ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION

Transcription

1 ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013

2 Webinar on ERM What it is! What it is not! 2

3 Do You Know.. The underlying premises of ERM History of ERM COSO has developed an ERM framework Everyone is doing risk management already 3

4 Introduction ERM ISO standard on risk management Risk management 4

5 ERM and Risk Drivers 1. Business at warp-speed 2. Obsolete business models 3. New business practices 4. Converging financial services providers 5. Increasingly demanding investors and regulators 6. Increasingly accountable and demanding directors 7. Increasingly effective processes for risk identification 8. Increasingly effective measurement tools 9. Increasingly effective information tools 10. Increasingly effective scenario analysis and planning 5

6 Why ERM is Essential 6

7 Lessons Learned From ERM ERM the new perspective From Fragmented Negative Reactive Ad hoc Cost-based Narrowly-focused Functionally-driven To Integrated Positive Proactive Continuous Value-based Broadly-focused Process-driven 7

8 What Companies Need to Address Unintentional Risks Intentional Risks 8

9 Polling Question # 1 Why do business leaders love the Chief Risk Officer? (Select all that apply) a) The CRO promotes Risk Management and Policy b) The CRO determines what level of risk is acceptable to the organization c) The CRO controls the budgets on all issues so they don t have to d) None of the above 9

10 ERM What Does It Mean? 1. Establish goals, objectives and oversight 2. Assess business risk 3. Develop risk management strategies 4. Design and implement risk management capabilities 5. Monitor performance 6. Continuously improve risk management capabilities 7. Support the process with information for decision making 10

11 Evolution of Risk Management To a Strategic Process

12 Stepping Stones Towards ERM Increasing risk management capabilities Linkage to opportunity and competitive advantage Adopt Common Language Establish Goals, Objectives and Oversight Assess Risk and Develop Strategies Design/ Implement Capabilities Continuously Improve Aggregate Multiple Risk Measures Link to Enterprise Performance Formulate Enterprise -wide Risk Strategy 12

13 Polling Question # 2 Which one of the following is a CRO s top priority? (a) Computer malfunctioning (b) Harrassment of an employee (c) Customer complaint (d) Suspected fraud 13

14 ERM Journey Common reasons Expand corporate governance Unexpected losses Implement strategic management tool Rapidly changing environment KPI shortfalls and tightened profit margins Manage changing business model Improve capital budgeting decisions Improve management of new economy assets Other possible reasons Aggressive growth strategies, including M&A Improved integration desired Address lack of change readiness Incentives/rewards not aligned Address fragmented and narrow focus Reduce reactive decision-making More holistic approach desired 14

15 What Are Risks? 15

16 Business Risk What Does it Mean To an Organization? Externally-driven Internally-driven Decision-driven 16

17 Polling Question # 3 If a CRO has an unlimited budget to spend on Risk Management, can the organization become 100% risk-free? a) Yes b) No 17

18 How Do We Handle Business Risk? Sources of Uncertainty Environment Risk Process Risk Information for Decision- Making Risk Uncertainties affecting the viability of business model Uncertainties affecting the execution of business model Uncertainties over the relevance and reliability of information that supports the value-creation decisions 18

19 Building an Enterprise-Wide Business Risk Management Approach 19

20 Basic Risk Management Strategies Avoid Divest Prohibit Stop Target Screen Eliminate Retain Accept Reprice Self-insure Offset Plan Reduce Disperse Control Transfer Insure Reinsure Hedge Securitize Share Outsource Indemnify Exploit Allocate Diversify Expand Create Redesign Reorganize Price Arbitrage Renegotiate Influence 20

21 Quick Reference Guide High frequency Low frequency High severity Avoid Transfer Low severity Reduce Retain 21

22 Polling Question # 4 An insurance company would not find it profitable to insure against something that has high frequency AND high severity. True False 22

23 Factors to Consider When Selecting Risk Strategy a) Objectives and strategies b) Capability c) Time horizon d) Financing e) Residual (basis) risk f) Manageability g) Scenarios h) Environment i) Operational versus contractual j) Interfaces k) Orientation l) Compliance m) Pervasiveness n) Frequency o) Data availability 23

24 Monitoring a) Existing priority risk b) New emerging risks c) Risk management performance d) Specific measures, policies and procedures Continuous Improvement a) Benchmarking performance to identify best practices b) Four-way interactive communications and knowledge sharing c) Integrating the firm s risk language and process into its employee learning programmes 24

25 Risk Map 25

26 Polling Question # 5 Which occupational fraud is the most frequent offense? a) Asset misappropriation b) Corruption c) Financial-statement fraud 26

27 Risk Reporting 27

28 Organizational Oversight Structure 1. Board of Directors 2. CEO 3. Risk Management Executive Committee 4. Business risk management function 5. Business Units, Divisions & Functional support and shared services 6. Risk management compliance & Internal audit 28

29 Polling Question # 6 Risk management is the responsibility of a) Board of Directors b) Chief Executive Officer c) Chief Financial Officer d) Chief Risk Officer e) Everyone f) No one 29

30 Corporate Governance Model 30

31 Summary 1. Establish oversight structure 2. Define common language and framework 3. Target risks and processes 4. Develop overall goals, objectives and processes 5. Assess risk management capabilities 31

32 You are most welcome to contact the presenter Balaji to further discuss ERM < > 32