aon erm ppt 2007
TRANSCRIPT
1
Enterprise Risk ManagementWhere next for ERM?
September 12, 2007
Alex Hindson & Steven HarmerAon Global Risk Consulting
SOLUTIONSFOR COMPLEX RISK
2
Agenda
Research Findings
Context of Aon’s research
Aon’s Research Study
Conclusions & Discussion
3
Aon Global Risk Consulting
Global risk consulting practice with centres of excellence in London, Paris Amsterdam, Chicago, New York, and Sydney
• Specialised in Enterprise Risk and Business Continuity Management
Experienced in practical implementation of Enterprise Risk Management solutions
ERM practice founded in 1999
Over 50 practising consultants globally
Committed to Thought-leadership and leading thinking on how to successfully implement ERM in global organisations
4
Integrated Risk Consulting Process
EnterpriseRisk
Management
Identify & Assess
Actuarial&
Analytical
Quantify
RiskFinance
Solution Design
Risk TransferCaptives
AlternativeRisk Financing
Implement
CaptiveManagement
OutsourceOutsource
Integrated Service offeringIntegrated Service offeringPartners in the identification, assessment and management of risk
5
Aon’s Value-Driven ERM Approach
Aon’s approach is founded on understanding current processes andorganisation culture
Growth Profitability
Continuity
Risk ResponseSolution
RiskManagement
Implementation
RiskIdentification
& Prioritization
EvaluateRisk Process
RiskQuantification
6
Enterprise Risk Management Defined
Enterprise risk management deals with risks and opportunities affecting value creation or preservation.
Aon defines Enterprise Risk Management (ERM) as:
“The proactive execution of a senior management sponsored, entity-wide strategic process of assessing and responding to the collective risks that impact an organization’s ability to maximize stakeholder value.“
7
EnterpriseGoals &
Objectives
Value CreationPerformance
ERM ERM
ExternalIn
tern
al
Financial StrengthConformance
Issue 1: How do I extract value from risk spend while balancing the diverse interests of internal and external stakeholders?
Capital• Debtholders• Agencies• Regulators
Governance• Controls• Compliance
Growth• Bus. Units• Managers
Returns• Shareholders• Investors• Partners
Objectives of managers: Performance vs. Conformance
8
Shareholders&
InvestmentCommunity
FirmValue
Regulators&
Legislators
Associates&
Employees
Consumers&
Clients
Strong governance Steady growth
Risk management
Transparency
Stable returns
Good services, reliable products
Privacy
Fair practices and terms
Community investment
Compliance with laws,regulations, contracts, policies
Clear disclosure
Solvency
Managed risk
Community reinvestment
Strong, visionary
Opportunities
Honest communication
Fair treatment
Issue 2: How do I manage the increasing complexity and interdependencies of risk?
9
NoBenchmark risk again peers
Focus on key risks
Aon’s ERM Approach
Setup: Framework / Risk Governance
NoRisk Response – Integrating ERM into business decision-making processes
NoRisk Measurement – Quantify Enterprise Risk Exposure & Facilitate Determination of Risk Appetite
NoEnhancing communications with external stakeholders
BasicRisk Monitoring – Proactive and Retrospective Risk Learnings
NoRisk Response – Managing Risk Exposure to within Risk Appetite
Not in scopeRisk Response – Taking More Risk for Suitable Rewards
DifficultRisk Response – Mitigating Risk
NoRisk Measurement - Quantitative
Risk Measurement - Qualitative
100s/1000s of risksRisk Identification
Sarbanes-Oxley / COSOERM Depth
Conformance
Performance
Issue 3: In the face of increasing regulation and the cost associated with conformance…how do I make my investment perform?
10
Policies, processes and practices defined and formalized across the organization
Risks measured, managed and aggregated on an enterprise-wide basis
Organization focused on RM as a source of competitive advantage and continuous improvement
Capabilities characteristic of individuals vs. the organization
Process established and repeating: reliance on people is reduced
Systematically Build and Improve Risk Management Capabilities
Issue 4: How does my company align with best practices in enterprise risk management?
Initial Established Uniform Managed Optimizing
RiskOpportunity
Source: Adapted from the Software Engineering Institute’s (SEI’s) Capability Maturity Model (CMM)
11
Research Findings
Context of Aon’s research
Aon’s Research Study
Conclusions & Discussion
Agenda
12
Research Project - Topic
Specifically researched how ERM was being implemented in global organisations
– The role given to ERM in organisations
– What strategic objectives had been set for ERM?
– What resources were deployed to implement ERM?
– What approach was selected to implementing ERM?
– How cultural issues were being addressed
– Successes and challenges in embedding ERM
Analysed according to– Organisation’s location, scale and sector
– Organisation’s ERM maturity (self assessed)
– Organisational culture type (self assessed)
13
Research Project - Methodology
Approached 1,149 Executives, CRO’s and risk managers in G1500 client and contact database using on-line survey
Obtained 103 quantitative responses to survey from EMEA and Americas
Undertook 12 structured qualitative interviews to develop case studies from leading companies
Study completed between June and August 2007 by Aon’s ERM practice with support from David Burton Associated
Results to be published October 2007
14
ERM Survey - Demographics
Industry sector
15
Aon’s PADI Culture Model
Be responsive
Develop faster, less bureaucratic and more direct ways of accomplishing results
P Performance A Administration
D Development I Intimacy
Surprise me
Find totally new ways of doingthings and accomplishing results
Be consistent
Develop more accurate, preciseand systematic methods to do things
Understand me
Develop more cohesion, participationand cooperation amongst the people doing things
Be responsive
Develop faster, less bureaucratic and more direct ways of accomplishing results
P Performance A Administration
D Development I Intimacy
Surprise me
Find totally new ways of doingthings and accomplishing results
Be consistent
Develop more accurate, preciseand systematic methods to do things
Understand me
Develop more cohesion, participationand cooperation amongst the people doing things
16
Research Findings
Context of Aon’s research
Aon’s Research Study
Conclusions & Discussion
Agenda
17
Who is typically championing ERM?
Prime champion or sponsor of ERM?
18
Are remits clearly defined?
Is ERM function’s remit clearly defined?
19
How developed is ERM?
Stage of Development within Maturity Model
20
Drivers for ERM implementation - Maturity
Prime drivers for ERM implementation
21
Drivers for ERM implementation -- Regional
Prime drivers for ERM implementation
22
Impact of Maturity on ERM Activities
Key activities of ERM function
23
Impact of Culture on ERM Activities
Key activities of ERM function
24
Culturally aware ERM implementation?
Extent to which ERM takes into account of prevalent culture
25
Impact of Culture on ERM Development
Stage of development of ERM strategy & framework
26
Ability to drive ERM culture change
Extent to which organisation’s culture has changed as a result of ERM programme
27
Embedding ERM – level of understanding?
Understanding of and support for ERM Objectives(saying entirely or significantly)
28
Embedding ERM – Cultural differences
Understanding of and support for ERM Objectives(saying entirely or significantly)
29
Approaches to communicating ERM
Techniques used to create Risk Management Culture
30
Embedding ERM - Performance scorecard
Rating the success of ERM programme
31
Research Findings
Context of Aon’s research
Aon’s Research Study
Conclusions & Discussion
Agenda
32
Conclusions of Research
ERM implementation is a communication and engagement processMaking ERM happen is primarily about communication and management of changeOrganisations have so far primarily focused on the tangible process aspects of ERM rather than culture and communicationCommunication beyond management levels is proving challengingCulture plays a key part in how ERM needs to be implemented‘Working with an organisation culture’ maximizes the chances of successOrganisations with the most mature ERM programmes have specifically addressed the issues of stakeholder engagement & communication
33
Case Study – Communication challenges
Telenor – Changing attitudes about ERMTelenor, one of the fastest growing providers of mobile communications services in Europe and Asia, recognized that riskmanagement must be regarded as a core competency within the organization. However, an initial barrier to implementing ERM at Telenor was that it was established in parallel to a compliance project. “This created the perception that ERM was a compliance-based project,”Identifying the appropriate resources to enable the global rollout for ERM initiative was a major challenge. Different approaches for different internal stakeholder groups were considered, and a variety of ERM-related messaging strategies were discussed. Training and awareness programmes were key to success.
34
Case Study – Communication challenges
Telenor – Changing attitudes about ERMDirector of Risk Per Pundsnes has given a wide range of internal presentations. Typically audiences can be initially skeptical to a concept perceived as theoretical and woolly.“In the end they said that the process had value as a pragmatic management decision tool and they would implement it,” he says. “Time will tell how they actually buy in to ERM. Change takes time.”Results:
The creation of an entirely new area in which “theory can create value”A new understanding of the risk levels the company is taking, Potential additional value from an insurance point of view
35
Action points for organisations
How well equipped is your organisation to communicate the benefits and drivers for ERM?
Have you considered what type of culture your organisation has and what implications this might have for implementing ERM?
Have you any ‘success stories’ that demonstrate how your ERM programme has influenced your organisation’s risk culture?
Do you understand who your key stakeholders for ERM are both internally and externally?
Have you evaluated what their needs are with respect to ERM?
Do you have a communication and engagement plan to influence their perceptions of ERM and its benefits?
36
Discussion - Interactive Questions
1. What industry is your organisation primarily engaged in ?
2. In which region is your company headquartered ?
3. Which of the following do you feel best describes the culture ofyour organisation?
4. Which of the following would you say best describes the current stage of development of your organisation’s ERM strategy and framework?
5. Which of the following would you say have been the prime driversfor the implementation of ERM in your organisation?
6. Which of the following would you say have created barriers to the implementation of ERM in your organisation?
37
Discussion - Interactive Questions
7. To what extent has the Enterprise Risk Management function takenthe organisation’s prevalent culture into account in designing and adapting its approach to the implementation of ERM?
8. To what extent has the culture of the organisation changed as a result of your ERM programme?
9. How would you rate the ERM function in terms of? Effectiveness
Value for Money
Internal Relationship Management
Communication
38
Discussion on Way Forward for ERM
Any further questions?
39
Contact Information
Register for a copy of Aon report
www.aon.com/erminsight2007
Alex HindsonAssociate Director
Aon, Enterprise Risk Management+44.1932.837403
Steven HarmerConsultant
Aon, Enterprise Risk Management+44.1932.837420