Definition of Risk • Risk is the possibility that an event will occur and adversely affect the achievement of objectives. • Risk Appetite is the amount of risk, on a broad level, an entity is willing to accept as it tries to achieve its goal and provide value to stakeholders. It reflects the enterprise’s risk management philosophy, and in turn influences the entity’s culture and operating style. Many entities define their risk appetite qualitative, while others take a more quantitative approach. • Inherent risk is the risk to an entity in the absence of any actions management might take to alter the risk’s likelihood or impact. These risks may result from an entity’s industry, strategy, and environmental factors. • Residual risk is the risk that remains after management’s response to the risk. Management must decide whether this residual risk is within the entity’s risk appetite. Why Risk Should be Managed? • To makes financial sense because it allows businesses to prepare themselves financially for the most likely problems • To increase a business’s appeal to lenders. • To protect the company’s resources by allowing the company to prioritize risks and plan to deal with each possibility. • To make the company being focus on more important tasks. COSO – 4 Objectives of Risk Management • Strategic • Operation • Reporting • Compliance Objective of Risk Management - Strategic • This Objective purpose set a high level goals that aligned with and supporting the organisation’s mission. • To ensure that each activities are aligned with the other activities and value in the organization. Objective of Risk Management - Operation • This risk objective explain about types of operations risks can impact an enterprise. The Identification of operation –level risk objectives often requires detail information gathering and analysis, particularly for a larger enterprise. • The purpose of this objective is to ensure the efficient and effective use of resources. Objective of Risk Management - Reporting • This risks objective covers the reliability of an enterprise’s reports of internal and external financial and non-financial data. • (reliability of reporting) Objective of Risk Management - Compliance • An enterprise may accept a certain level of risk in terms of its concern regarding legal compliance. This Objective is to ensure that enterprise comply with laws and regulations.