Enterprise risk management Protecting and enhancing value Advisory

Similar documents
Enterprise risk management Protecting and enhancing value Advisory

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Next-generation enterprise risk management

Risk Management and the Internal Audit profession Two sides of the same coin? 30 th September 2015

KPMG s financial management practice

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management

Revenue recognition and leasing

Finance disrupted. Future of finance in healthcare: As the industry adjusts to continuous disruption, the finance function has an opportunity to lead

Key TSA provisions your M&A team needs to know now

Miles CPA Review: BEC Q Updates for 2017 Edition

Taking ERM to a. 6 GRC Today / October 2015

Creating a Risk Intelligent Enterprise: Risk governance

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Working better by working together

Working better by working together

Positioning Internal Audit to Deliver Value

ERM vs. Internal Audit

REPORT 2015/077 INTERNAL AUDIT DIVISION

Life Sciences Compliance in Asia

ISACA. The recognized global leader in IT governance, control, security and assurance

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Giving you clarity on your change programmes

Introduction to ERM (Enterprise Risk Management)

Environmental, social and governance (ESG) materiality assessment

More than 2000 organizations use our ERM solution

Risk Management Guidelines of the CGIAR System

Insights into Mining Issue 12: Unlocking the value of D&A

Advisory Services Governance, Risk & Compliance

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Corporate governance for banks

Third Party Risk Management ( TPRM ) Transformation

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Reimagining the Risk Intelligent Enterprise

An Enterprise Resource Planning Solution for Mill Products Companies

Future of finance: Finance disrupted. How should the CFO respond to a business environment in turmoil? kpmg.com/us/futurefinance

The bots are coming: Intelligent automation and the modern corporate treasury department

pwc.co.uk Enterprise Risk Management

Certification - Good and poor practice seen in banks

Working better by working together

CGEIT Certification Job Practice

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Taking you one step ahead

Managing IT risk in a disruptive world

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Innovating compliance through automation

KPMG International. kpmg.com

Global Business Services: Disrupt or be disrupted

Strengthening Your Enterprise Risk Management Process

Charter for Enterprise Risk Management

The Case for the SIO. A guide to navigate the new challenges of Service Management. kpmg.ca

Texas Tech University System

Risk Management. Embedding Good Practice. Aidan Horan Governance IPA

Risk Management at Statistics Canada

Internal controls over financial reporting

How well does your procurement measure up?

Operational Risk Management (#DOpsRisk) Solutions suite

Risk management is changing. Act now.

2017 Internal Controls Survey

Profitability at risk: Managing complexity in the changing pharmaceutical industry

Group Chief Risk Officer

Back to School for Business Services how to get it right?

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Beyond compliance. Gaining competitive advantage through risk data excellence

Compliance Risk Management Powers Performance

KPMG International. kpmg.com

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY

Intelligent automation and internal audit

The compliance investment

GRI s G4 Guidelines: the impact on reporting

THE NEW CFO DELIVERING BUSINESS VALUE IN THE DIGITAL AGE

How much has the efficiency of support functions improved?

Performance Risk Management Jonathan Blackmore, May 2013

Internal Audit and Robotic Process Automation

The Concept: Moving from Data Analysis to Data Analytics

4/26. Analytics Strategy

How can you turn digital risk into a source of competitive advantage?

Intelligent automation and internal audit

Improve GRC Maturity through Combined Assurance

EY Center for Board Matters. Leading practices for audit committees

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

Introducing ISO 22301

CHARTER OF THE HUMAN RESOURCES COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

Managing IT risk in a disruptive world

PRESENTING ERM TO THE BOARD

Cyber Security. & GRC Metrics That Tell a Story! Presented by: Swarnika Mehta Manager, KPMG Cyber Security Services

Data rich governance. Three keys to leading consumer data and information practices. kpmg.com

MANAGING RISK AT SUNCORP

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Data, Analytics and Your Audit

2015 SURVEY Data & Analyticsenabled. Internal Audit. kpmg.co.za

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

Active Essex Risk Management Strategy

Internal controls over financial reporting Uncovering the full picture of control costs

Supplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance

Embedding Productivity Disciplines:

RouteONE Helping enhance the real value from SAP GRC Risk Management

GRI s G4 Guidelines: the impact on reporting

Transcription:

Enterprise risk management Protecting and enhancing value Advisory October 2016 kpmg.co.za

2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member firms logo are registered trademarks or trademarks of KPMG International.

Enterprise risk management Protecting and enhancing value In today s markets, businesses continue to experience an escalating pace of change disruptive technologies, innovative business models, new forms of competition, changing geopolitics. As the world forms new norms, calibrating strategy to emerging risks and opportunities is key for every company. The proliferation of risks and opportunities that businesses face today is not just noise. Failure to recognize and respond to the very real signals of change in industry sectors and societal behavior may mean the difference between growth and destruction for some companies. Success requires a holistic and integrated approach to managing risk the competitive landscape and risk environment demand it, regulators expect it, and securing value, growth, and sustainability for investors requires it. Business imperative, regulatory requirements, and increased rating agency interest are prompting a new focus on ERM, and business leaders are seeking to either implement ERM for the first time, or to enhance and develop their ERM processes embedding an approach that is tailored to their company s culture and structure, aligned with their business strategy, operationalized in their business processes, and focused on their most critical risks. On the following pages, we outline some common themes and leading practices that can provide the means of realizing ERM s potential for enabling organizations to add business value and achieve competitive advantage. Figure 1: ERM fundamentals Building and maintaining a dynamic and sustainable Enterprise Management program Creating content Strategy & Appetite Assessment & Measurement Management & Monitoring Governance Data & Technology Reporting & Insights Identifying, evaluating, and prioritizing enterprise risks Creating process Culture Implementing ERM successfully calls for doing two things well: creating content and creating process. Source: KPMG 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member firms logo are registered trademarks or trademarks of KPMG International. Protecting and enhancing value 1

1. Future-focused ERM content Many companies have existing ERM content in place, but it may not yet be the right content, i.e., the risks identified and measured may not be those risks that that could derail the company from achieving its strategy and ultimately result in destruction of value. Companies need to take a critical look and ensure that they have truly identified those risks and vulnerabilities that could threaten the organization s overall business strategy, and they need to use future-focused risk assessment to reassess that strategy in the light of internal and external emerging risks. For example, if an organization is planning to buy another company, approaching the transaction with not just a growth lens but also an enterprise risk lens is vital. That risk lens shifts the analysis away from just does this acquisition fulfill our immediate strategic growth ambition? to does the impact on our business model make sense in the context of our changing competitive/industry risk environments and the social and geopolitical context? Keeping risk content fresh and dynamic needs to be a priority this means that Enterprise Assessment (ERA) can no longer be just an annual exercise. Leading organizations are developing robust and iterative risk assessment processes, using structured and unstructured data to identify the impact of new/emerging risks arising from both the company s own strategic efforts and the accelerating pace of change around them. 2. A single view of risk appetite Establishing a clear risk appetite the overall level of risk that an entity is willing to take supports companies in achieving both strategic and financial objectives. Many companies still view risk appetite solely as a line not to cross, but leading organizations use it to determine whether they can and should be taking more risk. Developing a more clearly defined, board-endorsed risk appetite, and using this to both promote the right risk culture and take a harder look at the upside of risktaking, are front and center of leading edge ERM practices. Because risk appetite helps drive a successful outcome in terms of achieving both strategic objectives and financial returns, there is a strong correlation between risk appetite, capital management, and related business planning activities. tolerance limits can be set for risk categories, risk types, or specific risks. If you aren t constantly assessing strategy and risk, and adjusting as you go, there s no way you re keeping pace as a business Public Company Director, KPMG s 12th Annual Audit Committee Issues Conference 2 Protecting and enhancing value 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member firms logo are registered trademarks or trademarks of KPMG International.

Impact Very low Low Medium High Very high Likelihoo d The tolerance limits can be aligned to the company s earnings thresholds and should consider the company s aggregated risk portfolio: Income Statement Examples stresses on earnings 1. Competition dynamics 2. Downward trend of price 3. People challenges 4. Economic stresses 5. Regulatory pressures Key risks 1.0% 0.5% 0.25% 0.1% Very Very low Low Medium High high 5% 15% 30% 60% 100% Earnings distribution tolerance level 1 Profit Warning -taking activity 1 Innovation/R&D tolerance level 2 Covenants Appetite -taking activity 2 Investments tolerance level 3 Credit Rating -taking activity 3 Transactions tolerance level 4 Corporate Action Balance sheet Catastrophe Loss Absorption Capacity Expected Earnings Put simply, unless you know what your risk appetite is, there s no way to gauge whether you re taking too much risk or not enough in pursuit of strategic value. 3. Tailored, proportionate ERM processes Many organizations have already invested in a variety of risk processes and functions, but these mechanisms often lack a unifying vision and clear objectives processes have been built without a clear view of what the desired state is for ERM in the company. Consequently, the potential benefits of ERM as a strategic value tool remain unrealized. Leaders take varying approaches to ERM, depending on the size and needs of the organization and its risk profile. As outlined in Figure 2, ERM approaches can be plotted along a maturity continuum. An organization s approach, and the choices it reflects, impact the extent to which it makes ERM part of its governance and business operations and the investment it makes in individual ERM framework component areas. An assessment of ERM maturity supports leaders in gaining an appreciation of the gaps in their current efforts and agreeing a way forward that ensures that the ERM program delivers value for the company. strategy & appetite 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Protecting and enhancing value 3

