lessons learned from erm in a public sector organization · enterprise risk management lessons...
Post on 25-May-2020
4 Views
Preview:
TRANSCRIPT
ENTERPRISE RISK MANAGEMENT
LESSONS LEARNED FROM ERM IN A PUBLIC
SECTOR ORGANIZATION
March 14, 2013
Webinar on ERM
• What it is!
• What it is not!
2
Do You Know…..
• The underlying premises of ERM
• History of ERM
• COSO has developed an ERM framework
• Everyone is doing risk management already
3
Introduction
• ERM
• ISO standard on risk
management
• Risk management
4
1. Business at warp-speed
2. Obsolete business models
3. New business practices
4. Converging financial services providers
5. Increasingly demanding investors and regulators
6. Increasingly accountable and demanding directors
7. Increasingly effective processes for risk identification
8. Increasingly effective measurement tools
9. Increasingly effective information tools
10. Increasingly effective scenario analysis and planning
ERM and Risk Drivers
5
Lessons Learned From ERM ERM – the new perspective
• Fragmented
• Negative
• Reactive
• Ad hoc
• Cost-based
• Narrowly-focused
• Functionally-driven
• Integrated
• Positive
• Proactive
• Continuous
• Value-based
• Broadly-focused
• Process-driven
7
From To
What Companies Need to Address
• Unintentional Risks
• Intentional Risks
8
Polling Question # 1
9
Why do business leaders love the Chief Risk Officer?
(Select all that apply)
a) The CRO promotes Risk Management and Policy
b) The CRO determines what level of risk is acceptable to the
organization
c) The CRO controls the budgets on all issues so they don’t
have to
d) None of the above
ERM – What Does It Mean?
10
1. Establish goals, objectives and oversight
2. Assess business risk
3. Develop risk management strategies
4. Design and implement risk management capabilities
5. Monitor performance
6. Continuously improve risk management capabilities
7. Support the process with information for decision making
Evolution of Risk Management
To a Strategic Process
Stepping Stones Towards ERM
12
Linkage to Increasing risk management capabilities
opportunity and
competitive
advantage
Adopt
Common
Language
Establish
Goals,
Objectives
and
Oversight
Assess
Risk and
Develop
Strategies
Design/
Implement
Capabilities
Continuously
Improve
Aggregate
Multiple
Risk
Measures
Link to
Enterprise
Performance
Formulate
Enterprise
-wide Risk
Strategy
Polling Question # 2
13
Which one of the following is a CRO’s top priority?
(a) Computer malfunctioning
(b) Harrassment of an employee
(c) Customer complaint
(d) Suspected fraud
ERM Journey
• Expand corporate governance
• Unexpected losses
• Implement strategic management
tool
• Rapidly changing environment
• KPI shortfalls and tightened profit
margins
• Manage changing business model
• Improve capital budgeting
decisions
• Improve management of new
economy assets
• Aggressive growth strategies,
including M&A
• Improved integration desired
• Address lack of change
readiness
• Incentives/rewards not aligned
• Address fragmented and narrow
focus
• Reduce reactive decision-making
• More holistic approach desired
14
Common reasons Other possible reasons
What Are Risks?
15
Business Risk – What Does it Mean
To an Organization?
• Externally-driven
• Internally-driven
• Decision-driven
16
Polling Question # 3
17
If a CRO has an unlimited budget to spend on Risk
Management, can the organization become 100% risk-free?
a) Yes
b) No
How Do We Handle Business Risk?
18
Sources of
Uncertainty
Environment Risk Uncertainties affecting the
viability of business model
Process Risk Uncertainties affecting the
execution of business
model
Information for Decision-
Making Risk
Uncertainties over the
relevance and reliability of
information that supports
the value-creation decisions
Building an Enterprise-Wide
Business Risk Management Approach
19
1. Identify
2. Source
3. Measure
4. Evaluate
5. Manage
6. Monitor
Basic Risk Management Strategies Avoid Divest
• Prohibit
• Stop
• Target
• Screen
• Eliminate
Retain Accept
• Reprice
• Self-insure
• Offset
• Plan
Reduce Disperse
• Control
Transfer Insure
• Reinsure
• Hedge
• Securitize
• Share
• Outsource
• Indemnify
Exploit Allocate
• Diversify
• Expand
• Create
• Redesign
• Reorganize
• Price
• Arbitrage
• Renegotiate
• Influence
20
Quick Reference Guide
21
High frequency Low frequency
High severity Avoid Transfer
Low severity Reduce Retain
Polling Question # 4
22
An insurance company would not find it profitable to insure
against something that has high frequency AND high severity.
• True
• False
Factors to Consider
When Selecting Risk Strategy
a) Objectives and strategies
b) Capability
c) Time horizon
d) Financing
e) Residual (basis) risk
f) Manageability
g) Scenarios
h) Environment
i) Operational versus contractual
j) Interfaces
k) Orientation
l) Compliance
m) Pervasiveness
n) Frequency
o) Data availability
23
Monitoring Continuous
Improvement
a) Existing priority risk
b) New emerging risks
c) Risk management performance
d) Specific measures, policies and
procedures
a) Benchmarking performance to
identify best practices
b) Four-way interactive
communications and knowledge
sharing
c) Integrating the firm’s risk
language and process into its
employee learning programmes
24
Risk Map
25
Business Interruption Resource Availability Competitor Actions Business/Public Influences
Future Regulations
Efficiency/Productivity Hiring/Retaining Economic Influence Reputation Capacity
Budget & Planning Health & Safety Environmental Currency
Financial Instruments Compliance Liquidity/Cash Flow
Credit Default
Contracts Interest Rate
Likelihood
Polling Question # 5
26
Which occupational fraud is the most frequent offense?
a) Asset misappropriation
b) Corruption
c) Financial-statement fraud
Risk Reporting
27
<--
- Fr
equ
ency Contents -->
Ris
k m
aps
actu
al/t
arge
t
List
dri
vers
of
key
risk
s
KP
Is w
ith
lin
k to
fin
ance
Met
rics
on
key
dri
vers
Pro
gres
s re
po
rts
Head
Annually Office x x
Board of
Minimum once a year Directors x x x
Executive
Managers and
Minimum twice a year Risk owners x x x x x
Organizational Oversight Structure
28
1. Board of Directors
2. CEO
3. Risk Management Executive Committee
4. Business risk management function
5. Business Units, Divisions & Functional support
and shared services
6. Risk management compliance & Internal audit
Polling Question # 6
29
Risk management is the responsibility of
a) Board of Directors
b) Chief Executive Officer
c) Chief Financial Officer
d) Chief Risk Officer
e) Everyone
f) No one
Corporate Governance Model
30
Boar of Directors
l
CEO
l
Risk Management
Executive
l
COO CFOl
CIO, CLOChief Risk
Officer____________________
Business risk
management function
l
l____
Risk management
compliance
l
------Business Unit A l Division A ------____
Legal and regulatory
compliance
Functional,
------Business Unit B support Division B ------ ____ VaR Review
and shared
------Business Unit C services Division C ------ ____ Internal audit
Summary
31
1. Establish oversight structure
2. Define common language and framework
3. Target risks and processes
4. Develop overall goals, objectives and processes
5. Assess risk management capabilities
You are most welcome to contact the presenter “Balaji” to further
discuss ERM
< hotmail.me.now@gmail.com >
32
top related