implementación y evolución de erm en pepsico méxico historia de
TRANSCRIPT
Implementación y evolución de ERM en PepsiCo México
Historia de éxito Oscar Medina Oseguera PepsiCo Mexico Risk Management and Internal Audit General Manager
Agenda • Best practices to implement a successful ERM model. What are we doing in
PepsiCo Mexico.
• ERM Journey and evolution in PepsiCo Mexico • ERM Maturity level looking for the best in class • Monte Carlo as a tool to improve risk quantification and decision making • Tools to manage ERM process • Risk Appetites • Risk identification methods
Risk Management as a core enabling process to support Governing and Value Chain processes
PepsiCo Mexico Enterprise Process Model
Internal Audit was assigned to lead ERM process as the Chief Risk Officer (CRO)
Support & Enabler: Processes Council: Business Transformation ExComm meets quarterly to review ERM Processes Evolution Status
PepsiCo Mexico Risk Management Process
PMF Risk Management
Exec
utiv
e Ri
sk
Com
mitt
ee
RM G
loba
l A
gend
a
BCP
& C
M
CEO & EXCOMM
Corporate Security Change Management Information Technology Org. Capability Transformation Area
Sponsor
Support Areas
Controller // Risk Management, Internal Control, Audit & SOX O. Medina
Ambassador & Enabler
Executive Risk Committee PepsiCo Mexico CEO
- Sponsor -
Risk Management O. Medina
BU – GM´s Sales VP Operations
VP Marketing VP CFO CPO CIO R&D VP
Executive Risk Committee
Risk Owner Risk Management
Team
Legal VP Transformation
Functional Risk Owners Sr. Directors / Directors / Sr. Managers
Roles & Responsibilities CEO
-Sponsor-
Chairing Committee Decision-taking Guidance
Risks definition Framework definition Transparency assurance Decision-taking
Manage Risks Life Cycle: Identify Assess and Measure Prioritize and Set Response Monitor Report to Ex. Risk Comm.
Defines as enabler; Procedures Methodology Tools Also; Guidance Coordinate
Chairing Committee
Decision-taking to Mitigate Risks
GuidanceRisks
DefinitionFramework Definition
Process Transparency
IdentifyAssess
and Measure
Prioritize and Set Response
Monitor Report to Ex. Risk Comm.
Procedure Definition
Methodology Definition
Define Tools to manage and
measure Risks
Coordinate efforts
Sponsor R C A C C C C C C C C C C
ExComm A R A A A A C A A A A A
Risk Owner R R I I R A R R A I I I
Risk Contributor
S I I S R S S R I I I
ERM Team I S I R R S/I I S/I S/I S / C / I R R R R/A
Risk life-cycle
ERM RASCI Matrix
Responsible: Those who do the work to achieve the task.
Accountable: The one ultimately answerable for the correct and thorough completion of the deliverable or task.
Support: Resources allocated to responsible.
Consulted: Those whose opinions are sought and with whom there is two-way communication.
Informed: Those who are kept up-to-date on progress.
Best practices to implement a successful ERM process Mental Check Physical Check
• Sponsorship at the top level (CEO strong commitment). • Change Management support to embed Risk prevention
culture across the Organization…. “It is better managing risks rather than managing issues”
• Monthly newsletters with ERM process status and risks
articles of interest. • Risk Owners role as part of their business objectives
• Strong Accountability Model and proportional ownership with clear roles and responsibilities.
• Continuous training to ERM Team & Risk Owners in on
boarding and on going basis. (@Risk, COSO, ISO 31000, etc) • Constant partnership with consultants and advisors (PALISADE,
Deloitte, Metric Stream, Economists).
• Executive Risk Committee and Risk Management model at operative levels
• Business Continuity Plan including: Crisis Management,
Business Continuity and Disaster Recovery Plan
• Robust Governance and Framework with ERM Policies and procedures, RASCI matrix and job descriptions.
• Holistic ERM integration with other core business processes (AOP, Strategic Plan, Cash Flow, Capex Management)
• Leverage with Tools to improve: Montecarlo to quantify risks,
GRC system to manage ERM process, forecasting, etc
• Frequent Evaluations , peer risk analysis , Maturity level assessments
PepsiCo Mexico has a high maturity level in ERM
83% Maturity
level vs 76% YAGO & 80% AOP
Robust proportional ownership
Risk culture improvement
Technical skill reinforcement
support
Constant tracking to close gaps
Outstanding Corporate Audit Results in Internal Control System, based in COSO, including Risk Assessment component
Score: 80% (Strong) – 3 in a 1 to 4 scale.
• Monte Carlo Methodology implementation
• GRC Platform to manages ERM process
ERM Maturity Level Assessment with strong results
Actions to improve maturity level by using tools and technology
Regulatory
Financial
Strategic
Operating
Solid Global Risk Survey Results
How to evolve risk quantification with MONTECARLO MONTECARLO Methodology: • Computerized mathematical technique that allows better
decision making.
• Performs risk quantitative analysis by building models of possible results.
• Calculates results using a different set of random values.
• Involves thousands recalculations producing distributions of possible outcome values.
Risk analysis software using Monte Carlo simulation
Mind mapping and Data Exploration
Decision Trees
Complete risk and decision analysis toolkit
PMF Supplier: Company which provides Risk & Decision Analysis Solutions
Where is Monte Carlo in foods industry?
• Available languages
• Stablished in
• Decision makers using the toolkit
• Countries presence
• Fortune 100 companies
• Students per year using software
8
1984
Over 150,000 94
93 63,000
Statement of Risk Risk Assessment Risk
Outlook KPI Current Prior
General Overview
Most Likely Scenario
Impact: Low Mitigation Progress
Likelihood: Possible
Potential Impact:
Risk Category: Regulatory Risk: Taxes Risk Owners:
Mitigation Efforts Progress, Tracking and Key Challenges
Current Plans
Go-Forward plans
Progress and Tracking
Key Challenges
H H
Prior Monte Carlo Q4 15
With Monte Carlo Q1 16
$7 $5.1
MONTECARLO pilot selecting a regulatory risk
Where we are in MONTECARLO Journey 1.- Decision Tree Analysis
2.- @Risk Simulation
3.- Big Picture: Alternative 1:Partial Nullity
Alternative 2: Total Nullity
Alternative 3: Total Confirmation
• Tool designed to face complex problems to determine the best strategy, considering sequential decisions.
• Visualize map out, organize and analyze decisions using quantitative diagrams representing multiple-possible decisions and events.
Selected scenario with a probability of 55% of occurring. However, considering Legal Department’s advise to wait for SAT’s resolution, a provision of 80 % of worst case total impact was suggested.
• It shows many possible outcomes and likely they are to occur.
• Computes and tracks many different possible future scenarios.
• Quantifies the probabilities and risks to judge which risks to accept or avoid.
Potential Total Impact $5.1 USMM
*Least probable outcome with a 10% chance of occurrence
*Likely scenario with a 35% chance of occurrence
Mar Apr May Jun Jul Sep Oct Nov Dec Q2 Q3 Q4
Aug Phases
Pilot
Roll Out
Today Roadmap and Next Steps
* Q1 & Q2 Risk Committee sessions * *
New Risks supported by Palisade*
*A tool for manages ERM process.
ERM GRC
CAPEX Management
Technical training
Bidding process to determine the best option to implement for the next year
Pilot
* Roll out expected to be continued in 2017
ERM COE
Technical Training
ERM team
Risk
Q
uant
ifica
tion
MO
NT
E C
AR
LO
•Degree of risk appetite should be linked to whether risk taking is rewarded…
• Most organizations have a larger appetite for “rewarded risk” and smaller appetite for “unrewarded risk”
Level of Appetite Risk in Industry
Study by
Risk Identification Methods: “Black Swan” Methodology
Risk Identification Methods: “War Games” Methodology
