lessons learned from erm in a public sector organization · lessons learned from erm in a public...
TRANSCRIPT
ENTERPRISE RISK MANAGEMENT
LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION
March 14, 2013
Webinar on ERM
• What it is!• What it is not!
2
Do You Know…..
• The underlying premises of ERM• History of ERM• COSO has developed an ERM framework• Everyone is doing risk management already
3
Introduction
• ERM• ISO standard on risk
management• Risk management
4
1. Business at warp-speed2. Obsolete business models3. New business practices4. Converging financial services providers5. Increasingly demanding investors and regulators6. Increasingly accountable and demanding directors7. Increasingly effective processes for risk identification8. Increasingly effective measurement tools9. Increasingly effective information tools
10. Increasingly effective scenario analysis and planning
ERM and Risk Drivers
5
Why ERM is Essential
6
Lessons Learned From ERMERM – the new perspective
• Fragmented• Negative• Reactive• Ad hoc• Cost-based• Narrowly-focused• Functionally-driven
• Integrated• Positive• Proactive• Continuous• Value-based• Broadly-focused• Process-driven
7
From To
What Companies Need to Address
• Unintentional Risks• Intentional Risks
8
Polling Question # 1
9
Why do business leaders love the Chief Risk Officer?(Select all that apply)
a) The CRO promotes Risk Management and Policy
b) The CRO determines what level of risk is acceptable to the organization
c) The CRO controls the budgets on all issues so they don’t have to
d) None of the above
ERM – What Does It Mean?
10
1. Establish goals, objectives and oversight2. Assess business risk3. Develop risk management strategies4. Design and implement risk management capabilities5. Monitor performance6. Continuously improve risk management capabilities7. Support the process with information for decision making
Evolution of Risk ManagementTo a Strategic Process
Stepping Stones Towards ERM
12
Linkage toIncreasing risk management capabilities
opportunity and
competitive
advantage
Adopt Common Language
Establish Goals,
Objectives and
Oversight
Assess Risk and Develop
Strategies
Design/ Implement
Capabilities
Continuously Improve
Aggregate Multiple
Risk Measures
Link to Enterprise
Performance
Formulate Enterprise-wide Risk Strategy
Polling Question # 2
13
Which one of the following is a CRO’s top priority?
(a) Computer malfunctioning(b) Harrassment of an employee(c) Customer complaint(d) Suspected fraud
ERM Journey
• Expand corporate governance• Unexpected losses• Implement strategic management
tool• Rapidly changing environment• KPI shortfalls and tightened profit
margins• Manage changing business model• Improve capital budgeting
decisions• Improve management of new
economy assets
• Aggressive growth strategies, including M&A
• Improved integration desired• Address lack of change
readiness• Incentives/rewards not aligned• Address fragmented and narrow
focus• Reduce reactive decision-making• More holistic approach desired
14
Common reasons Other possible reasons
What Are Risks?
15
Business Risk – What Does it Mean To an Organization?
• Externally-driven• Internally-driven• Decision-driven
16
Polling Question # 3
17
If a CRO has an unlimited budget to spend on Risk Management, can the organization become 100% risk-free?
a) Yesb) No
How Do We Handle Business Risk?
18
Sources of Uncertainty
Environment Risk Uncertainties affecting the viability of business model
Process Risk Uncertainties affecting the execution of business model
Information for Decision-Making Risk
Uncertainties over the relevance and reliability of information that supports the value-creation decisions
Building an Enterprise-Wide Business Risk Management Approach
19
Basic Risk Management StrategiesAvoid Divest
• Prohibit• Stop• Target• Screen• Eliminate
Retain Accept• Reprice• Self-insure• Offset• Plan
Reduce Disperse• Control
Transfer Insure• Reinsure• Hedge• Securitize• Share• Outsource• Indemnify
Exploit Allocate• Diversify• Expand• Create• Redesign• Reorganize• Price• Arbitrage• Renegotiate• Influence
20
Quick Reference Guide
21
High frequency Low frequency
High severity Avoid Transfer
Low severity Reduce Retain
Polling Question # 4
22
An insurance company would not find it profitable to insure against something that has high frequency AND high severity.
• True• False
Factors to Consider When Selecting Risk Strategy
a) Objectives and strategiesb) Capabilityc) Time horizond) Financinge) Residual (basis) riskf) Manageability
g) Scenariosh) Environmenti) Operational versus contractualj) Interfacesk) Orientationl) Compliancem) Pervasivenessn) Frequencyo) Data availability
23
Monitoring ContinuousImprovement
a) Existing priority riskb) New emerging risksc) Risk management performanced) Specific measures, policies and
procedures
a) Benchmarking performance to identify best practices
b) Four-way interactive communications and knowledge sharing
c) Integrating the firm’s risk language and process into its employee learning programmes
24
Risk Map
25
Polling Question # 5
26
Which occupational fraud is the most frequent offense?
a) Asset misappropriationb) Corruptionc) Financial-statement fraud
Risk Reporting
27
Organizational Oversight Structure
28
1. Board of Directors2. CEO3. Risk Management Executive Committee4. Business risk management function5. Business Units, Divisions & Functional support
and shared services6. Risk management compliance & Internal audit
Polling Question # 6
29
Risk management is the responsibility of
a) Board of Directorsb) Chief Executive Officerc) Chief Financial Officerd) Chief Risk Officere) Everyonef) No one
Corporate Governance Model
30
Summary
31
1. Establish oversight structure2. Define common language and framework3. Target risks and processes4. Develop overall goals, objectives and processes5. Assess risk management capabilities
You are most welcome to contact the presenter “Balaji” to further discuss ERM
32