risk management for the board - qnet manitoba€¦ · less than 1 day first aid treatment $250,001...
TRANSCRIPT
May 2, 2013Mike Maida & Jennifer Schultz
Aon Risk Solutions
Risk Management for the Board
1Branch Presentation
Agenda• Boards Responsibility
• Establishment of Process
• Reporting Requirements
• Consequence of doing nothing
• Personal Liability
• Directors & Officers Liability mitigation
• Q&A
2Branch Presentation
Watch Closely
..\Watch_Closely.WMV
3Branch Presentation
Boards Responsibility
• TSE commissioned Peter Dey to issue a report for publicly traded companies.
• 14 recommendations made to Directors, including:
“boards should assume responsibility for the identification of principal risks of the corporation’s business, ensuring implementation of appropriate systems to manage risks”.
4Branch Presentation
Today
4
• Bond raters, TSX and our bankers (financiers) are scoring governance/management.
• They want to know what processes we have in place to identify/manage and control risk.
• Clearly, greater call for transparency and a clearer understanding of risk!
5Branch Presentation
Sarbanes-Oxley Act of 2002 (SOX)
Also known as Public Company Accounting Reform & Investor Protection Act
Legislation establishes new or enhanced standards for all U.S. public company Boards.
Act Contains 11 Sections ranging from additional Corporate Board Responsibilities to Criminal penalties.
Key take away: Must have a system for identifying material risks and disclosing them.
6Branch Presentation
Boards Responsibility
•Cleary oversight of RM is one of the key responsibilities of a board of directors.
•A board may delegate much of the work involved in managing risk, but can never delegate its responsibility for oversight.
7Branch Presentation
Establishment of Process
• Define Risk
• Policy
• Risk language
• Risk tolerance
• Using a standard
8Branch Presentation
Risk Management Process
Mon
itor &
Rev
iew
Com
mun
icat
ion
Establish Context
Identify Risk
Analyze Risk
Evaluate Risk
Treat Risk
Risk Management Standard (AS/NZ 4360)
9Branch Presentation
Identify Risk• Within the context established,
what can go wrong?
IDENTIFICATION
EVALUATE
ANALYZE
TREAT
Com
mun
icat
ion
Mon
itor
& r
evie
w
10Branch Presentation
Analyze Risk
• Likelihood, impact and effectiveness of controls.
Com
mun
icat
ion
Mon
itor
& r
evie
w
IDENTIFICATION
EVALUATE
ANALYZE
TREAT
11Branch Presentation
Evaluate
IDENTIFICATION
EVALUATE
ANALYZE
TREAT
Com
mun
icat
ion
Mon
itor
& r
evie
w
What is risk reward relationship, how does this fit into our risk tolerance? Risk is not all negative!
12Branch Presentation
Treat Risk• Reduce, mitigate, avoid,
share or retain.
IDENTIFICATION
EVALUATE
ANALYZE
TREAT
Com
mun
icat
ion
Mon
itor
& r
evie
w
13Branch Presentation
Regular Reporting
• Risk register
• Risk scores
• Risk owners
• Action plans
14Branch Presentation
Net Risk Impact The severity of a loss caused by a single occurrence taking into account the risk mitigation activities currently in place (residual or net risk).
It represents the loss of the one-time event (ie. not taking into consideration the number of times the event may occur within a given timeframe) in the most real and probable case.
CategoryDefinitions
Financial Impact Reputational Impact Business Interruption Human Cost
$0 - $250,000 Passing negative mention in related news stories Less than 1 day First Aid Treatment
$250,001 - $1,000,000Negative story appears in print media for 1 - 2 days as minor news story
1 – 2 days Medical Treatment
$1,000,001 - $5,000000Negative story appears in either TV and/or radio and/or print for 1 – 2 days as major news story
3 – 5 days Short-term Extensive Injury
$5,000,001 - $25,000,000 Same as above for 3 – 5 days 6 – 13 days Long-term Disability or Extensive Injury
Greater then $25,000,000
Story appears on TV and/or radio and/or print and/or wire service and spills over into int’l news for 3 – 5 days as major news story.
Greater than 14 days Death
1. Low
2. Moderate
3. Significant
4. Serious
5. Severe
15Branch Presentation
Net Risk Likelihood
The probability or likelihood of a loss from a single occurrence taking into account the risk mitigation activities currently in place.
