Building an Intelligent Risk Organization Case Studies in Strategic Risk Management October 24, 2016 Yannick Kwan & Tom Durkin Aon Global Risk Consulting WWW.CHICAGOLANDRISKFORUM.ORG
Global Trends in Risk Management Factors driving improvements in risk management approaches Regulatory (e.g. SEC) Rating Agency (e.g. S&P) Current market and economic conditions Published standards for risk management (e.g. COSO, ISO 31000) Board fiduciary responsibilities Management duty of care provide Firm volatility Desire for improved communications Proprietary & Confidential October 2016 2
World Bank s view on Risk Management & Insurance We re advocating a sea change in the way risk is managed. Our new approach calls for individuals and institutions to shift from being crisis fighters to proactive and systematic risk managers. Jim Yong Kim, President of the World Bank World Bank s View on Risk & Insurance! Successful risk management can be a powerful tool for development! Risk management can save lives, avert economic damages, and provide resilience and prosperity by allowing people to undertake new endeavors! There are currently several obstacles to successful risk management in pursuit of development aims. These include the behavioral failures of decision-makers, lack of resources, and low levels of information with which to make decisions! Macro-level risk analysis and better management of information as potential government strategies Source: World Bank Proprietary & Confidential October 2016 3
2015 Global Risk Management Survey - Top Ten Risks Trends in Risk Management Aon Risk Global Solutions Risk Consulting Global Risk Risk Consulting Americas Proprietary & Confidential October 2016 4
2015 Global Risk Management Survey Risk Ranking Proprietary & Confidential October 2016 5
Global Trends in Risk Management Key Takeaways Businesses have made little headway in enterprise risk visibility Improved C-Suite leadership/holistic approach Significantly complex and growing risks are emerging Holistic approach/ competitive advantage/ sustainable financial results Proprietary & Confidential October 2016 6
What is the Aon Risk Maturity Index?! An on-line tool that enables risk and financial leaders to self-assess their organization s risk frameworks! The Aon Risk Maturity Index provides a data-driven means of driving client value and market insight! In late 2010, we partnered with The Wharton School of the University of Pennsylvania and Aon business units to develop the Index. Proprietary & Confidential October 2016 7
How we Designed the Index Governance & Infrastructure 10 characteristics Process Integration Culture & Communication 40 components 125 questions Proprietary & Confidential October 2016 8
Aon Risk Maturity Index: Global Reach All Organizations (1000+ Organizations Globally) Developing capabilities to identify, assess and prioritize risks across the organization Developing capabilities to analyze risk consistently, but approach may be primarily qualitative Developing capabilities for monitoring existing risk exposure across the organization Informal and inconsistent consideration of risk and risk management information in decision making Developing understanding of Enterprise Risk Management (ERM) and its application Current Aon Risk Maturity Index Dataset (February 2016) Organizations Represented: 1000+ Countries Represented: 40 Industries Represented: 30+ Languages: 10 The Index will continue to capture global data throughout 2016 and beyond Proprietary & Confidential October 2016 9
Aon Risk Maturity Index Insights Stock Price Performance Proprietary & Confidential October 2016 10
Aon Risk Maturity Index Insights Financial Performance Return on Equity by Risk Maturity Rating Return on Assets by Risk Maturity Rating During the period March 2013 March 2014, organizations with the highest Risk Maturity Rating of 5.0 (Advanced) as a group exhibited a return on equity performance of +42% while organizations with the lowest Risk Maturity Rating of 1.0 (Initial) as a group exhibited a negative return on equity performance -23%. This is consistent with findings from the March 2012- March 2013 period. During the period March 2013 March 2014, organizations with the highest Risk Maturity Rating of 5.0 (Advanced) as a group exhibited a return on assets performance of +11% while organizations with the lowest Risk Maturity Rating of 1.0 (Initial) as a group exhibited a negative return on assets performance -10%. This is consistent with findings from the March 2012- March 2013 period. Proprietary & Confidential October 2016 11
Aon Risk Maturity Index Insights Stock Price Volatility Proprietary & Confidential October 2016 12
Aon Risk Maturity Index Insights Organizational Resiliency Proprietary & Confidential October 2016 13
Aon Risk Maturity Index Insights Organizational Resiliency 2011 Japanese Earthquake 2008 Russian/Georgia Crisis All Model Factors are implicitly shocked based on historical factor returns from 3/10/2011 to 3/15/2011 All Model Factors are implicitly shocked based on historical factor returns from 8/7/2008 to 10/06/2008 Organizations with the highest Risk Maturity Rating of 5.0 (Advanced) as a group exhibited a stock price performance of -0.3%. This represents a +90% enhanced stock price performance compared to organizations with the lowest Risk Maturity Rating of 1.0 (Initial) that as a group exhibited a negative stock price performance of -3.1% Organizations with the highest Risk Maturity Rating of 5.0 (Advanced) as a group exhibited a stock price performance of -16%. This represents a +53% enhanced stock price performance compared to organizations with the lowest Risk Maturity Rating of 1.0 (Initial) that as a group exhibited a negative stock price performance of -34% Proprietary & Confidential October 2016 14
Using the Aon Risk Maturity Index for Organizational Improvement Triggers to re-examine an organization s risk maturity Risk Managed in Silos: Lack of Consensus Mergers & Acquisition Benchmarking Increasingly Complex Risk Profile Board/Executive Leadership Request Regulatory Change Validate Risk Management Investments Appointment of CRO Proprietary & Confidential October 2016 15
Using the Aon Risk Maturity Index for Organizational Improvement! Three factors differentiate high and low risk maturity operations Awareness of the complexity of risk Agreement on strategy and action Alignment to execute! Increasing performance along these dimensions requires: the identification of strengths and weaknesses strong communication of risks and risk management across functions and at all levels of the organization consensus regarding the steps to be taken Proprietary & Confidential October 2016 16
Using the Aon Risk Maturity Index for Organizational Improvement Having different functions and levels complete the Aon Risk Maturity Index survey provides the foundation for determining your current status along these dimensions and provides the foundation for identifying ongoing improvement activities Proprietary & Confidential October 2016 17
The Starting Point: Perceptions vs. Reality PERCEIVED RISK MANAGEMENT APPROACHES AND CAPABILITIES RELATIVE TO INDUSTRY PEERS Organizations With RMI Scores Below 2.5 Better/More Mature Comparable Worse/Less Mature 7% 46% 47% Proprietary & Confidential October 2016 18
Differences in Perceptions of Risk Management Maturity By Position and Function 3.2 Average RMI Score 3.1 3 2.9 2.8 2.7 2.6 2.5 2.4 2.3 CEO CFO CRO COO Legal VP HR VP Finance Risk Mgr Int Audit Proprietary & Confidential October 2016 19
2015 Global Risk Management Survey: Differences in Risk Perception C-Suite Risk Managers 1 2 3 1 Increasing competition 1 Damage to reputation/brand $ $ 2 Economic slowdown/ slow recovery 3 Regulatory/legislative changes 2 Regulatory/legislative changes 3 Economic slowdown/ slow recovery 1 2 3 4 Damage to reputation/brand 5 Cash flow/ liquidity risk 4 Increasing competition 5 Business Interruption Proprietary & Confidential October 2016 20
Potential Drivers of Differences in Perceptions! Real differences in risk management maturity across functions, business units, and locations! Differences in risk focus and functional biases! Limitations in risk management practices that distinguish High and Low maturity organizations Communication of risk management strategies, objectives, and practices Cross-functional cooperation Consensus on risks and risk management Proprietary & Confidential October 2016 21
Communication of Risk Appetite Results of risk assessment ac1vi1es are communicated between risk- based processes / areas of the organiza1on 80.0% 70.0% 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% 13.4% 0.5% Rarely or never 67.5% 39.6% 19.0% 59.8% Yes, on an ad- hoc basis (i.e., Yes, shared between various provided to one area by another or parges on a consistent and formal as requested) basis Average or Below Above Average Proprietary & Confidential October 2016 22
Cross Functional Collaboration Different risk func1ons collaborate in execu1ng risk- based processes 80.0% 70.0% 72.1% 60.0% 50.0% 48.2% 50.9% 40.0% 30.0% 20.0% 10.0% 0.0% 16.7% 0.8% Rarely or never Yes, on an ad- hoc basis to cooperate in data gathering or analysis 11.2% A3: Yes, through a defined, jointly executed risk assessment process designed to reduce duplicagve effort Average or Below Above Average Proprietary & Confidential October 2016 23
Consensus on Cross-Functional Risks There is consensus on strategy for cross- func1onal risks (check any and all that apply) 90.0% 80.0% 79.5% 70.0% 60.0% 50.0% 50.2% 43.3% 53.9% 40.0% 30.0% 20.0% 10.0% 8.1% 16.8% 0.0% No, consensus has not yet been established Consensus exists at execugve- levels Consensus exists at management- levels (or below) Average or Below Above Average Proprietary & Confidential October 2016 24
Aon Risk Maturity Index Insights Board Risk Oversight Practices Drivers Increasing number of external events have fostered rising expectations for Boards of Directors Inquiries into the causes of the financial crisis Changes in regulations and listing requirements More stringent interpretations of directors fiduciary responsibilities Issuance of best practice governance standards Findings Assignment of board roles and responsibilities are a major determinant of board risk oversight practices Ownership structure and country-level governance variables are significantly associated with assignment of board roles and responsibilities but little effect on specific board practices Impact on board responsibility or performance evaluation on organizational risk management practices occurs on the use of more sophisticated board risk practices Proprietary & Confidential October 2016 25
Case Study: Global Industrials 60+ Subsidiaries 5 Continents The newly appointed Chief Risk Officer (CRO) of an American industrials company sought to evaluate existing risk management capabilities and develop a strategic path forward to align risk and business practices Developing Manufacturing Solutions for: Facing Significant Risk Factors - Construction - Infrastructure - Mining - Manufacturing - Energy - Utilities Proprietary & Confidential October 2016 26
Case Study: Global Industrials 60+ Subsidiaries 5 Continents EH&S Executive Leadership Key Divergence of Opinions Content of Management Communication (Performance / Strategy) Communication of Risk Assessment Results Between Risk Functions Finance 38% 37% 31% 25% Human Resources Information Technology 25% 44% Legal & Compliance Risk Management Consistent at an enterprise level On an ad-hoc basis / in silos Rarely or never / inconsistent Proprietary & Confidential October 2016 27
Case Study: Global Industrials 60+ Subsidiaries 5 Continents Conducted a Workshop with the Executive Leadership Team and Developed a Roadmap for ERM Implementation Risk Dashboarding Formalized Risk Team Mechanism to integrate risks and provide visibility across the organization, as well as reporting to the Board Formalized team to identify, assess, and monitor risk issues across the organization as well as define consistent terminology Formalized Risk Mortems Risk Mapping Leveraging Risk Post-Mortems to analyze events to drive awareness, agreement, and opportunities for improvement A formalized risk identification and assessment process to capture current and emerging risks from across the business Proprietary & Confidential October 2016 28
Concluding Remarks What s your organization s Risk Maturity Rating? The growth and evolution of the Aon Risk Maturity Index has enabled the tool to become an industry-leading, global database on risk management practices. Results from the Index have yielded valuable findings around the correlation of advanced risk management practices and financial performance, as well as practical insights to assist in the development of a mature risk management framework in support of sustainable, stable financial results. Aon will continue its research with The Wharton School to identify key risk management practices and processes that contribute to improved financial performance as well as a deeper understanding of industry-specific best practices in risk management. The Aon Risk Maturity Index is a confidential and online tool. For more information or to participate, please visit www.aon.com/rmi or email risk.maturity.index@aon.com Proprietary & Confidential October 2016 29