rsm international conference, singapore 2007 risk management richard smith head of risk management,...

RSM International Conference, Singapore 2007

Risk ManagementRichard SmithHead of Risk Management, RSM Bentley Jennison


• What is Risk Management?• Bursting some myths• Why Risk Management for our clients?• The 2006 RSMi Survey• The RSM Bentley Jennison approach to Risk Management• How it has worked in practice• Opportunities for the RSM Network


RiskRisk

Definition• The threat of an event occurring that could undermine or

stop an organisation from successfully achieving its objectives.

An important footnote:• Business risk arises as much from the likelihood that

something good won’t happen as it does from the threat that something bad will happen


Myths Myths Realities Realities

• Risk Management is about “ticking the boxes”

• Risk Management adds bureaucracy to an organisation

• Some organisations do treat risk management as something they have to do.

• We try to help them make it a core part of the way they run their business.

• Many of the organisations that we work with have chosen to work with us because we can help implement an effective process


Myths Myths Realities Realities

• Risk Management encourages organisations to be risk averse

• Everything has to have a financial value

• We encourage all our clients to think about all aspects of risk, not just the disasters and calamities

• We encourage our clients to think about non-financial risks (for example, public reputation) Ultimately though, for a business everything will have a financial impact.


Why Risk Management for our clients?Why Risk Management for our clients?

• Help them better manage their business• Help to meet regulatory requirements• Avoid the risk of “not managing risks”• Perceived to be adopting best practice


Some relevant highlights from theSome relevant highlights from the

2006 RSMi survey 2006 RSMi survey


I think of it in two ways; one, threats to my company and two, technical risk which is very high on the agenda. Changes in legislation which the Government can bring in at any time, and loss of resources, staff, being

head-hunted. If we approve a product, that later is defective, that has risk implications. Also, setting up in China the technical skills here are way

below the standard we require.

Think only of factors which threaten the company. External factors such as service providers not working in a proper manner.

Negative publicity about us as an operation.

Risk management could come in the forms of reputational, supply, IT failure and staff

retention. These could both threaten the company or when dealt with properly enable it

to grow.

I think of political, geological and climatic risks which could affect my customers and my

staff .

Electronics, ChinaLeisure, France

Road toll, Germany Brewer, UK

When you think of risk management, When you think of risk management, what do you think of within your company? what do you think of within your company?

Q6 Open Question


Importance of a Risk StrategyImportance of a Risk Strategy

• How important do you think it is to have a risk management process in operation across the company? Using a scale of 1 to 10 where 1 is not at all important and 10 is very important

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Australia

Germany

France

UK

All

9 and 10 7 and 8 6 or less

• As expected, a risk strategy is felt to be important in most companies we spoke to

• Retail and distribution gave the lowest importance scores overall

• Of those companies just starting to think about a risk management strategy, 66% thought that it was very important (scores 9 and 10)

• Mean importance score was 8.8 (highest in Germany)

Q19 Base:107 (no China and USA)

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%100%

Thinking aboutit

Identifying risk,no strategy

"Silo" approach

Comprehensivestrategy

9 and 10 7 and 8 6 or less


Top priority risk management activitiesTop priority risk management activities• Can you tell me how much of a priority the following risk management activities are in your company? (rank1-5)• And how do you think this will change over the next 3 years? Will it increase, stay the same ,or decrease in priority

1 2 3 4 5

Mean Score

Identifying strategicbusiness direction risk

Monitoring andidentifying emergent

risks

Assuring businesscontinuity

Informing the board ofsignificant risk issues

Ensuring full compliancewith financial regs

Q25 Base: 145

• Support activities such as training staff, developing information systems to feed into research identification and evaluating insurance cover a much lower priority


Main areas of riskMain areas of risk

• People used many different terms to refer to main classifications of risk.

• However the main groupings were:

• Finance– Operational,– People – IT

What are the main classifications of risk you address (in your strategy if you have one) in your company?

Q8 Open Question


Those believing RM assists performanceThose believing RM assists performance

We have to have risk management, it adds measurable value to our business and we experience a security in our finances that

allows us to expand our market.

We analyse all aspects of our business to identify losses which could be caused by weak

procedures to take action to reduce risks which could affect our profitability.

Because statistics show company performance increased with a risk management strategy in place. These statistics can be found in several

publications.

Because I think we have developed a systematic approach to look at each major

sector in our divisions, thus to control exposure to risk at the root cause of a potential risk

Finance company, GermanyInsurance, US

Finance company, Germany Equipment, UK

Why does your risk management approach assist you in improving overall company performance?

Q22 Why does your risk management approach assist you in improving overall company performance?


What we learned about the risk processWhat we learned about the risk process

• Risk management activity tends to be about identification, measurement, analysis, and actions

• Risk actions are related to business growth, protection and business sustainability

• Almost 80% believe it improves overall company performance

IDENTIFY

ANALYSE

ACTIONS

MEASURE


What we learned about opportunitiesWhat we learned about opportunities

• There is very widespread acceptance that risk management improves business performance

• It is, however, seen by most as a mechanism to reduce the threats to business profits


What we learned about opportunitiesWhat we learned about opportunities

• 86% have confidence in their risk management processes, but only 33% are very confident.

