erm_presentation_suretycredit_111413

CONSTRUCTION ENTERPRISE RISK MANAGEMENT

2013

WWW.DIRECTSURETY.COM

A Risk Factor is something that can cause harm. It is a poor business condition or practice that can negatively impact a company.

R

I

S

K

01. DEFINITIONS

In business terms . . .


CHARACTERISTICS OF RISK FACTORS

FOOD CONSTRUCTION

Vary by industry and importance . . .


CHARACTERISTICS OF RISK FACTORS

Applicable by type of contractor . . .


Risk is the likelihood of harm. The likelihood that profitability and shareholder value will be negatively impacted.

R

I

S

K

02. DEFINITIONS

Again, in business terms . . .


ENTERPRISE RISK MANAGEMENT (ERM)

WHAT IS IT?

ERM is a business management process . . .



01. ERMIs not a project, but a process that develops within an organization, driven and supported by senior management

02. ERM

Becomes part of the operational culture of the organization with process owners and drivers

03. ERMIs not an off-the-shelf product that works for everyone

ERM begins with the development of a risk strategy that is linked to and supportive of the overall business imperatives of the corporation.


• A holistic risk management process

• An integrated risk management process

TO THE TECHNICIAN

• A way of managing my business

TO THE LAYMAN

ERM SPEAK


RISK ASSOCIATED WITH CONDITIONS AND PRACTICES

Quantitative Risk Data

Qualitative Risk Data

Actuarial Analysis

Observational Analysis

+ERM: WHAT KIND OF RISK IS ADDRESSED?

The Complete Risk Profile=


WHAT’S ITS PURPOSE?

ERM


To raise profitability by controlling business risk.


BY

BY Removing business conditions and practices that negatively impact profitability

How is profitability maximized?

Installing business conditions and practices that positively impact profitability



1970s 1980s 1990s - Present1960s

HISTORY OF ERM DEVELOPMENT

Hazard Risk and Financial Risk Management

Hazard Risk Management, Financial Risk Management,

Operational Risk Management

Management of Hazard Risk,

Financial Risk, Operational Risk,

Strategic Risk

Hazard Risk Management


1

TRADITIONAL RISK MANAGEMENT


4



RISK MANAGEMENT THINKING HAS EVOLVED

OLD THINKING NEW THINKING

• No strategy

• Limited to certain areas

• Analysis in silos

• Risks not owned

• Inspect, detect, react

• Correlation among risks not understood

• Risk strategy linked to business strategy

• Risk culture created throughout the enterprise

• Continuous, systematic process with integration

• Responsibilities clearly defined

• Anticipate, manage, optimize, monitor

• Quantified, aggre- gated, studied for interrelationships

• Risk is a key consideration for financial decision making


INDUSTRIES THAT HAVE ADOPTED ERM

65%of Public Firms

Financial Services

Source: Excellence in Risk Management VI, Marsh | RIMS

EnergySector

HealthCare

Transportation Education

Newcomers: Construction &

Mining


01 02

03 04

COMPLIANCE TRANSPARENCY

COMPETITION TECHNOLOGY

ERM IMPLEMENTATION DRIVERS

Public Companies

Public and Private Companies


Committee of Sponsoring Organizations Professional Risk Manager’s International AssociationInternational Risk Management Institute

Casualty Actuarial Society

COSO:

PRMIA:

IRMI:

CAS:

ERM-II:

SUPPORTING ORGANIZATIONS OF THE ERM FRAMEWORK

Enterprise Risk Management International Institute


BENEFITS OF CONTROLLING STRATEGIC RISKS

ENSURES SOUND DECISION MAKING

How: By adjusting managerial business approach and policies


BENEFITS OF CONTROLLING OPERATIONAL RISKS

IMPROVES OPERATIONAL EFFICIENCIES

How: By installing more cost effective and accurate internal systems


BENEFITS OF CONTROLLING FINANCIAL RISKS

MAINTAINS AVAILABILITY OF

CREDIT & MANAGES COST OF FUNDS

How: By improving outside relationships and considering all “what if” scenarios


BENEFITS OF CONTROLLING HAZARD RISKS

REDUCES THE CONSEQUENCES OF UNCONTROLLABLE

LOSSES

How: By increasing safety and obtaining adequate coverage for potential losses


02. RISK ANALYSIS

03. RISK RESPONSE

01. RISK FACTOR IDENTIFICATION

Identify all potential risk exposures

Analyze presence of risk

Develop an action plan, plus determine what risks to control

and assign responsible individuals

THE ERM PROCESS

04. RISK CONTROL

Implement a solution to reduce or transfer the

risk

05. RISK MONITORING

Observe the completed implementation and report the results


01 02

03 04

UNCONTROLLED RISKUNDER PERFORMANCE

CONTROLLED RISKMAXIMUM PERFORMANCE

IDENTIFYING RISK FACTORS

VS.


