managing risks in uncertainty - building your organizational resilience
TRANSCRIPT
PowerPoint Presentation
Managing risks in uncertainty
Building your organizational resilience
Esther Oh, MCRL, GAICD, CRMA, CISA, FCPA(Aus)
All Rights Reserved AusAsia Resources
Are you prepared for the VUCA Century?V VolatileU UncertainC ComplexA - Ambiguous
Chart 1: ASX 200 trend from 1 Oct 2014 1 Oct 2015Source: www.asx.com.au
All Rights Reserved AusAsia Resources
Session OutlineHow to manage risks and build your organizational resilience?
Risk ManagementBusiness ContinuityDisaster Recovery
All Rights Reserved AusAsia Resources
Source: Resilience Programme, UKAll Rights Reserved AusAsia Resources
Source: Resilience Programme, UKAll Rights Reserved AusAsia Resources
Organisational resilience:
a businesss ability to adapt and evolve as the global market is evolving, to respond to short term shocksbe they natural disasters or significant changes in market dynamicsand to shape itself to respond to long term challenges.Source: http://www.organisationalresilience.gov.au/
All Rights Reserved AusAsia Resources
Resiliency wraps around the organizations culture, values, attitudes and business practices, especially towards changes and disruptions.
Rod A. Beckstrom,The Spider and the Starfish
All Rights Reserved AusAsia Resources
8
Why is resilience so important?It determines Your SURVIVAL & SUCCESS
All Rights Reserved AusAsia Resources
Chances of failuresConsequences from such failuresTime to recovery
Reputation, trust & goodwillDemand from customersSpeed to respond
Benefits:All Rights Reserved AusAsia Resources
When facing tough challenges, you can choose to:
DeclineSurviveBounce backMove ForwardAll Rights Reserved AusAsia Resources
ComponentsLeadership CultureSystemsPeopleWorkplaceSource: Gartner GroupResilienceResilienceAll Rights Reserved AusAsia Resources
Putting the building blocks together
All Rights Reserved AusAsia Resources
Remember:
- Fit for purpose- Current- Flexible- Responsive- Practical
Resilience FrameworkAll Rights Reserved AusAsia Resources
Reality Checklist:
Is your organization structure, policies and processes still fit for purpose?Does your organization embrace and adapt to changes quickly?Does your workforce exhibit commitment, flexibility and trust?Does your employees constantly seek to create value despite challenges?Are your employees engaged and connected to the vision, mission, values and strategies of your organization?
All Rights Reserved AusAsia Resources
Source: http://www.resorgs.org.nz
How to know and improve your organizationalResilience?All Rights Reserved AusAsia Resources
Common RoadblocksNo commitment - lack of visible leadershipSilo mentality lack of communicationMyopic views lack of vision, purpose and valuesResistance to change lack of situational awarenessDetachment lack of teamwork/toxic cultureAll Rights Reserved AusAsia Resources
All Rights Reserved AusAsia Resources
Top global risks at a macro level
Source: World Economic Forum, 2015 Global Risks Report, 10th edition,http://www.weforum.org/reports/global-risks-report-2015 All Rights Reserved AusAsia Resources
Top common risks at the micro level
ReputationalFinancingHuman capitalTechnologyMarketGeopolitical7. Credit risk8. Terrorism9. Foreign exchange 10. Regulatory11. Crime and security12. Natural disasters
All Rights Reserved AusAsia Resources
DefinitionsRisk is the effect. of uncertainty on objectivesand an effect is a positive or negative deviation from what is expected.
Risk management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve objectives.It also refers to the architecture that is used to manage risk.
Source: ISO31000:2009 Terms and Definitions
All Rights Reserved AusAsia Resources
Risk management frameworkISO 31000:2009 Risk Management Principles and Guidelines Principles (elements)Framework modelProcess
Useful reference: https://www.theirm.org/media/886062/ISO3100_doc.pdf
All Rights Reserved AusAsia Resources
ISO 31000 RM framework
All Rights Reserved AusAsia Resources
How to manage risks in uncertaintySet objectives within established frameworkAssess and quantify your risksDevise and implement your plans and strategiesUse tools and technology to monitor and reviewKeep consulting and communicating with stakeholders
All Rights Reserved AusAsia Resources
Implementing ISO 31000 Risk management process, tools and resources
Source: http://esvc001356.wic015u.server-web.com/iso31000/index.html
All Rights Reserved AusAsia Resources
Example of a Risk Map:Likelihood and impact of the major global risks in 2015Source: World Economic Forum, 2015 Global Risks Report, http://www.weforum.org/reports/global-risks-report-2015
LikelihoodAll Rights Reserved AusAsia Resources
More examples of tools:Risk registersRisk matrix heat mapsTraffic light indicators/trendSimulation modelsDecision tree analysisFault tree analysisRACI matrix DashboardsRisk Barometers/odometers
All Rights Reserved AusAsia Resources
Examples of risk assessment techniques
All Rights Reserved AusAsia Resources
All Rights Reserved AusAsia Resources
Examples of Technology
All Rights Reserved AusAsia Resources
According to Briers, one reason why companies risk management systems are incomplete is a lack of knowledge or experience of how to bring about this form of integration. Compliance, corporate governance, assurance, risk financing and so on need to converge, but the managers in these siloes are not confident enough to oversee the entire portfolio.
Source: KPMG article titled No paper chase: Transforming risk management at energy and natural resources companieshttp://www.kpmg.com/Global/en/IssuesAndInsights/ArticlesPublications/Documents/no-paper-chase-v2.pdf
All Rights Reserved AusAsia Resources
Integrating ORS-Keysfor effective risk management
All Rights Reserved AusAsia Resources
Key Risk IndicatorsKey Performance IndicatorsProvide early warning of increasing risk exposureProvide high level indication of past performanceProvides forward looking prediction and insight on potential risks BEFORE the risk eventProvides historical performance of the organization AFTER the event occurredDecreases likelihood for management to override key controlsRewarding on KPIs alone increases likelihood of management override and risky behaviourPromotes risk awareness, proper management of risks and healthy risk cultureMeasuring by KPIs alone can lead to unnecessary risk taking and unhealthy risk appetite
Copyrights and All Rights Reserved AusAsia Resources.
Illustrative ExampleObjective: Manage bad debts to reduce financial loss
Strategies: Issue payment reminders 28 days before Due Date, Call customer 5 days after Due Date if not paid, escalate to CFO after 14 days overdue, determine if using external collections agency is worthwhile or notKRI: Accounts receivables turnover/month on month, payment trend for the top 25 customersKPI: Bad debts written off