Critical Success Factor in ERM Implementation

Transcription

1 Critical Success Factor in ERM Implementation Mohd Shahari Idris 4 th & 5 th June 2014, Mandarin Oriental Hotel, KL

2 Integrating Risk and Objectives VISION MISSION STRATEGY MAP ENTERPRISE RISK MANAGEMENT & RISK MANAGEMENT POLICY Vision Where the company wants to be. Mission How the company is going to achieve its vision. Strategy Map The company s action plan outlining the perspectives, strategies, objectives, resources, processes, technology, knowledge, timeline, people, RISKS and mitigation strategies involved in achieving each target and objective and ultimately the vision. Perspective of Balanced Scorecard Example Financial To ensure profit before tax for year 204 is RM 19.1 million as budgeted. Customer To achieve zero customer complaint on delivered products in 2014 Internal Business Processes To ensure timely availability of raw materials required as per budget in 2014 Learning and Growth To ensure every staff attends training minimum of 4 days in year

3 Example Integrating Risk and Objectives X Company 5 year business plan Target Profit from operations from RM200million in 2010 to RM400 million in 2014 Action Plan 1 Optimising mill utilisation to more than 70% by Low FFB volume 2. Mill breakdown Mitigation Strategies a. Buying more external crop a. Implementation of Preventive maintenance b. Mill upgrading and debottlenecking 3

4 ERM- ISO Establishing Context Identification of Common Risk ISO 31000:2009 Risk Management Standardisation. Assessment Risk Retention & Transfer Implementation ISO 31000:2009 Sets up principles, a framework and a process for the management of risk that are applicable to any type of organisation. It does not mandate a one size fits all approach, but rather emphasize that risk management must be tailored to a specific need and structure of the particular organisation. Risk Management ISO :

5 COSO ERM (2004) Committee of Sponsoring Organizations Provide a principle based framework focus on the philosophical and vision approach to ERM Maintains a core focus towards the review and management of threats Risk analysis focuses on exposure of risks Associated with risk measurement with the potential likelihood of an event and consequences of event Prioritization of COSO towards high probabilities and high business impacts risks (only viewed at Micro Level) More internal factor driven rather than external factors Focuses on Risk Reporting (one-off process) Requires an entity to take a portfolio view of risk that examines the entire organization, from the enterprise level, to a division or subsidiary, to the level of a single business unit s processes 5

6 ERM Key Challenges Understanding of the subject by the management, Board, Internal Audit and Down Line Support or Risk Owners ( subsidiaries and Divisions) Change in the management, Directors and Risk Owners impeding continuation Lack of support from business down lines and divisions Passing the responsibility only to RMD whereas risk management is everybody's responsibility Key enablers issues such as manpower and Information Technology 6

7 ERM Critical Success Factors Policy and Framework A clear Policy and Framework that details out the following should be established; Policy Statement Risk Management Procedures Reporting Structure Clear roles, functions and Responsibilities Ownership Culture and Environment Objectives and measurement review mind set Resistance to new ideas 7

8 ERM Critical Success Factors Monitoring and management Oversight Monitoring and management oversight is essential in ensuring an effective ERM Implementation The management oversight structure may vary; Heads of Division Risk Management Department Management Committee Clear terms of reference for the above Accountability and Authority Clear terms of reference of Board Committees which may include Composition Meetings frequency and composition Powers and authority Scope and functions Clear roles between Internal Audit and Risk Management 8

9 ERM Critical Success Factors There should be clear roles between the Internal Audit and Risk Management to ensure no overlapping of job scope To look at ERM as a strategic tool rather than just internal control perspective Common issues on how Internal Audit view Risk Management o Some Auditors view ERM focus from COSO model perspective. ERM has extended to ISO o o o o View ERM from a textbook perspective rather than from business and strategic perspective example Gross Risk and Residual Risk. Not taking view of ERM from the law of probability and also the tail end risk Auditors view ERM as science and PURELY quantifiable whereas ERM is not. Auditors view that The Statement on Risk Management and Internal Control as a MANDATORY which it acts only as a GUIDELINE for example reporting of Risks only to the main board and not board committee for a two tier Board. To look at ERM as a strategic tool rather than just internal control perspective. ROLES more on compliance rather giving added values. 9

10 10

11 Should you have any further questions, please send them by 9 June 2014 to: conference_qna@insterp.com Facebook.com/ierp.erm twitter.com/ierp_institute linkd.in/qplbnh plus.google.com/+insterperm 11

12 Facebook.com/ierp.erm twitter.com/ierp_institute linkd.in/qplbnh plus.google.com/+insterperm