Category Definition
Remote probability (1 in 10 year event)
Improbable (1 in 5 – 10 year event)
Potential(1 in 2 - 5 year event)
Probable (1 in 1 – 2 year event)
Expected (More than once a year)
1. Remote
2. Unlikely
3. Possible
4. Likely
5. Almost certain
16Branch Presentation
Category
5. Poor
4. Needs improvement
3. Improving
2. Strong
1. Ideal
Control(Quality of controls)
17Branch Presentation
Example of Dashboard
Final Score Direction Impact Likelihood Quality of
Control Risk Risk Owner Action Plan
56.4 4.7 4.0 3.0 Drought John Doe Section 1
41.2 3.6 4.4 2.6 Volatility of energy market Bill Smith Section 5
40.0 4.0 4.0 2.5 Infrastructure Jane Black Section 3
39.2 3.8 4.3 2.4 Loss of export market Betty Clarke Section 2
37.8 4.5 3.5 2.4 Interest rate Terry Yee Section 6
36.7 3.8 4.2 2.3 Foreign exchange Gail White Section 4
34.8 3.6 4.2 2.3 Political protectionism Bill Chan Section 9
33.9 3.5 4.4 2.2 Counterparty risk with XYZ Gail White Section 8
18Branch Presentation
What direction is risk headed?Risk Movement Score Direction
Getting better 1
Not changing 2
Getting worse 3
19Branch Presentation
Top 10 Principal RisksMitigation
Risk Score Movement Techniques Plan
1 18.9 Pg. 2 16
2 18.6 Pg. 3 15
3 18.4 Pg. 4 12
4 18.1 Pg. 5 11
5 17.8 Pg. 6 10
6 17.7 Pg. 7 10
7 17.5 Pg. 8 9
8 17.0 Pg. 9 7
9 16.8 Pg. 10 6
10 16.5 Pg. 11 6
XYZ Project RisksMitigation
Risk Score Movement Techniques Plan
A 16.1 Pg. 12 Pg. 13
B 15.8 Pg. 14 Pg.
C 14.5 Pg. 16 Pg. 17
D 14.2 Pg. 18 Pg. 19
E 14.0 Pg. 20 Pg. 21
F 11.2 Pg. 22 Pg. 2
G 10.7 Pg. 24 Pg. 2
H 10.3 Pg. 26 Pg. 2
I 9.6 Pg. 28 Pg. 29
J 9.1 Pg. 30 Pg. 1
K 7.5 Pg. 32 Pg. 3
20Branch Presentation
Severe
Low
Impact ($)(How severe)
Likelihood
Risk Map
Remote Almost certain
(How frequent)
1
1
2
2
3
3
4
4 Red Zone
Over managed
Under managed
21Branch Presentation
“I skate to where the puck is going to be, not to where it has been.”
Wayne Gretzky
22Branch Presentation
Consequences of Doing Nothing -Know Your Exposure
• Directors and officers must:
– Act honestly and in good faith with a view to the best interests of the organization/corporation
– Exercise the care, diligence and skill that a reasonably prudent person would exercise in comparable circumstances
23Branch Presentation
Know Your Exposure
• Who can Sue Directors and Officers
• Corporations
• Employees
• Shareholders
• Members
• Government Agencies/Regulators
• Customers
• Suppliers
• Creditors
• Competitors
24Branch Presentation
Know Your Exposure
• Under which Laws can Directors and Officers be sued?- Over 200 Federal and Provincial acts contain personal liabilities for directors and officers.
• Corporate
• Employment
• Environmental
• Financial Reporting
• Taxation
• Competition
• Securities
• Criminal
25Branch Presentation
Know your Options
• Protection from Personal Liability
• Corporate By-Laws
• Indemnity agreements
• Directors & Officers Insurance
26Branch Presentation
Recommendations
• Risk Management = Defensible Position
• Act honestly and in good faith.
• Exercise care, diligence and skill.
• Educate yourself.
– Familiarize yourself with the organization’s by-laws or Acts.– Be aware of legislation that governs your industry.
• Prove it.
• Secure Directors & Officers Liability Quotes
27Branch Presentation
Summary
•Oversight of Risk Management is the Board’s responsibility.
•No matter how big or small your organization, follow the risk management process.
•RM is not a one-time project but a regular process.
•Be diligent, educate yourself and understand the exposure you face as a board member
28Branch Presentation
Resources
• 20 Questions Directors of Not-For-Profit Organizations Should Ask About Risk
http://www.cica.ca/focus-on-practice-areas/governance-strategy-and-risk/not-for-profit-director-series/20-questions-series/item12324.pdf
• Risk Management Process
http://sherq.org/31000.pdf
28
29Branch Presentation
Contact Information
Mike Maida, Vice President Aon204 [email protected]
Jennifer Schultz, Vice President Aon204 [email protected]