ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION
|
|
- Maximilian Roberts
- 5 years ago
- Views:
Transcription
1 ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013
2 Webinar on ERM What it is! What it is not! 2
3 Do You Know.. The underlying premises of ERM History of ERM COSO has developed an ERM framework Everyone is doing risk management already 3
4 Introduction ERM ISO standard on risk management Risk management 4
5 ERM and Risk Drivers 1. Business at warp-speed 2. Obsolete business models 3. New business practices 4. Converging financial services providers 5. Increasingly demanding investors and regulators 6. Increasingly accountable and demanding directors 7. Increasingly effective processes for risk identification 8. Increasingly effective measurement tools 9. Increasingly effective information tools 10. Increasingly effective scenario analysis and planning 5
6 Why ERM is Essential 6
7 Lessons Learned From ERM ERM the new perspective From Fragmented Negative Reactive Ad hoc Cost-based Narrowly-focused Functionally-driven To Integrated Positive Proactive Continuous Value-based Broadly-focused Process-driven 7
8 What Companies Need to Address Unintentional Risks Intentional Risks 8
9 Polling Question # 1 Why do business leaders love the Chief Risk Officer? (Select all that apply) a) The CRO promotes Risk Management and Policy b) The CRO determines what level of risk is acceptable to the organization c) The CRO controls the budgets on all issues so they don t have to d) None of the above 9
10 ERM What Does It Mean? 1. Establish goals, objectives and oversight 2. Assess business risk 3. Develop risk management strategies 4. Design and implement risk management capabilities 5. Monitor performance 6. Continuously improve risk management capabilities 7. Support the process with information for decision making 10
11 Evolution of Risk Management To a Strategic Process
12 Stepping Stones Towards ERM Increasing risk management capabilities Linkage to opportunity and competitive advantage Adopt Common Language Establish Goals, Objectives and Oversight Assess Risk and Develop Strategies Design/ Implement Capabilities Continuously Improve Aggregate Multiple Risk Measures Link to Enterprise Performance Formulate Enterprise -wide Risk Strategy 12
13 Polling Question # 2 Which one of the following is a CRO s top priority? (a) Computer malfunctioning (b) Harrassment of an employee (c) Customer complaint (d) Suspected fraud 13
14 ERM Journey Common reasons Expand corporate governance Unexpected losses Implement strategic management tool Rapidly changing environment KPI shortfalls and tightened profit margins Manage changing business model Improve capital budgeting decisions Improve management of new economy assets Other possible reasons Aggressive growth strategies, including M&A Improved integration desired Address lack of change readiness Incentives/rewards not aligned Address fragmented and narrow focus Reduce reactive decision-making More holistic approach desired 14
15 What Are Risks? 15
16 Business Risk What Does it Mean To an Organization? Externally-driven Internally-driven Decision-driven 16
17 Polling Question # 3 If a CRO has an unlimited budget to spend on Risk Management, can the organization become 100% risk-free? a) Yes b) No 17
18 How Do We Handle Business Risk? Sources of Uncertainty Environment Risk Process Risk Information for Decision- Making Risk Uncertainties affecting the viability of business model Uncertainties affecting the execution of business model Uncertainties over the relevance and reliability of information that supports the value-creation decisions 18
19 Building an Enterprise-Wide Business Risk Management Approach 19
20 Basic Risk Management Strategies Avoid Divest Prohibit Stop Target Screen Eliminate Retain Accept Reprice Self-insure Offset Plan Reduce Disperse Control Transfer Insure Reinsure Hedge Securitize Share Outsource Indemnify Exploit Allocate Diversify Expand Create Redesign Reorganize Price Arbitrage Renegotiate Influence 20
21 Quick Reference Guide High frequency Low frequency High severity Avoid Transfer Low severity Reduce Retain 21
22 Polling Question # 4 An insurance company would not find it profitable to insure against something that has high frequency AND high severity. True False 22
23 Factors to Consider When Selecting Risk Strategy a) Objectives and strategies b) Capability c) Time horizon d) Financing e) Residual (basis) risk f) Manageability g) Scenarios h) Environment i) Operational versus contractual j) Interfaces k) Orientation l) Compliance m) Pervasiveness n) Frequency o) Data availability 23
24 Monitoring a) Existing priority risk b) New emerging risks c) Risk management performance d) Specific measures, policies and procedures Continuous Improvement a) Benchmarking performance to identify best practices b) Four-way interactive communications and knowledge sharing c) Integrating the firm s risk language and process into its employee learning programmes 24
25 Risk Map 25
26 Polling Question # 5 Which occupational fraud is the most frequent offense? a) Asset misappropriation b) Corruption c) Financial-statement fraud 26
27 Risk Reporting 27
28 Organizational Oversight Structure 1. Board of Directors 2. CEO 3. Risk Management Executive Committee 4. Business risk management function 5. Business Units, Divisions & Functional support and shared services 6. Risk management compliance & Internal audit 28
29 Polling Question # 6 Risk management is the responsibility of a) Board of Directors b) Chief Executive Officer c) Chief Financial Officer d) Chief Risk Officer e) Everyone f) No one 29
30 Corporate Governance Model 30
31 Summary 1. Establish oversight structure 2. Define common language and framework 3. Target risks and processes 4. Develop overall goals, objectives and processes 5. Assess risk management capabilities 31
32 You are most welcome to contact the presenter Balaji to further discuss ERM < > 32