ENTERPRISE RISK MANAGEMENT

LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION

March 14, 2013

Webinar on ERM

• What it is!• What it is not!

2

Do You Know…..

• The underlying premises of ERM• History of ERM• COSO has developed an ERM framework• Everyone is doing risk management already

3

Introduction

• ERM• ISO standard on risk

management• Risk management

4

1. Business at warp-speed2. Obsolete business models3. New business practices4. Converging financial services providers5. Increasingly demanding investors and regulators6. Increasingly accountable and demanding directors7. Increasingly effective processes for risk identification8. Increasingly effective measurement tools9. Increasingly effective information tools

10. Increasingly effective scenario analysis and planning

ERM and Risk Drivers

5

Why ERM is Essential

6

Lessons Learned From ERMERM – the new perspective

• Fragmented• Negative• Reactive• Ad hoc• Cost-based• Narrowly-focused• Functionally-driven

• Integrated• Positive• Proactive• Continuous• Value-based• Broadly-focused• Process-driven

7

From To

What Companies Need to Address

• Unintentional Risks• Intentional Risks

8

Polling Question # 1

9

Why do business leaders love the Chief Risk Officer?(Select all that apply)

a) The CRO promotes Risk Management and Policy

b) The CRO determines what level of risk is acceptable to the organization

c) The CRO controls the budgets on all issues so they don’t have to

d) None of the above

ERM – What Does It Mean?

10

1. Establish goals, objectives and oversight2. Assess business risk3. Develop risk management strategies4. Design and implement risk management capabilities5. Monitor performance6. Continuously improve risk management capabilities7. Support the process with information for decision making

Evolution of Risk ManagementTo a Strategic Process

Stepping Stones Towards ERM

12

Linkage toIncreasing risk management capabilities

opportunity and

competitive

advantage

Adopt Common Language

Establish Goals,

Objectives and

Oversight

Assess Risk and Develop

Strategies

Design/ Implement

Capabilities

Continuously Improve

Aggregate Multiple

Risk Measures

Link to Enterprise

Performance

Formulate Enterprise-wide Risk Strategy

Polling Question # 2

13

Which one of the following is a CRO’s top priority?

(a) Computer malfunctioning(b) Harrassment of an employee(c) Customer complaint(d) Suspected fraud

ERM Journey

• Expand corporate governance• Unexpected losses• Implement strategic management

tool• Rapidly changing environment• KPI shortfalls and tightened profit

margins• Manage changing business model• Improve capital budgeting

decisions• Improve management of new

economy assets

• Aggressive growth strategies, including M&A

• Improved integration desired• Address lack of change

readiness• Incentives/rewards not aligned• Address fragmented and narrow

focus• Reduce reactive decision-making• More holistic approach desired

14

Common reasons Other possible reasons

What Are Risks?

15

Business Risk – What Does it Mean To an Organization?

• Externally-driven• Internally-driven• Decision-driven

16

Polling Question # 3

17

If a CRO has an unlimited budget to spend on Risk Management, can the organization become 100% risk-free?

a) Yesb) No

How Do We Handle Business Risk?

18

Sources of Uncertainty

Environment Risk Uncertainties affecting the viability of business model

Process Risk Uncertainties affecting the execution of business model

Information for Decision-Making Risk

Uncertainties over the relevance and reliability of information that supports the value-creation decisions

Building an Enterprise-Wide Business Risk Management Approach

19

Basic Risk Management StrategiesAvoid Divest

• Prohibit• Stop• Target• Screen• Eliminate

Retain Accept• Reprice• Self-insure• Offset• Plan

Reduce Disperse• Control

Transfer Insure• Reinsure• Hedge• Securitize• Share• Outsource• Indemnify

Exploit Allocate• Diversify• Expand• Create• Redesign• Reorganize• Price• Arbitrage• Renegotiate• Influence

20

Quick Reference Guide

21

High frequency Low frequency

High severity Avoid Transfer

Low severity Reduce Retain

Polling Question # 4

22

An insurance company would not find it profitable to insure against something that has high frequency AND high severity.

• True• False

Factors to Consider When Selecting Risk Strategy

a) Objectives and strategiesb) Capabilityc) Time horizond) Financinge) Residual (basis) riskf) Manageability

g) Scenariosh) Environmenti) Operational versus contractualj) Interfacesk) Orientationl) Compliancem) Pervasivenessn) Frequencyo) Data availability

23

Monitoring ContinuousImprovement

a) Existing priority riskb) New emerging risksc) Risk management performanced) Specific measures, policies and

procedures

a) Benchmarking performance to identify best practices

b) Four-way interactive communications and knowledge sharing

c) Integrating the firm’s risk language and process into its employee learning programmes

24

Risk Map

25

Polling Question # 5

26

Which occupational fraud is the most frequent offense?

a) Asset misappropriationb) Corruptionc) Financial-statement fraud

Risk Reporting

27

Organizational Oversight Structure

28

1. Board of Directors2. CEO3. Risk Management Executive Committee4. Business risk management function5. Business Units, Divisions & Functional support

and shared services6. Risk management compliance & Internal audit

Polling Question # 6

29

Risk management is the responsibility of

a) Board of Directorsb) Chief Executive Officerc) Chief Financial Officerd) Chief Risk Officere) Everyonef) No one

Corporate Governance Model

30

Summary

31

1. Establish oversight structure2. Define common language and framework3. Target risks and processes4. Develop overall goals, objectives and processes5. Assess risk management capabilities

You are most welcome to contact the presenter “Balaji” to further discuss ERM

< hotmail.me.now@gmail.com >

32