Enterprise risk management Protecting and enhancing value Advisory

Similar documents
Enterprise risk management Protecting and enhancing value Advisory

Risk Management and the Internal Audit profession Two sides of the same coin? 30 th September 2015

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Giving you clarity on your change programmes

Group Chief Risk Officer

pwc.co.uk Enterprise Risk Management

Environmental, social and governance (ESG) materiality assessment

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

ERM vs. Internal Audit

Next-generation enterprise risk management

Advisory Services Governance, Risk & Compliance

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management

Embedding Operational Risk

The compliance investment

Finance disrupted. Future of finance in healthcare: As the industry adjusts to continuous disruption, the finance function has an opportunity to lead

Revenue recognition and leasing

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

KPMG s financial management practice

Life Sciences Compliance in Asia

MANAGING RISK AT SUNCORP

Navigating change. KPMG Sustainability Services. kpmg.com/cn

Key TSA provisions your M&A team needs to know now

REPORT 2015/077 INTERNAL AUDIT DIVISION

Insights into Mining Issue 12: Unlocking the value of D&A

Certification - Good and poor practice seen in banks

The Concept: Moving from Data Analysis to Data Analytics

Creating a Risk Intelligent Enterprise: Risk governance

Active Essex Risk Management Strategy

Commodity & Energy Risk Management

Generating value within the Risk Ecosystem Risk powers performance

Commodity & Energy Risk Management. kpmg.com.sg

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Accelerating your automation journey through outsourcing

Positioning Internal Audit to Deliver Value

Bringing Solvency II alive in the boardroom are you doing enough?

Deal Advisory / Australia WORKING BETTER BY WORKING TOGETHER. We can help you Partner.

Auditing Governance at Board level October 2017

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com

Miles CPA Review: BEC Q Updates for 2017 Edition

Financial Services Internal Audit insights. Effective Internal Audit RAISING THE BAR. May 2014

Taking ERM to a. 6 GRC Today / October 2015

Working better by working together

PRACTICE. Reframing risk BY MARK BUTTERWORTH

Risk Management Guidelines of the CGIAR System

ISACA. The recognized global leader in IT governance, control, security and assurance

Astrus Third Party Intelligence

Corporate governance for banks

Introduction to ERM (Enterprise Risk Management)

Risk Management. Embedding Good Practice. Aidan Horan Governance IPA

Working better by working together

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Beyond compliance. Gaining competitive advantage through risk data excellence

Management Capability Index India 2016 report Executive summary

2017 Internal Controls Survey

Compliance Risk Management Powers Performance

Future of finance: Finance disrupted. How should the CFO respond to a business environment in turmoil? kpmg.com/us/futurefinance

Risk Appetite Statement

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

Third Party Risk Management ( TPRM ) Transformation

Taking you one step ahead

CMMI for services implementation

Cultivating a Risk Intelligent Culture A fresh perspective

The bots are coming: Intelligent automation and the modern corporate treasury department

KPMG International. kpmg.com

Managing IT risk in a disruptive world

Ready for GDPR? Five steps to turn compliance into your advantage

RISK MANAGEMENT REPORT

Certificate in Enterprise Risk Management

Learning and Knowledge enabling the magnet for talent

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Back to School for Business Services how to get it right?

How well does your procurement measure up?

Regulatory Reporting: Implementing the proposed MAS Notice 610. Navigating the regulatory reporting and data challenge

Appendix 2 JFSA s views on the comments submitted in English

Planning to win. Deal Advisory / Australia. Driving value growth through competitive, flexible funding and supportive financing relationships.

EY Center for Board Matters. Leading practices for audit committees

Increasing the Intensity and Effectiveness of Supervision

Continuously improve your chances for project success

Innovating compliance through automation

Introducing ISO 22301

Powered by technology, our experts are unlocking the value of your audit. Dynamic Audit

More than 2000 organizations use our ERM solution

THE FUTURE OF FINANCE: Robotics & Finance Talent Development

Enterprise Risk Management

KPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

KPMG International. kpmg.com

Chief Growth Officer: A new role for today s CFO

Supplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance

pwc.co.uk Risk and controls operating models

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Right now! 26th Annual Insurance Conference Tuesday, November 28, kpmg.ca/insuranceconference2017

Texas Tech University System

GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY

Driving healthy growth

Working better by working together

An Enterprise Resource Planning Solution for Mill Products Companies

Transcription:

Enterprise risk management Protecting and enhancing value Advisory July 2017 kpmg.com/cn independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Protecting and enhancing value 1

independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved

Enterprise risk management Protecting and enhancing value In today s markets, businesses continue to experience an escalating pace of change disruptive technologies, innovative business models, new forms of competition and changing geopolitics. As the world forms new norms, calibrating strategy to emerging risks and opportunities is key for every company. The proliferation of risks and opportunities that businesses face today is not just noise. Failure to recognise and respond to the very real signals of change in industry sectors and societal behaviour may mean the difference between growth and destruction for some companies. Success requires a holistic and integrated approach to managing risk the competitive landscape and risk environment demand it, regulators expect it, and securing value, growth and sustainability for investors requires it. Business imperative, regulatory requirements and increased rating agency interest are prompting a new focus on enterprise risk management (ERM), and business leaders are seeking to either implement ERM for the first time, or to enhance and develop their ERM processes embedding an approach that is tailored to their company s culture and structure, aligned with their business strategy, operationalised in their business processes, and focused on their most critical risks. On the following pages, we outline some common themes and leading practices that can provide the means of realising ERM s potential for enabling organisations to add business value and achieve competitive advantage. Figure 1: ERM fundamentals Building and maintaining a dynamic and sustainable enterprise risk programme Creating content strategy & appetite assessment & measurement management & monitoring governance Data & technology reporting & insights Identifying, evaluating and prioritising enterprise risks Creating process culture Implementing ERM successfully calls for doing two things well: creating content and creating process. Source: KPMG LLP (U.S.) independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Protecting and enhancing value 1

1. Future-focused ERM content Many companies have existing ERM content in place, but it may not yet be the right content, i.e. the risks identified and measured may not be those risks that could derail the company from achieving its strategy and ultimately result in destruction of value. Companies need to take a critical look and ensure that they have truly identified those risks and vulnerabilities that could threaten the organisation s overall business strategy, and they need to use future-focused risk assessment to reassess that strategy in light of internal and external emerging risks. For example, if an organisation is planning to buy another company, approaching the transaction with not just a growth lens but also an enterprise risk lens is vital. That risk lens shifts the analysis away from just does this acquisition fulfil our immediate strategic growth ambition? to does the impact on our business model make sense in the context of our changing competitive/industry risk environments and the social and geopolitical context? Keeping risk content fresh and dynamic needs to be a priority this means that enterprise risk assessment (ERA) can no longer be just an annual exercise. Leading organisations are developing robust and iterative risk assessment processes, using structured and unstructured data to identify the impact of new/emerging risks arising from both the company s own strategic efforts and the accelerating pace of change around them. 2. A single view of risk appetite Establishing a clear risk appetite the overall level of risk that an entity is willing to take supports companies in achieving both strategic and financial objectives. Many companies still view risk appetite solely as a line not to cross, but leading organisations use it to determine whether they can and should be taking more risk. Developing a more clearly defined, board-endorsed risk appetite, and using this to both promote the right risk culture and take a harder look at the upside of risktaking, are front and centre of leading edge ERM practices. Because risk appetite helps drive a successful outcome in terms of achieving both strategic objectives and financial returns, there is a strong correlation between risk appetite, capital management and related business planning activities. tolerance limits can be set for risk categories, risk types or specific risks. If you aren t constantly assessing strategy and risk, and adjusting as you go, there s no way you re keeping pace as a business. Public company director, KPMG s 12th Annual Audit Committee Issues Conference independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Protecting and enhancing value 2

Impact Very low Low Medium High Very high Likelihoo d The tolerance limits can be aligned to the company s earnings thresholds and should consider the company s aggregated risk portfolio: Income statement Examples stresses on earnings 1. Competition dynamics 2. Downward trend of price 3. People challenges 4. Economic stresses 5. Regulatory pressures Key risks 1.0% 0.5% 0.25% 0.1% Very Very low Low Medium High high 5% 15% 30% 60% 100% Earnings distribution tolerance level 1 Profit warning -taking activity 1 Innovation/R&D tolerance level 2 Covenants appetite -taking activity 2 Investments tolerance level 3 Credit rating -taking activity 3 Transactions tolerance level 4 Corporate action Balance sheet Catastrophe loss Absorption capacity Expected earnings Put simply, unless you know what your risk appetite is, there s no way to gauge whether you re taking too much risk or not enough in pursuit of strategic value. 3. Tailored, proportionate ERM processes Many organisations have already invested in a variety of risk processes and functions, but these mechanisms often lack a unifying vision and clear objectives processes have been built without a clear view of what the desired state is for ERM in the company. Consequently, the potential benefits of ERM as a strategic value tool remain unrealised. Leaders take varying approaches to ERM, depending on the size and needs of the organisation and its risk profile. As outlined in Figure 2, ERM approaches can be plotted along a maturity continuum. An organisation s approach, and the choices it reflects, impact the extent to which it makes ERM part of its governance and business operations and the investment it makes in individual ERM framework component areas. An assessment of ERM maturity supports leaders in gaining an appreciation of the gaps in their current efforts and agreeing a way forward that ensures that the ERM programme delivers value for the company. strategy & appetite independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Protecting and enhancing value 3

