QUICK START Purchase training and reference aids you need to get started in hard copy form see next page for options and pricing

Transcription

1 ORDER FORM Risk Oversight Solutions Inc. offers a range of cost-effective RiskStatusOversight support packages for organizations that want to implement our globally acclaimed Board & C-Suite Driven/Objective Centric ( BCD/OC ) approach to ERM and Internal Audit. Select the one that best meets your particular needs. Customized support options are also available. If you have questions contact Tim Leech, Managing Director, at All prices are quoted in U.S. dollars. Send this form to info@riskoversightsolutions.com. We will respond within 24 hours. Company Name Primary Contact Name Billing Address Phone # QUICK START Purchase training and reference aids you need to get started in hard copy form see next page for options and pricing This option is best suited for organizations that want ERM and/or Internal Audit personnel that have taken training on BCD/OC approach to ERM and internal audit available through Risk Oversight Solutions or the Institute of Internal Auditors ( to use and realize all the benefits of our acclaimed BCD/OC/RiskStatusline risk assessment approach, but don t plan, at least initially, on full entity-wide implementation. It will also appeal to smaller organizations. (NOTE: this option includes the right to use the training and reference aids purchased but does not include the right to reproduce them more broadly for internal use). ENTERPRISE SELECT - License the right to use and reproduce internally the materials you need see next page for details and pricing This option allows organizations to use, and reproduce for internal use the specific BCD/OC and RiskStatusline risk assessment training and reference aids needed to support BCD/OC/RiskStatusline implementation and maintenance. Clients reproduce themselves the training and reference materials they have licensed, subject only to maximum quantity ceilings in the package they choose. Clients can elect to customize the materials and add corporate logo/branding. With this option specialist ERM/IA staff usually take the necessary training to support implementation from Risk Oversight Solutions or through training on BCD/OC offered by the IIA referenced above. ENTERPRISE FULL License the right to use and reproduce our full suite of implementation, training, and reference aids and provide training internally see next page for details This option allows organizations to use and reproduce all training and reference aids necessary to support implementation of our acclaimed BCD/OC/RiskStatusline risk assessment approach to ERM and internal audit entity-wide. It includes training materials and visual aids. This option is designed for organizations that want to use the materials and provide training themselves across the entire organization to senior management and work units. It is usually best suited for larger global organizations with ERM support units and/or large internal audit functions.

2 RISKSTATUSOVERSIGHT QUICK START Hard copy laminates, booklets and workbooks ORDER FORM RiskStatusOversight Quick Start (hard copy laminates and booklets to be shipped*) # of Copies Amount RiskStatusline Training Diagram and Risk Treatment Principles double sided laminate 2 pages ($10 each) RiskStatusline Quick Reference and RiskStatusline Risk Treatment Design Elements double sided laminate 2 pages ($10 each) RiskStatusline Risk Treatment Design Elements Definitions/Trigger Statements 11 page booklet ($10 each) RiskStatusline Owner/Sponsor Guide 7 page booklet ($10 each) RiskStatusline MS Word template ($10 electronic copy, only 1 required) Sample BCD/OC Corporate Risk Management Policy ($10 each) Board & C-Suite Driven/Objective Centric Assurance: Key Concepts and CRRR, RAR, and IAL Ratings Definitions double sided laminate ($10 each) Workbook: Board & C-Suite Driven/Objective Centric ERM and Internal Audit: Core Skills and Implementation Strategies 150+ pages ($100 each) Workbook: Facilitating RiskStatusline Workshops: Core Skills & Tips for Success 100+ page workbook ($100 each) Workbook: Completing Audits and Quality Assurance Reviews Using the RiskStatusline Method: Core Skills & Tips for Success 100+ page workbook ($100 each) RiskStatusOversight complete package including all the documents referenced above in hard copy ($300 each). *shipping and handling will be calculated and added onto your total based on the address provided and an invoice will be sent to you for order confirmation before final billing. All prices are quoted in U.S. dollars.

3 ORDER FORM RISKSTATUSOVERSIGHT ENTERPRISE Select RiskStatusOversight Enterprise Copyright License Select (all components to be sent electronically) # of Users Amount RiskStatusline Diagram and RiskStatusline Risk Treatment Principles, RiskStatusline Quick Reference and RiskStatusline Risk Treatment Elements, RiskStatusline Risk Treatment Elements Definitions/Trigger Statements, RiskStatusline Owner/Sponsor Guide, Board & C-Suite Driven/Objective Centric Assurance: Key Concepts and Primary Ratings, Workbook - Facilitating RiskStatusline Workshops: Core Skills & Tips for Success, Workbook - Completing Audits and Quality Assurance Reviews Using the RiskStatusline Method: Core Skills & Tips for Success users = $3,000, 101-1,000 users = $6,000, ,000 users = $10,000, 10,001 + users = $15,000 RISKSTATUSOVERSIGHT ENTERPRISE Full RiskStatusOversight Enterprise - Full (all components to be sent electronically) # of Users Amount This option includes all Risk Oversight Solutions training and reference materials listed above, including all reference materials and training workbooks, visual aids, and trainer guides necessary to support ongoing internal training programs. This option includes the right to reproduce our foundation workshop workbook: Board & C-Suite Driven/Objective Centric ERM and Internal Audit: Core Skills and Implementation Strategies. Periodic updates of all new BCD/OC training and support materials developed by Risk Oversight Solutions are available for an annual fee of 20% of the initial purchase price users = $5,000, 101-1,000 users = $10,000, ,000 users = $15,000, 10,001 + users = $25,000 Total Order Form Quick Start - Sub-Total Enterprise Select - Sub-Total Enterprise Full - Sub-Total Sub-Total Applicable taxes if any Shipping & Handling (to be calculated by Risk Oversight Solutions Inc.) Total

