erm_presentation_suretycredit_111413

CONSTRUCTION ENTERPRISE RISK MANAGEMENT

WWW.DIRECTSURETY.COM

A Risk Factor is something that can cause harm. It is a poor business condition or practice that can negatively impact a company.

01. DEFINITIONS

In business terms . . .

CHARACTERISTICS OF RISK FACTORS

FOOD CONSTRUCTION

Vary by industry and importance . . .

CHARACTERISTICS OF RISK FACTORS

Applicable by type of contractor . . .

Risk is the likelihood of harm. The likelihood that profitability and shareholder value will be negatively impacted.

02. DEFINITIONS

Again, in business terms . . .

ENTERPRISE RISK MANAGEMENT (ERM)

WHAT IS IT?

ERM is a business management process . . .

01. ERMIs not a project, but a process that develops within an organization, driven and supported by senior management

02. ERM

Becomes part of the operational culture of the organization with process owners and drivers

03. ERMIs not an off-the-shelf product that works for everyone

ERM begins with the development of a risk strategy that is linked to and supportive of the overall business imperatives of the corporation.

• A holistic risk management process

• An integrated risk management process

TO THE TECHNICIAN

• A way of managing my business

TO THE LAYMAN

ERM SPEAK

RISK ASSOCIATED WITH CONDITIONS AND PRACTICES

Quantitative Risk Data

Qualitative Risk Data

Actuarial Analysis

Observational Analysis

+ERM: WHAT KIND OF RISK IS ADDRESSED?

The Complete Risk Profile=

WHAT’S ITS PURPOSE?

To raise profitability by controlling business risk.

BY Removing business conditions and practices that negatively impact profitability

How is profitability maximized?

Installing business conditions and practices that positively impact profitability

1970s 1980s 1990s - Present1960s

HISTORY OF ERM DEVELOPMENT

Hazard Risk and Financial Risk Management

Hazard Risk Management, Financial Risk Management,

Operational Risk Management

Management of Hazard Risk,

Financial Risk, Operational Risk,

Strategic Risk

Hazard Risk Management

TRADITIONAL RISK MANAGEMENT

RISK MANAGEMENT THINKING HAS EVOLVED

OLD THINKING NEW THINKING

• No strategy

• Limited to certain areas

• Analysis in silos

• Risks not owned

• Inspect, detect, react

• Correlation among risks not understood

• Risk strategy linked to business strategy

• Risk culture created throughout the enterprise

• Continuous, systematic process with integration

• Responsibilities clearly defined

• Anticipate, manage, optimize, monitor

• Quantified, aggre- gated, studied for interrelationships

• Risk is a key consideration for financial decision making

INDUSTRIES THAT HAVE ADOPTED ERM

65%of Public Firms

Financial Services

Source: Excellence in Risk Management VI, Marsh | RIMS

EnergySector

HealthCare

Transportation Education

Newcomers: Construction &

Mining

COMPLIANCE TRANSPARENCY

COMPETITION TECHNOLOGY

ERM IMPLEMENTATION DRIVERS

Public Companies

Public and Private Companies

Committee of Sponsoring Organizations Professional Risk Manager’s International AssociationInternational Risk Management Institute

Casualty Actuarial Society

PRMIA:

ERM-II:

SUPPORTING ORGANIZATIONS OF THE ERM FRAMEWORK

Enterprise Risk Management International Institute

BENEFITS OF CONTROLLING STRATEGIC RISKS

ENSURES SOUND DECISION MAKING

How: By adjusting managerial business approach and policies

BENEFITS OF CONTROLLING OPERATIONAL RISKS

IMPROVES OPERATIONAL EFFICIENCIES

How: By installing more cost effective and accurate internal systems

BENEFITS OF CONTROLLING FINANCIAL RISKS

MAINTAINS AVAILABILITY OF

CREDIT & MANAGES COST OF FUNDS

How: By improving outside relationships and considering all “what if” scenarios

BENEFITS OF CONTROLLING HAZARD RISKS

REDUCES THE CONSEQUENCES OF UNCONTROLLABLE

LOSSES

How: By increasing safety and obtaining adequate coverage for potential losses

02. RISK ANALYSIS

03. RISK RESPONSE

01. RISK FACTOR IDENTIFICATION

Identify all potential risk exposures

Analyze presence of risk

Develop an action plan, plus determine what risks to control

and assign responsible individuals

THE ERM PROCESS

04. RISK CONTROL

Implement a solution to reduce or transfer the

05. RISK MONITORING

Observe the completed implementation and report the results

02. RISK ANALYSIS

03. RISK RESPONSE

THE ERM PROCESS

04. RISK CONTROL

05. RISK MONITORING

UNCONTROLLED RISKUNDER PERFORMANCE

CONTROLLED RISKMAXIMUM PERFORMANCE

IDENTIFYING RISK FACTORS

CATEGORIZING RISKS MAKES IT SIMPLE

Business Approach

Bid Process

Information Transfer

Accounting

Procedures

Sales Methodolog

Construction

Management

Credit Status

Insurance Coverage

Safety Practices

02. RISK ANALYSIS

03. RISK RESPONSE

Analyze presence of risk:• Assess the level of risk• Quantify the results• Report the findings• Recommend action

THE ERM PROCESS

04. RISK CONTROL

05. RISK MONITORING

PURPOSE: ANALYZE PRESENCE OF RISK

1) Assess the level of risk

2) Quantify the results

3) Report the findings

4) Recommend action

RISK ANALYSIS IS THE KEY

4) Recommend action

RISK ASSESSOR IS THE KEY HOLDER

PURPOSE: ASSESS THE PROBABILITY OF HARM

1) Develop an understanding of the in-place Risk Controls associated with a specific Risk Factor

2) Determine the likelihood (probability) that the status of the existing risk controls will cause harm

KEYHOLDER’S RESPONSIBILITY

Invites subjectivity and threatens accuracy

MAKING THE RISK ASSESSMENT

Choices:Option A – Use Best Judgment

Removes subjectivity and promotes accuracy

+Choices:Option B – Use a Measurement Guide

MAKING THE RISK ASSESSMENT

• Lower probability of a match

1) MANY LEVELS

• Higher probability of a match

2) A FEW LEVELS

WHAT SCALE SHOULD BE USED?

DETERMINING CONTROLS PRESENT

ASK QUESTIONS LOOK AT EVIDENCE VERIFY FUNCTIONALITY

HOW IS A GOOD ASSESSMENT PERFORMED?

01. Meet the Right

People

02. Ask the Right

Questions

03. Collect Pertinent

Evidence

Simple

1) IN-HOUSE PERSONNEL

2) OUTSIDE INDEPENDENT

TYPES OF ASSESSMENT

4) Recommend action

QUANTIFYING THE RESULTS

Severity of Impact x Likelihood of Harm (Consequence x Risk)

= Risk Score

A Measure of Risk Exposure

4) Recommend action

Overview of Risk Analysis Performed

Summary of Risk Factors Reviewed

Explanation of Risk Assessment TechniqueResults of the Risk Assessment• Risk Map• Scoring Summary

High Risk Categories, Conditions & Practices

REPORTING THE FINDINGSTypical Report Contents:

4) Recommend action

RECOMMEND CONTROLS

CONTROLS NECESSARY TO MITIGATE RISK

• Change or install policies• Implement new procedures• Improve existing procedures

Practices:

• Change the environment• Revise decision making

Conditions:

02. RISK ANALYSIS

03. RISK RESPONSE

Develop an action plan: determine what

risksto control and assign

responsible individuals

THE ERM PROCESS

04. RISK CONTROL

05. RISK MONITORING

RISK PRIORITIZATION MAP

Control Soon

Control

Control Now

Likelihood

Options available:• Accept = monitor• Avoid = eliminate (get out of

the situation)• Reduce = institute controls• Transfer = move risk

elsewhere (e.g., insurance)

RESPONDING TO RISK – OPTIONS

Possible responses to risk

KEY QUESTIONS

1) What risks will the organization not accept? (e.g., fraud, errors, quality comprises)

2) What risks will the organization take on as new initiatives? (e.g., new types of work, geographies or difficulties)

3) What risks will the organization accept for competing objectives? (e.g., light on working capital, exhausted resources)

RESPONDING TO RISK - PRIORITIES

Projected Earnings at Risk

versus

Financial Gains to be Realized

RESPONDING TO RISK – APPETITE

Risk appetite: The amount of risk – on a broad level – an entity is willing to accept in pursuit of value.

1. Consider the degree to which a response will reduce likelihood of harm

2. Examine cost versus benefit of potential risk responses

3. Select response based on evaluation

4. Fully understand residual risk (unmitigated risk)

RESPONDING TO RISK – EVALUATE OPTIONS

Evaluate options in relation to risk appetite.

02. RISK ANALYSIS

03. RISK RESPONSE

THE ERM PROCESS

04. RISK CONTROL

05. RISK MONITORING

Occurs throughout the organization

Implementation is driven by ERM policies and procedures that help ensure that the risk responses are carried out

Occurs at all levels in all functions

Implementing Risk Controls

Typically assignable to risk owners, not risk managers

STEPS TO SUCCESSFUL IMPLEMENTATION

• Identify objectives• Assign

responsibilities• Set deadlines

• Track progress• Complete installation

• Test the control

02. RISK ANALYSIS

03. RISK RESPONSE

THE ERM PROCESS

04. RISK CONTROL

05. RISK MONITORING

• Track the performance of new or improved controls

TRACKING TO BE DONE:

• Verify that the controls remain intact and functional

VERIFICATIONS TO OBTAIN:

TRACKING AND VERIFYING CONTROLS

FINAL RESULT

ERM IMPROVEMENT CYCLE

IMPLEMENTATION – NO FREE LUNCH

TIME COMMITMENTRESOURCES

IMPLEMENTATION – ROI

Cost of Labor for Running ERM

Savings from Avoidance, Transfer, or

Mitigation of Risk

A simple calculation

1) Embrace risk awareness

2) Assign a risk management leader

3) Install a risk-minded culture

4) Grow to understand your own risk exposures

5) Begin the search for risk factors

6) Learn how to effectively assess risk

7) Perform a complete risk analysis

8) Establish a routine risk assessment schedule

9) Set ERM in motion

ERM IMPLEMENTATION – HOW TO

A path to success . . .

THANK YOU FOR YOUR TIME

erm_presentation_suretycredit_111413

risk monitoring

enterprise

recommend

risk control

business terms

action plan

key purpose

risk response

Technology

pickuppal eco-rideshare program

become a photographer

snapshot of digital india - march 2014

lets go on a field trip! (physically & virtually)

psychology of the winner

the value of user experience (from web 2.0 expo berlin 2008)

what is big data?

trendwatching.com's internet of caring things

trendwatching.com's innovation celebration

apple 03 - management mistakes

lean prototyping - a practical guide

design principles: the philosophy of ux

the essence of design for startups

the art of colors

designing with vision

6 key learnings for responsive webdesign

personal branding presentation for hcc

big data - the 5 vs everyone must know

zipcar millennials survey

expert positioning using linkedin