the future of risk management horst simon, head of risk · the future of risk management horst...
TRANSCRIPT
2013/07/30
1
The Future of Risk Management
Horst Simon, Head of Risk
How do we go forward with Risk Management?
2013/07/30
2
Developing an Organizational Risk Management Culture
Those who do not understand
the risks or miscalculate the risks stand to be
exploited by those who understand them better
• Is your risk management process still backward-looking and all your risk reporting based on historic information?
• Are your risk assessments still focused on identifying all possible threats? (risks)
• Are you still "extracting" data from different systems to do risk reporting?
• Are you still doing risk management to comply with regulations?
If you answer YES to any of the above you have a problem, if you answer YES to two or more, you
are on your way to "going out of business"
2013/07/30
3
Risk culture arises from the REPEATED behaviours of the employees of the organisation. These behaviours are
shaped by the underlying values, beliefs and attitudes of individuals, which are partly inherent, but are also shaped by
the existing corporate culture in the organisation
Developing an Organizational Risk Management Culture
2013/07/30
4
Over the past decade, risk management became more about quantitative models and less about
behavioral models. Unfortunately, as we discovered during the recent
financial crisis, even the best quantitative models cannot predict the
result of misguided behavior.
Developing an Organizational Risk Management Culture
“The credit crisis has taught us valuable lessons on the limitations of models, the
importance of risk reporting and the need to establish a more effective risk culture”
Post-crisis Risk Management, Carol Beumier, GARP Risk Professional journal, Oct 2010
2013/07/30
5
“Several organisations went well beyond their “risk appetite” –sometimes
without even realizing it”
Post-crisis Risk Management, Carol Beumier, GARP Risk Professional journal, Oct 2010
“The world is in no
position to face major,
new shocks”
Opening line of the Executive Summary, Global Risks, 6th Edition
2013/07/30
6
Twentieth century systems are failing to manage 21st century risks; we need new networked
systems to identify and address global risks before they become
global crises,”
Robert Greenhill, Managing Director and Chief Business Officer at the World Economic Forum.
Top Global risk i.t.o. LIKELIHOOD
• 2007-Breakdown of critical information infrastructure
• 2008-Asset price collapse• 2009-Asset price collapse• 2010-Asset price collapse• 2011-Meteorologigal catastrophes• 2012-Severe income disparity• 2013-Severe income disparity
2013/07/30
7
Top Global risk i.t.o. IMPACT
• 2007-Asset price collapse• 2008-Asset price collapse• 2009-Asset price collapse• 2010-Asset price collapse• 2011-Fiscal crisis• 2012-Major systemic financial failure• 2013-Major systemic financial failure
Some key quotes• “Decision-makers need to improve understanding of
incentives that will improve collaboration in response to global risks”
• “Trust, or lack of trust, is perceived to be a crucial factor in how risks may manifest themselves, in particular, this refers to confidence, or lack thereof in leaders, in the systems which ensure public safety and in the tools of communication that are revolutionizing how we share and digest information”
• “Communication and information sharing on risks must be improved by introducing greater transparency about uncertainty and conveying it to the public in a meaningful way”
2013/07/30
8
“I take risk management very seriously and believe that risks
should be managed, not avoided. Implemented successfully, Risk
Management enables management to effectively deal with uncertainty and
associated risks,”
Rodney E. Hood ,Vice Chairman National Credit Union Administration (NCUA)
Risk Culture & The Credit Crunch“They should haveconfidence in their risk cultureand the courage to be able to say:Although we making lots of moneyhere, additional risk will not resultin additional value being added tothe business in the long term.”
“But it also requires a certaindegree of courage in cases wherea company’s culture is not yetready to embrace RiskManagement fully. As Chris Duncansaid, “… for Risk Management to beeffective, occasionally one doeshave to swim against the tide andrun the risk of getting eaten by thesharks.”
2013/07/30
9
Risk management is everybody’s job. Everybody who does anything in the company is a risk manager to some extent.
Risk Management in the Corporate Culture
The most important thing is to get buy-in from the most senior levels of the organization first. Until you do that, you’re going to have great ideas, but they’ll never see the light of day.
The key to high-performance risk management is aligning risk strategy among key risk stakeholders, obtaining and sustaining senior management engagement, and achieving effective integration with strategic planning
People make it happen and people make sure that it couldn’t happen
again
Risk Management has a primarily human nature
2013/07/30
10
Companies in the UK spent GBP 5 billion in 2010 to buy the latest
technology and systems- but many will fail to implement procedures that
reduce the risk of human error and malpractice causing damage to their single most important business tool
Risk Management has a primarily human nature- example
TRANSFORMATION!
To change the way you see and think about Risk Management and equip you
with knowledge and practical experiences on how to apply that thinking in your
organisations
2013/07/30
11
Managing Risk in the Era of Behaviour
The future of risk management lies in an ability to incorporate and
inspire more of the behaviors we want- both the behaviors we want to encourage and those we would like
to avoid
2013/07/30
12
Overview of People Risk factors
• Diminishing ability of companies to survive without talent
• Lack of Ethics• Companies often cut the fat– and some of
the muscle with it• People Risk is endogenous!• You cannot control what you do not
quantify and measure
2013/07/30
13
Frequency of Change
Organisational Change & Exposure to Risk
Gradual Change
Increased pace of change
Inte
nsity
of C
hang
e
EX
PO
SU
RE
TO
RIS
K Dynamic-continuous
change
What is the first thing you do?
2013/07/30
14
“In a world where change is the only constant, success depends on the depth of our awareness of the risks and rewards on the horizon and on the quality of our preparations to respond to them appropriately”
Jaime Caruana, Chairman of the Basle Committee, Hong Kong, 7 February 2005
It is not just what you know,
but what you do with what you know
The biggest change is shifting organisations from having a rear-view risk
focused based on historic data, past events and modeling to a forward-looking
perspective of an effective risk culture based on pro-active risk mitigation,
scenario analysis and risk optimization.
Life after the crisisThe future of risk management
2013/07/30
15
Five Pillar Methodology
Leadership
Actualization
The R
ight P
olicies
Spiritual needs
PEOPLE RISK MITIGATION
Com
petency F
ramew
ork
Maslow's Hierarchy of Needs
It is all about themselves!!It is all about themselves!!It is all about themselves!!It is all about themselves!!
1954
Abraham Maslow
2013/07/30
16
“In the workplace of the future, the fiercest
competition may not be for customers, but for the hearts and minds of
employees”“The Economist” 1993
1993
Spiritual needs
• In a bad risk culture , people will not do the right things regardless of risk policies and controls
• In a typical risk culture , people will do the right things when risk policies and controls are in place
• In a good risk culture , people will do the right things even when risk policies and controls are not in place
The R
ight Policies
2013/07/30
17
• In an effective risk culture every person will do something about the risks associated with his/her job on a daily basis
• In the ultimate risk culture every person is a risk manager and will evaluate, control and optimise risks to build sustainable competitive advantage for the organisation
At what level of maturity is your organisation?
The R
ight Policies
Com
petency Fram
ework
Use the competency framework to your own benefit- let it drive your
Total Employee Value
Skills WorthPotentialValue
TotalEmployee Value+ =
•Experience•Education•Competencies•Character
•Ability to apply skills•Value-add•Organisational fit?
High Potential Employees vs. High Performance Emplo yees
$
2013/07/30
18
PEOPLE & Risk Culture
TASKS
ROLES
STRUCTURE
BEHAVIOUR
CULTURELevel of effort
Change increases People Risk…
• Intense competition for individuals capable of leading business organisations
• Requirement for extraordinary strategic thinking skills
• Major lack of experienced staff• Requirement to make high-quality decisions
quickly in the face of competitive pressure• Highly refined communication and talent
development skills• Employee attitude is everything!
2013/07/30
19
Challenging your thinking
Does you risk management process
MOTIVATE or IRRITATEyour staff?
The risk culture of an organisation is a direct reflection of the quality of Leadership Horst Simon
2013/07/30
20
Major Cultures of the worldHonor / Shame
Guilt / Innocence Power / Fear
Generations
• Lost Generation (1883–1900) • G.I. Generation (1901–1924) • Silent Generation (1925–1942) • (Baby) Boom Generation (1943–1960) • 13th Generation (Gen X) (1961–1981) • Millennial Generation (Gen Y) (1982–
2000) • New Silent Generation (Gen Z) (2001-)
2013/07/30
21
“… few companies bother to measure their investments in human capital or the return on these investments”
Outlook, Accenture, May 2003
2003
And you are still not considering this important…
• You cannot transfer reputational risk• You can never take the human element
out of risk management• Every employee is a potential risk
manager– just train them• Do not make people risk a post-event
affair– be proactive
2013/07/30
22
Show the Risk Return on Investment
• Reduce internal and external Audit costs-integrated and shared approach to risk management
• Track near-miss incidents and show the value of “built-in” risk mitigation
• Help to identify operational improvements• Management will fully understand all risks• Enhanced decision-making• Improved risk response times and crisis
preparedness
“The reliability of business operations at financial institutions (and other companies) depends to a
large extend on the expertise, discipline and morale of each employee in these institutions.
Efforts to maintain and improve this aspect remains a major issue”
Bank of Japan
2013/07/30
23
“Most people are more comfortable with old problems than with new solutions”
Organisational revolution is necessary
Anonymous