strategic risk management as a cfo: getting risk management right
DESCRIPTION
Video & Presentation: http://www.proformative.com/events/strategic-risk-management-cfo-getting-risk-management-right Enterprise Risk Management should be simple. Unfortunately, companies are responding to regulators and business imperatives to improve their risk management practices, all the while aligning with business strategy and performance as well as capital allocation. Leading practitioners are seeking insight and value from risk management and are using risk management to focus audit and compliance activities. In fact independent research commissioned by SAP and others suggests many successful ERM initiatives still make little use of the increasingly sophisticated technology available. This session will summarize recent research by SAP and others on the state of ERM and will provide simple, practical strategies for how Finance can drive risk management practices that build success and add value. Speakers: Bob Tizio, GRC Officer-Americas, SAP America Inc. Bruce McCuaig, Director, Solution Marketing for Governance Risk & Compliance, SAP Presentation delivered at CFO Dimensions 2013 - http://www.cfodimensions.com Track: Finance Technology | Session: 5TRANSCRIPT
![Page 1: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/1.jpg)
1© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Strategic Risk ManagementAs a CFO: Getting Risk Management RightAn overview of recent research and suggested best practices
Bruce McCuaig - Director Solution Marketing GRCBob Tizio - VP, GRC Officer – Americas, SAP America Inc.
![Page 2: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/2.jpg)
2© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Agenda
• Overview of ERM research findings• The state of ERM today• Three value questions: a simple strategy for ERM• 10 questions ERM must answer• Case Study• Q&A
![Page 3: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/3.jpg)
3© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Risk Management Is Growing In Importance
![Page 4: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/4.jpg)
4© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Investment in ERM Technology is Lagging
![Page 5: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/5.jpg)
5© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Enterprise-wide View of Exposures is Poor
![Page 6: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/6.jpg)
6© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Surprises Are Persistent
![Page 7: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/7.jpg)
7© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Qualitative Approaches Are Used for ERM
![Page 8: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/8.jpg)
8© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Enterprise Level Risk Inventories Are Emerging Slowly
![Page 9: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/9.jpg)
9© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Integration Is Gaining Recognition
![Page 10: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/10.jpg)
10© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Integrated Approaches Are Exceeding Expectations
![Page 11: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/11.jpg)
11© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
ERM Today: Still Immature by Comparison
Risk management vs. Financial management maturity criteria
Financial management
Risk management
Certified professionals a r
Standardized methodology a r
Independent audits a r
Board involvement a ar
Standardized reporting a r
Supporting technology a a
![Page 12: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/12.jpg)
12© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Market Risks
Op
era
tion
s R
isks
Fin
an
ce
Ris
ks Human
Capital Risks
ITRisks
LegalRisks
Supply ChainRisks
“Silo” or “Stove-pipe” Risk Management
ERM Today: Still Siloed After All These Years
![Page 13: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/13.jpg)
13© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
ERM Today: “Control” Paradigms Dominate
![Page 14: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/14.jpg)
14© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
ERM Today: Risk Reporting is Evolving
![Page 15: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/15.jpg)
15© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
ERM Today: Monitoring and Review is Weak
![Page 16: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/16.jpg)
16© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Three Value Questions: A Simple Strategy for ERM
Where is the fundamental value of the business?
• Risk Management will only add value if aligned with value drivers
What drives that value?
• Risk Management will only drive results if complex cause/effect relationships are understood
What can cause catastrophic loss or disruptive opportunity?
• ERM professionals must identify emerging risks and opportunities
Caution: Any risk management approach whose only goal is to add controls will simply add cost. Risk responses must reflect risk appetite
![Page 17: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/17.jpg)
17© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Ten Questions for Getting ERM Right
![Page 18: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/18.jpg)
18© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13Risk Management As A Factor Of Success And An Integral Part Of Effective Corporate Management
![Page 19: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/19.jpg)
19© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Items To Be Discussed
Risk Management Trends
Prerequisites and Key Factors for Successful Risk Management
Strategic Risk Management
Elements of an integrated strategic/operational risk management model
Providing transparency of risk information
![Page 20: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/20.jpg)
20© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Current Challenges FacingCompanies And Risk Trends
Risk Management needs to focus on interdependencies & interconnection of risks
Focus on new &
disruptive technologi
es
Focus on External Impacts
Overall economic &
political conditions
Uncertainty surrounding
political leadership affecting markets
Rapid speed of disruptive
technological innovations &
social networks within the industry
May outpace our ability to compete and manage risks.