Figure 2: A risk continuum Basic Mature Advanced strategy and appetite Some formal consideration of risk in strategic planning and basic definition of the overall corporate risk appetite is a key aspect of strategic planning and used to support business decisions. appetite is clearly defined and understood across the organisation integrated with strategic planning and risk strategy includes use of sophisticated tools such as scenarios, KRls, KPls and advanced measurement of risk appetite elements governance A central risk management policy to support external requirements Formally documented organisational model for risk governance supported by defined responsibilities, including all three lines of defence (business, risk/compliance and internal audit) Enterprise risk governance is endorsed by senior management and by the board. management integrated into risk owners business activities and performance management culture The business culture and operating philosophy, and their relationship with risk management is loosely understood Employees can describe the organisation s risk culture, influenced by leadership tone and communications Senior management leads by example by making risk management a clear priority and encouraging appropriate risk management behaviour. assessment and measurement Annual risk assessment with limited analysis, interpretation and reporting Established risk assessment cadence, methodologies and tools, and systematic approach to analysis and reporting s are identified on a continuous basis, with realtime escalation, leveraging use of data, risk metrics and employee inputs management and monitoring Basic definition of major risks, and limited or ad hoc processes to monitor risks Business-as-usual management and monitoring of major identified risks Monitoring responsibilities are seamlessly applied across the three lines of defence, with integrated reporting of risk and assurance activities to the board reporting and insights Business risk reporting is ad hoc and designed primarily to support external requirements Regular and robust risk reporting to the board, audit committee and senior management, including on emerging risks Single comprehensive view of risk on a real-time basis across all risk classes to all internal and external stakeholders Data and technology Data is nonstandard, with varying levels of quality, and key risk tools exist in silos across the organisation Automated technology solutions are used to store and analyse risk data. data standards and data quality policy is established Automated and integrated technology is used to store, manage and report real-time risk data. flags are programmed and data integrity checks are embedded in business processes independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Protecting and enhancing value 4

Data collection Siloed methodologies Siloed reporting & outcomes HR Finance Service R&D Procurement Inventory Internal audit Compliance ERM SDK Legal Reporting Reporting Reporting Reporting Reporting 4. Efficient and aligned governance, risk and compliance activities. Increasingly complex operating environments mean that ERM is only one of a growing multiplicity of governance, risk and compliance activities that companies undertake. Leading organisations are recognising the opportunity to coordinate often fragmented risk assessment and assurance work streams, simplifying reporting, and streamlining oversight to provide better risk coverage across their activities allowing them to reduce disruption to the business from administrative activities and using scarce compliance, risk and audit resources more efficiently. The way forward ERM approaches help organisations with the critical challenges: (1) how to link risk and strategy to drive business performance and enhance the organisation s brand, and (2) how to derive tangible value from governance, risk and compliance efforts. Organisations that embrace ERM and build it into the core of their enterprises can anticipate the benefits that are possible when: s (ERM content ) are assessed, evaluated and correlated across the enterprise A common understanding is established of how much risk employees can and should take, as well as when to raise their hand when a risk or opportunity is outside of those thresholds A common risk framework (ERM process ) is in place, with accountability established for measuring, managing, and monitoring risk quantification and aggregation is enabled throughout the organisation via common methodologies and tools reporting to management and the board is effective (that is, it captures risk trends and emerging risks) The ERM programme supports strategic decisionmaking and brand protection, and has predictive value There is a risk culture in place that fosters the right risk discussions throughout the organisation Corporate governance processes are strengthened. The most successful and sustainable companies in the future are going to be those that make the right risk-based strategic decisions now. ERM is a critical tool for understanding and responding to a changing world and therefore for gaining competitive advantage. ERM helps enhance performance and protect value Using ERM, organisations can: Allocate and evaluate capital based on riskbased performance Integrate risk and strategic planning, investment, and M&A Reduce costs through risk consolidation and cross-functional efficiencies Reduce cash flow volatility using derivatives, insurance or improved controls Reduce losses and identify opportunity through coordinated enterprise risk monitoring and reporting independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Protecting and enhancing value 5

Contact us Shanghai Li Fern Woo T: +86 (21) 2212 2603 E: lifern.woo@kpmg.com Grace Chen T: +86 (21) 2212 2780 E: grace.xh.chen@kpmg.com Joyce Ge Director, T: +86 (21) 2212 3295 E: joyce.ge@kpmg.com Beijing Frank Mei T: +86 (10) 8508 7188 E: frank.mei@kpmg.com Jessica Xu T: +86 (10) 8508 5952 E: jessica.xu@kpmg.com Johnson Li T: +86 (10) 8508 5975 E: johnson.li@kpmg.com Shirly Wang Director, T: +86 (10) 8508 5113 E: shirly.wang@kpmg.com Hong Kong Paul McSheaffrey T: +852 2978 8236 E: paul.mcsheaffrey@kpmg.com Jia Ning Song Alva Lee T: +852 2978 8101 T: +852 2143 8764 E: jianing.n.song@kpmg.com E: alva.lee@kpmg.com Jeffrey Hau Director, T: +852 2685 7780 E: jeffrey.hau@kpmg.com Guangzhou/Shenzhen Kelvin Leung T: +86 (755) 2547 3338 E: kelvin.oc.leung@kpmg.com Daisy Du Director, T: +86 (755) 2547 1168 E: daisy.du@kpmg.com kpmg.com/socialmedia This document was originally published by KPMG International. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback