed by the board of directors.
In order for transparency, accountability and integrity to occur, companies should look at adopting one or more of the enablers such as adopting a culture of business integrity and ethical values, looking at GRC as a single entity as opposed to separate activities, and utilising technology to enable efficiencies and effectiveness Historically, organisations have treated their risk and compliance initiatives as independent silos that span distributed business operations – be it in a single location, national or around the globe. With the increased focus on corporate governance and enterprise risk management, Boards should be instrumental in refocusing their organisations to start looking towards enabling technologies to drive sustainability, efficiency and consistency in managing governance, enterprise risk and compliance management in an effective manner.
It is no secret that organisations with effective Board oversight ensuring efficient governance, compliance and risk systems tend to score highly in terms of business performance and business sustainability. They are generally characterised by their capability to invest to create value rather than to scrimp to save expense. This program discusses why Boards should ensure GRC is treated as a single entity as opposed to separate ones. It also highlights how technology can be leveraged to maintain, monitor and report in real time the state of compliance for an organisation.
Corporate risk taking and the monitoring of risks have continued to remain front and center in the minds of boards of directors, legislators and the media, fuelled by the powerful mix of continuing worldwide financial instability; ever-increasing regulation; anger and resentment at the alleged power of business and financial executives and boards, including particularly as to compensation during times of economic uncertainty, retrenchment, contraction, and changing dynamics between U.S., European, Asian and emerging market economies; and consistent media attention to corporations and economies in crisis.
The reputational damage to companies and their boards that fail to properly manage risk is a major threat, and Institutional Shareholder Services now includes specific reference to risk oversight as part of its criteria for choosing when to recommend withhold votes in uncontested director elections. This has led to an increased focus on the board’s role in governance and effective risk management.
The focus on by the Board on risk management is a top governance priority of institutional investors. The various International Corporate Governance Codes have a focus on strengthening board structure and composition as well as recognizing the role of directors as active and responsible fiduciaries. They set out broad principles and recommendations on principles, structures and processes which companies should adopt in making good corporate governance an integral part of their business dealings and culture.
This program highlights a number of issues that have remained critical over the years and provides an update to reflect emerging and recent developments against the backdrop of International Corporate Governance best practice.
This program is for:
- Board of Directors
- Chairman of the Board
- Risk Committee Members & Advisors
- Nomination & Remuneration Committee Members
- Managing Directors
- Executive Directors
- Non-Executive Directors
- Independent Directors
- Company Secretaries
- C-Level Employees
There is no assessment for the QRD® program. Participants who complete all modules will be awarded a QRD® Certification. They will also be able to apply for a Professional Membership at the IERP®.
Only successful participants of the program who are current members of the IERP® are allowed to carry the QRD® initial after their names.