Focus on Legal and
Regulatory Compliance
Focus on Profitable Growth & Market
Penetration
Focus on Data
Protection & Cyber Security
Regulatory changes and heightening regulatory
scrutiny May affect the manner
in which organization’s products and
services will be delivered
Increasing competition and
profitability pressure
Because of market consolidation
Cyber threats have the
potential to significantly disrupt core operations
Compromising privacy
& informationsecurity protection
![Page 21: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/21.jpg)
21© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
The Risk Management Requirements Are
IncreasedExternal view to
integrate outside-in
risk factors
Expanded view on risk trends and
risk patterns
Combine operational & strategic
risk manageme
nt
Linkage of risk trends
to operational & strategic
targets
Transform risk management from:purely operational focus to combine both operational & strategic focus with outside-in views
compliance view to being a trusted business partner
being a pure facilitator & reporter to an advisor & supporter role
W H
A T
![Page 22: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/22.jpg)
22© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Resulting In New Implications For Successful And Effective Risk
Management
Shared targets to achieve
business objectives
Risk management
along strategic priorities
Closer collaboratio
n and integration into business
processes
Senior business
people with extensive know-how
from the respective
areas
Risk Managers as business
enabler H O
W
![Page 23: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/23.jpg)
23© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
The Right Conditions Of A Risk Management Organization Are Key Factors Of Successful Risk Management
Drive Risk Culture from the TopIntegrate risk management into board area priorities and projects to drive risk management from the top and enable risk managers.
A right organizational setupA right level of integration throughout the company – global vs. decentralized organization
A tailored risk management approachOne view on risks combining operational and strategic priorities and the integration of risk management into the decision process.
A changed role of a risk managerRisk managers with business know-how and extensive business experience to give guidance, provide mitigations and risk transparency.
So you can:• Get closer to the business• Be involved & integrated• Have insight into risk trends• Foster collaboration & business insights
![Page 24: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/24.jpg)
24© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
SAP’s Global Governance Structure
![Page 25: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/25.jpg)
25© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Effective Risk Management is Created By The Combination of “Business Partnering” And “Stewardship”
… while maintaining a level
of trust and confidence.
StewardshipCompliance, Transparency,
Policy & Standards
Enable the business to take risk-based decisions at any time…
Business PartnerValue-adding risk management services to business
![Page 26: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/26.jpg)
26© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Key Success Factor Of A Successful Risk Management Approach Is The Connection Between Bottom-up And Top-down Risk
Strategic Risk Managementwith strong focus on strategic targets, initiatives
& external trends and factorsto identify root causes
Operational Risk Managementwith strong focus on financial, operational and
compliance targetsto identify risk patterns & risk trends
en
able
s
deliv
ers
KR
Is
End-to-End Risk Management
![Page 27: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/27.jpg)
27© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
en
able
s
deliv
ers
KR
Is
“What are early signs of
disruptive change and how do we adapt to
emerging risks?”
“The latest competitive
move – how does it affect my targets?”
“Do I have the risk business
model in place to achieve my strategic targets?”
“Has compliance been ensured in
our goals?”
“Which external events (technology, market,
economy, political, etc.) could challenge the
execution of our strategy and do we have mitigation
plans?”
“Do we have the needed
transparency and independent
risk insight?”
“How do latest disruptive
technologies affect my
products and buyers
behaviour?”
“Are all teams aligned to
execute on our strategic goals?”
External FactorsInternal Factors
Strategic Risk Management Provides Deeper Insight, Greater Transparency And Enables Risk-based Decision Making
![Page 28: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/28.jpg)
28© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Strategic Risk Management Combines Different Views on Strategic Risks and Opportunities
Identify challenges not yet visible to management & business owner
Earl
y id
enti
fica
tion, vis
ibili
ty a
nd
unifi
ed
vie
w o
f m
ost
cri
tica
l ri
sks
and
op
port
unit
ies
end
ang
eri
ng
the a
chie
vem
ent
of
gro
wth
&
innovati
on t
arg
ets
Early identification & development of right response strategy
Risk related to the
execution of
targets
Risk Scenarios
External Trends &
Risk Drivers
Internal Prediction
Ad
ap
tati
on t
o c
hang
es
in t
he e
xte
rnal
envir
onm
ent
en
ab
les
deliv
ers
KR
Is
“What are early signs of
disruptive change and how di we adapt to
emerging risks?”
“The latest competitive
move – how does it affect my targets?”
“Do I have the risk business
model in place to achieve my
strategic targets?”
“Has compliance been ensured in
our goals?”
“Which external events (technology, market,
economy, political, etc.) could challenge the execution of
our strategy and do we have mitigation plans?”
