Executive Teams and the Use of ISO in Decision Making. Scott Wightman, ARM-E National Director Gallagher ERM Practice
|
|
- Rachel Curtis
- 5 years ago
- Views:
Transcription
1 Executive Teams and the Use of ISO in Decision Making Scott Wightman, ARM-E National Director Gallagher ERM Practice
2 Agenda Defining ERM Mission, Objectives and Uncertainty Governance and Risk Varying Levels of ERM Implementation Using ERM in Decision-Making Role of Senior Leaders
3 Defining ERM
4 Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster
5 Risk Management Traditional Definition Minimizing the adverse effects of accidental losses. The Institutes
6 Risk Broadened Definition
7 Risk Broadened Definition The effect of uncertainty on objectives. ISO 31000
8 Risk Management Broadened Definition Coordinated activities to direct and control an organization with regard to risk. ISO 31000
9 The Changing Focus of Risk Management Historic Risk Management Insurance Specific hazards No compliance input Separate safety & emergency management Silo approach Risk Manager = insurance buyer Advanced Risk Management Alternative risk transfer techniques Proactive prevention & risk reduction Integrated approach to claims, contracts, insurance, etc. Increased education & accountability Collaboration across departments Risk Manager may be the risk owner Enterprise-Wide Risk Management Broad range of risks analyzed Combination of risk controls & opportunities ERM alignment with strategy Helps manage growth, allocate capital & resources Risks owned by SME s Greater availability of risk mitigation and analytical tools Risk Manager = risk moderator, partner, leader; not the owner of every risk Risk is bad focus is on transferring risk Risk is an expense focus is on reducing cost-of-risk Risk is uncertainty focus is on optimizing risk to achieve goals
10 ISO The International Risk Management Standard ISO Provides the Architecture
11 ISO The International Risk Management Standard Scalable and Tailorable
12 ISO Risk Management Model
13 Mission, Objectives and Uncertainty
14 Why is Risk Management Important? 1. All organizations exist to achieve their objectives. 2. Many internal and external factors affect those objectives, causing uncertainty about whether the organization will achieve its objectives. 3. The effect this uncertainty has on an organization s objectives is risk.
15 Why is Risk Management Important? 1. All organizations exist to achieve their objectives. 2. Many internal and external factors affect those objectives, causing uncertainty about whether the organization will achieve its objectives. 3. The effect this uncertainty has on an organization s objectives is risk. In summary, the management of risk is central to the livelihood and success of all organizations.
16 The New View of Risk RISK can be a threat or opportunity
17 The New View of Risk RISK can be a threat or opportunity Anything that can harm, prevent, delay, or enhance an organization s ability to achieve objectives = RISK
18 The New View of Risk Organizational Objective Threat Opportunity Threat Opportunity Opportunity Threat Opportunity Threat Opportunity Threat
19 The New View of Risk Organizational Objective Threat Opportunity Threat Opportunity Opportunity Threat Opportunity Threat Opportunity Threat
20 Governance and Risk
21 ERM as an Integral Pillar of Governance Governance
22 Mission ERM as an Integral Pillar of Governance Governance Mission The board sets the overall mission and objectives of the entity and insists that its culture and values are aligned with that mission.
23 Mission Strategy ERM as an Integral Pillar of Governance Governance Strategy Senior leadership, in conjunction with the board, develop strategic plans to carry out the organization s mission and objectives.
24 Mission Strategy Stewardship ERM as an Integral Pillar of Governance Governance Stewardship Financial resources are developed and maintained to ensure the mission and strategic plans are adequately funded.
25 Mission Strategy Stewardship Quality ERM as an Integral Pillar of Governance Governance Quality The quality of the entity s programs are planned for and tested in order to maintain demand for the product in the long-term.
26 Mission Strategy Stewardship Quality Risk ERM as an Integral Pillar of Governance Governance Risk Risks to the entity in meeting its organizational objectives, including threats and opportunities, are identified, assessed, and treated.
27 Mission Strategy Stewardship Quality Risk ERM as an Integral Pillar of Governance Governance Assurance Assurance A strong management structure and culture is maintained to ensure proper reporting and accountability, and internal and external audits are utilized to bring board assurance.
28 Case for ERM in Decision-Making When we first began our URM (University Risk Management) program in 2013, I could not have imagined the value proposition that was about to transcend our institution. What started out as mostly defensive and guarded discussions of threats and barriers to achieving the University mission, quickly and completely turned around into a robust conversation about opportunities and strategic planning. Our senior-level risk committee meetings are lively and well-represented. It is amazing how our cross-functional committee, while staying focused on our risk and compliance-based decisioning model, is driving real innovation and progress throughout the University. Doug Huffner, J.D. Senior Director and Chief Risk Officer The Ohio State University
29 Case for ERM in Decision-Making When we first began our URM (University Risk Management) program in 2013, I could not have imagined the value proposition that was about to transcend our institution. What started out as mostly defensive and guarded discussions of threats and barriers to achieving the University mission, quickly and completely turned around into a robust conversation about opportunities and strategic planning. Our senior-level risk committee meetings are lively and well-represented. It is amazing how our cross-functional committee, while staying focused on our risk and compliance-based decisioning model, is driving real innovation and progress throughout the University. Doug Huffner, J.D. Senior Director and Chief Risk Officer The Ohio State University
30 Case for ERM in Decision-Making When we first began our URM (University Risk Management) program in 2013, I could not have imagined the value proposition that was about to transcend our institution. What started out as mostly defensive and guarded discussions of threats and barriers to achieving the University mission, quickly and completely turned around into a robust conversation about opportunities and strategic planning. Our senior-level risk committee meetings are lively and well-represented. It is amazing how our cross-functional committee, while staying focused on our risk and compliance-based decisioning model, is driving real innovation and progress throughout the University. Doug Huffner, J.D. Senior Director and Chief Risk Officer The Ohio State University
31 Case for ERM in Decision-Making When we first began our URM (University Risk Management) program in 2013, I could not have imagined the value proposition that was about to transcend our institution. What started out as mostly defensive and guarded discussions of threats and barriers to achieving the University mission, quickly and completely turned around into a robust conversation about opportunities and strategic planning. Our senior-level risk committee meetings are lively and well-represented. It is amazing how our cross-functional committee, while staying focused on our risk and compliance-based decisioning model, is driving real innovation and progress throughout the University. Doug Huffner, J.D. Senior Director and Chief Risk Officer The Ohio State University
32 What Makes ERM Work? Focuses on mission and objectives
33 What Makes ERM Work? Focuses on mission and objectives Focuses on mission and objectives
34 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value
35 What Makes ERM Work? Focuses on mission and objectives Preserves Preserves and creates value and creates value
36 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation
37 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Emboldens innovation
38 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience
39 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience agility and resilience
40 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Formalizes process and governance
41 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Formalizes process and process governance and governance
42 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Improves quality of decisions Formalizes process and governance
43 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Improves quality of decisions quality of decisions Formalizes process and governance
44 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Helps in allocation of resources Formalizes process and governance Improves quality of decisions
45 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Helps in allocation in allocation of resources of resources Formalizes process and governance Improves quality of decisions
46 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Empowers subject matter experts Formalizes process and governance Improves quality of decisions Helps in allocation of resources
47 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Empowers subject matter subject experts matter experts Formalizes process and governance Improves quality of decisions Helps in allocation of resources
48 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Formalizes process and governance Improves quality of decisions Helps in allocation of resources Empowers subject matter experts Improves stakeholder confidence and trust
49 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Formalizes process and governance Improves quality of decisions Helps in allocation of resources Empowers subject matter experts Improves stakeholder confidence and trust Improves stakeholder confidence and trust
50 What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Formalizes process and governance Improves quality of decisions Helps in allocation of resources Empowers subject matter experts Improves stakeholder confidence and trust
51 Varying Levels of ERM Implementation
52 Three Levels of Risk to Consider
53 Strategic Three Levels of Risk to Consider
54 Three Levels of Risk to Consider Strategic Operational
55 Three Levels of Risk to Consider Strategic Operational Decision- Making
56 Using ERM in Decision-Making
57 ISO Risk Management Model
58 ISO Risk Management Model
59 ISO Risk Management Model
60 ISO Risk Management Model
61 ISO Risk Management Model
62 ISO Risk Management Model
63 ISO Risk Management Model
64 ISO Risk Management Model
65 ISO Risk Management Model
66 Role of Senior Leaders
67 Implementation Centralized Oversight- Decentralized Implementation Oversight Centralized Decentralized Centralized Where some have developed, but centralized implementation requires significant staff and does not take advantage of current subject matter expertise Decentralized Oversight is at highest levels, including board, but implementation is pushed out to experienced subject matter experts through risk and compliance ownership Where most entities have been, although with some limited departmental oversight, but does not incorporate board-level reporting and accountability
68 Integrated into Existing Business Practices Not new functions Incorporated into: - Strategic Planning - Quality Improvement - Budgeting - Employee Engagement - Committee Structure - Decision-Making -..
69 Employment of Ownership Model is Critical Pushing work out to subject matter experts is essential to success Risk owners: - Develop risk treatment plans - Assemble work teams - Communicate and report - Monitor and evaluate At what level of the organization should ownership reside?
70 Reporting & Accountability Clearly Addressed Accountability Pushes Down Reporting Flows Up
71 Support & Commitment Tone at the Top Role of Senior Leaders Board Reporting Build in Accountability Risk-Aware Culture & Decision Making Continual Improvement
72 Questions?