• There is very widespread use of Internal audit to ensure that risk management is effective

• No one has completely outsourced the development of their company risk strategy


The RSM Bentley Jennison approach The RSM Bentley Jennison approach

Branding and organisation (1)

• Number of key service lines:– Internal audit – IT audit– Forensics and fraud investigations– IT solutions– Consultancy/advisory (incl. HR, Environmental, Regulatory)

• Key services brigaded together in one division with more than 350 staff



Branding and organisation (2)

• Our new marketing collateral will focus on key areas of business risk, the risks themselves, and where we can offer solutions

• Other key services linked into the branding, but outside of the risk management division include:– Due diligence– Taxation and taxation risk (compliance and advisory– Pensions and pension risk (compliance and advisory)



Products and approach • Two levels in terms of products and services, firstly:

– Bespoke ERM solution to help clients establish and embed an overall risk management methodology (4Risk ©)

– Usually accompanied by consultancy implementation/facilitation supportThus:– Implementing ERM allows us to become aware of all risks and exposures

facing the business – and to offer solutions– Approach works where business needs to introduce or upgrade existing

arrangements


4Risk ©4Risk ©

• Web based risk management solution• Offer comprises tailored package that can include:-

– 4Risk solution– Training (staff, management, audit committee etc)– Facilitation and workshops and implementation assistance– Support to client staff– Short or long term input

• The solution is always tailored to the client’s needs.• Part of a wider suite of risk based software solutions


Various reports allow flexible risk monitoringVarious reports allow flexible risk monitoring



Products and approach • Second level is offering solutions to individual risk scenarios:

– Use of internal audit or, especially IT audit, is the easiest way in.– Internal audit and/or IT audit helps to give client assurance that controls on

which they are relying to manage risks are effective– IA and IT audit allow us to gain access to a lot of staff within the organisation

and build relationships– Once these relationships are built we can spot and cross sell other services to

help the client manage particular risks– Offer non-audit services direct, for certain risks (tax, pensions etc)


Case studies Case studies (1)(1)

Premier Foods PLCPremier Foods Plc are one of the largest and most successful food and

produce manufacturers in the UK turning over some $2b per year. RSM Bentley Jennison were introduced to the Finance Director at Premier Foods Plc by his counterpart at Bakkover plc for whom we provide internal audit services.

Initially our partnership working with Premier Foods Plc was core internal audit support in order to cover vacancies within the in-house team. After 6 months we were able to introduce our Information Systems Assurance team and Premier Foods Plc were keen to hear about our Project Assurance capabilities. Our ISA team have a number of experts in this field and we were engaged to provide comprehensive project assurance services for the duration of the company’s two year SAP implementation.

Fees for the project assurance work will be in the order of $450,000.



John Laing ConstructionJohn Laing Construction is a $3b turnover company. The company is a

major international provider of construction, infrastructure and civil engineering projects.

We started working with John Laing following their recruitment of a Head of Internal Audit from Dairy Crest Plc for whom we also provide co-sourced internal audit services. The Head of Internal Audit had been impressed with our work at Dairy Crest and engaged RSM BJ to provide co-sourced internal and ISA audit services to his new company.

Following on from this we have recently been engaged to second a member of our specialist contract audit team to work on a high profile project within John Laing.

Fees for this latest project will be in the order of $60,000.



Bakkover GroupBakkavör Group is a $2b leading international food manufacturing company specialising in fresh prepared foods and produce. The Group operates 55 factories and employs around 20,000 people in eight countries. RSM Bentley Jennison have provided outsourced internal audit services for 3 years generating average annual fees in the order of $350,000. As part of this we have also cross sold accounting support and taxation compliance services.During 2007 RSM Bentley Jennison worked with Bakkavör management to develop a pro-active counter fraud tool which can be applied during the course of each factory audit. This has involved the utilisation of RSM BJ Business Integrity & Investigation team. Initial fees for the development and pilot sites will be some $40,000 and it is envisaged that the counter fraud tool will be implemented on a worldwide basis during 2008


The RSM Network – The RSM Network – relevance of risk managementrelevance of risk management

Macro/ERM level• Our larger clients virtually all recognise the need for it• We have the tools and skills to help them implement or

improve their risk management arrangements• At the enterprise level it allows us to understand all of the

client’s key issues, to get to know their key people – and to offer solutions


The RSM Network – The RSM Network – relevance of risk managementrelevance of risk management

Micro level – as a means of selling services• Virtually everything we do can be viewed either as helping

our clients to identify and manage risk…….or to deal with the consequences

• We can therefore brigade service lines together as part of an overall “risk management” offering

• Thus, risk management is not simply internal audit or SOX!


So………….why Risk Management? So………….why Risk Management?

• Everything a client does, and every service you offer, could be described as risk management in some form

• It is an approach that helps you understand what makes your clients’ businesses tick

• It is therefore a hook to help you identify and understand problems and issues………… and then offer solutions


A closing thoughtA closing thought

If we can think in a risk based way to help our clients this will help all of us sell services and

solutions to these clients.

rsm international conference, singapore 2007 risk management richard smith head of risk management,...

Documents