Figure 2: A risk continuum Basic Mature Advanced strategy and appetite Some formal consideration of risk in strategic planning and basic definition of the overall corporate risk appetite is a key aspect of strategic planning and used to support business decisions. appetite is clearly defined and understood across the organization integrated with strategic planning and risk strategy includes use of sophisticated tools such as scenarios, KRls, KPls and advanced measurement of risk appetite elements governance A central risk management policy to support external requirements Formally documented organizational model for risk governance supported by defined responsibilities, including all three lines of defense (Business, /Compliance, and Internal Audit) Enterprise risk governance is endorsed by senior management and by the board. management integrated into risk owners business activities and performance management culture The business culture and operating philosophy and their relationship with risk management is loosely understood Employees can describe the organization s risk culture, influenced by leadership tone and communications Senior management leads by example by making risk management a clear priority and encouraging appropriate risk management behavior. assessment and measurement Annual risk assessment with limited analysis, interpretation, and reporting Established risk assessment cadence, methodologies, and tools, and systematic approach to analysis and reporting s are identified on a continuous basis, with realtime escalation, leveraging use of data, risk metrics, and employee inputs management and monitoring Basic definition of major risks, and limited or ad hoc processes to monitor risks Business-as-usual management and monitoring of major identified risks Monitoring responsibilities are seamlessly applied across the three lines of defense, with integrated reporting of risk and assurance activities to the board Reporting and Insights Business risk reporting is ad hoc and designed primarily to support external requirements Regular and robust risk reporting to the board, audit committee and senior management, including on emerging risks Single comprehensive view of risk on a real-time basis across all risk classes to all internal and external stakeholders Data and Technology Data is nonstandard, with varying levels of quality, and key risk tools exist in silos across the organization Automated technology solutions are used to store and analyze risk data. data standards and data quality policy is established Automated and integrated technology is used to store, manage, and report real-time risk data. flags are programmed and data integrity checks are embedded in business processes Protecting and enhancing value 4 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member firms logo are registered trademarks or trademarks of KPMG International.

Data collection Siloed methodologies Siloed reporting & outcomes H.R Finance Service R&D Procurement Inventory Internal Audit Compliance ERM SDK Legal Reporting Reporting Reporting Reporting Reporting 4. Efficient and aligned Governance,, and Compliance activities. Increasingly complex operating environments mean that ERM is only one of a growing multiplicity of governance, risk and compliance activities that companies undertake. Leading organizations are recognizing the opportunity to coordinate often fragmented risk assessment and assurance work streams, simplifying reporting, and streamlining oversight to provide better risk coverage across their activities allowing them to reduce disruption to the business from administrative activities and using scarce compliance, risk and audit resources more efficiently. The way forward ERM approaches help organizations with the critical challenges: (1) how to link risk and strategy to drive business performance and enhance the organization s brand, and (2) how to derive tangible value from governance, risk, and compliance efforts. Organizations that embrace ERM and build it into the core of their enterprises can anticipate the benefits that are possible when: s (ERM content ) are assessed, evaluated, and correlated across the enterprise A common understanding is established of how much risk employees can and should take, as well as when to raise their hand when a risk or opportunity is outside of those thresholds A common risk framework (ERM process ) is in place, with accountability established for measuring, managing, and monitoring risk quantification and aggregation is enabled throughout the organization via common methodologies and tools reporting to management and the board is effective (that is, it captures risk trends and emerging risks) The ERM program supports strategic decision making and brand protection, and has predictive value There is risk culture in place that fosters the right risk discussions throughout the organization Corporate governance processes are strengthened. The most successful and sustainable companies in the future are going to be those that make the right risk-based strategic decisions now. ERM is a critical tool for understanding and responding to a changing world and therefore for gaining competitive advantage. ERM Helps Enhance Performance and Protect Value Using ERM, organizations can: Allocate and evaluate capital based on riskbased performance Integrate risk and strategic planning, investment, and M&A Reduce costs through risk consolidation and cross- functional efficiencies Reduce cash flow volatility using derivatives, insurance, or improved controls Reduce losses and identify opportunity through coordinated enterprise risk monitoring and reporting 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member firms logo are registered trademarks or trademarks of KPMG International. Protecting and enhancing value 5

Contact us National Johannesburg Granville Smith Managing Director, Internal Audit, & Compliance Services T: +27 82 374 5234 E: granville.smith@kpmg.co.za Twitter: @granvillecsmith National Pretoria Thomas Gouws Director, ERM T: +27 82 718 8432 E: thomas.gouws@kpmg.co.za Twitter: @thomasgouws Cape Town Glenn Ho Director, ERM T: +27 71 203 6644 E: glenn.ho@kpmg.co.za Twitter: @GlennHo_LCP Johannesburg Muhammed Karolia Director, ERM T: +27 82 719 3170 E: muhammed.karolia@kpmg.co.za Twitter: @MuhammadKarolia Durban Ugen Moodley Director, ERM T: +27 83 452 3145 E: ugen.moodley@kpmg.co.za Twitter: @UgenMoodley kpmg.com/socialmedia The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback