risk management for the board - qnet manitoba€¦ · less than 1 day first aid treatment $250,001...

May 2, 2013Mike Maida & Jennifer Schultz

Aon Risk Solutions

Risk Management for the Board

1Branch Presentation

Agenda• Boards Responsibility

• Establishment of Process

• Reporting Requirements

• Consequence of doing nothing

• Personal Liability

• Directors & Officers Liability mitigation

• Q&A

2Branch Presentation

Watch Closely

..\Watch_Closely.WMV

3Branch Presentation

Boards Responsibility

• TSE commissioned Peter Dey to issue a report for publicly traded companies.

• 14 recommendations made to Directors, including:

“boards should assume responsibility for the identification of principal risks of the corporation’s business, ensuring implementation of appropriate systems to manage risks”.

4Branch Presentation

Today

4

• Bond raters, TSX and our bankers (financiers) are scoring governance/management.

• They want to know what processes we have in place to identify/manage and control risk.

• Clearly, greater call for transparency and a clearer understanding of risk!

5Branch Presentation

Sarbanes-Oxley Act of 2002 (SOX)

Also known as Public Company Accounting Reform & Investor Protection Act

Legislation establishes new or enhanced standards for all U.S. public company Boards.

Act Contains 11 Sections ranging from additional Corporate Board Responsibilities to Criminal penalties.

Key take away: Must have a system for identifying material risks and disclosing them.

6Branch Presentation

Boards Responsibility

•Cleary oversight of RM is one of the key responsibilities of a board of directors.

•A board may delegate much of the work involved in managing risk, but can never delegate its responsibility for oversight.

7Branch Presentation

Establishment of Process

• Define Risk

• Policy

• Risk language

• Risk tolerance

• Using a standard

8Branch Presentation

Risk Management Process

Mon

itor &

Rev

iew

Com

mun

icat

ion

Establish Context

Identify Risk

Analyze Risk

Evaluate Risk

Treat Risk

Risk Management Standard (AS/NZ 4360)

9Branch Presentation

Identify Risk• Within the context established,

what can go wrong?

IDENTIFICATION

EVALUATE

ANALYZE

TREAT

Com

mun

icat

ion

Mon

itor

& r

evie

w

10Branch Presentation

Analyze Risk

• Likelihood, impact and effectiveness of controls.

Com

mun

icat

ion

Mon

itor

& r

evie

w

IDENTIFICATION

EVALUATE

ANALYZE

TREAT

11Branch Presentation

Evaluate

IDENTIFICATION

EVALUATE

ANALYZE

TREAT

Com

mun

icat

ion

Mon

itor

& r

evie

w

What is risk reward relationship, how does this fit into our risk tolerance? Risk is not all negative!

12Branch Presentation

Treat Risk• Reduce, mitigate, avoid,

share or retain.

IDENTIFICATION

EVALUATE

ANALYZE

TREAT

Com

mun

icat

ion

Mon

itor

& r

evie

w

13Branch Presentation

Regular Reporting

• Risk register

• Risk scores

• Risk owners

• Action plans

14Branch Presentation

Net Risk Impact The severity of a loss caused by a single occurrence taking into account the risk mitigation activities currently in place (residual or net risk).

It represents the loss of the one-time event (ie. not taking into consideration the number of times the event may occur within a given timeframe) in the most real and probable case.

CategoryDefinitions

Financial Impact Reputational Impact Business Interruption Human Cost

$0 - $250,000 Passing negative mention in related news stories Less than 1 day First Aid Treatment

$250,001 - $1,000,000Negative story appears in print media for 1 - 2 days as minor news story

1 – 2 days Medical Treatment

$1,000,001 - $5,000000Negative story appears in either TV and/or radio and/or print for 1 – 2 days as major news story

3 – 5 days Short-term Extensive Injury

$5,000,001 - $25,000,000 Same as above for 3 – 5 days 6 – 13 days Long-term Disability or Extensive Injury

Greater then $25,000,000

Story appears on TV and/or radio and/or print and/or wire service and spills over into int’l news for 3 – 5 days as major news story.

Greater than 14 days Death

1. Low

2. Moderate

3. Significant

4. Serious

5. Severe

15Branch Presentation

Net Risk Likelihood

The probability or likelihood of a loss from a single occurrence taking into account the risk mitigation activities currently in place.

Category Definition

Remote probability (1 in 10 year event)

Improbable (1 in 5 – 10 year event)

Potential(1 in 2 - 5 year event)

Probable (1 in 1 – 2 year event)

Expected (More than once a year)

1. Remote

2. Unlikely

3. Possible

4. Likely

5. Almost certain

16Branch Presentation

Category

5. Poor

4. Needs improvement

3. Improving

2. Strong

1. Ideal

Control(Quality of controls)

17Branch Presentation

Example of Dashboard

Final Score Direction Impact Likelihood Quality of

Control Risk Risk Owner Action Plan

56.4 4.7 4.0 3.0 Drought John Doe Section 1

41.2 3.6 4.4 2.6 Volatility of energy market Bill Smith Section 5

40.0 4.0 4.0 2.5 Infrastructure Jane Black Section 3

39.2 3.8 4.3 2.4 Loss of export market Betty Clarke Section 2

37.8 4.5 3.5 2.4 Interest rate Terry Yee Section 6

36.7 3.8 4.2 2.3 Foreign exchange Gail White Section 4

34.8 3.6 4.2 2.3 Political protectionism Bill Chan Section 9

33.9 3.5 4.4 2.2 Counterparty risk with XYZ Gail White Section 8

18Branch Presentation

What direction is risk headed?Risk Movement Score Direction

Getting better 1

Not changing 2

Getting worse 3

19Branch Presentation

Top 10 Principal RisksMitigation

Risk Score Movement Techniques Plan

1 18.9 Pg. 2 16

2 18.6 Pg. 3 15

3 18.4 Pg. 4 12

4 18.1 Pg. 5 11

5 17.8 Pg. 6 10

6 17.7 Pg. 7 10

7 17.5 Pg. 8 9

8 17.0 Pg. 9 7

9 16.8 Pg. 10 6

10 16.5 Pg. 11 6

XYZ Project RisksMitigation

Risk Score Movement Techniques Plan

A 16.1 Pg. 12 Pg. 13

B 15.8 Pg. 14 Pg.

C 14.5 Pg. 16 Pg. 17

D 14.2 Pg. 18 Pg. 19

E 14.0 Pg. 20 Pg. 21

F 11.2 Pg. 22 Pg. 2

G 10.7 Pg. 24 Pg. 2

H 10.3 Pg. 26 Pg. 2

I 9.6 Pg. 28 Pg. 29

J 9.1 Pg. 30 Pg. 1

K 7.5 Pg. 32 Pg. 3

20Branch Presentation

Severe

Low

Impact ($)(How severe)

Likelihood

Risk Map

Remote Almost certain

(How frequent)

1

1

2

2

3

3

4

4 Red Zone

Over managed

Under managed

21Branch Presentation

“I skate to where the puck is going to be, not to where it has been.”

Wayne Gretzky

22Branch Presentation

Consequences of Doing Nothing -Know Your Exposure

• Directors and officers must:

– Act honestly and in good faith with a view to the best interests of the organization/corporation

– Exercise the care, diligence and skill that a reasonably prudent person would exercise in comparable circumstances

23Branch Presentation

Know Your Exposure

• Who can Sue Directors and Officers

• Corporations

• Employees

• Shareholders

• Members

• Government Agencies/Regulators

• Customers

• Suppliers

• Creditors

• Competitors

24Branch Presentation

Know Your Exposure

• Under which Laws can Directors and Officers be sued?- Over 200 Federal and Provincial acts contain personal liabilities for directors and officers.

• Corporate

• Employment

• Environmental

• Financial Reporting

• Taxation

• Competition

• Securities

• Criminal

25Branch Presentation

Know your Options

• Protection from Personal Liability

• Corporate By-Laws

• Indemnity agreements

• Directors & Officers Insurance

26Branch Presentation

Recommendations

• Risk Management = Defensible Position

• Act honestly and in good faith.

• Exercise care, diligence and skill.

• Educate yourself.

– Familiarize yourself with the organization’s by-laws or Acts.– Be aware of legislation that governs your industry.

• Prove it.

• Secure Directors & Officers Liability Quotes

27Branch Presentation

Summary

•Oversight of Risk Management is the Board’s responsibility.

•No matter how big or small your organization, follow the risk management process.

•RM is not a one-time project but a regular process.

•Be diligent, educate yourself and understand the exposure you face as a board member

28Branch Presentation

Resources

• 20 Questions Directors of Not-For-Profit Organizations Should Ask About Risk

http://www.cica.ca/focus-on-practice-areas/governance-strategy-and-risk/not-for-profit-director-series/20-questions-series/item12324.pdf

• Risk Management Process

http://sherq.org/31000.pdf

28

29Branch Presentation

Contact Information

Mike Maida, Vice President Aon204 934-0288mike.maida@aon.ca

Jennifer Schultz, Vice President Aon204 934-0236Jennifer.schultz@aon.ca