“Do we have the needed
transparency and independent
risk insight?”
“How do latest disruptive
technologies affect my
products and buyers
behaviour?”
“Are all teams aligned to
execute on our strategic goals?”
![Page 29: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/29.jpg)
29© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Strategic Risk Management Uses Tools And Services To Get An Independent View On Risks To Support The Strategic Business Objectives
Holistic identification of
risks & opportunities
related to growth & innovation drivers
Identification of emerging risks and opportunities based on a 360° risk
assessment across all board areas involving different stakeholders inside and outside of a
strategic initiative, including comprehensive mitigation strategies.
Outside-in view
Earlier adaptation to changes in the
external environment
through Competitive
Market Intelligence (CMI) and engagement
with analysts.
Innovative Tools
e.g. “Early Prediction” for
strategic initiatives through Wisdom of
the Crowd leveraging the knowledge and
insight of employees independent from
hierarchies.
Interconnectedness &
Dependencies
Identification of key interdependencies that affect multiple strategic initiatives
and might hinder the overall execution of
our strategy.
Significant Material Risks
Early detection of relevant material risks, quite often
tail risks, that could potentially
materialize and significantly impact the achievement of
strategic objectives.
![Page 30: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/30.jpg)
30© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
The Path To A Risk-smart Business
R
StrategyManagement
Process
Risk adjusted
Ris
k a
dju
ste
d
Ris
k a
dju
ste
d
Risk adjusted
Comprehensive view of potential strategic risks based on external and internal business variables, with regards to their impact on strategic objectives and their relevance to a company’s strategic priorities.
Trigger of mitigation steps and corrective actions.
.
Strategy mapping and Strategic Risk Assessments of selected key risk areas which have the potential to impact our business results and intangible values such as
reputation and brand image.
Strategic Risk Assessments of selected strategic initiatives & business cases.
Scenario management & simulation to “stress test“ key assumptions and impact
Internal early warning system.
.
Manage the relationship between strategy performance, risks and controls.Key risk indicators (KRIs) can be presented alongside key performance
indicators (KPIs) to monitor their impact on value drivers.
Strategy Development
Strategy Execution
![Page 31: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/31.jpg)
31© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Strategic Risk Management Is Dependent On An Integrated And Effective Operational Risk Management
• Risk Managers in the Sales & Consulting area assess projects and opportunities based on High-Risk Scenarios
• These High-Risk Scenarios are based on
• Early warning through KRIs
• Extensive business experience
• Database of previous incidents
• This enables risk managers to act as business partner and advisor
• The RDOA is a risk-based decision process:
• based on SAP’s risk appetite
• to get ownership for appropriate mitigations and approval for residual risks at various levels of the company
• up to the Executive Board level…
• leading to full transparency
• The Executive Risk Committee focuses on top projects and risk trends on a regional level to mitigate possible project risks (bottom up approach).
• Involvement of relevant stakeholders (CFO, COO, risk management, legal, regional management) and top management attention through executive sponsors (e.g. CFO, CEO).
• Top risks and global risk trends are transferred on a global level to evaluate the possible impact and define mitigations
High Risk Scenarios Risk Delegation of Authority (RDOA)
Executive Risk Committees
![Page 32: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/32.jpg)
32© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
The Outcome Of Integrated Risk Management To Effective Corporate Management
Preparedness to react faster on external trends & factors through early warning & high transparence combined with a high degree of effective mitigations.
Higher return on risk management investment through tangible business value add of senior risk managers delivering true business value.
Creation of a risk-aware culture in which people understand their role in contributing to the achievement of objectives.
Effective combination of operational and strategic risk management through an end2end risk management enables effective execution on strategic targets and goals.
![Page 33: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/33.jpg)
33© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Successful Risk Management Requires Appropriate Transparency Of Risk Information
Need a system to accumulate risk information- we are using SAP’s GRC suite.
Risks are validated by activity owners.
Operational risk information is provided monthly to key stakeholders.
Quarterly Board report prepared detailing key strategic and operational risks.
In process of moving to a consume on demand model for real time risk reporting via Ipad reporting.
![Page 34: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/34.jpg)
34© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
iPad Application for Real Time Risk Reporting
![Page 35: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/35.jpg)
35© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13Thank You!Strategic Risk Management As a CFO: Getting Risk Management Right
![Page 36: Strategic Risk Management as a CFO: Getting Risk Management Right](https://reader033.vdocument.in/reader033/viewer/2022060110/555bf97ed8b42a56448b4d27/html5/thumbnails/36.jpg)
36© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Thank You Sponsors!
PLATINUM
GOLD
SILVER
DIAMOND