4 RiskStatusOversight Training/Reference Item RiskStatusline training diagram Description/Benefits The RiskStatusline approach provides the foundation building block for our revolutionary Board & C-Suite Driven/Objective Centric ( BCD/OC ) approach to risk governance. It explicitly recognizes that prudent risk taking is a key element of business success. This reference diagram explains in simple and easy to understand terms the key elements of the RiskStatusline risk assessment process. The RiskStatusline assessment approach is fully aligned with ISO risk management standard terminology. It puts more emphasis than ISO on the need to link all risk assessment work to objectives and performance, and has two additional unique differentiating elements Residual Risk Status and Risk Treatment Optimized?. Residual Risk Status is comprised of four kinds of information best available Performance/Indicator data linked to the objective being assessed, Concerns linked to risks that are not currently treated in whole or in part, impacts of non-achievement of the objective in whole or in part, and impediments, situations where it is difficult or impossible for the owner or sponsor of the objective to adjust the residual risk status. The RiskStatusline approach is also the only risk assessment methodology that encourages users to consider whether the current risk treatment strategy is optimized the lowest cost possible combination of risk treatments capable of producing an acceptable residual risk status. RiskStatusline is the ideal risk management system for organizations that want senior management to apply formal risk assessment methodology as an element of the organization s strategic planning process, as well as those organizations that want to ensure that key value creating and value eroding objectives are adequately considered in their risk management approach.

5 RiskStatusline Risk Treatment Principles RiskStatusline Quick Reference Sheet Whether you are completing Objective Centric, Risk Centric, or Control Criteria centric assessments for your organization, the RiskStatusline Risk Treatment Principles framework provides an easy to understand set of core principles to guide risk assessment work. All elements in COSO 1992 five category system and the more granular COSO principles are represented in the framework. Once a risk is identified, users can quickly identify which combination of the Risk Treatment Principles is likely to produce an optimal risk treatment strategy to produce a level of residual risk consistent with the organization s risk appetite/tolerance. The nine Risk Treatment Principles are supported by the more detailed Risk Treatment Design Elements that provide support for each of the Risk Treatment Principles. The Elements are in turn linked to easy to understand trigger statements that make the purpose of each Risk Treatment Element understandable to users. The simplicity and increased emphasis on and importance of Objective Definition and Communication, Commitment controls, Indicator/Measurement controls, Risk Sharing/Transfer and Risk Oversight differentiate this framework from the more traditional, auditor-centric design of COSO 1992 and 2013 control frameworks. This easy to use reference aid is a multi-purpose tool. It helps users through Business Objectives Families determine if they have considered the full range of objectives. When generating lists of relevant risks for a specific objective, users can consult Risk Sources to provide additional assurance all relevant and significant risks have been considered. The Residual Risk Status Information provides easy to use definitions to ensure users understand the four main types of information gathered to generate a composite and robust snapshot of Residual Risk Status to determine if the retained risk position is within corporate risk appetite/tolerance. Composite Residual Risk Ratings Definitions help boards, senior management, owner/sponsors, and Internal Auditors determine what the most appropriate summary rating for each objective being assessed and reported to the board.

6 RiskStatusline Risk Treatment Elements The nine Risk Treatment Principles shown above are supported by the more granular menu of supporting Risk Treatment Elements. Once a user has determined that a risk to an objective needs a particular type of risk treatment they can consult the menu of Risk Treatment Elements and determine which, if any, treatment is currently in use/place or could be applied to adjust residual risk. This framework, unlike COSO 1992 or COSO 2013, explicitly recognizes the role and importance of Risk Sharing/Transfer risk treatments. This framework is fully aligned with the emerging expectation that boards are responsible for overseeing and ensuring the effectiveness of their organization s Risk Appetite Framework. The importance of Measurement/Indicator controls to monitor the effectiveness of other risk treatments and Commitment controls to increase certainty objectives are achieved is emphasized. RiskStatusline Risk Treatment Design Elements Trigger Statements Key goals of a robust risk management framework are: 1) to engage the active participation of all levels of an organization 2) integrate and coordinate the efforts of all of the often disparate assurance silos and 3) seek consensus agreement on the acceptability of residual risk status up to and including the board. Adopting a common language to assess and report upwards on residual risk status is key. The RiskStatusline Risk Treatment Principles, Risk Treatment Elements and Risk Treatment Trigger Statements are designed to foster and support the use of a common language to assess and report on risk status entity-wide. They are written in a way that makes it easy for users to understand how specific risk treatment elements contribute to the reduction of risk likelihood and/or consequences.

7 RiskStatusline Owner/Sponsor Guide Risk Oversight Solutions Board & C-Suite Driven/Objective Centric approach assigns owner/sponsors to each objective in the organization s Objective Register. This short guide helps owner/sponsors work through the steps necessary to risk assess and report on the residual risk status linked to their assigned objectives. It takes owner/sponsors through 10 easyto-understand steps and acts as an invaluable reference aid. It has been specifically written to demystify risk management and position it as an important core business process designed to increase certainty that the organization will achieve its most important value creation objectives and prudently manage the risks to the organization s top potential value erosion objectives. RiskStatusline MS Word template This easy to use MS Word template allows companies that have elected not to acquire software that supports the RiskStatusline approach (e.g. RiskStatusNet offered by Resolver) a tool to capture and organize all the relevant information when completing risk assessments to support Risk Oversight Solutions Board & C-Suite Driven/Objective Centric approach to risk governance. The template automatically links the table of content to relevant data to allow easy access to all key data. Fields are provided to help users prioritize objectives and decide on appropriate Risk Assessment Rigor and Independent Assurance Levels for each objective. Users can customize the template with their own corporate logo and add any additional fields they want to support specific data needs.

8 Sample BCD/OC Corporate Risk Management Policy A key step when implementing a new risk governance approach entity-wide is to communicate the importance the organization attaches to it. This sample policy supporting the Board & C- Suite Driven/Objective Centric approach has been specifically written in a simple, easy to understand way to communicate the purpose of the framework and define the role of all the key players. It can be easily tailored and customized to meet the specific needs of your organization. Board & C-Suite Driven Assurance: Key Concepts When an organization elects to introduce Risk Oversight Solutions Board & C-Suite Driven/Objective Centric approach to ERM and Internal Audit a well-designed training and orientation program must also be launched. This document provides an easy to use guide for owner/sponsors and assurance groups that summarizes the key steps involved. This approach is the only one currently in the world that promotes full communication to senior management and the board of directors the Composite Residual Risk Rating, the level of Risk Assessment Rigor, and the Independent Assurance Level attached to each objective included in the organization s Objective Register.

9 Board & C-Suite Driven/Objective Centric ERM & IA Primary Rating Definitions This document, when paired with the Key Concept document above, provides a handy reference tool for Boards, Risk Oversight Committees, owner/sponsors, and assurance groups that must decide on, and quality assure, key summary ratings assigned to each objective. Workbook: Board & C-Suite Driven/Objective Centric Assurance: Transformation Strategies to Meet New Expectations This workbook includes an overview of what we refer to as Board & C-Suite Driven/Objective Centric ERM and Internal Audit; an overview of the main assurance/erm approaches used; key elements of what we define as Board & C-Suite Driven/Objective Centric ERM and Internal Audit, and the business case to move to this approach; group exercises on how to identify value creating and eroding objectives; how to define roles and responsibilities under this approach; how to align the RiskStatusline approach to risk identification and assessment with corporate culture; how to identify the most cost effective/high impact risk treatments; how to optimize risk treatment approaches (the cost possible combination of risk treatments); how to identify and assess residual risk status; monitoring risk appetite and tolerance, and more.

10 Workbook: Facilitating RiskStatusline Workshops: Core Skills & Tips for Success This training has been designed for ERM groups and Internal Audit departments tasked with providing risk assessment and risk facilitation services to boards, senior management groups and work units using the globally acclaimed RiskStatusline assessment methodology. It was developed, maintained and regularly updated, by Tim Leech, Managing Director, Risk Oversight Solutions Inc. Leech is globally recognized as one of the most experienced risk trainers and facilitators in the world. He has personally facilitated over 1000 workshops with boards, C-Suite teams, work units and cross functional groups in a wide cross section of public and private sector organizations located in the U.S., Canada, UK, Europe, Australia, Africa, South America and the Middle East. This workbook is the product of over 30 years of global ERM and assurance experience and methodology development and refinement. Workbook: Completing Audits and Quality Assurance Reviews Using the RiskStatusline Method: Core Skills & Tips for Success This workbook covers all the core steps necessary to complete internal audits and/or quality assurance reviews on risk assessments completed by senior management and work units using the globally acclaimed RiskStatusline assessment methodology. Areas covered include determining the completeness of objectives in an organization s Objective Register ; evaluating risk assessment rigor decisions; ensuring and assessing the completeness of risks identified; evaluating support for risk likelihood and consequences; ensuring/evaluating the completeness and effectiveness of risk treatments identified, including risk transfer and finance elements; evaluating the completeness and reliability of residual risk status information; considering the appropriateness of composite residual risk ratings assigned by owner/sponsors; and evaluating whether the current residual risk status is within corporate risk appetite/tolerance.