CATEGORIZING RISKS MAKES IT SIMPLE

Business Approach

Bid Process

Information Transfer

Accounting

Procedures

Sales Methodolog

y

Construction

Management

Credit Status

Insurance Coverage

Safety Practices


02. RISK ANALYSIS

03. RISK RESPONSE



Analyze presence of risk:• Assess the level of risk• Quantify the results• Report the findings• Recommend action



THE ERM PROCESS

04. RISK CONTROL


risk

05. RISK MONITORING



PURPOSE: ANALYZE PRESENCE OF RISK

HOW:

1) Assess the level of risk

2) Quantify the results

3) Report the findings

4) Recommend action

RISK ANALYSIS IS THE KEY


HOW:




4) Recommend action


RISK ASSESSOR IS THE KEY HOLDER


PURPOSE: ASSESS THE PROBABILITY OF HARM

HOW:

1) Develop an understanding of the in-place Risk Controls associated with a specific Risk Factor

2) Determine the likelihood (probability) that the status of the existing risk controls will cause harm

KEYHOLDER’S RESPONSIBILITY


Invites subjectivity and threatens accuracy

+

MAKING THE RISK ASSESSMENT

Choices:Option A – Use Best Judgment


Removes subjectivity and promotes accuracy

+Choices:Option B – Use a Measurement Guide

MAKING THE RISK ASSESSMENT


• Lower probability of a match

1) MANY LEVELS

• Higher probability of a match

2) A FEW LEVELS

WHAT SCALE SHOULD BE USED?


DETERMINING CONTROLS PRESENT

ASK QUESTIONS LOOK AT EVIDENCE VERIFY FUNCTIONALITY


HOW IS A GOOD ASSESSMENT PERFORMED?

01. Meet the Right

People

02. Ask the Right

Questions

03. Collect Pertinent

Evidence

Simple


1) IN-HOUSE PERSONNEL

2) OUTSIDE INDEPENDENT

TYPES OF ASSESSMENT



HOW:




4) Recommend action



QUANTIFYING THE RESULTS

Severity of Impact x Likelihood of Harm (Consequence x Risk)

= Risk Score

A Measure of Risk Exposure


HOW:




4) Recommend action




Overview of Risk Analysis Performed

Summary of Risk Factors Reviewed

Explanation of Risk Assessment TechniqueResults of the Risk Assessment• Risk Map• Scoring Summary

High Risk Categories, Conditions & Practices

REPORTING THE FINDINGSTypical Report Contents:


HOW:




4) Recommend action




RECOMMEND CONTROLS

CONTROLS NECESSARY TO MITIGATE RISK

• Change or install policies• Implement new procedures• Improve existing procedures

Practices:

• Change the environment• Revise decision making

Conditions:


02. RISK ANALYSIS

03. RISK RESPONSE




Develop an action plan: determine what

risksto control and assign

responsible individuals

THE ERM PROCESS

04. RISK CONTROL


risk

05. RISK MONITORING



RISK PRIORITIZATION MAP

Control Soon

Control

Control Now

Low

High

High

Likelihood

Sev

erity


Options available:• Accept = monitor• Avoid = eliminate (get out of

the situation)• Reduce = institute controls• Transfer = move risk

elsewhere (e.g., insurance)

RESPONDING TO RISK – OPTIONS

Possible responses to risk


KEY QUESTIONS

1) What risks will the organization not accept? (e.g., fraud, errors, quality comprises)

2) What risks will the organization take on as new initiatives? (e.g., new types of work, geographies or difficulties)

3) What risks will the organization accept for competing objectives? (e.g., light on working capital, exhausted resources)

RESPONDING TO RISK - PRIORITIES


Projected Earnings at Risk

versus

Financial Gains to be Realized

RESPONDING TO RISK – APPETITE

Risk appetite: The amount of risk – on a broad level – an entity is willing to accept in pursuit of value.


1. Consider the degree to which a response will reduce likelihood of harm

2. Examine cost versus benefit of potential risk responses

3. Select response based on evaluation

4. Fully understand residual risk (unmitigated risk)

RESPONDING TO RISK – EVALUATE OPTIONS

Evaluate options in relation to risk appetite.


02. RISK ANALYSIS

03. RISK RESPONSE






THE ERM PROCESS

04. RISK CONTROL


risk

05. RISK MONITORING



Occurs throughout the organization

Implementation is driven by ERM policies and procedures that help ensure that the risk responses are carried out

Occurs at all levels in all functions

Implementing Risk Controls

Typically assignable to risk owners, not risk managers


STEPS TO SUCCESSFUL IMPLEMENTATION

• Identify objectives• Assign

responsibilities• Set deadlines

• Track progress• Complete installation

• Test the control


02. RISK ANALYSIS

03. RISK RESPONSE






THE ERM PROCESS

04. RISK CONTROL


risk

05. RISK MONITORING



• Track the performance of new or improved controls

TRACKING TO BE DONE:

• Verify that the controls remain intact and functional

VERIFICATIONS TO OBTAIN:

TRACKING AND VERIFYING CONTROLS


FINAL RESULT

ERM


ERM IMPROVEMENT CYCLE


IMPLEMENTATION – NO FREE LUNCH

TIME COMMITMENTRESOURCES


IMPLEMENTATION – ROI

Cost of Labor for Running ERM

vs

Savings from Avoidance, Transfer, or

Mitigation of Risk

A simple calculation


1) Embrace risk awareness

2) Assign a risk management leader

3) Install a risk-minded culture

4) Grow to understand your own risk exposures

5) Begin the search for risk factors

6) Learn how to effectively assess risk

7) Perform a complete risk analysis

8) Establish a routine risk assessment schedule

9) Set ERM in motion

ERM IMPLEMENTATION – HOW TO

A path to success . . .


THANK YOU FOR YOUR TIME

ERM


erm_presentation_suretycredit_111413

Technology

risk monitoring

enterprise

recommend

risk control

business terms

action plan

key purpose

risk response